The organisation powered by ICT in a ship like constellation.
The engines (data centre) out of sight below visibility.
Serving multiple customers (multi tenancy) for the best performance and the best profits on all layers.
There are six pillars in a functional and technical layer.
Within the the three internal pillars linked access is possible by an imagemap over the given figure.
When wanting going logical backward: 🔰 Too fast .. previous
⚖ T-1.1.2 Guide reading this page
This page is about Technology. Technology is the enabler in a service providing role for missions of the organisation.
When a holistic approach for organisational missions and organisational improvements is wanted, starting with this technology pillar is sensible.
Not able to get any service for a missions will block the option for realisations.
The priorities however are set by the organisational missions not by technology.
Alignment:
Missions are strategical defined and set by the organisation.
Budgets for technology service have to come from the organisation.
Planning for solving issues and doing improvements (change) have to come from the organisation, aligned with the organisation.
Working into an approach for optimized business and technology situation, there is gap in knowledge and tools.
The proposal to solve those gaps is "Jabes".
Understanding the: "T-3.6.1 Mindset prerequisites" is assumed.
Added the subpages. Adding content and rework old DTAP pages.
The Enterprise Architecture, EA, getting some hands on that elephant.
2024 week 1
Started to pick up were I left
cannibalizing old pages, relocating content according 9-plane Jabes
Align to the new contents with Jabes proposal
2024 week 5
New draft version of this page finished
T-1.2 Question: Waterfall or Lean Agile?
Any development life cycle does have assumptions.
For information processing known as IT or ICT there are many of them.
A well known standard is staging by:
Develop
Test
Acceptance
Production
💣 However there are still many issues. Root causes by misunderstandings, wrong perceptions on:
Infrastructure
Business applications
Analyses of Business Applications
⚖ T-1.2.1 Layers in the technology stack
Dell Emc Cloud promotion, once upon a time, published a nice viusalisation.
Transforming the IT practices from technology driven into service provider driven.
Building yourself anything, everything is costly. The on-premise solutions have that association.
Promoting an ICT transformation for using SAAS (Software as a Service), Cloud.
IT organizations need to be able to deliver an efficient, automated, and repeatable environment that is focused on the applications that are being built and delivered.
IT should not focus on how to get the various components of the infrastructure to operate together.
In this: what is placed as "operations" is the front end delivery of the business mission.
The high level concepts, enterprise architect, global guidelines, the governance are leading.
There are three different type of lines for release-management with their peculiar dependencies.
These are:
Infrastructue:
Infra: hardware (virtualized), network, operating system
The DTAP Develop, Test (integration), Acceptance (Logic -User, Technical, Persons Education) are parts of a life cycle.
🤔 The waterfall model (wikipedia) is well known.
The appraoch of being a cycle however, is missing
There are several words being different and some are not present in the DTAP staging.
Requirements = (done before)
Design = (done before)
Implementation = Development
Implementation = Testing
Verification = Acceptance
Maintenance = Production
❗ Nothing is mentioned to repeat in a cycle.
❗ Nothing is mentioned on all activities including documentation should be approved and deliverd before continueing to the next stage.
The ordering is by logical dependencies avoiding waste.
Example of dtap steps in a refined cycle:
Analysis
Planning
Design
Development
Testing
Deployment
Maintenance
Evaluation
Disposal
I would like to add "Ideate in this cycle ". Multiple options to evaluate is better than going for only the first option recognized.
❗⚠ Not every step needs to be executed. The disposal is only done when it is the result of the evaluation.
⚒ T-1.2.3 Agile PDCA and / or Waterfall
There is a SDLC misconception
To solve:
M.Fowler:
I can´s recall hearing any conference speaker saying anything good about waterfall for many years.
... The waterfall style, as suggested by the Royce sketch, does it by the activity we are doing.
W.Royce (Wikipedia)
In 1970 he published his influential article "Managing the development of large software systems",
in which he presented several project management models, including what we now know as waterfall, iterative, and agile.
Waterfall (Wikipedia)
These variations included returning to the previous cycle after flaws were found downstream,
or returning all the way to the design phase if downstream phases deemed insufficient.
(Wikipedia)
The team applied IID in a series of 17 iterations over 31 months, averaging around eight weeks per iteration.
In the 60´s the Apollo project "race to the moon" was run. Launched were many rockets as sprints towards the target, the moon.
It was the most agile approach for big projects ever run. Every launch was a delivery of a waterfall delivery but done in several cycles avoiding unnecessary waiting.
The contradiction of successes when that approach was tried to copy is striking.
Strict but wrong interpretation of models, frameworks, micromanagement, interest conflicts are common issues.
The conclusion, following any model and any case:
without insight of the models goal,
not understanding the limitations,
doing it in a micro management way
is a disaster 💣 waiting to happen.
PDCA cycle redefined
There are three major power pillars in the organisation,
Strategy_(blue)
Tactical_(green)
Operational_(red)
each of them divided in three levels, the: "nine plane".
BPM-steer
Analytics-shape
SDLC-serve
The processes cycle uses four quadrants.
I, an inventory of changes, innovations
II, preparing change proposals
IV, realising the changes
III, Implement changes and execute
Combining all this in a single figure is complicated.
This visuals has the saem orientation as the "data driven process"in T2.4.1.
⚠ The SIAR model visual uses another orientation.
T-1.3 Lean Agile: Vmap dimensions & perspectives
To solve: SDLC, ALC, DTAP, BI&AmpA issues by their real root-causes.
(N.Dean Meyer)
The right way to build high-performance, cross-boundary teamwork is to get to fundamentals.
Find out why the nice people in your organization don't team, and then address the root causes of incentives, culture, structure, and the internal economy.
Real Reason 1: Incentives
Real Reason 2: Culture
Real Reason 3: Structure
Real Reason 4: Resources
⚖ T-1.3.1 Looking for root causes in the SDLC challenge
Going agile lean is hyping in the cyber workspace.
❓ Question: is there a conflict in root causes mentioned above in by a management coach and those at "Agile Manifesto, principles" ?
Our highest priority is to satisfy the customer through early and continuous delivery of valuable software.
Welcome changing requirements, even late in development. Agile processes harness change for the customer's competitive advantage.
Deliver working software frequently, from a couple of weeks to a couple of months, with a preference to the shorter timescale.
Business people and developers must work together daily throughout the project.
..
Form the main page reordered:
Working software over comprehensive documentation
Responding to change over following a plan
Individuals and interactions over processes and tools
Customer collaboration over contract negotiation
😲 Remarkable:
they are very similar.
issues arising in the Agile world seemingly have root causes by the known mentioned lists.
Getting rid of a waterfall dogma
The statement: "all actions have to be finished before proceeding to the next stage", is not ❌ valid.
A personal experience, a very long time ago, the project manager did claim this. The root cause was: incentives, culture, structure, resources. Indeed: all of those. Reducing Lead Time 4 - Development"
Development also has options to reduce the lead time that production does not have, namely concurrent engineering (also known as simultaneous engineering).
In manufacturing, the part can be only in one process at a time.
In development, multiple people can work on the same project.
The same is at: Concurrent_engineering (wikipedia) .
Better is VMAP, V-Model
(wikipedia)"
The V-model is a graphical representation of a systems development lifecycle. It is used to produce rigorous development lifecycle models and project management models.
The V-model falls into three broad categories, the German V-Modell, a general testing model, and the US government standard.
In the visualisation the sequential order of the SIAR-model is included. There are many loopbacks to enable to react and apply change as soon as possible.
⚙ T-1.3.2 Running, Maintaining - Developing Building in a structure
hierarchy structure
The hierarchical structure is a conflict of interests caused by the hierarchy.
Before able to instruct staff for work a line of control, authority, must exist. An organisation chart is used in communications.
The classic structure is a pyramid, the orders and instructions going top down.
The result is cooperation on th shopfloor is not natural wihtin the local group.
NDMA:
The key to overcoming this obstacle is internal customer-supplier relationships.
When staff treat peers throughout IT as customers, just as they treat business-unit clients as customers, cross-boundary teamwork gets a lot easier.
