My objective with this presentation is to introduce the key frameworks and standards that provide practical guidance when tackling an EA project or implementing an EA capability.
There is currently not a universality accepted definition of EA and therefore it is important to but context to the presentation, so before we start discussing standards and frameworks that address the challenges, I want to take a minute to state my definition of Enterprise Architecture.
3. Forrester: Empowered Business Technology
• CIOs will have more time and energy managing things like
risk, vendors and innovation.
Forrester Research figures that
CIOs currently spend 60% of their
The breakdown of current and just-beyond-the-horizon CIO
time as "chief maintenance officers"
Chief maintenance officer:
25%
Chief vendor manager: 20%
Chief enterprise architect:
20%
Chief risk officer: 15%
Chief innovation officer: 15%
Chief demand officer: 5%
Chief maintenance officer:
60%
Chief vendor manager: 10%
Chief enterprise architect:
10%
Chief risk officer: 10%
Chief innovation officer: 5%
Chief demand officer: 5%
Source: Forrester Research, July 2011
Accessed: Jamie Eckle On: 13 Oct 2011 For: Computerworld
3
Business units are more
involved in deciding what
their technology needs are
w w w . c s I andc how ato nachieve them.
ntera tiveTr ini g.com
Current CIOs
Empowered Business
Technology CIOs
duties
4. Gartner: Emergent Architecture
New "emergent architecture” is necessary to respond to the growing
complexity in markets, economies, networks and companies.
1. Decentralise decision-making to enable innovation.
2. Architects recognise the broader business ecosystem and devolve
control to constituents.
3. Enterprise architects define a minimal set of rules and enable choice.
4. Goal-oriented, not just corporate goals but also each constituent acting
in their own best interests.
5. EA must increasingly coordinate actors that are influenced by local
interactions and limited information
6. The system (the individual actors as well as the environment) changes
over time. EA must design emergent systems that sense and respond
to changes in their environment.
7. The scarcity of resources drives emergence.
4
www.csInteractiveTraining.com
5. KPMG: Integrated Reporting
An Integrated Report provide information of a company in a way that
highlights the interdependencies of the information.
• Integrated Reporting is intended to improve communication
between companies and capital markets
• Provide financial and non-financial information of a company’s
strategy, performance and governance in its business and social
context, in a way that highlights the interdependencies of the
information
• Organisations would need to explain their business model
- KPMG Integrated Reporting publication,
Issue 1, 2011, KPMG
5
www.csInteractiveTraining.com
6. My Definition of Enterprise Architecture
"If you get really honest and search all of history, seven thousand
years of known history of humankind, to find how humanity has
learned to cope with two things, complexity and change… there is
one game in town, ARCHITECTURE.”
John Zachman
ISO/IEC 42010:2007 defines “architecture” as:
“The fundamental organization of a system, embodied in its components, their
relationships to each other and the environment, and the principles governing its
design and evolution.”
6
www.csInteractiveTraining.com
7. My Definition of Enterprise Architecture
"If you get really honest and search all of history, seven thousand
Enterprise history of humankind, to continuous has
years of known Architecture is thefind how humanity practice of
learned to cope the two things, complexity and change… there is
describing with essential elements of a socio-technical
one game in town, ARCHITECTURE.”
organisation, their relationships to each other and to the
environment, in order to understand complexity and manage
ISO/IEC 42010:2007 defines “architecture” as:
“The fundamental organization of a system, embodied in its components, their
change.
relationships to each other and the environment, and the principles governing its
- design and evolution.”
Enterprise Architecture Research Forum (EARF)
7
www.csInteractiveTraining.com
8. Conceptual Model Of Architectural
Description
ISO/IEC/IEEE 42010 aims to standardise the practice of architecture
description by
•
•
defining standard terms,
presenting a conceptual foundation for expressing, communicating and
reviewing architectures
and specifying requirements that apply to
o architecture descriptions,
o architecture frameworks and
o architecture description languages.
