Why Tech Upgrades?

Context

As technology plays key role in enabling core business objectives, it does make sense to review the technology portfolio periodically for possible enhancements. This will bring in better ROI in-terms on lower running costs, increased productivity and better customer service or scale to achieve ever-demanding business requirements.

There are many reasons why one need to continue investing in technology – and consider regular upgrades and make this as essential part of strategic decision. Following are few focus area one should consider while upgrading the enterprise wide applications.

Reduced productivity

In many enterprises, most of the application, built decade ago, lacks support of development platform, and associated best practices. These applications not updated with latest platform specific security patches, enhanced language/framework capabilities for robustness and reliability. This is leading to breakdown of the applications frequently. Hence, overall team productivity is reduced and causing challenges around customer service.

Lack of developer community support

As technology is ever evolving and most of the developers would prefer to work on latest breed of technology stacks. The legacy stacks will always pose challenges to find right talents to support such applications. It is important that, key applications would go periodic technology upgrades to harness power of latest platform capabilities along with good community support and availability of talents to support such application portfolio. It will lead to boost the morale of the staff with latest periodic technology trainings. Otherwise, many frustrated individuals (specifically millennials) would leave the job.

Better User Experience

Most of the time legacy applications missing good user experience. It is very important to engage the application users with better user experience. Most of the applications lacks responsive design with multi-channel support – like mobile devices. The strategic decisions shall be applied to overhaul the UI layer of the key applications with organization specific UI ergonomics / guidelines.

Unified Hosting & Release Model

Enterprise applications deployed in heterogeneous environments. It is very important to bring all application deployment to uniform platform – such as Azure PaaS. Also, leverage modern application deployment architecture using frameworks such as Docker and Kubernetes for standardized release trains. This would help release application fixes / features in more reliable manner.

Remove On-premises Mainframe dependencies

In order to overcome the latency issues, it is important that, tee intermediate Azure SQL / Cosmos DB shall be designed to make periodic updates from on-premises legacy databases to Azure environment. This will enable applications to make call natively in Azure environment. In addition, SOAP Webservices to be remediated to REST API. Moving towards REST based API eco system would help to modernize the service layer with latest architectural patterns leading to better service.

Leverage modern architecture style

Most of the applications follow old monolithic style and lacks good design specifically around long processing jobs leading to sub optimal performance. However, apps moved to cloud but underlying technical debts remain same. It is very important that we refactor applications to be cloud native by taking scale and performance of azure services to have better performing apps.

Better Maintenance

With good code refactoring of key modules and providing comprehensive unit test suites would lead to better diagnosis of production issues. This will increase the quick turnaround time of production tickets, as replay of unit test suites would identify application abnormal conditions quickly.

Streamline of knowledge

The uniform technology stacks and deployment/release environment would help to streamline the knowledge on applications. In addition, this would help better organize the trainings for new joiners.

Who is real stakeholders for Enterprise architecture?

OUT SIDE IN – in the following order

1. Layer – End customers of your enterprise services
2. Layer – Your enterprise executive team / sponsors
3. Layer – Project and program teams in your company
4. Layer – Finally your own EA team members

Azure Security

Azure VMs (IaaS) security steps –

1. Applying NSGs (Network Security Group) on Subnet or at VM level to control Inbound and Outbound traffic by providing IP range and rules
2. Blocking Ports that can be a threat and not needed to expose to other Azure Services or public traffic. RDP can be blocked and if someone still needs to do RDP on VM for any administrative work, then make use of Jump Server
3. Use of appropriate DMZ and making use of 3rd party firewalls like Barracuda
4. Azure RBAC and Policies in place for better control and governance

Azure PaaS (App Service) security steps –

1. Applying WAF (Web Application Firewall) to protect your applications
2. Enable Threat Protection for Azure SQL DBs
3. Manage SAS Tokens and Keys effectively for Azure Storage and keys of other APIs
4. Implement Multi-Factor Authentication for applications
5. Implement AD Authentication to enforce policies
6. Use Azure Key Vault to store secret keys (including passwords of Azure VMs)
7. Ensure to run OWASP Top 10 testing for your application and align as per OWASP Top 10 policies
8. Restrict IP address by adding your resources to Virtual Network
9. User Azure DDoS protection and Azure Pen Test to ensure highest level of security for your applicatio

Life Cycle of Agile Architecture

Any process that is designed to be “agile” in nature will have longer sustenance.

Overview:

If software architecture is a key business asset for an organization, then architectural review/analysis must also be a key practice for that organization. Why? Because architectures are complex and involve many design tradeoffs. Without undertaking a formal review /analysis process, the organization cannot ensure that the architectural decisions made are sufficient and don’t pose any significant challenges to quality attributes associated with the project.

Why do we need?