The goal is servicing many customers, this is a reversed order from the shop floor experience.
The pyramid is reversed with the sharp point at the shop floor.
Designing, engineering, building, operating a big distance on the mission goals.
The Internal customer possible in a quite different line of control
NDMA:
The key to overcoming this obstacle is internal customer-supplier relationships.
When staff treat peers throughout IT as customers, just as they treat business-unit clients as customers, cross-boundary teamwork gets a lot easier.
technology structure
There will be always either a technical debt or functional debt or both.
It is not possible to have all artifacts up to date to latest moment.
For details: 👓 click on a figure.
Building a ICT system is more easy when it is an new one.
It is:
❶ Set up machines (green)
❷ Build up business logic & information in two DTAP lines (blue)
❸ Build up business analytics, tools and logic.
Note: ❗⚠ Always use production information (orange)
⚠ Enabling Maintenance is not mandatory part of the activity.
Maintaining and changing what is operational is more challenging.
It is:
❶ Learn from analytics what to change in the production environment.
Note: ❗⚠ Use of production information is inevitable (orange)
❷ Change business logic & information in two DTAP segregated lines (blue)
❸ Change Set up machines (green) according to external requirement and / or internal ones
⚠ Maintenance, DTAP deployments, must be enabled its a mandatory with the activity
⚒ T-1.3.3 V-Model - DTAP dependicies
For details: 👓 click on a figure.
Realizing a DTAP implementation using the V-model is recommended.
Considerations:
❶ Allows agile lean project planning
❷ Acknowledges dependicies between logical actions
❸ Every stage can start when minimum of the previous one is present
❹ When split into: Strategy, tactcial, operational, micromanagement is avoidable
Golden oldies:
❶ V-Model: (wikipedia)
❷ combined with TMAP: (sogeti)
❸ more coverage: ISTQB
Agile lean:
❶ Small units more quick deliveries
❷ Small units easier quick requirement changes
❸ Goal of specifciations: "system test"
🤔🕳 There is no centralized portfolio product to collect all information on information processing.
🕳👁❗ Get the SDLC challenge solved
💡❗✅ For process design & build use Jabes to collect all information
💡❗✅ For validation design & build & run use Jabes to collect all information
The metadata storage structure setup in Jabes uses a hierarchy in three levels for each of the information types.
Apllicable for: "process desing & build" and "validation design & build & run".
T-1.4 On Premise services
From the beginning using computers for information processing was very expensive.
The situation was:
Very limited options for communications over distance and in bandwidth
Expensive machines (hardware) having:
limited CPU capacity
limited volatile internal memory
limited capacity permanent storage
Complicated software, operating systems, for having the hardware getting usable.
The only option was use on premise datacentres located at the shopfloor.
⚒ T-1.4.1 On Prem Infrastructure
🚧 With ✅ a differentiator in technology, infrastructure: internal.
🔏 Criterium: not ❌ handing over the infrastructure technology.
The functional service provisioning is independent from the technical realisation.
CPU - Processing capacity
The maximum speed of a single processor is for many years rather stable.
The increased heat production sets a limit on the internal frequency.
Increasing capacity is by:
Better algorithms, decreasing internal waste.
Parallel processing internal, using more cores. (scaling up)
Dedicated processors, the GPU (graphical processor) offering many cores by design.
Parallel processing external, using more machines. (scaling out)
There was a belief that more internal cores would not happen forcing designs into many machines.
This belief is proven wrong. The Xeon Platinum 8378A offers 32 cores, 64 with hyperthreading active.
Support for two on a single machine board ➡128 cores on a machine.
Intel (wikipedia)
Memory - volatile Working storage capacity
Internal memory capacity is still growing. A classic DBMS optionally becoming a fit.
IO - technical communication connections
This should cover:
logical segmentations by classified risk zones.
Speed & throughput to office locations.
Speed & throughput to public internet zones.
Storage - permanent changeable memory capacity
External memory capacity is still growing. A multi tier approach:
Solid State. Fastest access no physical spinning delay.
Hard disk. A cheaper option for more capacity but spinning delay.
Tape Cartridge. Still the best fast option for offline backups.
Increasing throuput is by:
Choice: best option out of the multi tier ones.
Optimize by best design using striping.
Random access is optimal for lookups, process bad signifcant population parts.
OLTP, online transaction processing, uses only a small set of cases.
Disable technical loggings in the used DBMS when allowed by compliancy.
Have a duplication of an operational DBMS used when avoid operational stress.
in a figure: 🕳👁❗ Internal infrastructure is a choice.
💣 offices, hybrid work & segmentation zones.
⚙ T-1.4.2 On Prem Platform
🚧 With ✅ a differentiator in technology, platform provisioning: internal.
🔏 Criterium: not ❌ handing over the platform (middleware) technology.
The functional service provisioning is independent from the technical realisation.
Archiving & backup ➡ infrastructure options and connections
Segmentation ➡ multi tier, multi tenancy into integrity and confidentiality
The situations around platforms are very complicated because of the dependencies, not easily to get under control.
No matter whether it is in the cloud or on prem. Noether theorem
There is: "law of conservation of misery" in line of: "law of conservation of energy"
🕳👁❗ Embedding platforms into tools covering CIA compliacny is not standard state of the technology.
💣 CIA compliancy is not only about technology.
⟳ T-1.4.3 On Prem Software
🚧 With a ✅ differentiator in functionality, service providing: internal.
🔏 Criterium: not ❌ handing over the information. Take care of results internal.
The functional service provisioning is independent from the technical realisation.
IT Service Desk
The Service:
Enablers for work in an organisation. Delivery basic tools for human workers.
Helping in solving impediments doing work when the basic tools are failing.
Coordinating finding support when work is blocked by causes beyond basics.
Considerations:
⚒
The IT service Desk is coordinating all kind of simple requests.
⚖
Classification first line support: integrity, confidentiality availability 👉🏾 low.
⚙
There is usually no ❌ differentatior in functionality.
Planning & Scheduling
The Service:
Enablers for the operational work in an organisation, "operator".
There is ✅ usually a differentatior at functionality.
T-1.5 Software as a Service - Cloud
Information processing is still expensive. The cost factor shifted to functional people and services.
The situation now is:
Communications options for distance and in bandwidth are no more limitations. Only the availability on locations is the new question.
Relative cheap machines (hardware) having:
CPU capacity in scaling out (parallel execution)
volatile internal memory sized up, valid: in memory processing
permanent storage capacity sized up: no real limitations
Operating systems, have become common well known instructions for getting usable.
New options: getting components delivered from external service providers.
⚒ T-1.5.1 IAAS, Infrastructure as a Service
🚧 With no ❌ a differentiator in technology, infrastructure: internal.
🔏 Criterium: ✅ handing over the infrastructure technology.
The functional service provisioning is independent from the technical realisation.
CPU - Processing capacity
The maximum speed of a single processor is for many years rather stable.
The increased heat production sets a limit on the internal frequency.
Increasing capacity is by:
Better algorithms, decreasing internal waste.
Parallel processing internal, using more cores. (scaling up)
Dedicated processors, the GPU (graphical processor) offering many cores by design.
Parallel processing external, using more machines. (scaling out)
There was a belief that more internal cores would not happen forcing designs into many machines.
This belief is proven wrong. The Xeon Platinum 8378A offers 32 cores, 64 with hyperthreading active.
Support for two on a single machine board ➡128 cores on a machine.
Intel (wikipedia)
Memory - volatile Working storage capacity
Internal memory capacity is still growing. A classic DBMS optionally becoming a fit.
IO - technical communication connections
This should cover:
logical segmentations by classified risk zones.
Speed & throughput to office locations.
Speed & throughput to public internet zones.
Storage - permanent changeable memory capacity
External memory capacity is still growing. A multi tier approach:
Solid State. Fastest access no physical spinning delay.
Hard disk. A cheaper option for more capacity but spinning delay.
Tape Cartridge. Still the best fast option for offline backups.
Increasing throuput is by:
Choice: best option out of the multi tier ones.
Optimize by best design using striping.
Random access is optimal for lookups, process bad signifcant population parts.
