Aside the line of thoughts for what to organize, there are are related contexts.
When the image link fails, 🔰 click here.
Contexts: ◎ r-serve, details on technology, processes ↖ C-Steer context on organizing, safety ↗ C-Shape context the internal distractor for change ↙ r-steer details on organizing, safety ↘ r-shape details on mediation communication
The "What" applying technology knowledge
The existing experienced situation was assumed to be as it is.
The question for that is how to have that described, what is the "business" - the "organisation".
Technology
is the application of conceptual knowledge to achieve practical goals, especially in a reproducible way.
The word technology can also mean the products resulting from such efforts, including both tangible tools such as utensils or machines, and intangible ones such as software.
Technology plays a critical role in science, engineering, and everyday life.
This is a description by activities methodologies, missing is the reason of doing those.
The "Why" of applying technology knowledge
In the why there has been made a segregation in: Technology, Organizing, Changing, a philosophical hard one.
These questions are reviewed and documented by historical experiences searching and learning for best approaches in the human nature by seeing humans as systems creating systems.
Any answer is one with only partially usability.
Describing the historical change for this gives a direction for the future.
Technology , Relation to science and engineering
Engineering is the process by which technology is developed. It often requires problem-solving under strict constraints.
Technological development is "action-oriented", while scientific knowledge is fundamentally explanatory.
Polish philosopher Henryk Skolimowski framed it like so: "science concerns itself with what is, technology with what is to be." โ
The direction of causality between scientific discovery and technological innovation has been debated by scientists, philosophers and policymakers.
Because innovation is often undertaken at the edge of scientific knowledge, most technologies are not derived from scientific knowledge, but instead from engineering, tinkering and chance.
Since the 1960s, the assumption that government funding of basic research would lead to the discovery of marketable technologies has lost credibility.
Probabilist Nassim Taleb argues that national research programs that implement the notions of serendipity and convexity through frequent trial and error are more likely to lead to useful innovations than research that aims to reach specific outcomes.
Acceptance of technology in society
Anti-technology backlash
Technology's central role in our lives has drawn concerns and backlash. The backlash against technology is not a uniform movement and encompasses many heterogeneous ideologies.
The earliest known revolt against technology was Luddism, a pushback against early automation in textile production. Automation had resulted in a need for fewer workers, a process known as technological unemployment.
Between the 1970s and 1990s, American terrorist Ted Kaczynski carried out a series of bombings across America and published the Unabomber Manifesto denouncing technology's negative impacts on nature and human freedom.
The essay resonated with a large part of the American public. It was partly inspired by Jacques Ellul's The Technological Society.
Some subcultures, like the off-the-grid movement, advocate a withdrawal from technology and a return to nature.
The ecovillage movement seeks to reestablish harmony between technology and nature.
Om the other side of spectrum is:
Technological utopianism refers to the belief that technological development is a moral good, which can and should bring about a utopia, that is, a society in which laws, governments, and social conditions serve the needs of all its citizens.
Basics in technology serving the organisation
Technology is the enabler in a service providing role for missions of the organisation.
The role of enabling by applying known existing technology is far too often seen as only something of doing the operational tasks.
There are more issues than just that.
💣 This misalignment and failure in ethical and social justice is a fundamental problem.
Understanding of the why of this problem is a sociological question not technological.
The question in this is what is driving humans in a logical rational way.
Irrational illogical behaviour also exists but must be left out as threats not a fit for viable systems.
An idea for common values:
Wealth Personal and social group wealth is a prefered way of living. Minimized risks, long live expectance, full of pleasures and little pain.
Ethical Activities for achieving by a personal a better wealth situation.
Social The community someone is part of.
Nature The environment someone is living at.
Operational Activities for achieving a better situation by changing the circumstances changing the environment. It is technology that is executing this for the known and unknown.
Knowledge & Learning Planning for solving issues and doing improvements (change) have to come from the organisation, aligned with the organisation.
Now start in the middle and work in either direction.
From that start in the middle assume there is nothing else than that. ⌛ Going for wealth is the history of empires and aristocracy. ⏳ Going for Knowledge & learing is the history of rationality, science.
It is a dichotomy where it is better doing both paths.
➡ For a holistic approach, organisational mission, organisational improvements, than starting with the technology is sensible.
Not able to get any service for a missions will block the option for realisations (operational).
Not able to use technology bringing the advantages will block the option for realisations (design / innovation).
The priorities however, are set by the organisational missions and not by technology.
Alignment for technology indespnesible part of an organisation another is bureaucracy:
Missions are strategical are commmunicated by the organisation.
Budgets for technology service have to come from the organisation.
Planning for solving issues and doing improvements (change) have to come from the organisation, aligned with the organisation.
Defining and setting visions mission is not part of administration not the work of a bureaucrat.
There is another position for that: the corporatocrat what for a long time that was the aristocrat or oligarchocrat.
In the viable system these are spread over the system without any hierarchy.
➡ With a technological mindset there is a search for solutions in known issues.
The situation in a position at an organisation is normally not an issue possible for researching for a solution.
The 3d structure projection of multiple dimensions for an organisation is not on this page but it is used as knowledge for a possible technical model.
➡ Working into an approach for optimized business and technology situation, there is gap in managing knowledge and using tools.
The proposal to solve those gaps is: "Jabes".
Understanding the: "T-3.6.1 Mindset prerequisites" is assumed.
⚒ T-1.1.4 Progress
done and currently working on:
2019 week 17
Added the subpages. Adding content and rework old DTAP pages.
The Enterprise Architecture, EA, getting some hands on that elephant.
2024 week 1
Started to pick up were I left
cannibalizing old pages, relocating content according 9-plane Jabes
Align to the new contents with Jabes proposal
2024 week 5
New draft version of this page finished
2025 week 15
Coming back to re-evaluate this content for what has learned during analysing the other topics.
It did have a technology focus only for information processing. Seeing it is as system in a system there is more logic abstraction needed.
The content to be reviewed into a more complete historical context what is "Technology".
Reordering into consistent four paragraphs in each of the six chapters.
2025 week 16
Only the first six chapters 1.1 to 1.6 are updated.
The how to organize resulted in a different VSM visual than usual and a value matrix usable for the horizontal and vertical good regulator.
Planning, to do:
The communication in a system is the neurology of the system.
This is the one for the interactions between the components.
How these interactions are connected to a physiology is an unexplored question for enterprise systems.
T-1.2 How get technology a role doing tasks?
There is historical reason for hierarchy in a pyramide.
Segregation in siloes by responsibilities, roles:
Strategy,
Tactics,
Operational
A working culture set by the leaders threats:
Hierarchy dictate details 👉🏾 micromanagement
Micromanagement 👉🏾 siloed organisations
Shared abstract goals. Siloed organisations 👉🏾 replacing into other goals
Are organisational goals visions missions really leading ❓
⚖ T-1.2.1 Technology from a bureaucratic perspective
The control challenge in perspectives
The bureaucratic perspective perspective by a a nice viusalisation.
The source is a Dell Emc Cloud promotion, published once upon a time.
The promoted idea, common mindset:
Operations is the location for the contact:
Future: A self service portal for a software defined automated something, cloud.
Paste: A team of components for processing, interacting and storing
Applications is where the assembly is done:
Future: An automated line for a standard repeatable something.
Paste: A team that is composing a product for delivery.
Promoting an ICT transformation for using SAAS (Software as a Service), cloud.
🤔 Of course is the intention that all the the actvivities should be oursourced to the external supplier, ... but what is missing, what are the caveats?
Who is designing, changing, building, changing, that product?
Who is designing, architecting, building, changing that assembly line?
Who is the customer and why would he want that product?
Building yourself anything, everything is costly.
The on-premise solutions have that association.
The requirements in measurement & control and Command & control are not obvious.
💣 Outsourcing the cloud is the promise of less managerial problems and lower financial costs.
🤔 Transforming the IT practices from technology driven into service provider driven.
IT organizations need to be able to deliver an efficient, automated, and repeatable environment that is focused on the applications that are being built and delivered.
IT should not focus on how to get the various components of the infrastructure to operate together.
The Information technology controls business perspective
An organisation that has a viable business is accountable and responsible for:
The product (good, service) delivered according promises & expectations.
The production process, the way service is delivered. quality & quantity.
The interactions marketing for the product, customer interactions.
These high level concepts, is enterprise architecting enterprise engineering, governance the business.
There are three different type of lines for actvities with their peculiar dependencies.
👉🏾 These are:
Business applications, processes are build by:
logic - code, business rules, functionality in promises, algorithms
data, information, chains in information, chains in communication
Analyses of the Business Applications, measurement & control.
Goal: quality assurance
Goal: business optimization
Information technology applications are build on infrastructure:
Infra: hardware (virtualized), network, operating system
❗ The miscommunication in perspectives should be clear.
Infrastructure for information technology is only a tiny part in enabling business.
The promotion of a technology driven mindset is a root cause for costly failures.
⚙ T-1.2.2 Basics: technology system life cycle
Technical stages: logic-code and information
The DTAP Develop, Test (integration), Acceptance (Logic -User, Technical, Persons Education) are parts of a life cycle.
🤔 The waterfall model (wikipedia) better a v-model is well known.
The appraoch of doing that in several cycle types , is however missing.
There are several words being different and some are not present in the DTAP staging.
purpose goals = (done before)
Requirements = (done before)
Design = (done before)
Implementation = Development
Implementation = Testing
Verification = Acceptance
Maintenance = Production
Out of service = (after care)
❗ Nothing is mentioned on those activities to include documentation knowledge management.
Improvement cycle logic-code and information
There are many possible cycles wiht multiple options in evaluations.
It is simplified when a step is optional bypassed by declaring is note applicable in a situation.
Example of dtap steps in a refined cycle:
"Ideate" is an optional cycle leaving out deployment / maintenance
The disposal is only done when it is the result of the evaluation.
The feedback with the customer and the request from the customer is to be added
⚒ T-1.2.3 Perspective maturity levels in a technocracy
Technocrat levels transformed from R.Likert
Start of "technocrat" classification :
technocrat-1
technocrat-4
Analysis
1
Little confidence and trust between administrators and analysts
Analysts ideas are solicited and used by administrators
Design
3
One-way, downward communication
Communication flows freely in all directions
Development
2
Taps fear status and economic motives exclusively
Taps all major motives except fear
Testing
4
Little upward influence; downward influence overestimated
Substantial influence upward downward and horizontally
Maintenance
6
Established by top-level administrators and communicated downward
Established by group participation
Deployment
5
Centralized; decisions made at the top
Decentralized; decisions made throughout the organisation
Evaluation
7
close over-the-shoulder supervision
Emphasis on self-control
Innovation & Disposal
8
Low and passively sought by administrators; little commitment to development humans resources
High and actively sought by administrators; full commitment to developing human resources
Planning is an organisation task that is needed for the activities.
Information on what is going to support organisational tasks on can be solved, made more easy by options in technology.
Technocrat ideals transformed from P.Senge
The "technocrat" ideal classification:
perspective
technocrat-5
Analysis
1
Mental models
influence personal & organizational views & behaviors.
Design
3
Shared vision
Sharing an image of the future you want to realize together.
Development
2
Personal mastery
personal commitment to vision, excellence, and lifelong learning.
A metaphor to describe this systems theory-based model would be DNA or a hologram.
Each is a complex system of patterns, and the whole is greater than the sum of its parts.
Technocrat transformational activities for more mature levels.
Key elements to focus on:
perspective
technocrat-3
Analysis
1
Structured Hierarchies ⚖🎭
⚖ Define clear chains of command and responsibilities within an organization. 🎭 Ensure that roles and expectations are documented and understood.
Design
3
Documentation & Record-keeping 🚧⟳
🚧 Maintain detailed records of decisions and actions to enable review and accountability. ⟳ Use standardized formats for documentation to simplify processes.
