Architectural synthesis Flashcards
What is an architectural view?
A representation of a system from the perspective of a related set of
concerns [IEE00] (e.g. a concern in a distributed system is how the software components are allocated to network nodes). This representation is comprised of a set of system elements and the relationships associated with them [CBB+02].
What is an architectural pattern?
Architectural pattern = architectural style.
Pattern = focusing on problem-solution
Style = focusing on solution, not context
What is a viewpoint?
A viewpoint focuses on relevant concerns
e.g. how is computation distributed over the nodes
There exists 8 common used viewpoints, what are they?
Component interaction
Distribution
User interaction
Language extension
Adaptation
Data centered
Data flow
Layered
What is the layered view about?
In the Layered View the system is viewed as a complex heterogeneous entity that can be decomposed into interacting parts. The individual parts of the system are components that are decoupled as much as possible from one another. The interaction mechanisms between the components are implemented through
connectors that include appropriate interfaces, states, and interaction protocols.
——————————-
What are the parts that make up the whole system?
———————————–
How do these parts interact with each other?
——————————
How do the parts perform their functionality and still remain decoupled from each
other?
——————————-
How are the quality attributes of modifiability, portability, and performance
supported?
Which pattern can be used with the layered view?
Layered architecture
What is the layered architecture pattern about?
A layer
- may only access the layer(s) below it
–Open = can depend on any lower layer
–Closed = only on the next one
- provides services to the layer above it through a well defined interface
- contains elements work on the same abstraction level
What is the data flow view about?
What are the elements that perform the transformations?
——————————————
What are the elements that carry the streams of data?
—————————————–
How are the two aforementioned types of elements connected to each other?
—————————————-
How are the quality attributes of modifiability, reusability, and integrability supported?
Which patterns can be used with the data flow viewpoint?
pipes and filters
What is the pipes and filters pattern about?
a complex task is divided into several sequential subtasks. Each of these sub-tasks is implemented by a separate, independent component, a filter,
which handles only this task. Filters have a number of inputs and a number of outputs and they
are connected flexibly using pipes but they are never aware of the identity of adjacent filters.
———————————-
- transform input data
- consume and produce data incrementally
- are composed using pipes which stream data
———————————
The use of PIPES
AND FILTERS is advisable when little contextual information needs to be maintained between
the filter components and filters retain no state between invocations.
What is the data-centered view about?
In the Data-centered View the system is viewed as a persistent, shared data store that is accessed and modified by a number of elements. The data store and the elements that access it are components. The data store is independent of
the components, and the components are usually independent of one another. It is possible that
there is more than one data store. The elements that transfer data written or read from the data
stores are connectors that are attached to the data store(s) and the accessors.
————————————–
* How is the shared data store created, accessed, and updated?
* How is data distributed?
* Is the data store passive or active, i.e. does it notify its accessors or are the accessors
responsible of finding data of interest to them?
* How does the data store communicate with the elements that access it?
* Do the accessor elements communicate indirectly through the shared data or also
directly with each other?
* How are the quality attributes of scalability, modifiability, reusability, and integrability
supported?
Which pattern can be used with the data centered viewpoint?
Shared repository, active repository, blackboard
What is the shared repository pattern about?
In the SHARED REPOSITORY pattern one component of the system is used as a central data store, accessed by all other independent components. This SHARED REPOSITORY offers suitable means for accessing the data, for instance, a query API or language. The SHARED REPOSITORY must be scalable to meet the clients’ requirements, and it must ensure data consistency. It must handle problems of resource contention, for example by locking accessed data. The SHARED REPOSITORY might also introduce transaction mechanisms.
———————————————-
Advantage:
- you don’t have to send the data around (compare with micro-services?)
——————————————–
Challenges:
scalability, data consistency, resource contention handling, … as
needed
What is the adaptation viewpoint about?
In the Adaptation View the system is viewed as a core part that remains invariable and an adaptable part that either changes over time or in different versions of a system. The two basic types of elements in this view are the invariable components and the adaptable
components (these are often called variation points). These two kinds of components communicate with each other through connectors that have clearly-specified interfaces.