OLTP, online transaction processing, uses only a small set of cases.
Disable technical loggings in the used DBMS when allowed by compliancy.
Have a duplication of an operational DBMS used when avoid operational stress.
in a figure: 🕳👁❗ Internal infrastructure is always needed.
💣 offices & segmentation zones.
⚙ T-1.5.2 PAAS, Platform as a Service
🚧 With no ❌ differentiator in technology, platform provisioning: external.
🔏 Criterium: handing over ✅ the platform (middleware) technology external.
Archiving & backup ➡ infrastructure options and connections
Segmentation ➡ multi tier, multi tenancy into integrity and confidentiality
The situations around platforms are very complicated because of the dependencies, not easily to get under control.
No matter whether it is in the cloud or on prem.
Noether theorem
There is: "law of conservation of misery" in line of: "law of conservation of energy"
🕳👁❗ Embedding platforms into tools covering CIA compliacny is not standard state of the technology.
💣 CIA compliancy is not only about technology.
⟳ T-1.5.3 SAAS, Software as a Service
🚧 With no ❌ differentiator in functionality, service provisioning: external.
🔏 Criterium: Handing over ✅ the information. Someone else taking care of results.
The functional service provisioning is independent from the technical realisation.
IT Service Desk
The Service:
Enablers for work in an organisation. Delivery basic tools for human workers.
Helping in solving impediments doing work when the basic tools are failing.
Coordinating finding support when work is blocked by causes beyond basics.
Considerations:
⚒
The IT service Desk is coordinating all kind of simple requests.
⚖
Classification first line support: integrity, confidentiality availability 👉🏾 low.
⚙
There is usually no ❌ differentatior in functionality.
Planning & Scheduling
The Service:
Enablers for the operational work in an organisation, "operator".
There is ✅ usually a differentatior at functionality.
T-1.6 Maturity 3: infrastructure in control
From the three ICT, ITC interrelated scopes:
❌ I - processes & information
✅ T - Tools, Infrastructure
❌ C - Organization optimization
Only having the focus on IT4IT, getting a mature Life Cycle Management (LCM) requires understanding an acknowledgment of the layered structure.
Each layer has his own dedicated characteristics.
⚖ T-1.6.1 Regulations: technicals & functionals
Although there are no direct regulations on the technology at this moment, there are many regulations to comply by organisations.
The topics for those regulations are mostly similar Confidentiality Integrity Availability (CIA). The result of a BIA analyses for CIA levels should be verifiable.
💡❗✅ For process requirements & design use Jabes to collect all information:
Work to do: solving SDLC, DTAP, issues by their root-causes. (N.Dean Meyer)
The right way to build high-performance, cross-boundary teamwork is to get to fundamentals.
Find out why the nice people in your organization don't team, and then address the root causes of incentives, culture, structure, and the internal economy.
Real Reason 1: Incentives
Real Reason 2: Culture
Real Reason 3: Structure
Real Reason 4: Resources
See also: "E-1.3.1 Recognizing the 3M evils"
Maturity id
SubId
Source
Context
CMM-4IT -0-Muda
Waste
SDLC-1
T-1.3 Lean Agile: Vmap dimensions & perspectives
Conceptual
DTAP-1
T-1.3 Lean Agile: Vmap dimensions & perspectives
Conceptual
DTAP-3
T-2.3.2 DLC data life cycle
Conceptual
STRC-1
T-2.4.2 Steer Shape Serve - within technology pillar
Structural
STRC-2
T-2.5.3 Identity Access
Structural
STRC-3
T-1.3.2 Running, Maintaining - Developing Building
Structural
CMM-4IT -0-Mura
Uneveness
SDLC-1
T-1.3 Lean Agile: Vmap dimensions & perspectives
Conceptual
DTAP-1
T-1.3 Lean Agile: Vmap dimensions & perspectives
Conceptual
DTAP-2
T-2.3.1 ALC middleware
Conceptual
DTAP-3
T-2.3.2 DLC data life cycle
Conceptual
STRC-1
T-2.4.2 Steer Shape Serve - within technology pillar
Structural
STRC-2
T-2.5.3 Identity Access
Structural
STRC-3
T-1.3.2 Running, Maintaining - Developing Building
Structural
CMM-4IT -0_Muri
irrationality
SDLC-1
T-1.3 Lean Agile: Vmap dimensions & perspectives
Conceptual
SDLC-2
T-1.3 Lean Agile: Vmap dimensions & perspectives
Conceptual
DTAP-1
T-1.3 Lean Agile: Vmap dimensions & perspectives
Conceptual
DTAP-2
T-2.3.1 ALC middleware
Conceptual
DTAP-3
T-2.3.2 DLC data life cycle
Conceptual
STRC-1
T-2.4.2 Steer Shape Serve - within technology pillar
Structural
STRC-2
T-2.5.3 Identity Access
Structural
STRC-3
T-1.3.2 Running, Maintaining - Developing Building
Applications are business organisational artifacts served by technology. The business rules, business logic, are set by the organisation.
The methodologies for defining business rules has several options:
ALC-V1: Dictate instructions what to do what to achieve
ALC-V2: Analyse situations while discussing what to achieve
ALC-V3: Analyse information while discussing what to achieve
Intention: improving quality, quantity at lower cost.
⚙ T-2.1.1 ALC-V1 Functional
generic
The classic application project delivery: "ALC-V1 model".
No intended continuous maintenance. It is one off single monolithic system delivery
No standard operational feed back to learn. Every new system is build from scratch.
Optional: learning from a "process log" and/ or "real operational documents" .
Optional: What has learned from building a previous system.
In a figure:
The operational plane is at the lower half.
The analytical plane is at the upper half.
Operational - analytical plane
⚒ Operational:
For system where change during the total lifecycle is not making sense, this methodology is a good choice.
In the physical world this is a common approach. Datacentres have many physical components.
⚖ Analytical:
At best there are some spreadsheets used (ad hoc analyses).
Ideas from a guru, external advisor, are accepted practices.
⚙ T-2.1.2 ALC-V2 Functional
generic
The classic application life cycle mangement: "ALC-V2 model".
Intended continuous maintenance.
Standard operational feed back to learn. A system is changed or build from scratch.
Obligatory: learning from a "process log" and/ or "real operational documents" .
Obligatory: What has learned from building a previous system.
⚖ Analytical:
Needed simple options what is happening: ❶ Speed, ❷ direction, ❸ resources left, ❹ clear view on the way.
🕳👁❗ Explain requirements for operational data / information analytical plane clearly. 🕳👁❗ Explain versions requirements clearly. 💣Versioning is about process logic.
⚙ T-2.1.3 ALC-V3 Functional
generic
Modern application life cycle mangement: "ALC-V3 model".
Intended continuous maintenance.
Standard operational feed back to learn. A system is changed or build from scratch.
Embedded: learning from a "process log" and/ or "real operational documents" .
Embedded: What has learned from building a previous system.
Reused form open source knowledge: statistical algorithms predicting probabilities on expected outcomes.
⚖ Analytical:
Needed advanced options what is happening: ❶ Speed, ❷ direction, ❸ resources left, ❹ clear view on the way.
⚖ Legal:
Getting aligned on impact on probabilities.
🕳👁❗ Explain requirements for operational data / information all planes clearly. 🕳👁❗ Explain the role of the training dataset being the source code.
Elaboration ALC-V3
ITC is transforming into using ML (Machine Learning), a subarea of AI.
Processes how to create, implement and monitor are not settled.
❗ Important:
The focus is on documents, data, information from the operational production.
Business decisions to implement are based on controlled feed back loops, controlled and monitored by human decision makers.
Building the model is for an expert, however the accountablity and responsibility is at the business line.
Developping logic, new terminology "model"
The modelling part got a new life cycle:
data preparation
extract features
train model
evaluate model
Instead of human defined decisons it is humand guided, computer assisted, best decision (champion) too choose.
T-2.2 Behavorial differences in ALC types
Applications are business organisational artifacts served by technology.
Business rules, business logic, are set by the organisation.