Development
2
Qualified Personnel ⚠📚
⚠ Position individuals in roles based on qualifications and expertise rather than personal connections or charisma. 📚 Provide ongoing training and development for employees to maintain competence.
Testing, validating
4
Clear Rules & Procedures ⚖🔰
⚖ Develop well-defined policies, laws, and protocols that guide decision-making and actions. 🔰 Ensure these rules are accessible and understandable to everyone involved.
Maintenance
6
Impartial Application ⚖ 👓
⚖ Apply rules consistently across individuals, without bias or favoritism. 👓 Ensure transparency in decisions to foster trust in the system.
Deployment
5
Adaptability 🚧⟲
🚧 Be open to revising rules and procedures when circumstances change or new information emerges. ⟲ Regularly evaluate the effectiveness of policies and update them as needed.
Evaluation
7
Accountability Mechanisms 🎭👁
🎭 Set up processes for auditing and monitoring actions to ensure compliance with established rules. 👁 Have systems in place to address grievances or violations effectively.
Innovation & Disposal
8
Strategic Alignment & Risk Management ⌛💰
⌛ Selecting and prioritizing change activities that align with the organization's strategic goals, portfolio. 💰 Budgets help identify financial constraints and opportunities, enabling proactive adjustments
👉🏾 The postion between his between bureaucrat-1 and bureaucrat-4 is the enablement of that transformation.
There are five "bureaucrat-#" usuable understandble definitions.
The art of communication bureaucrat-2 using closed-loops good-regulators is a topic on his own.
⚒ T-1.2.4 Dynamics in perspectives for a system
Strategic alignment - Conflict of interests
The organising of organization and organising technology do not have a shared vision of direction.
The organisation ⚖ The "goal" would be in the North.
What the direction for that is: wanting to act for adaption by changing the integrations, the staff.
Technology ⚙ The operations, value creation is in the North.
The direction for that is: retrieving the materials creating products.
The orientation of the two interrelated systems is a dynamic wheel without a fixed position.
Strategic alignment - Conflict of strength
The organising of organization and organising technology do not have an automatic balance in powers.
The organisation ⚖ The power can be between balanced strong and little.
Reasons for an unbalance can be:
The organisation staff lacks needed knowledge to align to technology.
The technology staff is not aligned to the goals by the organsiation.
Management deception by hype buzz and consultancy advisories.
Unrealistic expectations from the social community.
The orientation of the two interrelated systems is a dynamic wheel changing its shape.
Shapes that can hurt or are difficult to move in the environment.
Knowledge managent - Strategic alignment
Choices by decisions are part of how the system is expected to work and are defining limitations for what the system is capable of.
How the process went into a choice is another aspect for knowledge. Both are information for doing administrations.
There can be conflicts in interests in openness, transparency for that kind of information.
💡❗✅ For information use Jabes to have all involved metadata information.
💡❗✅ For transformations use Jabes to collect all instructions (algorithms).
T-1.3 How does technology balance tasks?
Any system needs measurements for controls.
Information processing known as IT or ICT has as confusing dualities.
It can be:
Administrative work completing operational tasks.
The operational flow processes by itself.
Measurement, data for information to control 1,2.
💣 there are many issues. Root causes by misunderstandings, wrong perceptions on:
What and how the measure for a purpose, the why.
Systems complexity with non linearity interactions.
Value evaluation for simulatied time variants.
Are measurements and information for control really useful ❓
⚙ T-1.3.1 Regulators, closed-loops indispensable in systems
Closed-loops engineering
Instrumentation and control engineering
(ICE) is a branch of engineering that studies the measurement and control of process variables, and the design and implementation of systems that incorporate them.
Process variables include pressure, temperature, humidity, flow, pH, force and speed.
ICE combines two branches of engineering.
Instrumentation engineering is the science of the measurement and control of process variables within a production or manufacturing area.
Meanwhile, control engineering, also called control systems engineering, is the engineering discipline that applies control theory to design systems with desired behaviors.
The closed-loop for organisational control are logical not different.
The difference is in the justification and objectivity in measurements.
Closed-loops engineering
Additionally, technological knowledge, particularly in computer systems, is essential to the job of an instrumentation and control engineer; important technology-related topics include humanโcomputer interaction, programmable logic controllers, and SCADA. The tasks center around designing, developing, maintaining and managing control systems.
The goals of the work of an instrumentation and control engineer are to maximize ....
The simple list is not sufficient for a model of a system, a more holistic value for the whole and components is needed.
⚙ T-1.3.2 Generic closed-loops for Linear systems, PID
The closed loop pid controller
When there is a measurement control adjustment becomes a known theory. However this theory is not simple at all, a linear simple system is solvable by
PID control
In theory, a controller can be used to control any process ...
Note limitations:
that has a measurable output (PV)
a known ideal value for that output (SP)
an input to the process (MV) that will affect the relevant PV
It becomes quick unpredictable when the limitations are not met.
Firing oreder four stroke four cylinder
There is that strange oredering in; IV, III, I, II.
This strange reordering is not unique.
From engine theory:
In a 4 cylinder (in line) 4 stroke engine the fire order also is changing from the visible linear by a projected cycle.
In this the oredering is I,II, IV, III, just a different start in the cycle.
➡ A lot in engines, machines, has become an automated system by itself.
The first steam engines did require a manual operation for opening and closing of the valves.
Safety valves, speed controls brakers and more were added by discrete steps evolutionary.
⚒ T-1.3.3 The closed-loop in information processing, DWH
Different types of Knowledge information: Datawarehouse
William H. Inmon (born 1945) is an American computer scientist, recognized by many as the father of the data warehouse.
Inmon created the accepted definition of what a data warehouse is - a subject oriented, nonvolatile, integrated, time variant collection of data in support of management's decisions.
Compared with the approach of the other pioneering architect of data warehousing, Ralph Kimball, Inmon's approach is often characterized as a top-down approach. Data Warehousing facts and Myths (Bill Inmon, Joe Reis Show)
What's a data warehouse?
A data warehouse is a repository of data that has been collected, typically across many applications.
The thing that's unique about the data warehouse is that it represents what we can call corporate or enterprise data.
There are different people that need to see different things in the corporation.
Applications need to see application data, but people like accounting, finance, sales, marketing and management need to look across data across the entire corporation.
And in order to do this, they need to gather data from many different applications and integrate the data.
For tangible products that is more easy to manage than with intangible products. With intangible products there are three types of artifacts using the same technology.
Acceptance and traction of the Datawarehouse
I started thinking about the data warehouse in its early vestiges in in effectively 1983.
I wrote an article in a magazine, Database Programming Design, that talked about the difference between operational data and analytical data.
At the time, the world was building lots of transaction processing applications.
And at that time it was thought that data was only useful for processing transactions.
And at that point in today, this is funny. We laugh at this today, but it wasn't funny at the time.
At the time, the notion that there should be another use of, of data other than transaction processing was a, was a heresy.
And so that that was the start.
The first article: the notion that there should be a difference between transaction data and analytical data led to the thought process of, well, Gee, what is the difference between transaction data and operational and, and analytical data?
What do we need to do to turn it into useful information for the organizations in our corporations that need to look at enterprise data?
How did it start gaining traction?
The vendors at the time were very dead set against the data warehouse and the technicians of the day and age did not support the idea of data warehouse at all.
In fact, they laughed at it and gave all kinds of reasons why we we couldn't have it.
The the real audience that Data Warehouse served in the early days was the marketing audience, because the people in marketing recognized the value of being able to look at data across the enterprise.
And then one day, I don't know how this happened, but one day suddenly the IT community began to catch on.
The very first data warehouse was done by a cellular organization, Pactel Cellular in in Orange County, California.
And for whatever reason the people at Pactel decided to build a data warehouse, that was the very first one.
But in the early days, the other marketing cellular companies came along and found out that, Oh my gosh, Pactel Cellular has this secret weapon called a data warehouse.
And I think it's kind of interesting because the way data warehouse was sold into the cellular companies was not from the vendor, was not from the IT organization, but was from top management going down to the IT community and saying we need a data warehouse because we need more market share now from the cellular companies.
Other organizations began to adopt data warehouse.
One of the most notable ones was at Walmart.
In Sam Walton's book on the success of Walmart, he mentions data warehouse and and he talks about how Walmart was able to track the skews that they have in in Walmart.
And so it went from cellular companies and then you can imagine once Walmart begin to espouse data warehouse, then all of the other retail companies did.
The purpose and why well covered in the organisation but not in the ICT silo.
The hi-jacking of the Datawarehouse acceptance
Is is a data warehouse a technology?
A data warehouse is decidedly not a technology.
A data warehouse is an architecture and a concept.
You can implement data warehouse with many different technologies.
You can put it on the cloud, you can put it on premise, you can put it in, you can put it in a database if that's what you want to do.
So a data warehouse is something that contains integrated granular data for your corporation, and a data mark is something that contains information that is customized for the analytical needs of a given department.
However, after Data Warehouse began to be popular and and began to take hold in the world, Ralph wrote his books.
Now Ralph has a different concept and, and I don't really call it a data warehouse at all.
It's really something called a data Mart.
A data Mart is something that is specialized for a department's analytical needs, such as the accounting department.
Why do you think people get confused with the word Datawarehouse to see?
One: one thing that Ralph did was he called a data Mart, a data warehouse in his book.
So if you read a Ralph Kimball book, you think you're reading about a data warehouse, but you're not.
Second: A reason for the confusion is that vendors who detested Data Warehouse at the beginning found that they could sell their product.
The vendors came into the game, the very ones that were trying to push data warehouse off the earth, found out they could make sales.
They started co-opting Datawarehouse to mean all kinds of things that it doesn't mean.
One of the things I hear about data warehouses is that it only applies to structured data.
In today's world, we have lots of other kinds of data.
We have textual data, we have analog data, we have lots of other kinds of data and a data warehouse concept can certainly accommodate those needs.
So people that think a data warehouse is designed strictly for structured data are limiting themselves to the possibilities.
Another thing, another concept I hear is that a data warehouse has to reside on a single platform.
That is absolutely not true at all.
You can have multiple platforms and multiple technologies implement a data warehouse in in in fact, when you get into analog data, you cannot start to work with analog data and work on a single platform.
The future of the Datawarehouse in measure & control
It kept bugging me that there's still confusion about Data Warehouse today, because it's not a new concept by any means.
It it's old, it's interesting, it's old, but it's still as viable and important today as it was the day that it came out.
When you stop needing the Datawarehouse is when you stop needing an enterprise wide view of data and when a corporation stops needing enterprise wide data.
It means they have no accountants, no finance, no sales, and no marketing and if that's your organization.
💣
Guess what? You don't need a data warehouse.
But that present representation of an organization doesn't fit any company, viable company that I know of.
At that point you just see the bankruptcy attorney.
⚒ T-1.3.4 The good regulator - non linear closed loops
ViSM: Viable system-2 channels & values
For the interactions between components there are channels.
The reaction time and direction are attributes for responsiveness. VSMB_SYST_02: A classification in channel types: 1-6.
details perspective
Intervention Regulation
C1
Balancing Autonomy and Control, prevent variety overload
Allocation of Resources
C2
Resource strategies in: market shifts or technology changes
Operational Interrelationships
C3
Mediate disputes between internal system components
Structured communication paths between system components
Monitoring (Parasympathicus)
C6
Ensures alignment with core mission and values
The interactions are influencing the state of values between the components.
➡ A model for interactions on values is a markov-chain or a network numerical prediction evaluation (NPE) relation.
A system can have different kinds of values depending on purpose, structure.
A possible value matrix:
perspective
details perspective
Financial
VF1
Cost Efficiency
Optimizing resource allocation to reduce waste. without compromising quality.
VF2
Revenue Generation
Sustainable business models that maximize earnings. Expanding market reach to enhance income streams.