—————————————–
* How can a system adapt to evolution over time or to multiple different versions of a basic
architecture?
* What is the system functionality that is more likely to change and what will possibly remain
invariable?
* How do the invariable parts communicate with the adaptable parts?
* How are the quality attributes of modifiability, reusability, evolvability, and integrability
supported?
Which patterns can be used with the adaptation viewpoint?
Microkoernel
Reflection
Interceptor
Plugin architecture
What is the Microkernel pattern about?
A MICROKERNEL realizes services that all systems, derived from the system family, need and
a plug-and-play infrastructure for the system-specific services. Internal servers (not visible to clients) are used to realize version-specific services and they are only accessed through the MICROKERNEL. On the other hand, external servers offer APIs and user interfaces to clients by using the MICROKERNEL. External servers are the only way for clients to access the MICROKERNEL architecture
What is the plugin architecture pattern about?
The core application defines a well-defined set of interfaces or extension points that plugins can hook into. These extension points represent specific areas or functionalities within the application where plugins can provide additional functionality or behavior. The plugins, on the other hand, implement the defined interfaces or extension points to extend the functionality of the application
What is the language extension view about?
In the Language Extension View the system is viewed as a part that is native to the software/hardware environment and another part that is not. The native part of the application and the non-native part are components. These communicate
indirectly through another type of component, an interpreter component that “translates” the latter into the former. The connectors between these components are data that contain the program
instructions in the non-native language, as well as the internal state of the non-native part.
————————————————–
* How can a part of the system that is written in a nonnative language be integrated
with the software system?
* How can the non-native part be translated into the native environment?
Which patterns can be used with the language extension viewpoint?
Interpreter
virtual machine
rule-based system
What is the interpreter pattern about?
An INTERPRETER for the language is provided, which provides both parsing facilities and an
execution environment. The program that needs to be interpreted is provided in form of scripts which are interpreted at runtime. These scripts are portable to each platform realization of the INTERPRETER. For instance, the INTERPRETER can define a class per grammar rule of the language. The parser of the interpreter parses language instructions according to these rules and
invokes the interpretation classes.
What is the user interaction view about?
- How is the user interface decoupled from the application logic?
- How are the quality attributes of usability, modifiability, and reusability supported?
- What is the data and the application logic that is associated to the user interface?
Which patterns can be used with the interaction viewpoint?
MVC
What is the MVC pattern about?
The system is divided into three different parts: a Model that encapsulates some application data
and the logic that manipulates that data, independently of the user interfaces; one or multiple. Views that display a specific portion of the data to the user; a Controller associated with each. View that receives user input and translates it into a request to the Model. Views and Controllers constitute the user interface. The users interact strictly through the Views and their Controllers, independently of the Model, which in turn notifies all different user interfaces about updates.
What is the component interaction view view about?
In the Component Interaction View the system is viewed as a number of independent components that interact with each other in the context of a system. The components retain their independence, since they merely exchange data but do not directly
control each other. The components interact with each other through connectors that pass data
from one to another.
————————–
* How do the independent components interact with each other?
* How are the individual components decoupled from each other?
* How are the quality attributes of modifiability and integrability supported?
Which patterns can be used with the component interaction viewpoint?
Client-sever
peer to peer
publish/subscribe
implicit invocation
What is the client server pattern about?
Problem: two distributed components need to communicate, one needing the service of
another
—————————————
The CLIENT-SERVER pattern distinguishes two kinds of components: clients and servers. The
client requests information or services from a server. To do so it needs to know how to access the server, that is, it requires an ID or an address of the server and of course the server’s interface. The server responds to the requests of the client, and processes each client request on its own. It does not know about the ID or address of the client before the interaction takes place
What is the peer to peer pattern about?
In the PEER-TO-PEER pattern each component has equal responsibilities, in particular it may act
both as a client and as a server. Each component offers its own services (or data) and is able
to access the services in other components. The PEER-TO-PEER network consists of a dynamic
number of components. A PEER-TO-PEER component knows how to access the network. Before
a component can join a network, it must get an initial reference to this network
———————————-
Advantage:
- No single point of failure
- Extremely scalable
——————————
Disadvantages
- Clients contribute a lot of resources
(prohibitive on mobile phones)
- Can’t bad bad actors
What is the publish/subscribe pattern about?
