Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Architecture: DTAP - Generic Pattern Applications Infrastructure: SAS / DBMS / file transfer – Middleware D TA P DTA P Infrastructure: OS / Network /

Similar presentations


Presentation on theme: "1 Architecture: DTAP - Generic Pattern Applications Infrastructure: SAS / DBMS / file transfer – Middleware D TA P DTA P Infrastructure: OS / Network /"— Presentation transcript:

1 1 Architecture: DTAP - Generic Pattern Applications Infrastructure: SAS / DBMS / file transfer – Middleware D TA P DTA P Infrastructure: OS / Network / Security - Base level DT A P D T A P Every artifact has is own Life-cycle S o still not all, we end up with a very lot of D,T,AP’s Segregation Application: Consequence of Security Business Logic Business Data Applications Mirrors D T DTAP Segregation Infrastructure: Middleware Base Level Consequence of Behavior Time Lifecycle IT DTACPB PF IT Configuration: DTAP Bu’s appl Configuration: DTAP Infra Base Logical Machines Configuration - Business / IT Infrastructure Configuration

2 App v1n6 B Infrastructure SAS / DBMS / file transfer – Middleware 2 App v1n6 MF B Infrastructure OS / Network / Security - Base level I1 S Architecture: SAAS - Generic Pattern not just SAS PB PF Configuration: Vertical3 Configuration: Infra Base Business / IT Infrastructure Configuration SAS & SAAS - App v3n5 B S App v3n4 B S App v1n3 B S App v1n2 B S App v1n1 B SS App v1n5 B S App v1n4 B S App v2n3 B S App v2n2 B S App v2n1 B S App v2n6 B S App v2n5 B S App v2n4 B S App v3n3 B S App v3n2 B S App v3n1 B S I2I3I4 Configuration: Vertical2 Configuration: Vertical1 Logical Machines Configuration MDMSMJ MW Middleware Base Level ] Supporting multiple verticals multiple business-clients

3 3 BU application DTAP policy Business-logic …. So you have build a nice design What will happen if the production versions has to be changed afterwards. Beware the dependencies D depend to T T depend to A A depend to P The setup of maintenance DTAP has to rebuild Business-data …. DTAP environments are not strictly related Just in case of automated processing you have to take Applications D TAP DTA P - D T A P D T A P D T A P D T A P D T A P DT A P RW- (*) R - - RW- R - - RW- R - - RW- RWX (*) R-X R-X R-X R-X R-X

4 4 BU application security Business-logic …. Approved logic: may be read and executed, but not updated. To be able to regression testing higher level must be visible Beware the requirements at development. Maintenance BU-Logic (t,a,p visible) The only environment to change BU logic Business-data …. According to business needs, possible actions are read and also update. Fore testing (A, T) same rules as P Beware the requirements at development. Maintenance on DATA structure implies more open access. Architecture: Securing Bu-application - Generic Pattern not just SAS Applications D TAP DTA P - D T A P D T A P D T A P D T A P D T A P DT A P RW- (*) R - - RW- R - - RW- R - - RW- RWX (*) R-X

5 5 BU application security Securing Business Software: Every Stage gets its dedicated owner/NPA: _s Every Stage gets its related group: _s Every relevant BU user is member of the related group Architecture: Securing Bu-application - Generic Pattern not just SAS Securing Business Data: Every Stage gets its dedicated owner/NPA: _b Every Stage gets its related group: _b Every relevant BU user is member of the related group Applications DT A P DTA P Behavior security concept: There is no relationship needed to machines. Segregation is guaranteed. Accidental mixing of stages business-data is impossible at Server-side. Can be controlled to detail (RBAC -Soll) in choosing the right Bu-groups. Change Maintenance must be done by the owner NPA’s. -

6 6 BU Life Cycle Management Business Logic SCM D D T A P T P A P DT AC PB PF - We focus on how components between the stages and the machines: are copied == Analyses develop changes required. Are moved == Concatenation must be possible Preferred is: concatenation as all analyses requirements are eliminated Preferred is: shared development as all check’s who is working on something are eliminated Z Promote Delete Maint Deploy

7 7 BU Emergency fix / parallel development E-fix - UVW With more work parallel executing there is need to implements this. This Life-Cycle figure just zooms in to the developers work. The goal emergency fix is fixing production as soon as possible The goal of U,V,W is bigger projects developing a new future release - D T A P Z

8 8 BU DATA Segregation with DTAP D T P A P DT AC PB PF - DTAP DTAP General Company’s network - intranet

9 9 BU DATA Segregation with DTAP Requirements Network Needed with SCM Network must allow connections (Life Cycle Management) - Common design/architecture mistakes leading to failures: Trying to indicate the iron-boxes into D,T,A,P Not taking having noticed the possible networked interconnections Supposing that different roles always are done by different people No notice of the requirements with outsourcing contracts Requirements Network Needed with Business data Network must not allow connections of different stages Solution: The session/processes for an BU-application must be DTAP aware. Both for BU-Logic and BU-Data. With this awareness is must not be possible by the users (business) to pass into forbidden areas. Applications DT A P DTA P

10 10 Data Exchange, getting your data - D T P A P DT AC PB PF SAS Meta: Lev 4 SASMeta Lev 2 Meta Lev 1 SAS Meta: Lev 3 DTAP DTAP General Company’s network - intranet Segregated Definitions Segregated Keys access An user (business) is not allowed to define his own connections. All is predefined

11 11 The SH team (SAS Hosting – middleware support) takes care of: Defining Physical locations of the Business data and logic It is implemented by a script. Defining the logical connections (libname filename) and other settings and options in favor of the business It is implemented by a variety of tasks. Helps the Business to get all the IT requirements organized. This requires al lot of time and effort because of the tremendous complexity with ING’s internal processes and procedures. To mention A_Soll Itram ABP LPAD CSD ITIM RBAC and all the service-partners Atos Logica KPN HP. Define, Support & Configuration TI Business To be able to do this, the administrator SH-team must be authorized to use the BU:  NPA data-owner (SUDO) _b.  NPA logic-owner (SUDO) _s. There are more situations like this where SH-team is using these BU NPA’s Segregation responsibility in DTAP is implied. Logging actions is implied by SUDO -

12 12 Applications Infrastructure: SAS / DBMS / file transfer – Middleware D TA P DTA P Infrastructure: OS / Network / Security - Base level DT A P D T A P The Middleware Configuration must be designed developed tested and evaluated. At lower infrastructure level To the business applications Segregation Application: Consequence of Security Business Logic Business Data Applications Mirrors D T DTAP Segregation Infrastructure: Middleware Base Level Consequence of Behavior Time Lifecycle IT DTACPB PF IT Configuration: DTAP Bu’s appl Configuration: DTAP Infra Base Logical Machines Configuration - Business / IT Infrastructure Define, Support & Configuration TI Business Configuration: DTAP Infra Base

13 13 Needed is an crash-dummy like the an business application. Naming edu rcr sec. To be able the configuration to: Maintainrelated to configuration Test behavior the whole chain Monitor usagededicated to tool SAS Define, Support & Configuration TI Business So the applications edu rcr sec are owned by the middleware SH team. They are not part of the middleware but are set up like a business application. - Applications DTA P DTA P The security is set up with the 8 NPA’s / groups There is no real business logic or business data involved The business impact is that when this work can’t be done isolated, it will influence the business applications directly.


Download ppt "1 Architecture: DTAP - Generic Pattern Applications Infrastructure: SAS / DBMS / file transfer – Middleware D TA P DTA P Infrastructure: OS / Network /"

Similar presentations


Ads by Google