Presentation is loading. Please wait.

Presentation is loading. Please wait.

Architecture: DTAP - Generic Pattern

Similar presentations


Presentation on theme: "Architecture: DTAP - Generic Pattern"— Presentation transcript:

1 Architecture: DTAP - Generic Pattern
Every artifact has is own Life-cycle So still not all, we end up with a very lot of D,T,AP’s Business / IT Infrastructure Segregation Application: Consequence of Security Business Logic Business Data Applications Mirrors Applications D T A P D T A P D T D T A P Segregation Infrastructure: Middleware Base Level Consequence of Behavior Infrastructure: SAS / DBMS / file transfer – Middleware Configuration: DTAP Bu’s appl D T A P Configuration: DTAP Infra Base Logical Machines Configuration - Infrastructure: OS / Network / Security - Base level IT IT DT AC PB Configuration PF D T A P Time Lifecycle 1 1

2 Architecture: SAAS - Generic Pattern not just SAS
SAS & SAAS Architecture: SAAS - Generic Pattern not just SAS Business / IT Infrastructure App v1n1 App v1n2 App v1n3 App v1n4 App v1n5 App v1n6 App v2n1 App v2n2 App v2n3 App v2n4 App v2n5 App v2n6 App v3n1 App v3n2 App v3n3 App v3n4 App v3n5 App v1n6 S S S S S S S S S S S S S S S S S S B B B B B B B B B B B B B B B B B B Configuration: Vertical1 Configuration: Vertical2 Configuration: Vertical3 Infrastructure SAS / DBMS / file transfer – Middleware MD MJ MW MF MS Middleware Base Level ] Configuration: Infra Base Logical Machines Configuration Infrastructure OS / Network / Security - Base level PF PB Configuration I1 I2 I3 I4 Supporting multiple verticals multiple business-clients - 2 2

3 BU application DTAP policy
Business-logic …. So you have build a nice design What will happen if the production versions has to be changed afterwards. Beware the dependencies D depend to T T depend to A A depend to P The setup of maintenance DTAP has to rebuild D T A P D RWX (*) D T R-X R-X T Applications A R-X R-X R-X A P R-X R-X R-X R-X P D T A P Business-data …. DTAP environments are not strictly related Just in case of automated processing you have to take P R - - RW- P D T A P A R - - RW- A T R - - RW- T D RW- (*) D D T A P - 3 3

4 BU application security
Architecture: Securing Bu-application - Generic Pattern not just SAS Business-logic …. Approved logic: may be read and executed, but not updated. To be able to regression testing higher level must be visible Beware the requirements at development. Maintenance BU-Logic (t,a,p visible) The only environment to change BU logic D T A P D RWX (*) D T R-X R-X T Applications A R-X R-X R-X A P R-X R-X R-X R-X P D T A P Business-data …. According to business needs, possible actions are read and also update. Fore testing (A , T) same rules as P Beware the requirements at development. Maintenance on DATA structure implies more open access. P R - - RW- P D T A P A R - - RW- A T R - - RW- T D RW- (*) D D T A P - 4 4

5 BU application security
Architecture: Securing Bu-application - Generic Pattern not just SAS Securing Business Software: Every Stage gets its dedicated owner/NPA: <applid>_s<dtap> Every Stage gets its related group: <applid>_s<dtap> Every relevant BU user is member of the related group Applications D T A P Securing Business Data: Every Stage gets its dedicated owner/NPA: <applid>_b<dtap> Every Stage gets its related group: <applid>_b<dtap> Every relevant BU user is member of the related group D T A P Behavior security concept: There is no relationship needed to machines. Segregation is guaranteed. Accidental mixing of stages business-data is impossible at Server-side. Can be controlled to detail (RBAC -Soll) in choosing the right Bu-groups. Change Maintenance must be done by the owner NPA’s. - 5 5

6 BU Life Cycle Management
We focus on how components between the stages and the machines: are copied == Analyses develop changes required. Are moved == Concatenation must be possible Business Logic SCM Software Library D Preferred is: concatenation as all analyses requirements are eliminated Preferred is: shared development as all check’s who is working on something are eliminated T A P Z Promote Delete Maint Deploy DT DT AC PB PF D T A P P - 6 6