Problem: Event consumers and producers should be decoupled. Many consumers should receive
events from one producer
—————————————————
PUBLISH-SUBSCRIBE allows event consumers (subscribers) to register for specific events, and
event producers to publish (raise) specific events that reach a specified number of consumers.
The PUBLISH-SUBSCRIBE mechanism is triggered by the event producers and automatically
executes a callback-operation to the event consumers. The mechanism thus takes care of decoupling producers and consumers by transmitting events between them.
What is the distribution view about?
- How do the distributed components interact with each other?
- How are the distributed components decoupled from each other?
- How are the quality attributes of interoperability, location-transparency,
performance, and modifiability supported?
Which patterns can be used with the distribution view?
Message queue
Broker
Microservices
Monolith?
What is the Message queue pattern about?
Producer puts request into a queue - and can continue to operate
Consumer pulls requests from the queue and processes
Senders and receivers are decoupled in time and space
What is the event broker pattern about?
Problem: how do we update a consumer about a state change while keeping them
decoupled from the producers
—————————————
Consumers “subscribe” to events and receive
notifications when they occur.
—————————————-
Producer is not aware of the consumer who
receives it
—————————————
The event broker in the middle
- allows both parties to scale and evolve in a
loosely coupled manner
- might stores events or not
—————————————-
Challenges: Broker should be
- scalable
- high performant
- fault-tolerant
What is the microservices pattern about?
Problem: You need a highly available and scalable system / you have hundreds of
developers and you need to give evolve differently
—————————————————-
Services
- run independently
- deployed independently
- can use different technologies
- can be scaled independently
————————————
Challenges
- communication complexity (CAP
theorem: consistency, availability, and
partitioning… => eventual consistency)
- performance
- return of the monolith
What is a monolith?
Key characteristics:
- Single process
- Tight coupling
- Scalability Challenges
- Deployment and versioning
Why is synthesis important?
- Proposed architecture defines the
framework in which the rest of the
development will fit in - ## Think monolith vs. microservices
- Forces you to think deep upfront
- Even if often it must be iterated
(just as in real architecture)
What is architectural synthesis?
proposing a collection of architecture solutions to address the ASR that are identified during architectural analysis. This activity links the problem to the solution space.
Why is it that we cannot have a rational design process?
Stakeholders do not necessarily know what they want or are unable to tell all they
know.
What can we do to a rational design process?
We can fake it. Fake end result = appears as if a rational process was followed:
- Requirements are clear,
- design is well-described,
- it is argued that design meets requirements
What is the 5 steps in the fake synthesis process
- ## Choose architectural style(s)/patterns according to quality requirements
- Create overall, tentative structure
Q1: What is the context of the system?
Describe tentatively the other systems and actors the system interacts with
Q2: What functionality is needed?
Describe tentatively components (i.e. functionality) & connectors
Describe where components are to be deployed
Q3: How do you divide the work of implementing functionality?
Describe tentative modules (e.g. packages).
- Refine initial structure through quality attribute scenarios:
For each quality attribute scenario apply architectural tactics for the main quality attribute. Consider applying tactics also for quality attributes for which you do not have scenarios.
- Consider architectural and business qualities.
Conceptual integrity
– Could you increase integrity by doing similar things in similar ways?
Correctness and completeness
- Do you cover functional requirements correctly?
Feasibility
- With the resources available, is it possible to realize the
system?
—————————————————-
5. Maintain an architectural backlog
* For each step, note questions and uncertainty in the backlog
* Many decisions might need to be taken when more information is available
– Detailed design, architectural prototyping, implementation …
What is architectural tactics?
Architectural decisions that influence the achievement of quality attribute. They directly affect system’s response to a stimulus.
