INFO-6033

Enterprise Network Design

Module 2: Architecture Design
Agenda
• Week 1 review
• Services
• Scalability
• Resiliency
• Performance
• Replaceable resources
• Requirements and Constraints
• Automation
• Segmentation
• Policy
Review
Topics covered last week
• What is architecture and how has it evolved?
• The importance and benefits of architecture.
• Where does architecture fit in an organization.
• Types of architecture roles and responsibilities
• What is Security architecture
• Architecture soft skills
Something to consider

• Designing a complicated network is simple but

designing a simple network is complicated…..(anon)
History of Networks
• All networks share a progressively diffuse distribution
model found in nature
• Observed organic functionality in nature
• Plants (grow upward and branch to spread)
• Mammal anatomy (blood, nerves, etc)
• Water / Plumbing (Roman Aquaducts)
• Sewer Systems (stuff flows downhill too)
Nature is a network designer
• Early man learned the concept of
distribution of resources by observing nature
(in 3D!).
• Vines – root systems as input, flowering stems
(seeds) as output

• Insects – tunnel systems between entrances /

exits and rooms = architecture

• Water – creeks to streams to rivers to seas

• Became agriculture, travel, castles, cities…

Enterprise Architecture Evolution

Source: https://www.mindtree.com/sites/default/files/2020-02/the-evolution-of-enterprise-architecture.pdf
Architecture Development Lifecycle
• TOGAF Architectural Development
Cycle
• Built around Requirements
Management
• Provides an overview to a phased of
creating an architecture
• This is one model available
Architect Roles
• Multiple architecture roles

• Divided into two categories

• Generalist Architect roles
• Specialist architect roles

Source: https://subscription.packtpub.com/book/web-
development/9781801816618/2/ch02lvl1sec09/types-of-roles-for-a-
solution-architect
Essential Security
• Interaction between
Enterprise Architecture and
Enterprise Security
Architecture
• Highlights core security and
risk concepts.

Source: https://pubs.opengroup.org/togaf-standard/integrating-risk-and-
security/
Architects skills
• Listening
• Communication and negotiation
• Continual learning
• Taking ownership and accountability
• Teamwork
• Thinking big
• Flexibility and adaptability
• Design thinking
• Define strategy
• Sales skills
Design thinking
• Emphasis on people
• Collaboration
• Have clear goals and methods
• Define the problem
• Prototype
Source: https://subscription.packtpub.com/book/web-
development/9781801816618/19/ch19lvl1sec60/design-thinking
Summary
• What is architecture and how has it evolved?
• The importance and benefits of architecture.
• Where does architecture fit in an organization.
• Types of architecture roles and responsibilities
• What is Security architecture
• Architecture soft skills
Theory
Services
Enterprise Architecture Services
Enterprise Architecture Services
1.The Technical Reference Model (TRM), which provides a
model and taxonomy of generic platform services
2.The Standards Information Base (SIB), which provides a
database of standards that can be used to define the
particular services and other components of an organization-
specific architecture that is derived from the TOGAF
Foundation Architecture
TRM Services
1.A taxonomy, which defines
terminology, and provides a
coherent description of the
components and conceptual
structure of an information system
2.An associated TRM graphic,
which provides a visual
representation of the taxonomy, as
an aid to understanding
Service Catalogue
Data Management Services (Data Management Services): Data Network Services (Network Services): Data communications services
dictionary/repository services
• Electronic mail services
• Database Management System (DBMS) services
• Distributed data services
• Object-Oriented Database Management System (OODBMS) services
• Distributed file services
• File management services
• Distributed name services
• Query processing functions
• Distributed time services
• Screen generation functions
• Remote process (access) services
• Report generation functions
• Enhanced telephony functions
• Networking/concurrent access functions
• Shared screen functions
• Warehousing functions
• Video conferencing functions
Scalability
Scalability
• Utilizes Machine Learning.
• The ability for a system to handle changing workloads.
• Horizontal Scaling: Add more servers to handle increasing
workloads.
• Vertical Scaling: Adding more memory and storage to handle
increasing workloads.
• Scaling is methods: Reactive and Predictive
Horizontal Scaling
• Also known as the Scale-out approach Advantages:

• Definition: The process of adding more • Fault Tolerance

instances of the same type to the existing poll
of resources and not increasing the existing • Low latency
resources.
• Built-in backup
• The number of server increases.
Disadvantages:
• Not the capacity of each server.
• Challenging implementations
• Example: load balancers • High cost

• Additional networking required

Horizontal Scaling Example
A static website
One server can handle 100
page requests per second.
Load balancing between two
servers should handle 200
page requests per second.
Source: Spiceworks.com
Vertical Scaling
• Definition: The process of increasing Advantages:
the capacity of a single machine by
• Ease of implementation
adding more resources such as
memory, storage, etc. • Reduced software and
maintenance costs
• Also known as Scale-up approach
Disadvantages
• The capability of existing resources
in increased. • Single-point 0f failure

• Higher risk of failure and

downtime
Horizontal Scaling vs Vertical Scaling
Reactive scaling method
• Reactive scaling takes place when the unexpected takes
place.
• Ex: Sudden website traffic spike.
Predictive scaling method
• An ideal approach
• Using analysis and historical
data to predict workloads
and avoid latency issues.
• Predictive auto-scaling uses
algorithms to understand
workload need at a specific
time. Source: cloud.google.com
High Availability and Resiliency
Resiliency
• “Design for failure and nothing will • Identify and implement architectural
fail” component where required.

• Means systems and applications are • Identify and implement backup and
disaster recovery.
always available and recovery from
failure • Recovery Time Objective (RTO)

• Applying best practice to all aspects • Recovery Point Objective (RPO)

to recover.
Performance
Designing for Performance
• Performance has a direct impact of user engagement, ROI,
and revenue.
• Automatic scaling should take place as workload
increases.
• Online application performance can be improved by using
DNS caching, CDN caching,
Reduce latency
• Latency is the delay between a client request and a server response.
• Latency effects everything in an environment.
• Multiple factors increase latency
• Transmission medium
• Router hops
• Network propagation
• Infrastructure load
Improve throughput
• Throughput is the quantity of data sent and received at a given time.
• Throughput and latency are directly related.
• Measured in bits per second (bps).
• Throughput effects multiple aspects of communication.
• Systems (motherboard bus, cpu, memory)

• Network

• Disk read write (input/output operations per second(IOPS))

• Coding (application efficiency and utilizing system resources)

• Communications
Concurrency
• Handling multiple requests
simultaneously.
• Can be confused with
parallelism which is tasks
processed in parallel
utilizing dedicated
resources for each of the
tasks. Source: https://subscription.packtpub.com/book/web-
development/9781801816618/7/ch07lvl1sec70/design-principles-for-architecture-
performance
Replaceable Resources
Immutable infrastructure
• Infrastructure is expense.
• Immutable means upgrading applications instead of
underlying hardware.
• Can also use virtual machines by using a golden images.
• Golden images ease implementing new version instead of
upgrading existing.
Canary Testing
• Update systems without
significantly impacting users.
• Add new infrastructure.
• Discontinue older
infrastructure.
• This method requires extensive
knowledge of the architecture,
impact to systems, and Source: https://www.techtarget.com/whatis/definition/canary-canary-testing
planning.
Requirements and Constraints
Requirements and Constraints
Requirements and Constraints are of great importance for the architect.