As the saying goes in the medical field, “The prevention is better than cure”. In similar lines, the modern enterprise applications are very complex in nature and require reviews of the software architecture blueprint on a periodic basis. The architecture review helps the project teams to align architecture vision throughout the development cycle. Otherwise, the mistakes around architecture would become very costly and can lead to catastrophic failures during application maintenance / or its life cycle. In addition, review during inception phase would help to establish the early feedback loop to respective stakeholders before engaging in development with a full-fledged team.

How can it be performed?

Any process that is designed to be “agile” in nature will have longer sustenance. Any rigid/formal ceremonies will have less buy-in from teams. So keeping this in mind, the architecture artifacts that are developed and analyzed in the form of sketches, decision trees, technical spike resolutions etc…would become primary communication channels for the review. The simple iterative workshops containing high-level steps as outlined below would be sufficient to complete the exercise.

Step-1: Project Manager / Scrum Master invites external architect [Outside person] for the review

Step-2: Product owner the / Project Manager / Scrum Master / BA would provide high-level business context/business drivers associated with the project

Step-3: Architect would present the artifacts that solve business drivers

Step-4: External architect would engage in discussion with team – primarily with the product owner and project architect.

Step-5: Workshop will be completed with recommendations and suggestions / risk mitigations to improvise the architecture blueprint [If any] with notable rational behind such amendments.

This cycle would last in a single day with multiple workshops. Can be scheduled typically every 3-4 sprints once, to re-look at original decisions and identify any gaps in the implementation for better alignment. This kind of exercise is better suited for complex application architectures that would require at least 10+ sprints for realization.

Challenges:

The architecture review is not an easy job, as it requires a lot of maturity among the people involved in this process. There are many challenges organization might face when trying to implement this practice. Among them are some key considerations one must be aware mentioned below-

1. The organization's architecture practice is very novice; leading to little or no information found on architecture decisions on the application that is under review. This makes an extremely complex endeavour for external experts to review the architecture, as there is no contextual information available.

2. Lack of architecture experts to understand the business/technical complexity and provide meaningful feedback that brings value-add to project stakeholders

3. Open-mindedness of project teams to receive, acknowledge and implement the feedback in right spirit

Conclusion:

As companies embark on high stakes of enterprise applications and integration initiatives, often the results will be in question. Appropriate investments in the form of periodic architecture reviews would result in a better risk mitigation safety net and prevent costly mistakes post project realization. Thus, periodic architecture analysis/review would help project teams to receive honest feedback on the current state of the project and helps to develop a roadmap to actionable items, for future iterations for better alignment on stated quality attributes and initial architecture vision.

Microservices Architecture Style

As traditional enterprises work to embrace business deployment agility of new age internet companies and innovations in engineering practices, the modern application development has grown increasingly complex. The large, monolithic codebases that traditionally power enterprise applications make it difficult to quickly launch new business capabilities. The application users are empowered and more demanding than ever – the modern enterprises need to scale effectively and enable continuous deployments to ensure customers are provided with high performance with the seamless user experience.

Due to these trends, there is a demand for a new software architecture pattern/style that can address the requirements of the modern age enterprise apps. The Microservices architecture style is the answer to business agility in the form of scalability, modularity and rapid deployments.

What Is Microservices?

It is an architectural style to develop a small/coarse grained services separated by business boundaries. Thus each service is autonomous in nature and can scale independently. Each service can communicate each other via REST APIs and can be deployed remotely or locally.

Monolithic pain points

Before Microservices, a common approach to design an application was to use a monolithic architecture. In this mode of development, the application is deployed as a single deployment artifact. Following are pain points associated with classic monolithic codebases.

1. Large monolithic code base will have the challenge to release new services and also difficulty in maintaining large code base
2. Modules can’t scale independently
3. Enable / Disable services without affecting existing features will be always a challenge
4. Any small change in the code will introduce many regression testing/complex deployment scenarios.
5. Will have challenges in continuous deployments

Difference with SOA

At outset, both architecture styles look similar. But there are subtle differences, the noteworthy are:

1. SOA uses ESBs while Microservices can leverage lightweight message gateways
2. Microservices are stateless implemented via REST APIs while SOA can be stateful
3. SOA focuses on reusability wherein Microservices is for decoupling

Tool support

Lightweight containers like Docker will provide provides a runtime environment for deployment and provides isolation with other services. There is many open sources / COTS tooling support available for Microservices enablement.

Pros / Cons

Following table summarizes briefly about Microservices advantages/disadvantages. The Microservices architecture can’t be suited for each app. The recommended approach is to gradually convert highly customer facing modules to Microservices, stabilize the rapid deployment cycle and gain the experience by maintaining these services over the period of time. This will have less impact on development teams/organization change management activities as teams have to adopt new way of developing the apps.