Collection of tactics = strategy
E.g., Heartbeat to control availability
———————–
If no pattern exists for a given goal, tactics can construct a solution from “first
principles”
Which categories of tactics exists? There is 7
- Availability
- Modifiability
- Performance
- Security
- Testability
- Usability
- Interoperability
What is availbility tactics about?
Availability tactics, therefore, are designed to enable a system to endure system faults so that a
service being delivered by the system remains compliant with its specification
————————-
Availability tactics … keep faults from becoming failures!
What is a failure?
when the system no longer delivers a service consistent with
its specification – observable by the users
What is a fault?
A fault is a malfunction that has the potential to cause a failure.
Which 3 sub categories are there of availbility tactics?
Detect faults
Recover from faults
Prevent faults
In availability tactics which approaches exist to detect faults?
Monitor
Ping/Echo
Heartbeat
Timestamp
Condition Monitoring
Sanity checking
Voting
Exception Detection
Self-Test
In availability tactics which approaches exist to recover from faults?
Preparation and repair –>
Redundant spare
rollback
exception handling
software upgrade
retry
ignore faulty behavior
graceful degradation
reconfiguration
————————————
reintroduction –>
shadow
state resynchronization
escalating restart
nonstop forwarding
In availability tactics which approaches exist to prevent faults?
Removal from service
transaction
predictive model
exception prevention
increase competence set
In detect faults explain the following tactics; ping/echo, heartbeat, monitor, voting, exception detection, self-test, timestamp, sanity checking
Ping/echo: request/response message pair exchanged between nodes, used to
determine reachability and the round-trip delay through the associated network path.
——————
Heartbeat: a periodic message exchange between a system monitor and a process being
monitored.
—————-
Monitor: a component used to monitor the state of health of other parts of the system.
A system monitor can detect failure or congestion in the network or other shared
resources, such as from a denial-of-service attack.
——————–
Voting: to check that replicated components are producing the same results. Comes in
various flavors: replication, functional redundancy, analytic redundancy.
——————
Exception Detection: detection of a system condition that alters the normal flow of
execution, e.g. system exception, parameter fence, parameter typing, timeout.
———————
Self-test: procedure for a component to test itself for correct operation.
———————-
Timestamp: used to detect incorrect sequences of events, primarily in distributed
message- passing systems.
—————————
Sanity Checking: checks the validity or reasonableness of a component’s operations or outputs; typically based on a knowledge of the internal design, the state of the
system, or the nature of the information under scrutiny.
In Recover from Faults explain the following tactics; active redundancy, passive redundancy, spare, exception handling, rollback, retry. ignore faulty behavior, degradation, shadow, escalating restart
Active Redundancy (hot spare): all nodes in a protection group receive
and process identical inputs in parallel, allowing redundant spare(s)
to maintain synchronous state with the active node(s).
——————————
Passive Redundancy (warm spare): only the active members of the
protection group process input traffic; one of their duties is to
provide the redundant spare(s) with periodic state updates
——————————.
Spare (cold spare): redundant spares of a protection group remain out
of service until a fail-over occurs, at which point a power-on-reset procedure is initiated on the redundant spare prior to its being placed in service
———————–
Exception Handling: dealing with the exception by reporting it or handling it,
potentially masking the fault by correcting the cause of the exception and retrying.
——————–
Rollback: revert to a previous known good state, referred to as the “rollback line”.
———————
Retry: where a failure is transient retrying the operation may lead to success.
——————-
Ignore Faulty Behavior: ignoring messages sent from a source when it is determined
that those messages are spurious.
——————-
Degradation: maintains the most critical system functions in the presence of
component failures, dropping less critical functions.
———————–
Shadow: operating a previously failed or in-service upgraded component in a “shadow
mode” for a predefined time prior to reverting the component back to an active
role.
——————
Escalating Restart: recover from faults by varying the granularity of the component(s)
restarted and minimizing the level of service affected.
In prevent faults explain the following tactics;
Removal From Service: temporarily placing a system component in an out-of-service
state for the purpose of mitigating potential system failures
——————–
Transactions: bundling state updates so that asynchronous messages exchanged
between distributed components are atomic, consistent, isolated, and durable.