•
8
www.csInteractiveTraining.com
9. Enterprise Architecture Frameworks
ICODE
iCode Security Architecture Framework
AAF
Automotive Architecture Framework
BCA
Business Capability Architecture
IFW
IBM Information FrameWork (IFW)
Business Enterprise Architecure Modeling
4+1
Kruchten's 4+1 view model
BEAM
BPEAM
CEA
CIAF
iteratec best-practice enterprise architecture
management (EAM) method
CEA Framework: A Service Oriented Enterprise
Architecture Framework (SOEAF)
Capgemini Integrated Architecture Framework
DoDAF
US Department of Defense Architecture
Framework
MODAF
NAF
NIST-EAM
PEAF
DRA1
Dragon1
PPOOA
E2AF
Extended Enterprise Architecture Framework
SABSA
EXAF
Extreme Architecture Framework
FEAF
US Federal Enterprise Architecture Framework
FFLV+GODS
FSAM
GEAF
HEAF
9
Functions-Flows-Layers-Views + GovernanceOperations-Development-Support
Federal Segment Architecture Methodology
(FSAM)
Gartner's Enterprise Architecture Framework
Health Enterprise Architecture
www.csInteractiveTraining.com
Framework
TEAF
TOGAF
xAF
ZF
IADS
IAF
(UK) Ministry of Defence Architecture
Framework
NATO C3 Systems Architecture Framework
NIST Enterprise Architecture Model
Pragmatic Enterprise Architecture Framework
Processes Pipelines in Object Oriented
Architectures
Sherwood Applied Business Security
Architecture
(US) Treasury Enterprise Architecture
Framework
The Open Group Architecture Framework
Extensible Architecture Framework
Zachman Framework
IBM Architecture Description Standard
Index Architecture Framework
10. ISO 15704 Requirements for enterprisereference architectures and methodologies
GERA
Identifies concepts of
enterprise integration
Generic
Enterprise
Reference
Architecture
employ
PEMs
Provide reusable
reference models and
designs of enterprise
concepts
Generic Enterprise
Modelling Concepts
(Particular)
Enterprise
Models
10
EEM
Describe process of
enterprise engineering
Partial
Enterprise
Models
Enterprise
Engineering
Methodology
utilise
Enterprise
Engineering
Tools
GEMCs
Define the meaning of
enterprise modelling
constructs
EETs
Support enterprise
engineering
Used to
build
Enterprise
Modules
EMOs
Provide implementable
modules (human, process
& technology)
(Particular)
Enterprise
Operational Systems
IFIP-IFAC Task Force, 1999)
EMLs
Provide modelling
constructs for modelling
enterprise concepts
Implemented in
support
www.csInteractiveTraining.com
Enterprise
Modelling
Languages
EMs
Enterprise designs, and
models to support analysis
and operation
Used to
implement
EOS
Support the operation of
the particular enterprise
11. ISO 15704 Requirements for enterprisereference architectures and methodologies
Human
Concepts
GERA
Identifies concepts of
Technolo
Process
enterprise integration
gy
Concepts
Strategic
Management
Entity
(Type 1)
Generic
Enterprise
Reference
Architecture
EEM
Describe process of
enterprise engineering
employs
PEMs
Provide reusable reference
models and designs of
enterprise concepts
Enterprise
Product
(Type 4)
Generic
Enterprise
Modelling
Concepts
Manufacturi
ng Entity
(Type 3)
www.csInteractiveTraining.com
(Particular)
Enterprise
Models
EMLs
Provide modelling
constructs for modelling
enterprise concepts
Implemented in
Partial
Enterprise
Models
Methodology
Entity
(Type 5)
11
utilise
Concepts
Construction
Entity
(Type 2)
Engineering
Entity
(Type 2)
Enterprise
Engineering
Methodology
Enterprise
Modelling
Languages
Enterprise
Engineering
Tools
support
GEMCs
Define the meaning of
enterprise modelling
constructs
EETs
Support enterprise
engineering
Used to build
Enterprise
Modules
EMOs
Provide implementable
modules (human,
process & technology)
(Particular)
Enterprise
Operational
Systems
IFIP-IFAC Task Force, 1999)
EMs
Enterprise designs, and
models to support
analysis and operation
Used to implement
EOS
Support the operation of
the particular enterprise
12. Relationships between GERA Entity Types
Product:
Enterprise
Concept
Strategic Management Entity
(Type 1) defines the necessity
and the starting of any enterprise
engineering / integration effort.
Engineering Entity (Type 2)
provides the means to carry out the
enterprise engineering efforts defined
by enterprise Entity Type 1.
Enterprise Product (Type 4)
is the result of the operation
of Entity Type 3. It represents
all products and customer
services of the enterprise.
12
www.csInteractiveTraining.com
Product:
Enterprise
Design
Methodology Entity (Type 5) is
employed by the Engineering,
Construction and Manufacturing
entity (Entity Type 3) to define,
design, implement and build.
Construction Entity (Type 2)
provides the means to carry out the
enterprise engineering efforts defined
by enterprise Entity Type 1.
Product: Enterprise
Installation
Manufacturing Entity (Type 3) is the
result of the operation of Entity Type 2. It
uses the operational system provided by
Entity Type 2 to define, design, implement
and build the products and customer
services of the enterprise (Entity Type 4).