For a usable model of an organisation a model with four basic structures is proposed.
These four structures are based on what is seen as common activities although details are different the abstractions are similar.
🤔 In a moment there are activities for the results in the now and other for what are options for the future or coming from the paste.
That structure is hard in any 2D visual and in 3D missing the dimension time for changes.
See figure right side:
😉 The four elements in a different approach than projected on a stretched cube solves the question of the edges at the DevOps and PortfolioPlan surfaces.
The are belonging to counterparts, for example:
marketing is related to Buyer
finance to assets.
Operational continuity to Motive
Technology safety to Pro-Vision.
The four basic components in a fourier transform for time
Projecting each of the areas into time series, Fourier .
A very important dimension is time.
Filling a 2d surface with multiple projections of the same structure in a time frequency is simplifying the calculations by interactions.
See figure right side.
The figure resembles Escher plane filling.
There is split in the backend / frontend representations by crossing the actions in time windows.
With a natural cooperation in the front-end, bacck-end and the crossings there is a disbalance in powers.
Time windows would be logical in:
⌛ days (fast-alert) and
⏳ quarterly (slow-normal).
T-1.4 Technology at Information Processing
In the beginning using computers for information processing was very expensive.
The situation was:
Very limited options for communications over distance and in bandwidth
Expensive machines (hardware) having:
limited CPU capacity
limited volatile internal memory
limited capacity permanent storage
Complicated software, operating systems, for having the hardware getting usable.
The only option was use on premise datacentres located at the shopfloor.
Are the basics for information processing since the beginning really changed ❓
⚒ T-1.4.1 Technology basics for information processing
The constraints in throughput in information processes
Understanding the bottlenecks is about "Performance & Tuning" in understanding relationships in Software (all types) en the Hardware (all types).
Solving and more advanced the preventing of performance problems can be complex and chaotic when the systems are complex or chaotic.
The basic classic architecture was set by von Neumann.
Optimizing is balancing between choosing the best algorithm and the effort to achieve that algorithm.
The time differences between those resources are in magnitudes factor 100-1000.
The changed state of art:
➡ A single CPU, the change:
there are many of those to share and GPU's for parallel floating arithmetics.
➡ limited internal memory, the change:
The change is that are several laysers amd capable of holding massive data.
➡ The external storage, the change:
these days several types for speed and purpose and even more massive data is possible to be holded.
The shift from serial to parallel processes
Neglecting performance questions could be justified by advance in hardware the knowledge of tuning processes is ignored.
Those days are gone, a Fundamental Turn Toward Concurrency in Software, By Herb Sutter. (2009)
The Free Lunch Is Over .
If you haven´t done so already, now is the time to take a hard look at the design of your application, determine what operations are CPU-sensitive now or are likely to become so soon,
and identify how those places could benefit from concurrency. Now is also the time for you and your team to grok concurrent programming´s requirements, pitfalls, styles, and idioms.
❗ Moore's law is about the number of components, not speed.
The maximum speed of a single processor is for many years rather stable.
The increased heat production sets a limit on the internal frequency.
Increasing capacity is by:
Better algorithms, decreasing internal waste.
Parallel processing internal, using more cores. (scaling up)
Dedicated processors, the GPU (graphical processor) offering many cores by design.
Parallel processing external, using more machines. (scaling out)
constraints Latency in throughput for processes
➡ CPU There was a belief that more internal cores would not happen forcing designs into many machines.
Intel This belief is proven to be wrong.
➡ Memory The volatile Working storage capacity still growing. A classic DBMS optionally becoming a fit.
🤔 Old state of art (2021): The Xeon Platinum 8378A offers 32 cores, 64 with hyperthreading active.
Support for two on a single machine board ➡128 cores on a machine.
➡ Cables, Channels Were the connection for a short distance. The fast improvement in network speed and distance made it possible to have them implemented by networks.
👐 A new way to see external storage. Storage in a network can be:
SAN (Storage attached Network) or,
NAS (Network attached Storage)
Theses are different in behaviour and performance.
👁 Combining those is going into high performant fault tolerant storage systems.
Those kind of systems are software defined storage systems.
➡ external storage using the internal memory types, solid state, avoiding mechanical delays.
⚙ T-1.4.2 Everlasting information technology challenges
Informattion at rest vs in transition
Choices to make in the performance by machines, CPU, internal memory, are the most understandable ones.
The real challenge is the understanding of how the information is processed.
🤔 No matter what the physical technology is, the information has to be copied from an "at rest" location to the "in transit" location.
Any kind of bottleneck will be the limiting factor for throughput.
in a figure:
See right side.
❗ A balancing act between sequential and parallel activity is part of the algorithm for functionality.
💣 offices, hybrid work & segmentation zones.
Increasing throughput, decreasing turn around time is achieved by:
Choices by: usage out of the many storage multi tier ones.
Optimize in design using striping - parallelisation:
OLTP, online transaction processing, uses only a small set of cases.
Optimal for lookups is random access.
Analytics, uses a far bigger portion of all of the cases.
When a significant population is involved sequential access is far better.
Disable technical loggings in the used DBMS when allowed by compliancy.
Duplicate an operational DBMS when avoiding operational stress is important.
It all starts with the question of what the goal of an organisation as the whole is. ❻ The activities for purposes are serviced by using platforms.
How those activities are service is the how of realisations.
Any realisation can be a success and a failure, for that the question is: how to improve realisations. ❺ Platform & Information considerations is about:
Archiving & backup ➡ infrastructure options and connections
Segmentation ➡ multi tier, multi tenancy into integrity and confidentiality
🕳👁❗ Platforms, tools in CIA compliacny is not state of art. ❹ Planning & Scheduling, technical planning of the operationals task the Service:
Enablers for the operational work in an organisation, "operator".
❸IT Service Desk, coordinating all kind of simple requests, the Service:
Enablers for work in an organisation. Delivery basic tools for human workers.
Helping in solving impediments doing work when the basic tools are failing.
Coordinating finding support when work is blocked by causes beyond basics.
❷SOC - Security Operations Center, monitoring integrity availablity operationals tasks, the Service:
Guarding the operations, trying to recognize the bad guys.
Acting and alert on events by isolating and defend.
❶Infomation archiving with access considerations, the Service:
The operational information access considerations is a commonn gap for implementation guidelines.
Document retention Policy standards with implementation guidelines.
Information recoverablity standards with implementation guidelines.
🤔 The situations are complicated because of all the dependencies, they are not easily to control.
⟳ T-1.4.3 Location and ownership of used technology
On Prem Platform
The functional service provisioning is independent from the technical realisation.
With ✅ a differentiator in technology, platform provisioning: internal.
Criterium: not ❌ handing over the platform (middleware) technology.
The idea of On-Premises (On-Prem):
Deployment: Software and infrastructure are installed and maintained locally within an organization's own data centers.
Control: Full control over hardware, software, security, and compliance.
Customization: Highly customizable to meet specific business needs.
Cost: Requires large upfront investments in hardware, software licenses, and IT personnel.
Maintenance: IT teams are responsible for updates, security patches, and troubleshooting.
Scalability: Scaling requires additional hardware purchases, making it less flexible.
There are differentiations for example using a shared (not owned) datacentre of selecting machine similar to it would be hardware offered by a provider.
🤔 The situations are complicated because of all the dependencies, they are not easily to control.
*AAS Platform
The functional service provisioning is independent from the technical realisation.
With no ❌ differentiator in technology, platform provisioning: externally.
Criterium: handing over ✅ the platform (middleware) technology externally.
The idea of As-a-Service (AAS) Models*:
Deployment: Hosted in the cloud, accessed via the internet.
Control: Managed by a third-party provider, reducing internal IT workload.
Customization: Limited customization compared to on-prem solutions.
Cost: Typically subscription-based, reducing upfront costs.
Maintenance: The provider handles updates, security, and infrastructure management.
Scalability: Easily scalable on-demand, making it more flexible.
There are differentiations for example using a shared (not owned) datacentre of selecting machine similar to it would be hardware offered by a provider.
🤔 The situations are complicated because of all the dependencies, they are not easily to control.
💣 There is: "law of conservation of misery" in line of: "law of conservation of energy"
choosing the where of doing processing
What are the issues with those *AAS promises vs on-prem?
Subject
*AAS models
On-Prem
Cost initial
Opex low upfront
Capex high upfront investments
Cost on going
Subscriptions, prices are not certain in the future
Ongoing maintenance and support
Customization
Limited customizable
Higley customizable
Scalablity
Highly scalable on demand within provider limits
limited scalability time-shifting and/ or hardware upgrades.
Safety
Security managed by provider (??)
Full control over security
⚠ The argument of cost is a possible fallacy, the profits of the provider shouls be a clear signal.
💣 The promise of a shift in accountablity for safety is terrible wrong.
The supply chain is the rapidly seen as the weakest link for the whole.
A break down of the operations caused by a failure at the provider is still impacting the organisation.
The CEO of the organisation is held responsible and accountable not the providers.
A break down or hiccup of safety for information by a mistake at the provider is impacting the organisation.
The CEO of the organisation is held responsible and accountable.
Better understanding of the situation will decrease complexity complications, to do:.
Confusion: When everything is "the application" the intention is meaningless
Focus : The value stream for the external buyer customer stakeholder is what matters
The tools: These are assembly units to enable values stream processing.
⚙ T-1.4.4 Safety in systems by design in technology
A structured approach: knowledge and documenting
5 Steps to effortless and engineering-informed cybersecurity risk assessments
security engineering tool (SET: S.Fluchs) is what Safety in a Jabsa context could be.
Cybersecurity without engineering expertise? A risk you cannot afford❗
Risk assessments are lost in the noise of technical cyber details, neglecting the bigger picture: protecting your plant, processes, and business outcomes.
For the bigger picture, engineering knowledge is needed, but it is too often locked away in engineers' minds, and thus inaccessible to your team.
You are wasting valuable time and money while chasing every 'best practice' instead of targeting those actions that really matter and lower your cybersecurity risk.
What happens if you do not address this?
➡
Failing to act means your team risks getting bogged down in ineffective practices, wasting time and resources while leaving your plant and processes vulnerable to the real-world risks that matter.
The promoted approach is following a strcuture:
real world impact The goal of avoiding high-consequence events
risk assessment and security requirements definition of risk-scenarios for relevant requirements
Critical functions Understanding of the system with all of its systems functions
system model use of cyber decision diagrams to map the system functions
Compliance evidence ad reports clear audit-ready reports that show the risk assessments.
The goal is at the top, the desired result at the bottom.
😉 To start the work getting done for this is in the middle to both sides.
This start in the middle in similar to Sabsa and Zachman. The 6w1h could be added.
The understanding of the system, the what, is needed for the details of how. Working towards the two why's.
The only thing I would add: 🕳👁❗ Have the audit-ready reports and audit reports well structured stored
💡❗✅ For safety design & build use Jabes to collect all information
💡❗✅ For validation safety use Jabes to collect all information
A structured approach: Defining and documenting
There is that issue: but it is too often locked away in engineers' minds, but why?
Attention points in the design architecture:
Segmentation of resources, components in the system
Validation in the flow for trustworthiness by structural checks and probes.
Well defined controls for access in functional activities
Usage of components that are verified safe for the intended task.
The structural change: 🕳👁❗ Have the safety design indispensable of the system.
💡❗✅ For safety design & build use Jabes to collect all information
💡❗✅ For validations of designed safety use Jabes to collect all information
T-1.5 Functionality by Information Processing
Any system development life cycle does have assumptions.
For information processing known as IT or ICT there are many of them.
A well known standard is staging by:
1/ Develop, 2/ Test, 3/ >Acceptance, 4/ Production
But this is far from complete and it not coveing the real change flow.