Advantages

1. Decoupled services can have isolated life cycle
2. Faster time to market; less regressions
3. Modular in nature, hence flexible development and deployment plans
4. Can scale independently

Disadvantages

1. Monitoring the many services
2. Developer skill set – For example: Microservices are distributed in nature. Hence there will be added complexity such as network latency, network unreliability, also understanding the DevOps culture
3. Technology learning curve – new set of tools to learn

Minimilist Architecture Development

Introduction

The new age enterprise application development is very challenging and poses significant design/analysis thinking before one could develop the new system. In the process, the architecture/design team would carry many architecture/design workshops and create architecture descriptions. But the problem with these teams is that descriptions are very elaborative in nature with lot more granular details covering existing “As-Is” information rather than “To-Be” system. Thus, creating lot more divide and less buy-in from project teams.
This blog would discuss how to adopt minimalist architecture description so that it will have all necessary information from the Sprint-1 onwards to kick-start the development. As a rule of thumb, the architecture description should be less than 20 pages. If we try to combine many architecture views/stakeholder’s details, it will be cluttered and understanding architecture decisions would become difficult.

The “minimalist” description

At the bare minimum, architecture description shall contain:
1. Architecturally Significant Requirements (ASR) – From the requirement perspective, scout all architecturally significant requirements and prepare catalogue out of it.
2. Architecturally Significant Decisions (ASD) – Would contain decision taken for each of the ASRs with the rationale behind for each such decision.
3. Architecture Views – Shall contain the solution, technology, data and deployment views. In addition, each view can briefly highlight the technical spikes identified / outcome of such exercises to validate decisions.

Architecture development steps

In order to achieve the minimalist useful architecture descriptions, an architect can follow ordered development steps. Following mind map would describe these steps (Personally I prepared this mindmap and use this as quick reference guide!!)
Depending on the individual application requirements, one can omit the steps – if it not found to be so useful. But in general, following steps would ensure that all critical steps under architecture design are covered.

Conclusion

As saying goes “less luggage more comfort”, carrying heavy architecture descriptions would be the pain for all the members involved in the engagement. So it is imperative that architecture teams would adopt “minimalist” approach as described above so that these artifacts would look neat and tidy with significant key takeaways.

Cloud Transformation Journey

CONTEXT

Every enterprise would like to mark its presence in cloud to be part of digital transformation journey. The cloud platform would offer enterprise services in best economical scale that is otherwise priced heavily when it done on-premises. The cloud transformation offers many distinct benefits, in particular

·       Cost of ownership

·       Design innovative solutions by leveraging latest cloud services

·       Business Continuity / Availability

·       On-demand scale

Concisely, need was to move applications out from on-premises data center and derive cost for running each application under enterprise portfolio.

CHALLENGES

The cloud transformation journey is not trivial and can pose adverse effects when it not assessed and planned properly. As part of the program, it is key to assess the “AS-IS” environment and identify the key challenges in “TO-BE” state. Following are few challenges present as we embarked the transformation.

o   Legacy applications developed in different timeframes (more than decade old apps)

o   Heterogeneous identify management solutions present at on-premises

o   Remediate applications to different runtime containers

o   Migrate database servers to different cloud database services

o   Refactor legacy applications to make it cloud compatible – In particular Platform as a Service (PaaS)

o   Harmonize the application build / release cycles

o   Centralize the application code base that supports modern DevOps practices / tools

SOLUTIONS

The Microsoft Azure chosen as part of the target state. All applications are destined to be part of PaaS service. The entire solution devised around people, process and technology to meet in best possible timeframe with minimal cost.

o   Re-organized the teams with unique skills on product/business owners, cloud infra engineering and application architecture / development

o   Application architecture/development teams divided into distinct technology streams with specific reusable solutions for each of those stacks

o   SCRUM adopted as engineering process with 02-week sprint duration. Teams are distributed and used Azure DevOps tool for end-to-end traceability and tracking.

o   The business/product owner team(s) is ahead of engineering teams with gap analysis on candidate apps. That is primary artefact available for DEV teams to kick start transformation activities.

o   Entire program is divided into distinct phases like pilot followed by bulk transformations. The pilot phase helped to unlock any technical spikes and baseline the target architecture. The theme for pilot phase was “fail fast and cheap”

o   All experiences and solutions recorded and made it as reusable solutions for repeated problems.

o   Many of the Azure services used for the betterment of the existing application. Created the automated environment for the application deployment and its monitoring. Few noteworthy Azure services used are - AppServices, Azure Deployment Slots, Logic Apps, Web Jobs/Schedulers, Key Vault, Redis Cache, Azure AD, Hybrid Connection Managers, Azure Portal Services, Application Insights, Azure DevOps CI/CD pipelines, Azure Automation Jobs, ARM templates, KUDU, Azure Storage accounts, Maven Feed, Azure SQL Managed Instances, API Management etc.

RESULTS

Many applications transformed to Azure PaaS with better application maintenance and monitoring with frequent release cycles. The dedicated environments for application development cycle created otherwise it was not available. On demand basis, the application wise costing /billing details are available with latest Azure capabilities. This has helped to make informed decisions on application future state.