13. ISO 15704 Requirements for enterprisereference architectures and methodologies
Generalised Enterprise Reference Architecture and Methodology (GERAM)
is an enterprise-reference architecture that models the whole life history of
an enterprise integration project from
Entity Life-cycle Phases
Identification
Concept
Requirements
Preliminary
Design
initially developed it,
• through its definition,
• functional design or specification,
Detailed Design
• detailed design,
Implementation
• physical implementation or construction,
Operation
Decommission
13
• its initial concept in the eyes of the entrepreneurs who
www.csInteractiveTraining.com
• and finally operation
• to obsolescence.
14. The Open Group Architecture Framework (TOGAF)
aligned with other management frameworks
• The Architecture Development Method (ADM) is an iterative
approach to planning, designing, realising, and governing the
architecture.
ISO/IEC 20000: 2005
Decommission
Identification
ISO 38500:2008
Concept
Operation
Requirements
Implementatio
n
ISO 21500:2012
Detailed
Design
ISO/IEC 15504 (SPICE)
14
www.csInteractiveTraining.com
Preliminary
Design
15. IT Engagement Model
• Based on the model defined in Enterprise Architecture as Strategy
(Ross, Weill & Robertson)
Alignment
IT
Business
Company strategy
Enterprise
& operations Alignment Linkage
architecture
Coordination
•
•
•
Project Management Office
Business – IT relationship
managers
Project manager training
Company
Level
Companywide IT Governance
Architecture Linkage
•
•
•
Architect on projects
Project funding based on
Architecture compliance
Architect training
Business sponsors for projects
Solution
Regular project reviews by
Project plan
Architecture
company level office
•
Process owners
w w w . c s I n t e r a c t i v e T r a i n i n g . c o Project Management
• m Incentives tied to company goals
•
•
15
Project
Level
Business Linkage
16. SOA, Security & Risk Architecture Styles
• Open Enterprise Security Architecture (O-ESA) Guide
•
•
Reference resource for practicing security architects and designers
ISO/IEC 27001/2 standard
• ISO/IEC 16680:2012 is The Open Group Service Integration
Maturity Model (OSIMM)
•
•
It specifies a model against which the degree of service integration
maturity of an organization can be assessed, and
a process for assessing the current and desired degree of service
integration maturity of an organization, using the model.
• The Open Group Technical Standard: FAIR – ISO/IEC
27005 Cookbook
•
16
The Factor Analysis for Information Risk (FAIR) is complementary to
other risk assessment models/frameworks, including COSO, ITIL,
ISO/IEC 27002, COBIT, OCTAVE, etc.
• It provides an engine that can be used in other risk models to improve
the quality of the risk assessment results
www.csInteractiveTraining.com
17. Business owners need to realise that their
enterprise architecture design is a reflection of
their business even if it is not intentional. If you
don’t care about your enterprise architecture
then your design is telling people that you don’t
care about your business.
— MARCO SUAREZ
(SLIGHTLY ADAPTED)
17
www.csInteractiveTraining.com
Notas do Editor
Remember that Guns N’ Roses album, The Spaghetti Incident?You’re forgiven if you don’t, as it wasn’t one of their best. The album was essentially a mishmash compilation of cover songs that when cobbled together didn’t sound all that great. Now think about your IT architecture, can you see a resemblance? A mishmash of technologies – new and old – all trying to work together in a spaghetti-like structure?
Untangling the IT environment requires planning and management and in this presentation I will give a quick overview of some key challenges identified by research firms that will lead to even more entanglement if not managed properly.There is currently not a universality accepted definition of EA and therefore it is important to but context to the presentation, so before we start discussing standards and frameworks that address the challenges, I want to take a minute to state my definition of Enterprise Architecture.My objective with this presentation is to introduce the key frameworks and standards that provide practical guidance when tackling an EA project or implementing an EA capability.
Forrester Research figures that CIOs currently spend 60% of their time as "chief maintenance officers" -- that is, they have to devote several hours a day to making sure that all the IT infrastructure and applications are running smoothly.But Forrester envisions a shift to an era of what it calls empowered business technology (EBT), in which business units are more involved in deciding what their technology needs are and how to achieve them.This transition would greatly reduce the number of hours that CIOs spend as chief maintenance officers and allow them to devote a good deal more time and energy managing things like risk, vendors and innovation.