Methodlogies used by the business to follow by technology are:
ALC-V1: Dictate instructions what to do what to achieve
ALC-V2: Analyse situations while discussing what to achieve
ALC-V3: Analyse information while discussing what to achieve
Intention: improving quality, quantity at lower cost.
⚙ T-2.2.1 ALC-V1 Technical
generic
The classic application project delivery: "ALC-V1 model".
No intended continuous maintenance. It is one off single monolithic system delivery
No standard operational feed back to learn. Every new system is build from scratch.
Optional: learning from a "process log" and/ or "real operational documents" .
Optional: Wat has learned from building a previous system.
A figure,
See right side:
There are two components involved:
"business logic" code (transformation process)
"business data" (information)
⚠ The focus is only on partial code artifacts.
Issues Component properties:
Applications can have many code types integration challenges
Code types options: , ,
Compile - link
Script
parameter / option file
...
External Connections including authorisation definitions
⚠ CIA ratings, results from BIA-s should not ignored.
Operational - analytical plane
⚒ Operational:
Fake data / information is used for development.
Operational data information is only used for operations.
⚖ Analytical:
At best there are some spreadsheets used (ad hoc analyses). Required is operational production information.
Ideas from a guru, external advisor, are accepted practices.
🕳👁❗ Get the DTAP ALC challenge solved
⚙ T-2.2.2 ALC-V2 Technical
generic
The classic application life cycle mangement: "ALC-V2 model".
Intended continuous maintenance.
Standard operational feed back to learn. A system is changed or build from scratch.
Obligatory: learning from a "process log" and/ or "real operational documents" .
Obligatory: What has learned from building a previous system.
⚒ Operational:
To build simple operating options: ❶ faster, ❷ slower, ❸ change direction, ❹ environment knowledge .
Dedicated operational, build - test environments. ⚖ Analytical:
To build simple options what is happening: ❶ Speed, ❷ direction, ❸ resources left, ❹ clear view on the way.
Required is operational production information.
🕳👁❗ Get the DTAP ALC challenge solved. 💣Note: requirement operational data usage. 🕳👁❗ Get versions requirements clear. 💣Versioning is not about coding.
⚙ T-2.2.3 ALC-V3 Technical
generic
Modern application life cycle mangement: "ALC-V3 model".
Intended continuous maintenance.
Standard operational feed back to learn. A system is changed or build from scratch.
Embedded: learning from a "process log" and/ or "real operational documents" .
Embedded: What has learned from building a previous system.
Reused form open source knowledge: statistical algorithms predicting probabilities on expected outcomes.
⚒ Operational:
To build advanced operating options: ❶ faster, ❷ slower, ❸ change direction, ❹ environment knowledge .
Dedicated operational, build - test environments. ⚖ Analytical:
To build advanced options what is happening: ❶ Speed, ❷ direction, ❸ resources left, ❹ clear view on the way.
Required is operational production information. ⚖ Legal:
Getting aligned on impact on probabilities.
🕳👁❗ Get the DTAP ALC challenge solved. 💣Note:requirement operational data usage 🕳👁❗ 💣 Get the role of the training dataset being the source code solved.
Elaboration ALC-V3
ITC is transforming into using ML (Machine Learning), a subarea of AI.
Processes how to create, implement and monitor are not settled.
❗ Important:
Modelling (developping) is based on the business production data, with all resulting dependicies and consequences.
The Life Cycle using analytics &robotics is different.
The classic approach is still valid for logic but being extended.
Up to five line components with interrelated dependencies involved.
Artifacts and their deployment dependencies must be more clear classified.
The five component lines are:
Logic Data: Data deliveries (ER star-model) for modelling (automated).
Logic Data: Data deliveries (ER star-model) for scoring history (automated).
Logic Data: A denormalized table needed for the statistical modelling.
External Connections (deliveries) part of the automated scoring process.
The behaviour, model explanation: Lift, error rates, reliability, performance.
Development line: As much as possible PII (Personal Identifiable Information) is excluded, historical data made in extended periods.
Operational plane: PII data is only included when needed in deliveries, historical data only for agreed relevant retention periods.
Infra: Scheduling for the development and operational lines are different.
Infra: CIA (Confidentiality Integrity Availability) differences leads to multiple environments.
❓ T-2.2.4 What is the Q&A list for ALC - SDLC?
😉 For considerations using Jabes metadata portfolio technology is not relevant.
When wanting to use the Jabes maturity level measurement it is unavoidable.
For considerations using Jabes metadata portfolio detailed Q&A are on the backog (to do) list.
T-2.3 Middleware & platforms
Components (tools) purchased, middelware:
DBMS: database mangement systems
File transfer, information exchange tools
ERP: Enterprise Resouce systems
ELT: data processing tools
BI&A: Analytics & reporting tools
..
Intention: enabling building processes.
⚙ T-2.3.1 ALC middleware
generic
The classic application life cycle mangement: "ALC middleware".
Purchase the software after evaluation value adding options.
Get the platform configured to embed in existing technology.
Obligatory: learning from a "process log" and/ or "real operational documents" .
Obligatory: What has learned from building a previous system.
A figure,
See right side:
Attention, understanding needed for:
External suppliers assumptions & guidelines
Internal infrastructure & guidelines
⚠ Only focus:platform by wishes from the organisation
⚠ NO: "business logic" code NOR "business data"
Issues platform properties:
Embedded third party components
Connecting to internal security providers
External Connections
Not to ignore:
⚠ CIA, ratings results from BIA-s
⚠ infrastructure embedding (eg: LDAP AD)
⚠ security monitoring embedding (eg: SIEM)
Operational - analytical plane
⚒ Operational:
Tooling Control & w Monitoring for resource usage (infrastructure) and their limitations.
Align with security compliancy eg SIEM, LDAP
⚖ Analytical:
At best there are some reprots (ad hoc analyses).
Required are operational production information describing the platfrom.
Ideas from a guru, external advisor, are accepted practices.
🕳👁❗ Get Middleware ALC and versioning challenge solved
⚙ T-2.3.2 DLC data life cycle
generic
The classic application life cycle mangement: "ETL ELT" (Extract Load Transform).
Intended continuous maintenance.
Standard operational feed back to learn. A system is changed or build from scratch.
Obligatory: learning from a "process log" and/ or "real operational documents" .
Obligatory: What has learned from building a previous system.
A figure,
See right side:
Operational - analytical plane
⚒ Operational:
Fake data / information is used for development.
Operational data information is only used for operations.
⚖ Analytical:
At best there are some spreadsheets used (ad hoc analyses). Required is operational production information.
Ideas from a guru, external advisor, are accepted practices. ⚖ Legal:
Getting aligned on impact on probabilities. 🕳👁❗ Get the DTAP DLC challenge solved. 💣Note:requirement operational data usage
⚙ T-2.3.3 Data / Information provisioning
generic
The classic application life cycle mangement: "ALC middleware.
Data lake, DataWareHouse, Data lake house, ODS. (Persistent storage)
receiving items, storing items, delivering when needed.
Obligatory: learning from a "process log" and/ or "real operational documents" .
Obligatory: What has learned from building a previous system.
Data as a product principle is designed to address the data quality and age-old data silos problem; or as Gartner calls it dark data -
“the information assets organizations collect, process and store during regular business activities, but generally fail to use for other purposes”.
Analytical data provided by the domains must be treated as a product, and the consumers of that data should be treated as customers - happy and delighted customers.
T-2.4 Confidentiality, Integrity, availability
Compliancy questions are applicable everywhere internal and external for an organisation.
Although this is the technical pillar representative roles to the ones in the organisational pillar are needed.
Support for the organisational:
CSO Chief Security officer
CDO Chief Data officer
CFO Chief Financial officer
COO Chief Operations officer
Similarity using the SIAR model holistic and at the technical pillar is intended.
⚙ T-2.4.1 Data / Information Governance
generic
Engineering than a list of "best practices", what always has been done.
DMBOK has a wheel of "Best practices", Data
PMBOK has "Best practices" (PMI project management institute)
A figure,
See right side:
Technical Section - Holistic
⚒ Technical Section:
To build advanced operating options, use DMBOK, PMBOK.