———————
Predictive Model: monitor the state of health of a process to ensure that the system is
operating within nominal parameters; take corrective action when conditions are
detected that are predictive of likely future faults.
What is modifiability tactic about?
Tactics to control modifiability have as their goal controlling the complexity of
making changes, as well as the time and cost to make changes.
What 3 sub categories exists in modifiability tactics?
Increase cohesion
Reduce Coupling
Defer Binding
In modifiability tactics which approaches exist to increase cohesion?
Split module
Redistribute responsibilities
In modifiability tactics which approaches exist to reduce coupling?
Encapsulate
Use an intermediary
Abstract Common services
Restrict Dependencies
In modifiability tactics which approaches exist to defer binding?
Component replacement
Couple-time parameterization
Aspects
Configuration-time binding
resource files
discovery
interpret parameters
shared repositories
polymorphism
In Increase cohesion explain the following tactics; split modules, increase semantic coherence
Split Module: If the module being modified includes a great deal of capability, the
modification costs will likely be high. Refining the module into several smaller
modules should reduce the average cost of future changes.
————————————————-
Increase Semantic Coherence: If the responsibilities A and B in a module do not servethe same purpose, they should be placed in different modules. This may involve
creating a new module or it may involve moving a responsibility to an existing
module.
In reduce coupling explain the following tactics; encapsulate, use an intermediary, restrict dependencies
Encapsulate: Encapsulation introduces an explicit interface to a module. This interface
includes an API and its associated responsibilities, such as “perform a syntactic
transformation on an input parameter to an internal representation.”
———————-
Use an Intermediary: Given a dependency between responsibility A and responsibility
B (for example, carrying out A first requires carrying out B), the dependency can be
broken by using an intermediary.
————————-
Restrict Dependencies: restricts the modules which a given module interacts with or
depends on
In defer binding In general, the later in the life cycle we can bind values, the better for modifiability
- Runtime registration
- Configuration files
- Polymorphism
- Component replacement
- Adherence to defined protocols
What is performance tactic about?
The goal of performance tactics is to generate a response to an event arriving
at the system within some time-based constraint. The event can be single or a
stream and is the trigger to perform computation. Performance tactics control the
time within which a response is generated
What 2 sub categories exist in performance tactics?
Control Resource Demand
Manage Resources
In performance tactics which approaches exist to Control Resource Demand?
Manage work requests
Limit event response
Prioritize events
Reduce computational overhead
Bound execution Times
Increase efficiency
In performance tactics which approaches exist to manage resources?
Increase resources
Introduce concurrency
Maintain multiple copies of computations
Maintain multiple copies of data
Bound queue sizes
Schedule resources
In Control resource demands explain the following tactics; Manage sampling rate, Limit event response, prioritize events, reduce overhead, bound execution times
Manage Sampling Rate: If it is possible to reduce the sampling frequency at which a
stream of data is captured, then demand can be
reduced, typically with some loss of fidelity.
——————–
Limit Event Response: process events only up to a set maximum rate, thereby ensuring
more predictable processing when the events are actually processed.
——————-
Prioritize Events: If not all events are equally important, you can impose a priority
scheme that ranks events according to how important it is to service them.
———————-
Reduce Overhead: The use of intermediaries (important for modifiability) increases
the resources consumed in processing an event stream; removing them improves
latency. (e.g. Eclipse)
———————–
Bound Execution Times: Place a limit on how much execution time is used to respond
to an event. (e.g. finding bugs)
In Mangage resources explain the following tactics; Increase resources, Increase concurrency, Maintain multiple copies of computations, Maintain multiple copies of data, Schedule resources
Increase Resources: Faster processors, additional processors, additional memory, and
faster networks all have the potential for reducing latency.
————————–
Increase Concurrency: If requests can be processed in parallel, the blocked time can be
reduced. Concurrency can be introduced by processing different streams of events
on different threads or by creating additional threads to process different sets of
activities.
—————————-
Maintain Multiple Copies of Computations: The purpose of replicas is to reduce the
contention that would occur if all computations took place on a single server.