💣 Root causes by misunderstandings, wrong perceptions on:
Demand, suggestions innovation & change for what to do.
Decisions in whether tot deploy or not even when it is build.
How to design what to design and engineer in architecture.
the purpose, why, the value for the buyer
Abstractions and perspetves are needed to be communicated.
What are the basics for designing architecting in information processing ❓
⚒ T-1.5.1 Life cycle ambiguities, software development
There was a misconception for change
Agile was for years a dogma but has many issues.
That dogma only changed recently and now everyone is jumping on the product band-wagon.
Agile did justify itself mainly by blaming anything that was bad as "waterfall" culture without understanding the real culture, real reasons, the logical arguments.
M.Fowler:
I can´t recall hearing any conference speaker saying anything good about waterfall for many years.
... The waterfall style, as suggested by the Royce sketch, does it by the activity we are doing.
W.Royce (Wikipedia)
In 1970 he published his influential article "Managing the development of large software systems",
in which he presented several project management models, including what we now know as waterfall, iterative, and agile.
Waterfall (Wikipedia)
These variations included returning to the previous cycle after flaws were found downstream,
or returning all the way to the design phase if downstream phases deemed insufficient.
To solve: SDLC, ALC, DTAP, BI&Amp;A issues by their real root-causes.
This is the managed not by technocrats but by the bureaucrats and corporatocrats. 🕳👁❗ Get the suggestions, demand planning solved.
💡❗✅ For suggestions backlog & requirements use Jabes to collect all information
💡❗✅ For validation work in progress use Jabes to administer & collect all information
The metadata storage structure setup in Jabes uses a hierarchy in three levels for each of the information types.
Applicable for: "Suggestions, issues, and backlog for innovation & maintenance.
PDCA cycle redefined
There are three major power pillars in the organisation,
Strategy_(blue)
Tactical_(green)
Operational_(red)
each of them divided in three levels, the: "nine plane".
BPM-steer
Analytics-shape
SDLC-serve
The processes cycle uses four quadrants.
I, an inventory of changes, innovations
II, preparing change proposals
IV, realising the changes
III, Implement changes and execute
Combining all this in a single figure to support the chnage process is complicated.
⚙ T-1.5.2 Engineering technology, concurrency in activities
Achieving agility the V-model
Agile was for years a dogma but the real agility is understanding the v-model. Reducing Lead Time 4 - Development"
Development also has options to reduce the lead time that production does not have, namely concurrent engineering (also known as simultaneous engineering).
In manufacturing, the part can be only in one process at a time.
In development, multiple people can work on the same project. Concurrent engineering is the same, there are many sources for this.
hierarchy structure
The hierarchical structure is a conflict of interests caused by the hierarchy.
Before able to instruct staff for work a line of control, authority, must exist. An organisation chart is used in communications.
The classic structure is a pyramid, the orders and instructions going top down.
The result is cooperation on th shopfloor is not natural wihtin the local group.
NDMA:
The key to overcoming this obstacle is internal customer-supplier relationships.
When staff treat peers throughout IT as customers, just as they treat business-unit clients as customers, cross-boundary teamwork gets a lot easier.
The goal is servicing many customers, this is a reversed order from the shop floor experience.
The pyramid is reversed with the sharp point at the shop floor.
Designing, engineering, building, operating a big distance on the mission goals.
The Internal customer possible in a quite different line of control
NDMA:
The key to overcoming this obstacle is internal customer-supplier relationships.
When staff treat peers throughout IT as customers, just as they treat business-unit clients as customers, cross-boundary teamwork gets a lot easier.
⟳ T-1.5.3 The functional debt - technical debt dichotomy
Multiple DTAP dimensions
There will be always either a technical debt or functional debt or both.
It is not possible to have all artifacts up to date to latest moment.
Building a new ICT system is the most easy approach, building up:
❶ infrastructure, machines, (green)
❷ logic & information by two DTAP lines (blue)
❸ measurements, analytics, tools for control.
⚠ Note: ❗production information (orange) for all of it in the business application life cycle.
⚠ Infrastructure and analytics are out of date when going live.
Maintaining and changing what is in operational use is more challenging, building and changing:
❶ Learn from analytics what to change.
⚠ Note: ❗production information (orange) for all of it in the business application life cycle.
❷ Change business logic & information in two DTAP segregated lines (blue)
❸ Change Set up machines (green) according to external requirement and / or internal ones
⚠ The business logic is out of date when going live.
For details: 👓 click .
V-Model -VMAP - DTAP dependicies
The V-model is a graphical representation of a systems development lifecycle. It is used to produce rigorous development lifecycle models and project management models.
The V-model falls into three broad categories, the German V-Modell, a general testing model, and the US government standard.
In the visualisation the sequential order of the SIAR-model is included. There are many loopbacks to enable to react and apply change as soon as possible.
Realizing a DTAP implementation using the V-model is recommended.
Considerations:
❶ Allows agile lean project planning
❷ Acknowledges dependicies between logical actions
❸ Every stage can start when minimum of the previous one is present
❹ When split into: Strategy, tactcial, operational, micromanagement is avoidable
Golden oldies:
❶ V-Model: (wikipedia)
❷ combined with TMAP: (sogeti)
❸ more coverage: ISTQB
Agile lean:
❶ Small units more quick deliveries
❷ Small units easier quick requirement changes
❸ Goal of specifciations: "system test"
For details: 👓 click .
🤔🕳 There is no centralized portfolio product to collect all information on information processing.
🕳👁❗ Get the SDLC challenge solved
💡❗✅ For process design & build use Jabes to collect all information
💡❗✅ For validation design & build & run use Jabes to collect all information
The metadata storage structure setup in Jabes uses a hierarchy in three levels for each of the information types.
Applicable for: "process design & build" and "validation design & build & run".
⟳ T-1.5.4 Architecting Design Engineer information systems usage
Prisms in multiple dimensions
Limiting the scope to only information processing and ignoring that "the organisation" is composed by three different components is a perspective for EA Enterprise Architecture.
There is no way to "understand Information Architecture and Knowledge Engineering" using a flat 2D data modeling paradigm, it's as simple as that.
The immersion of enterprises in digital environments and the spreading of AI technologies call for a change of paradigm that could take into account the difference between data (facts), managed information (categories), and knowledge (concepts).
Source: ea-symbolic-twins
Ontological Prisms &amo Abstractions
Translating the symbolic/business into a formal language is disconnecting many of involved persons.
The thesaurus refers to a master data glossary.
A formal language should serve the business goals with simplicity.
Homogeneous abstractions are set within the same symbolic realms and thus pertain to the same kind of representations:
Extensional (data models): sets and subsets of facts characterized by variant featurests
Design (systems models): structural and functional inheritance between categories
Ontological Prisms & Enterprise Architecture
The formal language has to goal of visualisations that should be understandable in simplicity although a master data glossary will be needed.
A master data glossary is a formal word usage agreement to align intentions.
Ontological prisms ensure the interoperability of EA representations.
A separate yet integrated management of symbolic resources (data), assets (information), and services (knowledge)
A symbolic anchoring of enterprise architectures with their environments
The integration and interoperability of traditional and AI technologies
The activities we are seeing and doing but missing the consistency for changes for the hole.
Integration of symbolic (blueprints) and actual (architecture) artefacts would pave the way to actionable architectures befitting Otto Neurathโs appraisal quoted above.
To that effect symbolic prisms must enable a functional integration of basic EA use cases:
Requirements (managed facts)
Data analytics (environment facts)
Business analysis (facts/concepts)
Business intelligence (concepts)
Strategic planning (concepts/categories)
Systems engineering (facts/categories)
Systems modeling (categories)
From Symbolic Twins to "โBrain of the Firm"
Immersed in digital environments, EA symbolic prisms can be turned into digital twins:
Gears are provided by organisation (knowledge/information systems), operations (information systems/data), and processes (knowledge/data)
Osmosis can be achieved with Machine learning employed between facts and business models (data mining), and between facts and systems (process mining)
Homeostasis can be achieved through Knowledge graphs bringing together business models and enterprise governance
For requiremetns this can be extended into:
requirements revisited
Requirements at enterprise level entail references to business models, existing architecture components, and current or planned projects.
Given the variety of the contexts involved, such references may point to terms or models, the former with meanings set by domains, the latter set in actual (managed) or virtual (planned) modes.
Once requirements are aligned with business concepts, managed categories, and legacy components, work units and milestones can be defined and requirements distributed thereof, taking into account organisational, functional, and operational constraints.
Taking a leaf from lean manufacturing, work units can be handled across four engineering workshops.
T-1.6 Maturity 3: infrastructure in control
From the three ICT, ITC interrelated scopes:
❌ I - processes & information
✅ T - Tools, Infrastructure
❌ C - Organization optimization
Only having the focus on IT4IT, getting a mature Life Cycle Management (LCM) requires understanding an acknowledgment of the layered structure.
Each layer has his own dedicated characteristics.
⚖ T-1.6.1 The triality: Bureaucracy vs Technocracy vs Corporatocracy
A different perspective for the four systems
This is the vertical line in adaption goal integration and latency over the components.
The four sides of the stretched cube is seen for:
Bureaucracy, (people) the administrative work for supporting the intended values.
Technocracy, (machines) the knowledge, skills for creating tools and methodologies that are helping to achieve intended values more easier.
Corporatocracy, (processes) is the most powerful because it are in fact two closely related cultural powers: (policy and governance)
Setting a direction for external opportunities and aligning the internal culture
Defending, backing up the needed resources from internal and external threats
In a social and historical contact we can recognize in this the powers of aristocracy and military.
Seeing this in this context is a change in the controverse technology vs the organisation.
Overview of the five technocrat orderings
Combining VSM system attributes opens bureaucracy for fractals in shifting log frames.
This is the horizontal line in adaption goal integration and latency within the components (autonomy).
The only difference for Bureaucracy, Technocracy and Corporatocracy are the topics, contents for what it is about seen at the system-1.
System-1 technocrat-1
-2
System-3
System-4 technocrat-4
System-5 technocrat-5
1
Analysis
⇄
Structured Hierarchies
Leadership
Mental models
3
Design
⇆
Documentation & Record-keeping
Communication
Shared vision
2
Development
⇅
Qualified Personnel
Motivation
Personal mastery
4
Testing
⇵
Clear Rules & Procedures
Interaction Influence
3M
6
Maintenance
⇅
Impartial Application
Goal setting
Team learning
5
Deployment
⇄
Adaptability
Decision making
Systems thinking
7
Evaluation
⇆
Accountability Mechanisms
Control
3M
8
Innovation & Disposal
⇵
Strategic Alignment & Risk Management
Performance goals
3M
Regulations: technicals & functionals
Although there are no direct regulations on the technology at this moment, there are many regulations to comply by organisations.
The topics for those regulations are mostly similar Confidentiality Integrity Availability (CIA). The result of a BIA analyses for CIA levels should be verifiable.
💡❗✅ For process requirements & design use Jabes to collect all information:
Information Security
Information Quality
Explainable PII usage
Explainable Algorithms
⚖ T-1.6.2 The challenge of an organisational technological model
The Fourier transformed organisational model to model
The mechanistic & Sentienstic interactions to model
There are two perspectives for the whole:
Economy: Product management life cycle and control,
Community: balancing autonomy vs central authority.
🤔 In a two dimension view the result is a stretched cube for both.
Combining those thinking in a sphere would be more appropriate.
The are four staged types of interest toe evaluate in many perspectives as dimensions:
building an organisation / community.
enabling to fulfil product (goods / services) deliveries.
Changing time horizons, time spans, from paste to future.
Social interactions by the components as humans and their tools.
The number of dimensions and their interaction are far too many for easy understanding.
mathematical technical cybernetics
The processing by models and numbers evoluated by the increasing options in technology. Acta Cybernetica Vol_26_4
Cyber-physical systems (CPS) are systems in which software and physical parts interoperate deeply.