⚖ Holistic:
To build advanced options what is happening, use DMBOK, PMBOK.
⚖ Legal:
Getting aligned on what always has been done that way.
Anyway a problem with not understood and changing compliancy.
⚙ T-2.4.2 Steer Shape Serve - within technology pillar
generic
Organizing the task and roles, reuse of the nine-plane.
Steer in the technology: pillar is the connection to Serve in the holistic one.
Shape in the technology: pillar assures technology featues in the future.
Serve in the technology: pillar build & run of state of art technology.
A figure,
See right side:
Technical Section - Holistic
⚒ Technical Section:
To build advanced operating options, state of art technology now and in the future.
⚖ Holistic:
To build advanced insight in: ❷ what is happening, ❸ what could happen and ❸ what is likely to happen. (risk appetite)
🕳👁❗ Align audit roles in rechnical section aligned with holistics. 💣 👉🏾 frictions 🕳👁❗ Aling the request delivery processes at holistic into the technical section. 🕳👁❗ Aling alert options from the technical section into the holistic. 💣 👉🏾 frictions
⚙ T-2.4.3 Serve: Operational information process
generic
Servicing holistic data driven processes From the technology pillar:
operate the operational processes robust & reliable.
assure technology features for the future will be there in the future.
build & run using using state of art technology.
A figure,
See right side:
Technical Section - Holistic
⚒ Technical Section:
Run Processing: ❷ reliable predictable, ❸ robust integrity, ❹ react at alerts.
⚖ Holistic:
Consume Processing: ❷ expectations on quality & time, ❸ expectations on quality & cost, ❸ react at alerts.
⚖ Legal:
Control Processing: ❷ expectations on compliancy requirements.
🕳👁❗ Set Service - Delivery challenges, 💣 👉🏾 frictions. 🕳👁❗ Set reaction on alerts challenges, 💣 👉🏾 frictions. 🕳👁❗ Set compliancy requirements challenges, 💣 👉🏾 frictions.
Elaboration addtional information
❷ Required is controlling who uses what kind of software / tools. SAM, Software asset managment:
SAM (wikipedia)
Software asset management (SAM) is a business practice that involves managing and optimizing the purchase, deployment, maintenance, utilization, and disposal of software applications within an organization.
According to the Information Technology Infrastructure Library (ITIL), SAM is defined as " all of the infrastructure and processes necessary for the effective management,
control and protection of the software assets throughout all stages of their lifecycle."
Fundamentally intended to be part of an organizations information technology business strategy,
the goals of SAM are to reduce information technology (IT) costs and limit business and legal risk related to the ownership and use of software,
while maximizing IT responsiveness and end-user productivity.
❸ Required is: clear responsibilities accountabilities:
EU (commission law)
The data controller determines the purposes for which and the means by which personal data is processed.
So, if your company/organisation decides ‘why’ and ‘how’ the personal data should be processed it is the data controller.
Employees processing personal data within your organisation do so to fulfil your tasks as data controller.
....
The data processor processes personal data only on behalfof the controller.
The data processor is usually a third party external to the company. However, in the case of groups of ventures,
one venture may act as processor for another undertaking.
T-2.5 Logical functional security by technology
The simple question: "Whose Job Is It, Anyway?"
There was an important job to be done and Everybody was sure that Somebody would do it.
Anybody could have done it, but Nobody did it. Somebody got angry about that, because it was Everybody´s job.
Everybody thought Anybody could do it, but Nobody realized that Everybody wouldn´t do it.
It ended up that Everybody blamed Somebody when Nobody did what Anybody could have.
⚙ T-2.5.1 Middleware tools Security
generic
Applications using information are use by everybody. But:
anybody should not see anything
somebody should not change everything
nobody involved should know nothing
Missing tools, middleware:
Purchase software after evaluations.
Get platforms configured and running.
Learning from a "process log".
What has learned from previous systems.
The middleware usage is slightly different to middleware in the operational line.
This kind on middleware is involved in operational processes but not having any commitment with them.
A figure:
See right side
Attention, understanding needed for:
External suppliers assumptions & guidelines
Internal infrastructure & guidelines
Technical Section - Holistic
⚖ Holistic:
Goal: a reliable robust environment for the organisation (I).
⚒ Technical Section:
❶ Build enabling doing SIEM.
❷ Build enabling doing SOAR.
❸ Build enabling doing pentesting.
❸ Build enabling doing IAM security for the organisation.
Getting the knowledge and tools is only the first design step.
🕳👁❗ Clear requirements for technical security and IAM . 🕳👁❗ Orchestration activities with responsibilities 💣 👉🏾 frictions.
⚙ T-2.5.2 Security Monitoring & Analysing
generic
Monitoring auditing for knowing what is going on, what possible risks are:
Collecting relevant information iternal, external
Define metrics, use metrics, implement metrics
Probe and measure at relevant locations
A figure:
See right side
Technical Section - Holistic
⚖ Holistic:
Goal: a reliable robust environment (II).
⚒ Technical Section:
❶ Run operational SIEM.
❷ Run operational SOAR.
❸ Run operational pentesting.
🕳👁❗ Operational (technical) data usage, beware of hidden compliancy conflicts. 🕳👁❗ The organisational (holistic) compliancy requirements must be clear, 💣 👉🏾 frictions.
⚙ T-2.5.3 Identity Access
generic
There is a "Devil´s Triangle" on its own with IAM. Conflicting types of interest:
Giving granting access to humans. Conforming the hierarchical organisation structure.
Securing technical systems, the supply chain included. Conforming.
Design secure Platforms, secure organisational business information processes.
A figure:
See right side
👓 click on figure for modelling the relationships and building realizations.
Operational - analytical plane
⚖ Holistic:
Goal: a reliable robust secure environment (II).
⚒ Technical Section:
❹ Run operational IAM security holistic for the organisation.
❺ Have all three interests orchestrated managed.
⚖ Legal:
The three types of IAM interests should get serviced evenly.
🕳👁❗ The three types IAM interests are a complicated challenge, 💣 👉🏾 conflicts.
Elaboration Logical functional security by technology
❶ A Security Information and Event Management system is an application for the SOC Security Operations Center.
SIEM (Gartner)
SIEM aggregates the event data that is produced by monitoring, assessment, detection and response solutions deployed across application, network, endpoint and cloud environments.
Capabilities include threat detection, through correlation and user and entity behavior analytics (UEBA), and response integrations commonly managed through security orchestration, automation and response (SOAR).
Security reporting and continuously updated threat content through threat intelligence platform (TIP) functionality are also common integrations.
Although SIEM is primarily deployed as a cloud-based service, it may support on-premises deployment.
❷
SOAR (TechTarget)
While SIEM tools have been around for years, security orchestration, automation and response (SOAR) is the newer kid on the block.
This security technology was designed to help businesses better organize internal and external threats and to help speed up the process of triage and incident resolution.
SOAR uses AI to better prioritize incident alerts so that SecOps teams know which threats to work on first.
SOAR also uses a concept known as playbooks -- prebuilt and automated remediation steps that initiate when certain thresholds are met.
❸ A "Complete guide to penetration testing best practices":
Pentest (TechTarget)
Software penetration testing, also called pen testing, discovers flaws, and examines the possible consequences of those defects.
The organization can then handle those exploits in a safe, controlled and well-documented manner.
Although penetration tests also cover the operation of networks, servers and other hardware, developers and testers bear responsibility for weaknesses at the software level.
Ideally, the software"s design and codebase allow only authorized users access to features and data stores. In practice, however, software comes with a wide range of risks that might leave the application vulnerable.
Unauthorized individuals seek out these weaknesses to gain control of the application and access, alter or steal data.
...
Applications rely heavily on the OS for resources, including the UI, storage access and a network interface.
OS weaknesses can potentially give a malicious actor control of application behavior or inappropriate access to storage.
Consider how an OS manages ports for communication to and from the network. A hacker can use port scanning to detect open ports to attack the system and software.
Install all OS security patches to protect applications and data.
❹ What is missing 💣 👉🏾: A good simple approach building a role and attribute based security model for business applications.