——————————–
Maintain Multiple Copies of Data: keeping copies of data (possibly one a subset of the
other) on storage with different access speeds. (E.g. in-memory caching)
————————
Schedule Resources: When there is contention for a resource, the resource must be
scheduled.
– FIFO
– Fixed-priority scheduling
– Dynamic priority scheduling
– Static scheduling
Security has 3 main characteristics, what are they?
CIA
- Confidentiality is the property that data or services are protected from unauthorized access
- Integrity is the property that data or services are not subject to unauthorized manipulation
- Availability is the property that the system will be available for legitimate use.
What is security tactic about?
One method for thinking about how to achieve security in a system is to think
about physical security. Secure installations have limited access (e.g., by using
security checkpoints), have means of detecting intruders (e.g., by requiring legitimate visitors to wear badges), have deterrence mechanisms such as armed
guards, have reaction mechanisms such as automatic locking of doors, and have
recovery mechanisms such as off-site backup
What 4 sub categories exist in security tactics?
Detect Attacks
Resist Attacks
React to Attacks
Recover from Attacks
In security tactics which approaches exist to Detect attacks?
Detect intrusion
Detect Service Denial
Verify Message Integrity
Detect Message Delivery Anomalies
In security tactics which approaches exist to Resist attack?
Identify actors
Authenticate Actors
Authorize Actors
Limit access
Limit Exposure
Encrypt Data Separate entities
Validate input
Change credential settings
In security tactics which approaches exist to React to attacks?
Revoke Access
Restrict login
Inform actors
In security tactics which approaches exist to Recover from attacks?
Audit
Nonrepudiation
In detect attacks explain the following tactics; detect intrustion, detect service denial, verify message integrity
Detect Service Denial: comparison of the pattern or signature of network traffic coming into a system to historic profiles of known Denial of Service (DoS) attacks.
———-
Verify Message Integrity: use techniques such as checksums or hash values to verify the integrity of messages, resource files, deployment files, and configuration files.
In resist attacks explain the following tactics; authenticate actors, authorize actors, limit access, encrypt data
Authorize Actors: ensuring that an authenticated actor has the rights to access and modify either data or services.
———————
Limit Access: limiting access to resources such as memory, network connections, or access points (e.g. not every user should be able to delete tables from DB)
———————–
Encrypt Data: apply some form of encryption to data and to communication.
In react to attacks explain the following tactics; revoke access, inform actors
Inform Actors: notify operators, other personnel, or cooperating systems when an attack is suspected or detected.
In recover from attacks explain the following tactics; audit
Audit: keep a record of user and system actions and their effects, to help trace the
actions of, and to identify, an attacker.
What is testability tactic about?
The goal of tactics for testability is to allow for easier testing when an increment
of software development is completed
What 2 sub categories exist in testability tactics?
Control and observe system state
Limit complexity
In testability tactics which approaches exist to contorl and observe system state?
Specialized interfaces
record/playback
localize state storage
abstract data sources
sandbox
executable assertions
In testability tactics which approaches exist to limit complexity?
Limit structural complexity
Limit nondeterminism
What is usability tactic about?
usability is concerned with how easy it is for the user to accomplish a desired task, as well as the kind of support the system provides to the user. Researchers in human-computer interaction have used the terms user initiative, system initiative, and mixed initiative to describe which of the human-computer pair takes the initiative in performing certain actions and how the interaction proceeds.
What 2 sub categories exist in usability tactics?
Support user initiative
Support system initiative
In usability tactics which approaches exist to support user initiative?
Cancel
Undo
Pause/Resume
Aggregate
In usability tactics which approaches exist to support system initiative?
Maintan Task Model
Maintain User Model
Maintain System Model
What is interoperability tactic about?
Interoperability is the ability of systems or components to exchange and interpret data or services correctly, regardless of their differences in implementation, platforms, or technologies.
What 2 sub categories exist in interoperability tactics?
Locate
Manage interfaces
In interoperability tactics which approaches exist to locate?
Discover service
In interoperability tactics which approaches exist to Manage interfaces?
Orchestrate
Tailor Interface