The physical part of these systems is often modeled by differential equations.
When properties have to be verifed on these systems, for instance the feasibility or the safety of a mission assigned to a robot, the solution of such differential equations is generally required.
Even if Ordinary Differential Equations (ODE) are mostly considered to model cyber-physical systems, obtaining an analytical solution to this class of equations is a complex issue and approximations obtained with numerical methods are sometimes suffcient to check a given property.
However, for some applications an approximation is not enough and an enclosure of the exact solution is required.
AI and the digital ecosystem
Analyzing chaotic systems requires statistical methods that embrace complexity and unpredictability.
Some of the most effective approaches include:
Time Series Analysis: Techniques like Fourier Transforms or wavelet analysis help detect patterns, frequencies, or trends within chaotic data.
Monte Carlo Simulations: These simulations use random sampling to model the probability of different outcomes in chaotic scenarios, especially in financial systems or weather forecasting.
Fractal Analysis: Measures like the fractal dimension analyze patterns of self-similarity in chaotic systems, revealing hidden structures.
Bayesian Inference: This method incorporates prior knowledge with current data to make probabilistic predictions, even when the system is uncertain.
Nonlinear Regression and Dynamical Modeling: These tools fit mathematical models to chaotic systems, capturing nonlinear relationships and predicting future behavior.
Entropy-Based Measures: Techniques like Shannon entropy or permutation entropy assess the degree of randomness or complexity within chaotic systems.
Stochastic Processes: Methods like Markov chains or Brownian motion describe systems where randomness plays a key role, suitable for chaotic environments.
Network Analysis: This identifies connections and relationships in complex systems, like ecosystems or social networks, where chaos is prevalent.
👁 The content is a scientific approach for prescriptions in a VUCA world.
Work to do: solving SDLC, DTAP, issues by their root-causes. (N.Dean Meyer)
The right way to build high-performance, cross-boundary teamwork is to get to fundamentals.
Find out why the nice people in your organization don't team, and then address the root causes of incentives, culture, structure, and the internal economy.
Real Reason 1: Incentives
Real Reason 2: Culture
Real Reason 3: Structure
Real Reason 4: Resources
See also: "E-1.3.1 Recognizing the 3M evils"
DTAP approaches maturity for LCM additional distinct layers for:
⚒I landing zone processes     Operational plane
⚒T hardware- operating system     Tools middelware
⚒C landing zone monitoring     Analytical plane
The bottom area is enabling the upper part. It must be robust enough for the requirements of the serviced organization.
👓 click on the figure for Jabes maturity technology.
Maturity Attention Points
Attention points for maturity level considerations & evaluations:
Maturity id
SubId
Source
Context
CMM-4IT-1
Network
C1
T-1.4 On Premise services
Segmentation, zones, isolation
A1
T-1.4 On Premise services
maximum single speed
A2
T-1.4 On Premise services
Total throughput
C2
T-1.4 On Premise services
Encryption
I1
T-1.4 On Premise services
Robustness
I2
T-1.4 On Premise services
Virtualisation impact
C5
T-1.5 Software as a Service - Cloud
Segmentation, zones, isolation
A5
T-1.5 Software as a Service - Cloud
maximum single speed
A6
T-1.5 Software as a Service - Cloud
Total throughput
C6
T-1.5 Software as a Service - Cloud
Encryption
I5
T-1.5 Software as a Service - Cloud
Robustness
I6
T-1.5 Software as a Service - Cloud
Virtualisation impact
CMM-4IT-2
Machines
A1
T-1.4 On Premise services
CPU
A2
T-1.4 On Premise services
Volatile Memory
A3
T-1.4 On Premise services
Persistent Storage sizing
A4
T-1.4 On Premise services
Persistent Storage throughput
C1
T-1.4 On Premise services
Robustness
C2
T-1.4 On Premise services
Recoverability
I1
T-1.4 On Premise services
Virtualisation impact
A5
T-1.5 Software as a Service - Cloud
CPU
A6
T-1.5 Software as a Service - Cloud
Volatile Memory
A7
T-1.5 Software as a Service - Cloud
Persistent Storage sizing
A8
T-1.5 Software as a Service - Cloud
Persistent Storage throughput
C5
T-1.5 Software as a Service - Cloud
Robustness
C6
T-1.5 Software as a Service - Cloud
Recoverability
I1
T-1.5 Software as a Service - Cloud
Virtualisation impact
CMM-4IT-3
operating system
C1
T-1.4 On Premise services
Segmentation, zones, isolation
A1
T-1.4 On Premise services
DNS central repository
A2
T-1.4 On Premise services
Identities central repository
C2
T-1.4 On Premise services
DNS central repository
C3
T-1.4 On Premise services
Identities central repository
I1
T-1.4 On Premise services
Robustness
I2
T-1.4 On Premise services
Middleware Connections
C5
T-1.5 Software as a Service - Cloud
Segmentation, zones, isolation
A5
T-1.5 Software as a Service - Cloud
DNS central repository
A6
T-1.5 Software as a Service - Cloud
Identities central repository
C6
T-1.5 Software as a Service - Cloud
DNS central repository
C7
T-1.5 Software as a Service - Cloud
Identities central repository
I5
T-1.5 Software as a Service - Cloud
Robustness
I6
T-1.5 Software as a Service - Cloud
Middleware Connections
The meaning of what is made by intentions
There is a change over and over aging in this. Otto_Neurath about philosophy of science and language.
He views truth as internal coherence of linguistic assertions, rather than anything to do with facts or other entities in the world.
The criterion of verification is to be applied to the system as a whole (see semantic holism) and not to single sentences.
The metaphor:
We are like sailors who on the open sea must reconstruct their ship but are never able to start afresh from the bottom.
Where a beam is taken away a new one must at once be put there, and for this the rest of the ship is used as support.
In this way, by using the old beams and driftwood the ship can be shaped entirely anew, but only by gradual reconstruction. Noether theorem
Applications are business organisational artifacts served by technology. The business rules, business logic, are set by the organisation.
The methodologies for defining business rules has several options:
ALC-V1: Dictate instructions what to do what to achieve
ALC-V2: Analyse situations while discussing what to achieve
ALC-V3: Analyse information while discussing what to achieve
Intention: improving quality, quantity at lower cost.
⚙ T-2.1.1 ALC-V1 Functional
generic
The classic application project delivery: "ALC-V1 model".
No intended continuous maintenance. It is one off single monolithic system delivery
No standard operational feed back to learn. Every new system is build from scratch.
Optional: learning from a "process log" and/ or "real operational documents" .
Optional: What has learned from building a previous system.
In a figure:
The operational plane is at the lower half.
The analytical plane is at the upper half.
Operational - analytical plane
⚒ Operational:
For system where change during the total lifecycle is not making sense, this methodology is a good choice.
In the physical world this is a common approach. Datacentres have many physical components.
⚖ Analytical:
At best there are some spreadsheets used (ad hoc analyses).
Ideas from a guru, external advisor, are accepted practices.
⚙ T-2.1.2 ALC-V2 Functional
generic
The classic application life cycle mangement: "ALC-V2 model".
Intended continuous maintenance.
Standard operational feed back to learn. A system is changed or build from scratch.
Obligatory: learning from a "process log" and/ or "real operational documents" .
Obligatory: What has learned from building a previous system.
⚖ Analytical:
Needed simple options what is happening: ❶ Speed, ❷ direction, ❸ resources left, ❹ clear view on the way.
🕳👁❗ Explain requirements for operational data / information analytical plane clearly. 🕳👁❗ Explain versions requirements clearly. 💣Versioning is about process logic.
⚙ T-2.1.3 ALC-V3 Functional
generic
Modern application life cycle mangement: "ALC-V3 model".
Intended continuous maintenance.
Standard operational feed back to learn. A system is changed or build from scratch.
Embedded: learning from a "process log" and/ or "real operational documents" .
Embedded: What has learned from building a previous system.
Reused form open source knowledge: statistical algorithms predicting probabilities on expected outcomes.
⚖ Analytical:
Needed advanced options what is happening: ❶ Speed, ❷ direction, ❸ resources left, ❹ clear view on the way.
⚖ Legal:
Getting aligned on impact on probabilities.
🕳👁❗ Explain requirements for operational data / information all planes clearly. 🕳👁❗ Explain the role of the training dataset being the source code.
Elaboration ALC-V3
ITC is transforming into using ML (Machine Learning), a subarea of AI.
Processes how to create, implement and monitor are not settled.
❗ Important:
The focus is on documents, data, information from the operational production.
Business decisions to implement are based on controlled feed back loops, controlled and monitored by human decision makers.
Building the model is for an expert, however the accountablity and responsibility is at the business line.
Developping logic, new terminology "model"
The modelling part got a new life cycle:
data preparation
extract features
train model
evaluate model
Instead of human defined decisons it is humand guided, computer assisted, best decision (champion) too choose.
T-2.2 Behavorial differences in ALC types
Applications are business organisational artifacts served by technology.
Business rules, business logic, are set by the organisation.
Methodlogies used by the business to follow by technology are:
ALC-V1: Dictate instructions what to do what to achieve
ALC-V2: Analyse situations while discussing what to achieve
ALC-V3: Analyse information while discussing what to achieve
Intention: improving quality, quantity at lower cost.
⚙ T-2.2.1 ALC-V1 Technical
generic
The classic application project delivery: "ALC-V1 model".
No intended continuous maintenance. It is one off single monolithic system delivery
No standard operational feed back to learn. Every new system is build from scratch.
Optional: learning from a "process log" and/ or "real operational documents" .
Optional: Wat has learned from building a previous system.
⚠ The focus is only on partial code artifacts.
Issues Component properties:
Applications can have many code types integration challenges
Code types options: , ,
Compile - link
Script
parameter / option file
...
External Connections including authorisation definitions
⚠ CIA ratings, results from BIA-s should not ignored.
Operational - analytical plane
⚒ Operational:
Fake data / information is used for development.
Operational data information is only used for operations.
⚖ Analytical:
At best there are some spreadsheets used (ad hoc analyses). Required is operational production information.
Ideas from a guru, external advisor, are accepted practices.
🕳👁❗ Get the DTAP ALC challenge solved
⚙ T-2.2.2 ALC-V2 Technical
generic
The classic application life cycle mangement: "ALC-V2 model".
Intended continuous maintenance.
Standard operational feed back to learn. A system is changed or build from scratch.
Obligatory: learning from a "process log" and/ or "real operational documents" .
Obligatory: What has learned from building a previous system.
⚒ Operational:
To build simple operating options: ❶ faster, ❷ slower, ❸ change direction, ❹ environment knowledge .
Dedicated operational, build - test environments. ⚖ Analytical:
To build simple options what is happening: ❶ Speed, ❷ direction, ❸ resources left, ❹ clear view on the way.
Required is operational production information.
🕳👁❗ Get the DTAP ALC challenge solved. 💣Note: requirement operational data usage. 🕳👁❗ Get versions requirements clear. 💣Versioning is not about coding.
⚙ T-2.2.3 ALC-V3 Technical
generic
Modern application life cycle mangement: "ALC-V3 model".
Intended continuous maintenance.
Standard operational feed back to learn. A system is changed or build from scratch.
Embedded: learning from a "process log" and/ or "real operational documents" .
Embedded: What has learned from building a previous system.
Reused form open source knowledge: statistical algorithms predicting probabilities on expected outcomes.
⚒ Operational:
To build advanced operating options: ❶ faster, ❷ slower, ❸ change direction, ❹ environment knowledge .
Dedicated operational, build - test environments. ⚖ Analytical:
To build advanced options what is happening: ❶ Speed, ❷ direction, ❸ resources left, ❹ clear view on the way.
Required is operational production information. ⚖ Legal:
Getting aligned on impact on probabilities.