IAM, PAM (TechTarget)
Identity and access management (IAM) is a framework of business processes, policies and technologies that facilitates the management of electronic or digital identities.
With an IAM framework in place, information technology (IT) managers can control user access to critical information within their organizations.
...
Privileged access management (PAM) is the combination of tools and technology used to secure, control and monitor access to an organization's critical information and resources.
The forgotten or ignored security design:
high privileged roles: the many administrator functionalities:
Infrastructure: service accounts needed for system processes.
Organisation: test accounts simulating intended business users functions.
T-2.6 Maturity 4: business applications in control
From the three ICT, ITC interrelated scopes:
✅ I - processes & information
✅ T - Tools, Infrastructure
❌ C - Organization optimization
Only having the focus on IT4IT, getting a mature Life Cycle Management (LCM) requires understanding an acknowledgment of the layered structure.
Each layer has his own dedicated characteristics.
A process can be build from scratch, starting with acquiring hardware or from change requests driven by optimization analyses.
There will be always either a technical debt or functional debt or both.
It is not possible to have all artifacts up to date to latest moment.
Start building by acquiring hardware:
❶ Have machines Ordered (green)
❷ Start with development on a verified delivered production machine (hardware).
❸ Build up the operating system, middleware - tools.
❹ Verify the goal for business (blue and/or analytics (orange) infrastructure (green) is ready for production.
⚠ Enabling Maintenance is not mandatory part of the activity.
👓 click on the figure for Jabes maturity technology.
Note: ❗⚠ Business production information (blue) is always used for analytics (orange).
These three layers are a source for 💣 conflicts by misunderstandings and ignorance.
Maintaining and changing what is operational, is more challenging:
❶ Learn from analytics (orange) what to change in the production environment.
The change can be business processes (blue) and/or technology (green).
❷ Change business logic & information in the two DTAP segregated lines code/data (blue)
❸ Change Set up machines (green) according to external requirement and / or internal ones
⚠ Maintenance, DTAP deployments, must be enabled its a mandatory with the activity
👓 click on the figure for Jabes maturity technology.
Note: ❗⚠ Business production information (blue) is always used for analytics (orange).
These three layers are a source for 💣 conflicts by misunderstandings and ignorance.
Maturity Attention Points
Attention points for maturity level considerations & evaluations:
Maturity id
SubId
Source
Context
CMM-4IT-4
Tools, Middelware
C1
T-2.2.1 ALC-V1 Technical
Data governance
C2
T-2.2.2 ALC-V2 Technical
Data governance
C3
T-2.2.3 ALC-V3 Technical
Data governance
C4
T-2.3.3 Data / Information provisioning
Data governance
C5
T-2.3.1 ALC middleware
Technology
I5
T-2.3.1 ALC middleware
Technology
A5
T-2.3.1 ALC middleware
Technology
C6
T-2.5.3 Identity Access
Security
S1
T-1.6.2 Incentives, Culture, Structure, Resources
Structure
CMM-4IT-5
Operational plane
C1
T-2.2.1 ALC-V1 Technical
Data governance
C2
T-2.2.2 ALC-V2 Technical
Data governance
C3
T-2.2.3 ALC-V3 Technical
Data governance
C1
T-2.2.1 ALC-V1 Technical
Data governance
C2
T-2.2.2 ALC-V2 Technical
Data governance
C3
T-2.2.3 ALC-V3 Technical
Data governance
C5
T-2.3.1 ALC middleware
Technology
I5
T-2.3.1 ALC middleware
Technology
A5
T-2.3.1 ALC middleware
Technology
C6
T-2.5.3 Identity Access
Security
S1
T-1.6.2 Incentives, Culture, Structure, Resources
Structure
CMM-4IT-6
Analytical plane
C1
T-2.2.1 ALC-V1 Technical
Data governance
C2
T-2.2.2 ALC-V2 Technical
Data governance
C3
T-2.2.3 ALC-V3 Technical
Data governance
C5
T-2.3.1 ALC middleware
Technology
I5
T-2.3.1 ALC middleware
Technology
A5
T-2.3.1 ALC middleware
Technology
C6
T-2.5.3 Identity Access
Security
S1
T-1.6.2 Incentives, Culture, Structure, Resources
Structure
📚 T.2.6.4 External references
Global compliancy
These references are at the index, they are a shared interest.
Local SDLC
The focus is on the technical engineering life cycle.
A limited list:
Solving the issues at "T-1.6.2 Incentives, Culture, Structure, Resources".
requires: understanding and translations of requests "T-2.1 ALC types "
requires: understanding the SDLC engineering misperception.
goal for adding value, understanding value stream with assembly lines.
goal for adding value, an organisational culture supporting the mission values.
Agile, no design
There is blame game going on. Simplistic agile is failing at large systems. Get basics understanding of the theory and root causes of the problem.
When there are logic fundamental dependencies it is nonsense to ignore those dependencies.
Unless you have a lot of money and the goal is a decorative one, usefullness requires welel designed strcutures. Winchester House (wikipedia)
She was known to rebuild and abandon construction if the progress did not meet her expectations,
which resulted in a maze-like design. In the San Jose News of 1897, it was reported that a seven-story tower was torn down and rebuilt sixteen times.
As a result of her expansions, there are walled-off exterior windows and doors that were not removed as the house grew in size. Multiple levels, up to five,
were added to different parts of the home. The design was essentially Victorian, with elements of Gothic and Romanesque features.
T-3 SDLC - Business Intelligence & analytics - Jabes
T-3.1 Descriptive Business intelligence
Understanding what is going on what with all uncertainties and possible future scenarios is an everlasting quest.
A pitty when answers are 💣 multi interpretable with not understood effects.
EIS, DSS systems is what BI&A (business Intelligence & analytics) is about.
Building up in mind set complexity:
There is a claim of a "single version of the truth" for describing something what is going on for achieving a goal.
The problem is several people are having a different perspective on the goal an the context of actions.
⚠ Multiple interpretations of an element.
This is a different understanding in metadata, ontology. In a document dated 2006 enterprise engineering J.Dietz an example is given.
Strategy goal: transport of person(s).
From location A to location B.
Applicable transport option: a car.
Car driver goal: using a car enabling going from A to B.
Needing information for useable roads.
Expected behaviour of the car.
How to avoid unwanted situations during transport.
Wanting to use functions: ❷ lights, ❸ wheels (includes steering), ❹ brakes, ❺ motor.
Car technician goal: having the car workable for the driver.
Adjusting technical implementations as far as possible on requests by the driver.
Only the way it should behave explaining to the driver.
😱 The common complaint is a mis alignment between ICT and business people.
Not using the same language not using understandable words for the both worlds is not understanding by design.
Most surpising: nobody is acting on this.
💡 Have a glossary and data dictionary in place.
⚙ T-3.1.2 BI&A Data governance
Using the rear-view mirror
DMBOK - segmentation perspectives
Data Architecture Management
Data Development
DataBase operations Management
Data Security Management
Reference & Master Data Management
DWH & BI Management
Document & content management
Metadata Management
Data Quality Management
Big Data & data science (2nd ed)
Mission:
DAMA International´s primary purpose is to promote the understanding, development and practice of managing data and information as key enterprise assets to support the organization.
⚠ Not every segment needs to get filled. DWH & BI, data quality and data science are not standard operational processes.
The analytical plane is conceptual different from the operational plane. Data mesh is a new old concept.
💣 Data security with the idea getting "solved by the DBMS" is far too limited. A DWH, data lake, data lake house none of them have security by design.
Worse securing information is not a topic in the world of analytics.
Looking ahead
Engineering an enterprise is more than an defining a list of "best practices" of what is usual being done.
Switching from what everyone else is doing and what everyone else did into a next step, innovation.
💣 Be aware: You should not innovate when there is no business case for it.
⚠ Just doing what everyone is doing requires knowledge sharing: "how to do".
⚙ T-3.1.3 The question for descriptive analytics
Needing descriptive reports
In the holistic nine-plane with all the processes there are many interactions.
Every interaction is a key role in process cycles for:
⚠ What is out of the box present: nothing.