7 BU Emergency fix / parallel development
E-fix - U V W Software Library D T A P Z With more work parallel executing there is need to implements this. This Life-Cycle figure just zooms in to the developers work. The goal emergency fix is fixing production as soon as possible The goal of U,V,W is bigger projects developing a new future release - 7 7

8 General Company’s network - intranet
BU DATA Segregation with DTAP DT DT AC PB PF D T A P P D T A P D T A P General Company’s network - intranet - 8 8

9 BU DATA Segregation with DTAP
Requirements Network Needed with SCM Network must allow connections (Life Cycle Management) Requirements Network Needed with Business data Network must not allow connections of different stages Solution: The session/processes for an BU-application must be DTAP aware. Both for BU-Logic and BU-Data. With this awareness is must not be possible by the users (business) to pass into forbidden areas. Applications D T A P D T A P Common design/architecture mistakes leading to failures: Trying to indicate the iron-boxes into D,T,A,P Not taking having noticed the possible networked interconnections Supposing that different roles always are done by different people No notice of the requirements with outsourcing contracts - 9 9

10 General Company’s network - intranet
Data Exchange, getting your data Segregated Definitions SAS Meta: Lev4 SAS Meta: Lev3 SASMeta Lev2 Meta Lev Meta Lev1 DT DT AC PB PF D T A P P Segregated Keys access D T A P D T A P Sticky-bit is different to sticky-bit on directories. Difference is easily making up misunderstanding. On files is was making resident in storage. General Company’s network - intranet An user (business) is not allowed to define his own connections. All is predefined - 10 10

11 Define, Support & Configuration TI<->Business
The SH team (SAS Hosting – middleware support) takes care of: Defining Physical locations of the Business data and logic It is implemented by a script. Defining the logical connections (libname filename) and other settings and options in favor of the business It is implemented by a variety of tasks. Helps the Business to get all the IT requirements organized. This requires al lot of time and effort because of the tremendous complexity with ING’s internal processes and procedures. To mention A_Soll Itram ABP LPAD CSD ITIM RBAC and all the service-partners Atos Logica KPN HP. To be able to do this, the administrator SH-team must be authorized to use the BU: NPA data-owner (SUDO) <applid>_b<dtap>. NPA logic-owner (SUDO) <applid>_s<dtap>. There are more situations like this where SH-team is using these BU NPA’s Segregation responsibility in DTAP is implied. Logging actions is implied by SUDO - 11 11

12 Infrastructure: OS / Network / Security - Base level
Define, Support & Configuration TI<->Business The Middleware Configuration must be designed developed tested and evaluated. At lower infrastructure level To the business applications Business / IT Infrastructure Segregation Application: Consequence of Security Business Logic Business Data Applications Mirrors Applications D T A P D T A P D T D T A P Segregation Infrastructure: Middleware Base Level Consequence of Behavior Infrastructure: SAS / DBMS / file transfer – Middleware Configuration: DTAP Bu’s appl D T A P Configuration: DTAP Infra Base Logical Machines Configuration - Infrastructure: OS / Network / Security - Base level IT IT DT AC PB Requirement: Sandbox like Bu-application Configuration: DTAP Infra Base PF D T A P Time Lifecycle 12 12

13 Define, Support & Configuration TI<->Business
Needed is an crash-dummy like the an business application. Naming edu rcr sec. To be able the configuration to: Maintain related to configuration Test behavior the whole chain Monitor usage dedicated to tool SAS So the applications edu rcr sec are owned by the middleware SH team. They are not part of the middleware but are set up like a business application. Applications The security is set up with the 8 NPA’s / groups There is no real business logic or business data involved The business impact is that when this work can’t be done isolated, it will influence the business applications directly. D T A P D T A P - 13 13


Download ppt "Architecture: DTAP - Generic Pattern"

Similar presentations


Ads by Google