Archive for August, 2008
The value of architecture artifacts
Posted by Shahid N. Shah in Methodologies & Frameworks on August 29th, 2008
As business or technology architects we all create tons of artifacts — documents, diagrams, whiteboard scribbles, and presentations. The question I and a other architects were musing about this week was “what is the value of all this stuff we create?” How much of this stuff is shelfware and how much is truly useful? Some of us think that the federal acquisition process demands it but the content is not accurate and might even be irrelevant.
One of the discussion members said that, from a programmatic perspective, architecture artifacts can, if done appropriately: (1) be of very high value in communicating with oversight officials (and that brings funding), and (2) bridge programs for interoperability.
I tend to think that most of the artifacts we generate are for helping ourselves understand what we’re doing and convey our principles, concepts, designs, and plans for others to better understand what we think we know. Ultimately, even if it’s shelfware it seems that all architecture artifacts have some value — even if it’s just historical value. The key is that we don’t create artifacts for the sake of those artifacts but for the sake of increasing communications.
What are your thoughts on architecture artifacts? What rules do you use to create “just the right amount?”
OMB Mandates Secure DNS by end of ‘09
Posted by Shahid N. Shah in Regulations & Guidance on August 28th, 2008
Karen Evans sent out the new OMB Memo 08-23 which requires secure DNS. Agencies need to submit a plan by September 5th for how they can plan the switchover by the end of 2009. Here are some snippets of what OMB is mandating (comes from the memo):
The Federal Government will deploy DNSSEC to the top level .gov domain by January 2009. The top level .gov domain includes the registrar, registry, and DNS server operations. This policy requires that the top level .gov domain will be DNSSEC signed and processes to enable secure delegated sub-domains will be developed. Signing the top level .gov domain is a critical procedure necessary for broad deployment of DNSSEC, increases the utility of DNSSEC, and simplifies lower level deployment by agencies.
Your agency must now develop a plan of action and milestones for the deployment of DNSSEC to all applicable information systems. Appropriate DNSSEC capabilities must
be deployed and operational by December 2009. The plan should follow recommendations in NIST Special Publication 800-81 “Secure Domain Name System (DNS) Deployment Guide,” and address the particular requirements described in NIST Special Publication 800-53r1 “Recommended Security Controls for Federal Information Systems.”
I do applaud the new requirement but it seems like having less than 15 months to make all this happen seems a little aggressive; I hope we all can pull it off. By pushing secure DNS at the government side the rest of the commercial sector might follow suit soon, too.
GAO reports on Agencies’ rebaselining projects
Posted by Shahid N. Shah in Methodologies & Frameworks, Project Management on August 26th, 2008
A fellow EA at the Army sent me a link to the GAO’s recent IT report entitled “OMB and Agencies Need to Improve Planning, Management, and Oversight of Projects Totaling Billions of Dollars“. The study’s introduction says it was needed because:
…the Office of Management and Budget (OMB), which plays a key role in overseeing the federal government’s IT investments, identifies major projects that are poorly planned by placing them on a Management Watch List and requires agencies to identify high-risk projects that are performing poorly (i.e., have performance shortfalls). Having accurate and transparent project cost and schedule information is also essential to effective oversight. At times, changes to this information—called a rebaselining— are made to reflect changed development circumstances. These changes can be done for valid reasons, but can also be used to mask cost overruns and schedule delays.
It’s worth reading and getting our hands around what the legislative side thinks about our IT projects. Their summary indicates rebaselining is a major issue:
In its rebaselining review, GAO reports that 48 percent of the federal government’s major IT projects have been rebaselined for several reasons, including changes in project goals and changes in funding. Of those rebaselined projects, 51 percent were rebaselined at least twice and about 11 percent were rebaselined 4 times or more. In addition, while the major agencies have all established rebaselining policies, these policies are not comprehensive. Specifically, none of the policies were fully consistent with best practices, including describing a process for developing a new baseline and requiring the validation of the new baseline. Agencies’ policies varied in part because OMB has not issued guidance specifying what elements these policies are to include. In its report, GAO makes recommendations to OMB to issue guidance for rebaselining policies and to the major agencies to develop comprehensive rebaselining policies that address identified weaknesses.
Not exactly a damning statement but certainly something we should be mindful of as we look forward to our new EA submissions in the figure. With some changes expected with the coming presidential transition it’s unclear what OMB’s direction might be but even if specific policies aren’t announced, if we just use standard best practices on our side we should be ahead of the curve.
Time for a Federal Cloud Architecture
Posted by Shahid N. Shah in Cloud Computing on August 24th, 2008
As most of us are already aware, there are many commercial cloud computing initiatives underway. Amazon, Google, Microsoft, are all looking to make their claims in the cloud space with IaaS (infrastructure as a service) and PaaS (platform as a service) strategies.
Most of us as federal architects of course don’t really have the ability to use or consume any of these cloud architectures since they are not at least FISMA compliant and they are generally not secure for us to use. The services can’t be logged and reliability is questionable.
However, if some of us got together (maybe with the eGov Infrastructure Line of Business) and figured out how to create a Federal Cloud Computing strategy I’m sure we’d be able to make secure, auditable, platform agnostic, reliable, and portable clouds for use by agencies. This way we could make SOA a reality and allow our architects to take advantage of IaaS and PaaS capabilities that we could build out.
Updated Sept 5, 2008: I just saw this press release — Apptis Teams with ServerVault to Launch the Trusted Cloud Computing Environment for the U.S. Federal Government. They claim that their “Secure Platform Complies with Federal IT Regulations and Helps Agencies Achieve Required Functionality Faster”.
Comparing Top EA Methodologies
Posted by Shahid N. Shah in Methodologies & Frameworks on August 23rd, 2008
I’ve been doing EA for years and one of the most common questions I’m asked from young business analysts and aspiring architects is “what is an EA methodology?” There’s no easy answer to what EA is because it means so many different things depending on the intended audience but there are common methodologies that folks are likely to see in various settings.
Last year Microsoft published Roger Sessions’s white paper called “A Comparison of the Top Four Enterprise-Architecture Methodologies“. It’s worth reading.
-
-
You are currently browsing the archives for August, 2008
Who's Blogging Here
The founder of this blog is Shahid N. Shah, CEO of Netspective. Please help continue our conversations by commenting on any posts. If you'd like join and start blogging, just create an account and begin sharing your thoughts immediately.
Recent Comments