• They affect:
• Solution sizing and costing
• Structuring and placement decisions
• Product selection, deployment, etc.
• In short, requirements and constraints:
• Originate from multiple sources (business, technology, operations, etc)
• Need further analysis, verification, completion, and prioritization.
• Provide input to different architectural decisions
Architectural constraints
• Major limitations – cost,
time, budget, scope,
schedule, and resources.
• Balance is needed to create
a successful architecture.
• Architectures need to be
adaptable to limit the
impact of these constraints.
Defining Requirements
Both functional and non-functional requirements can be elicited
from different stakeholders via:
• Workshops
• Focus groups
• Interviews
• Story-boarding (scenarios)
and can logically flow (be distilled) from:
• General stakeholder hopes, dreams, and fears to
• Practical expectations, wishes, and concerns to
• Measurable requirements to
• Funded in-scope and documented functional and non-
functional requirements
Functional Requirements
Functional Requirements are a description of a system’s capabilities from the end user
perspective.
• Functional aspects influencing architecture.
• Business capabilities to be supported (captured via Use Cases Business
Process Models)
• Security needs, and data and application distribution
• Integration Requirements with external systems (affect interfaces, middleware,
and other decisions)
• Data flows, Data access, etc.
Non-Functional Requirements
• Non-Functional Requirements (NFRs) define the qualities of and the constraints
under which the system will be built.
• Qualities define the expectations and characteristics the system should support.
• Constraints are limitations or specifications imposed upon a solution.
• Several disciplines take the set of Non-Functional
• Requirements as their main source of information (availability, capacity, performance
architecture and engineering, etc…).
Non-Functional Requirements Framework
• Covers the identification and
prioritization of non-functional
requirements dimensions (stage).
• Management of the NFR Lifecycle
for each dimension (stage).
• Key outputs are objectives,
requirements, specification,
metrics, and non-functional
requirements-related performance
data
Non-Functional Requirements Lifecycle
• Six phases of the NFR Lifecycle
• Logical flow from generic to
specific
• Multiple artifacts associated
with each phases
• Artifacts are reuseable
• Helps with requirements
mapping and tracing.
Automation
Automation Everywhere
• Automation avoids human error, increases productivity, and
reduces costs.
• Application testing
• IT infrastructure
• Logging, monitoring, and alerting
• Deployment automation
• Security automation
Application testing
• Testing required for all changes.
• Reduces the impact of changes.
• Two types of testing
• Manual: Time-consuming and requires significant resources.
• Automated: Use repeatable test cases that speed up
deployment, testing at production level, and roll out
technuques
IT Infrastructure
• Automation is accomplished using infrastructure as code.
Example: Ansible
• Rollouts can take place in minutes rather than days.
• Avoids configuration errors.
Logging, monitoring, and alerting
• Monitoring is a critical.
• Without monitoring there is no management.
• Automation is the only way to effectively monitor large
environments.
• Logs are required for historical trending, forensics when
security issues take place.
Deployment automation
• Automating uses continuous integration and continuous
deployment (CI/CD)
• This provides agility and interation.
Security automation
• Automating security is just a important.
• Preventive and immediate action is necessary when a
hack is taking place.
• Automating the monitoring of all incoming or outgoing
traffic and alert any suspicious activity.
Segmentation
Principles of segmentation
Steps of segmentation
• Split workstations from servers: Migrating from a flat design
and manage lateral movement.
• Group locations
• Create data centre zones production and non-production also
known as Dev and QA.
• Group similar assets IoT, databases, etc.
• Divide high risk assets Compliance, risk assessment, etc.
Cloud segmentation
Feature requirements Deployment Options Potential Challenges

Continuous application discovery Software agent Attack surface changes

Automatic policy learning Virtual appliance Cloud infrastructure security

Policy recommendation engine Infrastructure Consistency of security controls

Depth of network security controls Infrastructure as a service (IaaS) Multicloud

Policy
Policy Management
• Integration of unified policy Role Centralized Management Enforcement

management
Deciding changes Number of enforcement brands Ruleset
• Aligns policy to controls
• Support compliance Implementing changes Software quality Number of locations
requirements Skill set Monitoring Size of locations
Experience Number of form factors Traffic mix

Other assignments Compliance Feature set

Cross-team interaction Number of zones Failure rate

Exception handling Software upgrade rate

Summary
• What is architecture and how has it evolved?
• The importance and benefits of architecture.
• Where does architecture fit in an organization.
• Types of architecture roles and responsibilities
• What is Security architecture
• Architecture soft skills
References
• Solutions Architect’s Handbook – Second Edition