Ad hoc, local developped solutions not controlled by ICT is usual.
💡 Idea: room for improvement, innovative options to standards with reports.
Elaboration Disciplined Agile
There is no natural conflict between Agile and serial approaches.
PMI - DA (Predictability)
Disciplined teams strive to improve their predictability to enable them to collaborate and self-organize more effectively,
and thereby to increase the chance that they will fulfill any commitments that they make to their stakeholders.
...
To see how to improve predictability, it is often useful to see what causes unpredictability,
such as technical debt and overloaded team members, and to then attack those challenges.
When the project is small enough to handle in a foreseeably timeframe.
PMI - DA (V-Model)
Serial life cycle initiatives expect to take advantage of high certainty around firm requirements, a stable team, and low risk.
As a result, project activities execute in a linear manner
...
To achieve this approach, the team requires detailed plans to know what to deliver and how.
These projects succeed when other potential changes are restricted (e.g., requirements changes; project team members change what the team delivers).
T-3.2 Question: Eis Descriptive or Predictive?
Executive Information systems (EIS), decisions support systems (DSS) is what BI&A (business Intelligence & analytics) is about.
Building up complexity by mind set:
Logical (T-1): Understandable technology
Conceptual (T-2): Basic Service provision
Contextual (T-3): Continous change by decisions
To help in decision makers, report:
what has happened.
what could happen: scenerarios, probabilities.
Let the decision maker make up his mind.
⚙ T-3.2.1 Big data - BI&A
Descrpitive or predictive?
In the hypes of the moment a lot of buzzwords are included. The basic idea is using all kind of information to improve information processing, improve decsions.
It is far more difficult to create well underpinned analyses for better decisions.
Operational descriptive reports are still very valuable to see expectations are not violated operational processes are runn within set boundaries.
Big Data
A nice view on this, "The big data journey rivisited" Bill Schmarzo 2016.
⚙ T-3.2.2 Maturity Bi&A
The closed loop
The closed loop cycle, from knowing what is going on into strategic decisions vice versa, is the ultimate goal. BIDM (C.Sacu M.Spruit 2010)
BI analytics is integrated or not in the business process can strongly affect the decision making process.
Hence, we consider this category to be a very important one when delimiting a maturity stage
initiation (user driven - activity initiated by the user, process driven - activity initiated by a process)
process integration (data centric - BI analytics is usually supported by a data warehouse, process centric - BI analytics is integrated in the business processes)
processing model (store and analyze; analyze and store)
event stream processing
"closed-loop" environment
data driven BI&A
The BIDM paper was written in the era of placing the DWH as the technical solution.
That should change with the fast evolvement of analytics. Machine learning (ML) is a first step.
💡 Idea: use data mesh with the ALC-V3 for information processing data products.
⚙ T-3.2.3 BI&A, SIAR panopticon
data driven BI&A
The SIAR model is the highest abstraction of processes in many dimensions.
With four stages in four quadrants the holistic overview is placed in the middle.
In the highest abstraction the middle (center) is symbolised an eye.
An intermediate of the SIAR abstraction:
A flow left to right, clockwise cycle pull at the bottom right to left, push for the flow at the top
At each of the four internal pillars: operational (red), office (administration green), optimization (business architecture).
Four quadrants results in: a square, Operational plane eight information storess consolidating into a circular.
The consolidated circular store: Analytical plane consolidating into a central one eight plus one (nine).
A figure:
See right side
S South: Situation, Steer I West: Input, Ideas A North: Actions, Analyse R East: Result, Request
elaboration enterprise engineering
The pyramid of demo is reversed to fit into the circle.
Human actors possess three abilities (generic competences) in coordination and production:
Forma: (blue) the ability to act at the formative level of coordination (speaking, writing, listening, reading), and to perform documental production (storing, retrieving, transmitting, and copying).
Informa: (green) the ability to act at the informative level of coordination (formulating and interpreting facts), and to perform informational production (remembering, recalling, and computing new facts).
Performa: (red) the ability to act at the performative level of coordination (exposing commitment by the performer and evoking commitment by the addressee), and to perform original production (deciding, judging, manufacturing and observing things)
T-3.3 Compliant Processes
In general, compliance means conforming to a rule, such as a specification, policy, standard or law.
Governance, risk management, and compliance are three related facets that aim to assure an organization reliably achieves objectives, addresses uncertainty and acts with integrity.
International standards such as ISO/IEC 27002 to help organizations meet regulatory compliance with their security management and assurance best practices.
⚙ T-3.3.1 Compliant data driven data processes
The functional compliancy gap 👁
Compliancy should be part of the SDLC, controlled by the business process accountable ones.
There are many unsolved challenges. See:
T-2.5 Logical functional security by technology
T-2.3.1 ALC middleware
T-1.4.3 On Prem Software
T-1.5.3 SAAS, Software as a Service
All involved artifacts in a chain are important. Leaving something out by not knowing or ignoring can break all other efforts.
💡 Idea: make compliancy an indispensable part of the complete SDLC cycle.
The functional location of compliancy
There are several locations for compliancy. During the SDLC of a process:
Before data preparation and modelling by developpers Goal: don´t start with things that should not be done.
Reviewing the delivery of operational results. Goal: being in control what is delivered.
The data driven process in a figure:
A horizontal line West-East touches the points in the circular process for compliancy reviews.
Compliancy requirements are only informational documents.
That information should become indenpensible parts of the operational processes in the protfolio.
The following el that enables the flow into the portfolio:
What are the logical algorithms, business rules?
What are the expectations for data / information quality for input & results?
What are the expectations for security on data / information?
What about impact on results for involved persons:
when processing is done and when processing is not done?
when done correctly or done with a failure?
A model that enables the flow into the portfolio as a figure:
Source into realisations
💡 Use the information holistic in realisations. Verification of requirements are included.
⚙ T-3.3.3 Holistic relation connections with compliancy
The holistic nine-pane and Technical nine-plane
The principles of approaches are similar but differ in details.
"Planning & Scheduling" ( T-1.4.3 On Prem Software / T-1.5.3 SAAS, Software as a Service).
Differences:
Holistic:
Steer - Tactical: Functional accountability for processes
Steer - Operational: Functional accountability for schedules
Serve - Operational: Technical responsibility for schedules
Serve - Tactical: Technical responsibility for processes
Technical:
Steer - Operational: Technical responsibility for schedules
Steer - Tactical: Functional accountability for schedule tool
Serve - Tactical: Technical accountability for schedule tool
Serve - Operational: Functional responsibility for schedule tool
A figure:
See right side
Elaboration data driven process
The evolution from solving "data LCM layers" is not immediate obvious.
👓 Click for jumping into context.
The visualisation was made without "value stream", without "pull push" in mind.
Started with crisp-dm a full circle with all three activities from business request, model building, model deployment was made.
Requirements for LCM shown:
Data provision distinct information types (green diagonal).
Model development distinct processing types (orange diagonal).
Model Life Cycle distinct model types within score deployment.
Model evaluation Monitoring within score deployment.
Topics included:
Vertical: supporting the goal of the organization.
Horizontal: fulfilling compliancy requirements.
For each sub topic a PDCA culture.
T-3.4 Jabes - Build & Run
💡 A tool helping in managing the change, operations doing knowledge assurance is recommended.
The most logical step is installing a product available on the market.
There is an issue:
Many tools on the market are only covering a little detail of the common LCM process.
A clear request for a tool covering this is at best a market opportunity.
⚙ T-3.4.1 Delivering a product in a cycle
generic
See a customer entering with a request.
The usual flow:
(Pull) Start at: Ideate - asses where the customer was entering S⚖ Evaluate request
(Pull) Enable - Plan. ➡I orchestrate provisioning of raw material and other resouces
(Push) Start a demand for the Backend A⚙ Assemble - Build the product
(Push) Verify the assembled product conform specifications expectatations R➡ Deliver the product to the customer
A figure:
See right side
Hierarchical control
Use the SIAR model in a hierarchical approach, business within the business.
⚙ T-3.4.2 Data models used in a product cycle
generic
The metamodel covers all elemements in three layers:
High level - strategic - requirements, specifications
unit level - operational - requirements, specifications
Servicing the life cycle stages.