🕳👁❗ Get the DTAP ALC challenge solved. 💣Note:requirement operational data usage 🕳👁❗ 💣 Get the role of the training dataset being the source code solved.
Elaboration ALC-V3
ITC is transforming into using ML (Machine Learning), a subarea of AI.
Processes how to create, implement and monitor are not settled.
❗ Important:
Modelling (developping) is based on the business production data, with all resulting dependicies and consequences.
The Life Cycle using analytics &robotics is different.
The classic approach is still valid for logic but being extended.
Up to five line components with interrelated dependencies involved.
Artifacts and their deployment dependencies must be more clear classified.
The five component lines are:
Logic Data: Data deliveries (ER star-model) for modelling (automated).
Logic Data: Data deliveries (ER star-model) for scoring history (automated).
Logic Data: A denormalized table needed for the statistical modelling.
External Connections (deliveries) part of the automated scoring process.
The behaviour, model explanation: Lift, error rates, reliability, performance.
Development line: As much as possible PII (Personal Identifiable Information) is excluded, historical data made in extended periods.
Operational plane: PII data is only included when needed in deliveries, historical data only for agreed relevant retention periods.
Infra: Scheduling for the development and operational lines are different.
Infra: CIA (Confidentiality Integrity Availability) differences leads to multiple environments.
❓ T-2.2.4 What is the Q&A list for ALC - SDLC?
😉 For considerations using Jabes metadata portfolio technology is not relevant.
When wanting to use the Jabes maturity level measurement it is unavoidable.
For considerations using Jabes metadata portfolio detailed Q&A are on the backog (to do) list.
T-2.3 Middleware & platforms
Components (tools) purchased, middelware:
DBMS: database mangement systems
File transfer, information exchange tools
ERP: Enterprise Resouce systems
ELT: data processing tools
BI&A: Analytics & reporting tools
..
Intention: enabling building processes.
⚙ T-2.3.1 ALC middleware
generic
The classic application life cycle mangement: "ALC middleware".
Purchase the software after evaluation value adding options.
Get the platform configured to embed in existing technology.
Obligatory: learning from a "process log" and/ or "real operational documents" .
Obligatory: What has learned from building a previous system.
A figure,
See right side:
Attention, understanding needed for:
External suppliers assumptions & guidelines
Internal infrastructure & guidelines
⚠ Only focus:platform by wishes from the organisation
⚠ NO: "business logic" code NOR "business data"
Issues platform properties:
Embedded third party components
Connecting to internal security providers
External Connections
Not to ignore:
⚠ CIA, ratings results from BIA-s
⚠ infrastructure embedding (eg: LDAP AD)
⚠ security monitoring embedding (eg: SIEM)
Operational - analytical plane
⚒ Operational:
Tooling Control & w Monitoring for resource usage (infrastructure) and their limitations.
Align with security compliancy eg SIEM, LDAP
⚖ Analytical:
At best there are some reprots (ad hoc analyses).
Required are operational production information describing the platfrom.
Ideas from a guru, external advisor, are accepted practices.
🕳👁❗ Get Middleware ALC and versioning challenge solved
⚙ T-2.3.2 DLC data life cycle
generic
The classic application life cycle mangement: "ETL ELT" (Extract Load Transform).
Intended continuous maintenance.
Standard operational feed back to learn. A system is changed or build from scratch.
Obligatory: learning from a "process log" and/ or "real operational documents" .
Obligatory: What has learned from building a previous system.
A figure,
See right side:
Operational - analytical plane
⚒ Operational:
Fake data / information is used for development.
Operational data information is only used for operations.
⚖ Analytical:
At best there are some spreadsheets used (ad hoc analyses). Required is operational production information.
Ideas from a guru, external advisor, are accepted practices. ⚖ Legal:
Getting aligned on impact on probabilities. 🕳👁❗ Get the DTAP DLC challenge solved. 💣Note:requirement operational data usage
⚙ T-2.3.3 Data / Information provisioning
generic
The classic application life cycle mangement: "ALC middleware.
Data lake, DataWareHouse, Data lake house, ODS. (Persistent storage)
receiving items, storing items, delivering when needed.
Obligatory: learning from a "process log" and/ or "real operational documents" .
Obligatory: What has learned from building a previous system.
Data as a product principle is designed to address the data quality and age-old data silos problem; or as Gartner calls it dark data -
โthe information assets organizations collect, process and store during regular business activities, but generally fail to use for other purposesโ.
Analytical data provided by the domains must be treated as a product, and the consumers of that data should be treated as customers - happy and delighted customers.
T-2.4 Confidentiality, Integrity, availability
Compliancy questions are applicable everywhere internal and external for an organisation.
Although this is the technical pillar representative roles to the ones in the organisational pillar are needed.
Support for the organisational:
CSO Chief Security officer
CDO Chief Data officer
CFO Chief Financial officer
COO Chief Operations officer
Similarity using the SIAR model holistic and at the technical pillar is intended.
⚙ T-2.4.1 Data / Information Governance
generic
Engineering than a list of "best practices", what always has been done.
DMBOK has a wheel of "Best practices", Data
PMBOK has "Best practices" (PMI project management institute)
A figure,
See right side:
Technical Section - Holistic
⚒ Technical Section:
To build advanced operating options, use DMBOK, PMBOK.
⚖ Holistic:
To build advanced options what is happening, use DMBOK, PMBOK.
⚖ Legal:
Getting aligned on what always has been done that way.
Anyway a problem with not understood and changing compliancy.
⚙ T-2.4.2 Steer Shape Serve - within technology pillar
generic
Organizing the task and roles, reuse of the nine-plane.
Steer in the technology: pillar is the connection to Serve in the holistic one.
Shape in the technology: pillar assures technology featues in the future.
Serve in the technology: pillar build & run of state of art technology.
A figure,
See right side:
Technical Section - Holistic
⚒ Technical Section:
To build advanced operating options, state of art technology now and in the future.
⚖ Holistic:
To build advanced insight in: ❷ what is happening, ❸ what could happen and ❸ what is likely to happen. (risk appetite)
🕳👁❗ Align audit roles in rechnical section aligned with holistics. 💣 👉🏾 frictions 🕳👁❗ Aling the request delivery processes at holistic into the technical section. 🕳👁❗ Aling alert options from the technical section into the holistic. 💣 👉🏾 frictions
⚙ T-2.4.3 Serve: Operational information process
generic
Servicing holistic data driven processes From the technology pillar:
operate the operational processes robust & reliable.
assure technology features for the future will be there in the future.
build & run using using state of art technology.
A figure,
See right side:
Technical Section - Holistic
⚒ Technical Section:
Run Processing: ❷ reliable predictable, ❸ robust integrity, ❹ react at alerts.
⚖ Holistic:
Consume Processing: ❷ expectations on quality & time, ❸ expectations on quality & cost, ❸ react at alerts.
⚖ Legal:
Control Processing: ❷ expectations on compliancy requirements.
🕳👁❗ Set Service - Delivery challenges, 💣 👉🏾 frictions. 🕳👁❗ Set reaction on alerts challenges, 💣 👉🏾 frictions. 🕳👁❗ Set compliancy requirements challenges, 💣 👉🏾 frictions.
Elaboration addtional information
❷ Required is controlling who uses what kind of software / tools. SAM, Software asset managment:
SAM (wikipedia)
Software asset management (SAM) is a business practice that involves managing and optimizing the purchase, deployment, maintenance, utilization, and disposal of software applications within an organization.
According to the Information Technology Infrastructure Library (ITIL), SAM is defined as " all of the infrastructure and processes necessary for the effective management,
control and protection of the software assets throughout all stages of their lifecycle."
Fundamentally intended to be part of an organizations information technology business strategy,
the goals of SAM are to reduce information technology (IT) costs and limit business and legal risk related to the ownership and use of software,
while maximizing IT responsiveness and end-user productivity.
❸ Required is: clear responsibilities accountabilities:
EU (commission law)
The data controller determines the purposes for which and the means by which personal data is processed.
So, if your company/organisation decides โwhyโ and โhowโ the personal data should be processed it is the data controller.
Employees processing personal data within your organisation do so to fulfil your tasks as data controller.
....
The data processor processes personal data only on behalfof the controller.
The data processor is usually a third party external to the company. However, in the case of groups of ventures,
one venture may act as processor for another undertaking.
T-2.5 Logical functional security by technology
The simple question: "Whose Job Is It, Anyway?"
There was an important job to be done and Everybody was sure that Somebody would do it.
Anybody could have done it, but Nobody did it. Somebody got angry about that, because it was Everybody´s job.
Everybody thought Anybody could do it, but Nobody realized that Everybody wouldn´t do it.
It ended up that Everybody blamed Somebody when Nobody did what Anybody could have.
⚙ T-2.5.1 Middleware tools Security
generic
Applications using information are use by everybody. But:
anybody should not see anything
somebody should not change everything
nobody involved should know nothing
Missing tools, middleware:
Purchase software after evaluations.
Get platforms configured and running.
Learning from a "process log".
What has learned from previous systems.
The middleware usage is slightly different to middleware in the operational line.
This kind on middleware is involved in operational processes but not having any commitment with them.
A figure:
See right side
Attention, understanding needed for:
External suppliers assumptions & guidelines
Internal infrastructure & guidelines
Technical Section - Holistic
⚖ Holistic:
Goal: a reliable robust environment for the organisation (I).
⚒ Technical Section:
❶ Build enabling doing SIEM.
❷ Build enabling doing SOAR.
❸ Build enabling doing pentesting.
❸ Build enabling doing IAM security for the organisation.
Getting the knowledge and tools is only the first design step.
🕳👁❗ Clear requirements for technical security and IAM . 🕳👁❗ Orchestration activities with responsibilities 💣 👉🏾 frictions.
⚙ T-2.5.2 Security Monitoring & Analysing
generic
Monitoring auditing for knowing what is going on, what possible risks are:
Collecting relevant information iternal, external
Define metrics, use metrics, implement metrics
Probe and measure at relevant locations
A figure:
See right side
Technical Section - Holistic
⚖ Holistic:
Goal: a reliable robust environment (II).
⚒ Technical Section:
❶ Run operational SIEM.
❷ Run operational SOAR.
❸ Run operational pentesting.
🕳👁❗ Operational (technical) data usage, beware of hidden compliancy conflicts. 🕳👁❗ The organisational (holistic) compliancy requirements must be clear, 💣 👉🏾 frictions.
⚙ T-2.5.3 Identity Access
generic
There is a "Devil´s Triangle" on its own with IAM. Conflicting types of interest:
Giving granting access to humans. Conforming the hierarchical organisation structure.
Securing technical systems, the supply chain included. Conforming.
Design secure Platforms, secure organisational business information processes.
A figure:
See right side
👓 click on figure for modelling the relationships and building realizations.
Operational - analytical plane
⚖ Holistic:
Goal: a reliable robust secure environment (II).
⚒ Technical Section:
❹ Run operational IAM security holistic for the organisation.
❺ Have all three interests orchestrated managed.
⚖ Legal:
The three types of IAM interests should get serviced evenly.
🕳👁❗ The three types IAM interests are a complicated challenge, 💣 👉🏾 conflicts.
Elaboration Logical functional security by technology
❶ A Security Information and Event Management system is an application for the SOC Security Operations Center.
SIEM (Gartner)
SIEM aggregates the event data that is produced by monitoring, assessment, detection and response solutions deployed across application, network, endpoint and cloud environments.
Capabilities include threat detection, through correlation and user and entity behavior analytics (UEBA), and response integrations commonly managed through security orchestration, automation and response (SOAR).
Security reporting and continuously updated threat content through threat intelligence platform (TIP) functionality are also common integrations.
Although SIEM is primarily deployed as a cloud-based service, it may support on-premises deployment.
❷
SOAR (TechTarget)
While SIEM tools have been around for years, security orchestration, automation and response (SOAR) is the newer kid on the block.
This security technology was designed to help businesses better organize internal and external threats and to help speed up the process of triage and incident resolution.
SOAR uses AI to better prioritize incident alerts so that SecOps teams know which threats to work on first.
SOAR also uses a concept known as playbooks -- prebuilt and automated remediation steps that initiate when certain thresholds are met.
❸ A "Complete guide to penetration testing best practices":
Pentest (TechTarget)
Software penetration testing, also called pen testing, discovers flaws, and examines the possible consequences of those defects.
The organization can then handle those exploits in a safe, controlled and well-documented manner.
Although penetration tests also cover the operation of networks, servers and other hardware, developers and testers bear responsibility for weaknesses at the software level.
Ideally, the software"s design and codebase allow only authorized users access to features and data stores. In practice, however, software comes with a wide range of risks that might leave the application vulnerable.
Unauthorized individuals seek out these weaknesses to gain control of the application and access, alter or steal data.
...
Applications rely heavily on the OS for resources, including the UI, storage access and a network interface.
OS weaknesses can potentially give a malicious actor control of application behavior or inappropriate access to storage.
Consider how an OS manages ports for communication to and from the network. A hacker can use port scanning to detect open ports to attack the system and software.
Install all OS security patches to protect applications and data.
❹ What is missing 💣 👉🏾: A good simple approach building a role and attribute based security model for business applications.
IAM, PAM (TechTarget)
Identity and access management (IAM) is a framework of business processes, policies and technologies that facilitates the management of electronic or digital identities.
With an IAM framework in place, information technology (IT) managers can control user access to critical information within their organizations.
...
Privileged access management (PAM) is the combination of tools and technology used to secure, control and monitor access to an organization's critical information and resources.
The forgotten or ignored security design:
high privileged roles: the many administrator functionalities:
Infrastructure: service accounts needed for system processes.
Organisation: test accounts simulating intended business users functions.
T-2.6 Maturity 4: business applications in control
From the three ICT, ITC interrelated scopes:
✅ I - processes & information
✅ T - Tools, Infrastructure
❌ C - Organization optimization
Only having the focus on IT4IT, getting a mature Life Cycle Management (LCM) requires understanding an acknowledgment of the layered structure.
Each layer has his own dedicated characteristics.
A process can be build from scratch, starting with acquiring hardware or from change requests driven by optimization analyses.
There will be always either a technical debt or functional debt or both.
It is not possible to have all artifacts up to date to latest moment.
Start building by acquiring hardware:
❶ Have machines Ordered (green)
❷ Start with development on a verified delivered production machine (hardware).
❸ Build up the operating system, middleware - tools.
❹ Verify the goal for business (blue and/or analytics (orange) infrastructure (green) is ready for production.
⚠ Enabling Maintenance is not mandatory part of the activity.
👓 click on the figure for Jabes maturity technology.
Note: ❗⚠ Business production information (blue) is always used for analytics (orange).
These three layers are a source for 💣 conflicts by misunderstandings and ignorance.
Maintaining and changing what is operational, is more challenging:
❶ Learn from analytics (orange) what to change in the production environment.
  The change can be business processes (blue) and/or technology (green).
❷ Change business logic & information in the two DTAP segregated lines code/data (blue)
❸ Change Set up machines (green) according to external requirement and / or internal ones
⚠ Maintenance, DTAP deployments, must be enabled its a mandatory with the activity
👓 click on the figure for Jabes maturity technology.
Note: ❗⚠ Business production information (blue) is always used for analytics (orange).
These three layers are a source for 💣 conflicts by misunderstandings and ignorance.
Maturity Attention Points
Attention points for maturity level considerations & evaluations:
Maturity id
SubId
Source
Context
CMM-4IT-4
Tools, Middelware
C1
T-2.2.1 ALC-V1 Technical
Data governance
C2
T-2.2.2 ALC-V2 Technical
Data governance
C3
T-2.2.3 ALC-V3 Technical
Data governance
C4
T-2.3.3 Data / Information provisioning
Data governance
C5
T-2.3.1 ALC middleware
Technology
I5
T-2.3.1 ALC middleware
Technology
A5
T-2.3.1 ALC middleware
Technology
C6
T-2.5.3 Identity Access
Security
S1
T-1.6.2 Incentives, Culture, Structure, Resources
Structure
CMM-4IT-5
Operational plane
C1
T-2.2.1 ALC-V1 Technical
Data governance
C2
T-2.2.2 ALC-V2 Technical
Data governance
C3
T-2.2.3 ALC-V3 Technical
Data governance
C1
T-2.2.1 ALC-V1 Technical
Data governance
C2
T-2.2.2 ALC-V2 Technical
Data governance
C3
T-2.2.3 ALC-V3 Technical
Data governance
C5
T-2.3.1 ALC middleware
Technology
I5
T-2.3.1 ALC middleware
Technology
A5
T-2.3.1 ALC middleware
Technology
C6
T-2.5.3 Identity Access
Security
S1
T-1.6.2 Incentives, Culture, Structure, Resources
Structure
CMM-4IT-6
Analytical plane
C1
T-2.2.1 ALC-V1 Technical
Data governance
C2
T-2.2.2 ALC-V2 Technical
Data governance
C3
T-2.2.3 ALC-V3 Technical
Data governance
C5
T-2.3.1 ALC middleware
Technology
I5
T-2.3.1 ALC middleware
Technology
A5
T-2.3.1 ALC middleware
Technology
C6
T-2.5.3 Identity Access
Security
S1
T-1.6.2 Incentives, Culture, Structure, Resources
Structure
📚 T.2.6.4 External references
Global compliancy
These references are at the index, they are a shared interest.
Local SDLC
The focus is on the technical engineering life cycle.
A limited list:
Solving the issues at "T-1.6.2 Incentives, Culture, Structure, Resources".
requires: understanding and translations of requests "T-2.1 ALC types "
requires: understanding the SDLC engineering misperception.
goal for adding value, understanding value stream with assembly lines.
goal for adding value, an organisational culture supporting the mission values.
Agile, no design
There is blame game going on. Simplistic agile is failing at large systems. Get basics understanding of the theory and root causes of the problem.
When there are logic fundamental dependencies it is nonsense to ignore those dependencies.
Unless you have a lot of money and the goal is a decorative one, usefullness requires welel designed strcutures. Winchester House (wikipedia)
She was known to rebuild and abandon construction if the progress did not meet her expectations,
which resulted in a maze-like design. In the San Jose News of 1897, it was reported that a seven-story tower was torn down and rebuilt sixteen times.
As a result of her expansions, there are walled-off exterior windows and doors that were not removed as the house grew in size. Multiple levels, up to five,
were added to different parts of the home. The design was essentially Victorian, with elements of Gothic and Romanesque features.
T-3 SDLC - Business Intelligence & analytics - Jabes
T-3.1 Descriptive Business intelligence
Understanding what is going on what with all uncertainties and possible future scenarios is an everlasting quest.
A pitty when answers are 💣 multi interpretable with not understood effects.
EIS, DSS systems is what BI&A (business Intelligence & analytics) is about.
Building up in mind set complexity:
There is a claim of a "single version of the truth" for describing something what is going on for achieving a goal.
The problem is several people are having a different perspective on the goal an the context of actions.
⚠ Multiple interpretations of an element.
This is a different understanding in metadata, ontology. In a document dated 2006 enterprise engineering J.Dietz an example is given.
Strategy goal: transport of person(s).
From location A to location B.
Applicable transport option: a car.
Car driver goal: using a car enabling going from A to B.
Needing information for useable roads.
Expected behaviour of the car.
How to avoid unwanted situations during transport.
Wanting to use functions: ❷ lights, ❸ wheels (includes steering), ❹ brakes, ❺ motor.
Car technician goal: having the car workable for the driver.
Adjusting technical implementations as far as possible on requests by the driver.
Only the way it should behave explaining to the driver.
😱 The common complaint is a mis alignment between ICT and business people.
Not using the same language not using understandable words for the both worlds is not understanding by design.
Most surpising: nobody is acting on this.
💡 Have a glossary and data dictionary in place.
⚙ T-3.1.2 BI&A Data governance
Using the rear-view mirror
DMBOK - segmentation perspectives
Data Architecture Management
Data Development
DataBase operations Management
Data Security Management
Reference & Master Data Management
DWH & BI Management
Document & content management
Metadata Management
Data Quality Management
Big Data & data science (2nd ed)
Mission:
DAMA International´s primary purpose is to promote the understanding, development and practice of managing data and information as key enterprise assets to support the organization.
⚠ Not every segment needs to get filled. DWH & BI, data quality and data science are not standard operational processes.
The analytical plane is conceptual different from the operational plane. Data mesh is a new old concept.
💣 Data security with the idea getting "solved by the DBMS" is far too limited. A DWH, data lake, data lake house none of them have security by design.
Worse securing information is not a topic in the world of analytics.
Looking ahead
Engineering an enterprise is more than an defining a list of "best practices" of what is usual being done.
Switching from what everyone else is doing and what everyone else did into a next step, innovation.
💣 Be aware: You should not innovate when there is no business case for it.
⚠ Just doing what everyone is doing requires knowledge sharing: "how to do".
⚙ T-3.1.3 The question for descriptive analytics
Needing descriptive reports
In the holistic nine-plane with all the processes there are many interactions.
Every interaction is a key role in process cycles for:
⚠ What is out of the box present: nothing.
Ad hoc, local developped solutions not controlled by ICT is usual.
💡 Idea: room for improvement, innovative options to standards with reports.
Elaboration Disciplined Agile
There is no natural conflict between Agile and serial approaches.
PMI - DA (Predictability)
Disciplined teams strive to improve their predictability to enable them to collaborate and self-organize more effectively,
and thereby to increase the chance that they will fulfill any commitments that they make to their stakeholders.
...
To see how to improve predictability, it is often useful to see what causes unpredictability,
such as technical debt and overloaded team members, and to then attack those challenges.
When the project is small enough to handle in a foreseeably timeframe.
PMI - DA (V-Model)
Serial life cycle initiatives expect to take advantage of high certainty around firm requirements, a stable team, and low risk.
As a result, project activities execute in a linear manner
...
To achieve this approach, the team requires detailed plans to know what to deliver and how.
These projects succeed when other potential changes are restricted (e.g., requirements changes; project team members change what the team delivers).
T-3.2 Question: Eis Descriptive or Predictive?
Executive Information systems (EIS), decisions support systems (DSS) is what BI&A (business Intelligence & analytics) is about.
Building up complexity by mind set:
Logical (T-1): Understandable technology
Conceptual (T-2): Basic Service provision
Contextual (T-3): Continous change by decisions
To help in decision makers, report:
what has happened.
what could happen: scenerarios, probabilities.
Let the decision maker make up his mind.
⚙ T-3.2.1 Big data - BI&A
Descrpitive or predictive?
In the hypes of the moment a lot of buzzwords are included. The basic idea is using all kind of information to improve information processing, improve decsions.
It is far more difficult to create well underpinned analyses for better decisions.
Operational descriptive reports are still very valuable to see expectations are not violated operational processes are runn within set boundaries.
Big Data
A nice view on this, "The big data journey rivisited" Bill Schmarzo 2016.
⚙ T-3.2.2 Maturity Bi&A
The closed loop
The closed loop cycle, from knowing what is going on into strategic decisions vice versa, is the ultimate goal. BIDM (C.Sacu M.Spruit 2010)
BI analytics is integrated or not in the business process can strongly affect the decision making process.
Hence, we consider this category to be a very important one when delimiting a maturity stage
initiation (user driven - activity initiated by the user, process driven - activity initiated by a process)
process integration (data centric - BI analytics is usually supported by a data warehouse, process centric - BI analytics is integrated in the business processes)
processing model (store and analyze; analyze and store)
event stream processing
"closed-loop" environment
data driven BI&A
The BIDM paper was written in the era of placing the DWH as the technical solution.