IV Request - ideate
III Plan - enable
I Build - assemble
II Validate - deliver
Innovation or solving known issues needs a defined "backlog". This is assigned to " plan - enable"
The "backlog" items should be made clear enough and well understood to define requirements in the same three layers.
A figure:
See right side
Hierarchical control
Use the SIAR model in a hierarchical approach, business within the business.
⚙ T-3.4.3 Changing the product in a product cycle
generic
BEcome a customer with the request to change the product.
The flow:
This is not possible in a single cycle, many cycles are needed.
A figure:
See right side
Hierarchical control
Use the SIAR model in a hierarchical approach, business within the business.
elaboration
❶ Part of the proposal is a framework.
Using this framework a clear structured definition of generic steps with a portfolio becomes possible.
Goal: open shared knowledge.
❷ Licensing a product or running it as a services (SAAS) is a business model.
❸ Evaluating maturity external is a product, a business model.
T-3.5 Jabes - Use Portfolio management
💡 A tool helping in managing the change, operations doing knowledge assurance is recommended.
The most logical step is installing a product available on the market.
There is an issue:
Many tools on the market are only covering a little detail of the common LCM process.
A clear request for a tool covering this is at best a market opportunity.
⚙ T-3.5.1 Data model, stage: Information delivery
generic
There are three levels to orchestrate for the realisation:
Functional (Strategy)
Compliancy (Tactical)
Technical (Operational)
There are three area´s of interest to orchestrate for the realisation:
(Steer) Business value
(Shape) Processes
(Serve) Data as Product
The goal with the delivery: to correct agreed locations, agreed quality of information.
A figure:
See right side
Mind set change
Don´t micro manage everything. Have the requirements for adequate tooling in place an let the workforce do their work.
⚙ T-3.5.2 Data model, stage: Information transformation
generic
There are three levels to orchestrate for the transformation:
Functional (Strategy)
Compliancy (Tactical)
Technical (Operational)
There are three area´s of interest to orchestrate for the transformation:
(Steer) Administration
(Shape) Authentication / Authentication domains
(Serve) Networking
The goal with the transformation: transform the retrieved source materials of information into a new product of information.
Use the conforming assembly instructions and validate the expectations of levels of quality are met.
A figure:
See right side
Mind set change
Don´t micro manage everything. Have the requirements for adequate tooling in place an let the workforce do their work.
⚙ T-3.5.3 Data model, stage: Information gathering
generic
There are three levels to orchestrate for the realisation:
Functional (Strategy)
Compliancy (Tactical)
Technical (Operational)
There are three area´s of interest to orchestrate for the realisation:
(Steer) Business value
(Shape) Processes
(Serve) Data as Product
The goal with the material retrieval: get from correct agreed locations agreed quality of information.
A figure:
See right side
Mind set change
Don´t micro manage everything. Have the requirements for adequate tooling in place an let the workforce do their work.
elaboration
❶ Part of the proposal is a tool.
Using this tool a usage of a clear structured definition of generic steps with a portfolio becomes possible.
Goal: sharing detailed product knowledge for the workforce.
❷ Licensing a product or running it as a services (SAAS) is a business model.
❸ Evaluating maturity external is a product, a business model.
T-3.6 Maturity 5: BI&A in control
BI&A, business intelligence & analytics is understanding what is going on so understandable improvement proposals are getting options.
From the three ICT, ITC interrelated scopes:
✅ I - processes & information
✅ T - Tools, Infrastructure
✅ C - Organization optimization
Only having the focus on IT4IT, getting a mature Life Cycle Management (LCM) requires understanding an acknowledgment of the layered structure.
Each layer has his own dedicated characteristics.
⚖ T-3.6.1 Mindset prerequisites
The Siar model
covers all of:
simple processes: 0 - 9
value stream: left to right
PDCA, lean agile improvements
The duality between processes, transformations, and information, data
four quadrants:
Push Pull,
lean agile requests deliveries
realistic human interaction & communication. nine plane:
Steer Shape Serve
Strategy, Tactics, Operational
Accountabilities, responsibilities, roles
The model mindset is used over and over again.
6W 1H
The SIAR model is the highest abstraction for an retrospective for the questions:
❶ Why what kind of management information is needed?
❷ Where are gaps in operations seen, gaps in missions?
❸ When are possible opportunities realistic for realisations?
❹ Who is needing what kind of management information?
❺ What are opportunities with management information?
❻ How will opportunities be initiated for realisations?
Working on answering the ❼ which.
⚒ T-3.6.2 Combining internal & external services
Getting tools, middleware is usually done by purchasing.
Building in house what is generally available for lower cost more functionality better quality, doesn´s makes sense.
Configuring it correctly is still the hardest part of the job.
❗ This is an internal accountablity not an external one.
All three lines in the organization:
❶ business support & facilities,
❷ operational processing technology,
❸ analyzing optimizing,
have to be serviced.
Middleware, tools lives in a VUCA world. Brittle Anxious Non-linear Incomprihensible (Bani) are possible effects to manage.
👓 click on the figure for Jabes maturity technology.
Explanation headings:
Up to date 👉🏾 Maintenance production planning, act on gaps
Cots vs "build" 👉🏾 Manage external purchased artifacts distinctly
Regulations 👉🏾 Being prepared for conforming compliancy: BIA CIA
Understand the need for solving the issues by "T.2.6.5 Intermediate Advice".
To manage strategical are:
decrease misunderstanding by a shared glossary - dictionary: "T-3.1.1 Context difference: functional 👁 technical"
Get the management executive information to a closed loop "T-3.2.2 Maturity Bi&A"
support for compliant processes: "T-3.3.2 Compliant process requirements" into "T-3.3.3 Holistic relation connections with compliancy"
support for knowledge assurance during the life cycle of compliant processes: "T-3.4 Jabes - Build & Run".
⚙ T-3.6.4 Following steps
The organisation powered by ICT in a ship like constellation.
The engines (data centre) out of sight below visibility.
Serving multiple customers (multi tenancy) for the best performance and the best profits on all layers.
There are six pillars in a functional and technical layer.
Within the the three internal pillars linked access is possible by an imagemap over the given figure.
When wanting going logical forward: 🔰 BiAnl forward
The organisation powered by ICT in a ship like constellation.
The engines (data centre) out of sight below visibility.
Serving multiple customers (multi tenancy) for the best performance and the best profits on all layers. 
Example of dtap steps in a refined cycle:
There are three major power pillars in the organisation,
Reducing Lead Time 4 - Development"
Development also has options to reduce the lead time that production does not have, namely concurrent engineering (also known as simultaneous engineering).
In manufacturing, the part can be only in one process at a time.
In development, multiple people can work on the same project. 
(wikipedia)"
The V-model is a graphical representation of a systems development lifecycle. It is used to produce rigorous development lifecycle models and project management models.
The V-model falls into three broad categories, the German V-Modell, a general testing model, and the US government standard.
The hierarchical structure is a conflict of interests caused by the hierarchy.
Before able to instruct staff for work a line of control, authority, must exist. An organisation chart is used in communications.
The classic structure is a pyramid, the orders and instructions going top down.
The result is cooperation on th shopfloor is not natural wihtin the local group. 
The goal is servicing many customers, this is a reversed order from the shop floor experience.
The pyramid is reversed with the sharp point at the shop floor. 
in a figure: 
🚧 With ✅ a differentiator in technology, platform provisioning: internal.
🚧 With a ✅ differentiator in functionality, service providing: internal.
In a figure: 
⚒ Operational:
In a figure: 
⚒ Operational:
In a figure: 
⚒ Operational:
Developping logic, new terminology "model"
A figure, 
⚒ Operational:
A figure, 
A figure, 
A figure, 
A figure,
⚒ Technical Section:
A figure, 
A figure: 
A figure: 
Wanting to use functions: 
Creating and maintaining: 
A figure: 
The organisation powered by ICT in a ship like constellation.
The engines (data centre) out of sight below visibility.
Serving multiple customers (multi tenancy) for the best performance and the best profits on all layers.