That should change with the fast evolvement of analytics. Machine learning (ML) is a first step.
💡 Idea: use data mesh with the ALC-V3 for information processing data products.
⚙ T-3.2.3 BI&A, SIAR panopticon
data driven BI&A
The SIAR model is the highest abstraction of processes in many dimensions.
With four stages in four quadrants the holistic overview is placed in the middle.
In the highest abstraction the middle (center) is symbolised an eye.
An intermediate of the SIAR abstraction:
A flow left to right, clockwise cycle pull at the bottom right to left, push for the flow at the top
At each of the four internal pillars: operational (red), office (administration green), optimization (business architecture).
Four quadrants results in: a square, Operational plane eight information storess consolidating into a circular.
The consolidated circular store: Analytical plane consolidating into a central one eight plus one (nine).
A figure:
See right side
S South: Situation, Steer I West: Input, Ideas A North: Actions, Analyse R East: Result, Request
elaboration enterprise engineering
The pyramid of demo is reversed to fit into the circle.
Human actors possess three abilities (generic competences) in coordination and production:
Forma: (blue) the ability to act at the formative level of coordination (speaking, writing, listening, reading), and to perform documental production (storing, retrieving, transmitting, and copying).
Informa: (green) the ability to act at the informative level of coordination (formulating and interpreting facts), and to perform informational production (remembering, recalling, and computing new facts).
Performa: (red) the ability to act at the performative level of coordination (exposing commitment by the performer and evoking commitment by the addressee), and to perform original production (deciding, judging, manufacturing and observing things)
T-3.3 Compliant Processes
In general, compliance means conforming to a rule, such as a specification, policy, standard or law.
Governance, risk management, and compliance are three related facets that aim to assure an organization reliably achieves objectives, addresses uncertainty and acts with integrity.
International standards such as ISO/IEC 27002 to help organizations meet regulatory compliance with their security management and assurance best practices.
⚙ T-3.3.1 Compliant data driven data processes
The functional compliancy gap 👁
Compliancy should be part of the SDLC, controlled by the business process accountable ones.
There are many unsolved challenges. See:
T-2.5 Logical functional security by technology
T-2.3.1 ALC middleware
T-1.4.3 On Prem Software
T-1.5.3 SAAS, Software as a Service
All involved artifacts in a chain are important. Leaving something out by not knowing or ignoring can break all other efforts.
💡 Idea: make compliancy an indispensable part of the complete SDLC cycle.
The functional location of compliancy
There are several locations for compliancy. During the SDLC of a process:
Before data preparation and modelling by developpers Goal: don´t start with things that should not be done.
Reviewing the delivery of operational results. Goal: being in control what is delivered.
The data driven process in a figure:
A horizontal line West-East touches the points in the circular process for compliancy reviews.
Compliancy requirements are only informational documents.
That information should become indenpensible parts of the operational processes in the protfolio.
The following el that enables the flow into the portfolio:
What are the logical algorithms, business rules?
What are the expectations for data / information quality for input & results?
What are the expectations for security on data / information?
What about impact on results for involved persons:
when processing is done and when processing is not done?
when done correctly or done with a failure?
A model that enables the flow into the portfolio as a figure:
Source into realisations
💡 Use the information holistic in realisations. Verification of requirements are included.
⚙ T-3.3.3 Holistic relation connections with compliancy
The holistic nine-pane and Technical nine-plane
The principles of approaches are similar but differ in details.
"Planning & Scheduling" ( T-1.4.3 On Prem Software / T-1.5.3 SAAS, Software as a Service).
Differences:
Holistic:
Steer - Tactical: Functional accountability for processes
Steer - Operational: Functional accountability for schedules
Serve - Operational: Technical responsibility for schedules
Serve - Tactical: Technical responsibility for processes
Technical:
Steer - Operational: Technical responsibility for schedules
Steer - Tactical: Functional accountability for schedule tool
Serve - Tactical: Technical accountability for schedule tool
Serve - Operational: Functional responsibility for schedule tool
A figure:
See right side
Elaboration data driven process
The evolution from solving "data LCM layers" is not immediate obvious.
👓 Click for jumping into context.
The visualisation was made without "value stream", without "pull push" in mind.
Started with crisp-dm a full circle with all three activities from business request, model building, model deployment was made.
Requirements for LCM shown:
Data provision distinct information types (green diagonal).
Model development distinct processing types (orange diagonal).
Model Life Cycle distinct model types within score deployment.
Model evaluation Monitoring within score deployment.
Topics included:
Vertical: supporting the goal of the organization.
Horizontal: fulfilling compliancy requirements.
For each sub topic a PDCA culture.
T-3.4 Jabes - Build & Run
💡 A tool helping in managing the change, operations doing knowledge assurance is recommended.
The most logical step is installing a product available on the market.
There is an issue:
Many tools on the market are only covering a little detail of the common LCM process.
A clear request for a tool covering this is at best a market opportunity.
⚙ T-3.4.1 Delivering a product in a cycle
generic
See a customer entering with a request.
The usual flow:
(Pull) Start at: Ideate - asses where the customer was entering S⚖ Evaluate request
(Pull) Enable - Plan. ➡I orchestrate provisioning of raw material and other resouces
(Push) Start a demand for the Backend A⚙ Assemble - Build the product
(Push) Verify the assembled product conform specifications expectatations R➡ Deliver the product to the customer
A figure:
See right side
Hierarchical control
Use the SIAR model in a hierarchical approach, business within the business.
⚙ T-3.4.2 Data models used in a product cycle
generic
The metamodel covers all elemements in three layers:
High level - strategic - requirements, specifications
unit level - operational - requirements, specifications
Servicing the life cycle stages.
IV Request - ideate
III Plan - enable
I Build - assemble
II Validate - deliver
Innovation or solving known issues needs a defined "backlog". This is assigned to " plan - enable"
The "backlog" items should be made clear enough and well understood to define requirements in the same three layers.
A figure:
See right side
Hierarchical control
Use the SIAR model in a hierarchical approach, business within the business.
⚙ T-3.4.3 Changing the product in a product cycle
generic
BEcome a customer with the request to change the product.
The flow:
This is not possible in a single cycle, many cycles are needed.
A figure:
See right side
Hierarchical control
Use the SIAR model in a hierarchical approach, business within the business.
elaboration
❶ Part of the proposal is a framework.
Using this framework a clear structured definition of generic steps with a portfolio becomes possible.
Goal: open shared knowledge.
❷ Licensing a product or running it as a services (SAAS) is a business model.
❸ Evaluating maturity external is a product, a business model.
T-3.5 Jabes - Use Portfolio management
💡 A tool helping in managing the change, operations doing knowledge assurance is recommended.
The most logical step is installing a product available on the market.
There is an issue:
Many tools on the market are only covering a little detail of the common LCM process.
A clear request for a tool covering this is at best a market opportunity.
⚙ T-3.5.1 Data model, stage: Information delivery
generic
There are three levels to orchestrate for the realisation:
Functional (Strategy)
Compliancy (Tactical)
Technical (Operational)
There are three area´s of interest to orchestrate for the realisation:
(Steer) Business value
(Shape) Processes
(Serve) Data as Product
The goal with the delivery: to correct agreed locations, agreed quality of information.
A figure:
See right side
Mind set change
Don´t micro manage everything. Have the requirements for adequate tooling in place an let the workforce do their work.
⚙ T-3.5.2 Data model, stage: Information transformation
generic
There are three levels to orchestrate for the transformation:
Functional (Strategy)
Compliancy (Tactical)
Technical (Operational)
There are three area´s of interest to orchestrate for the transformation:
(Steer) Administration
(Shape) Authentication / Authentication domains
(Serve) Networking
The goal with the transformation: transform the retrieved source materials of information into a new product of information.
Use the conforming assembly instructions and validate the expectations of levels of quality are met.
A figure:
See right side
Mind set change
Don´t micro manage everything. Have the requirements for adequate tooling in place an let the workforce do their work.
⚙ T-3.5.3 Data model, stage: Information gathering
generic
There are three levels to orchestrate for the realisation:
Functional (Strategy)
Compliancy (Tactical)
Technical (Operational)
There are three area´s of interest to orchestrate for the realisation:
(Steer) Business value
(Shape) Processes
(Serve) Data as Product
The goal with the material retrieval: get from correct agreed locations agreed quality of information.
A figure:
See right side
Mind set change
Don´t micro manage everything. Have the requirements for adequate tooling in place an let the workforce do their work.
elaboration
❶ Part of the proposal is a tool.
Using this tool a usage of a clear structured definition of generic steps with a portfolio becomes possible.
Goal: sharing detailed product knowledge for the workforce.
❷ Licensing a product or running it as a services (SAAS) is a business model.
❸ Evaluating maturity external is a product, a business model.
T-3.6 Maturity 5: BI&A in control
BI&A, business intelligence & analytics is understanding what is going on so understandable improvement proposals are getting options.
From the three ICT, ITC interrelated scopes:
✅ I - processes & information
✅ T - Tools, Infrastructure
✅ C - Organization optimization
Only having the focus on IT4IT, getting a mature Life Cycle Management (LCM) requires understanding an acknowledgment of the layered structure.
Each layer has his own dedicated characteristics.
⚖ T-3.6.1 Mindset prerequisites
The Siar model
covers all of:
simple processes: 0 - 9
value stream: left to right
PDCA, lean agile improvements
The duality between processes, transformations, and information, data
four quadrants:
Push Pull,
lean agile requests deliveries
realistic human interaction & communication. nine plane:
Steer Shape Serve
Strategy, Tactics, Operational
Accountabilities, responsibilities, roles
The model mindset is used over and over again.
6W 1H
The SIAR model is the highest abstraction for an retrospective for the questions:
❶ Why what kind of management information is needed?
❷ Where are gaps in operations seen, gaps in missions?
❸ When are possible opportunities realistic for realisations?
❹ Who is needing what kind of management information?
❺ What are opportunities with management information?
❻ How will opportunities be initiated for realisations?
Getting tools, middleware is usually done by purchasing.
Building in house what is generally available for lower cost more functionality better quality, doesn´s makes sense.
Configuring it correctly is still the hardest part of the job.
❗ This is an internal accountablity not an external one.
All three lines in the organization:
❶ business support & facilities,
❷ operational processing technology,
❸ analyzing optimizing,
have to be serviced.
Middleware, tools lives in a VUCA world. Brittle Anxious Non-linear Incomprihensible (Bani) are possible effects to manage.
👓 click on the figure for Jabes maturity technology.
Explanation headings:
Up to date 👉🏾 Maintenance production planning, act on gaps
Cots vs "build" 👉🏾 Manage external purchased artifacts distinctly
Regulations 👉🏾 Being prepared for conforming compliancy: BIA CIA
Understand the need for solving the issues by "T.2.6.5 Intermediate Advice".
To manage strategical are:
decrease misunderstanding by a shared glossary - dictionary: "T-3.1.1 Context difference: functional ๐ technical"
Get the management executive information to a closed loop "T-3.2.2 Maturity Bi&A"
support for compliant processes: "T-3.3.2 Compliant process requirements" into "T-3.3.3 Holistic relation connections with compliancy"
support for knowledge assurance during the life cycle of compliant processes: "T-3.4 Jabes - Build & Run".
⚙ T-3.6.4 Following steps
The organisation powered by ICT in a ship like constellation.
The engines (data centre) out of sight below visibility.
Serving multiple customers (multi tenancy) for the best performance and the best profits on all layers.
There are six pillars in a functional and technical layer.
Within the the three internal pillars linked access is possible by an imagemap over the given figure.
When wanting going logical forward: 🔰 BiAnl forward