Gartner is advising corporations to adopt a new style of enterprise architecture called "emergent architecture," which the analyst firm says is necessary to respond to the growing complexity in markets, economies, networks and companies.Gartner has identified a variety of properties that differentiate emergent architecture from the traditional approach. Non-deterministic - Using emergent architecture, they instead must decentralise decision-making to enable innovation.Autonomous actors - They must now recognise the broader business ecosystem and devolve control to constituents.Rule-bound actors - Where in the past enterprise architects provided detailed design specifications for all aspects of the EA, they must now define a minimal set of rules and enable choice.Goal-oriented actors - Previously, the only goals that mattered were the corporate goals but this has now shifted to each constituent acting in their own best interests.Local Influences: Actors are influenced by local interactions and limited information. Feedback within their sphere of communication alters the behaviour of individuals. No individual actor has data about all of an emergent system. EA must increasingly coordinate.Dynamic or Adaptive Systems: The system (the individual actors as well as the environment) changes over time. EA must design emergent systems sense and respond to changes in their environment.Resource-Constrained Environment: An environment of abundance does not enable emergence; rather, the scarcity of resources drives emergence
Integrated Reporting is intended to improve communication between companies and capital marketsAn Integrated Report provides financial and non-financial information of a company’s strategy, performance and governance in its business and social context, in a way that highlights the interdependencies of the informationOrganizations would need to explain their business model, and how they create value over the short, medium and long termThere is no standard format for an Integrated Report, but the IIRC has provided Guiding Principles for an Integrated Report
JohnZachman is the father of EA and his framework is a brilliant “thinking model” to help in making sense of how to eat Elephant. He identified the value of EA to business in times of rapid change and increased complexity.As part of the EA research forum’s (consisting of academics, EA’s and business professionals) definition we included that section that EA is ongoing effort and that EA is not only a project.ISO 42010 is the best standard available that can be used to define the scope of work that needs to be done by Architects.
JohnZachman is the father of EA and his framework is a brilliant “thinking model” to help in making sense of how to eat Elephant. He identified the value of EA to business in times of rapid change and increased complexity.As part of the EA research forum’s (consisting of academics, EA’s and business professionals) definition we included that section that EA is ongoing effort and that EA is not only a project.ISO 42010 is the best standard available that can be used to define the scope of work that needs to be done by Architects.
ISO/IEC/IEEE 42010 aims to standardise the practice of architecture description by defining standard terms, presenting a conceptual foundation for expressing, communicating and reviewing architectures and specifying requirements that apply to architecture descriptions, architecture frameworks and architecture description languages.ISO/IEC/IEEE 42010 facilitate the expression and communication of architectures and thereby lay a foundation for quality and cost gains through standardisation of elements and practices for architectural description.
There are a wide range of EA frameworks available that address some or all aspects of EA, but the question now is – Which one do I choose?Will it address the business need of managing change or reducing risk in my organisation?To answer that question we have another ISO standard
ISO 15704 Requirements for enterprise-reference architectures and methodologies (including the Generalised Enterprise Reference Architecture and Methodology [GERAM] addendum)The architecture aims to be a relatively simple framework upon which all the functions and activities involved in the aforementioned phases of the life of the enterprise-integration project can be mapped. It also will permit the tools used by the investigators or practitioners at each phase to be indicated. The architecture defined will apply to projects, products, and processes; as well as to enterprises.Lets step through an example where we see how the TOGAF framework support change in the organisation
ISO 15704 Requirements for enterprise-reference architectures and methodologies (including the Generalised Enterprise Reference Architecture and Methodology [GERAM] addendum)The architecture aims to be a relatively simple framework upon which all the functions and activities involved in the aforementioned phases of the life of the enterprise-integration project can be mapped. It also will permit the tools used by the investigators or practitioners at each phase to be indicated. The architecture defined will apply to projects, products, and processes; as well as to enterprises.Lets step through an example where we see how the TOGAF framework support change in the organisation
As part of the framework we have the Generalised Enterprise Reference Architecture (GERA) entities.Understanding the fact that there are more that 1 type of entity in an organisation help with the management and planning of the EA effort.GERA identifies the following key entities:Strategic Enterprise Management Entity (Type 1)defines the necessity and the starting of any enterprise engineering / integration effort.Enterprise Engineering/Integration Entity (Entity Type 2) provides the means to carry out the enterprise engineering efforts defined by enterprise Entity Type 1. It employs a methodology (Entity Type 5) to define, design, implement and build the operation of the enterprise entity (Entity Type 3).Enterprise Entity (Entity Type 3) is the result of the operation of Entity Type 2. It uses a methodology (Entity Type 5) and the operational system provided by Entity Type 2 to define, design, implement and build the products and customer services of the enterprise (Entity Type 4).Product Entity (Entity Type 4) is the result of the operation of Entity Type 3. It represents all products and customer services of the enterprise.It is important to note that each Entity has a defined lifecycle and life history. For the purpose of our discussion today we will only look at the lifecycle.
The lifecycle phases of an entity is important to understand and to note that different international frameworks and methods support different parts of the lifecycle in more or less detail.
Enterprise Architecture alone will not solve the spagetti structure in the organisation. We need a Governance structure to ensure that the architecture is implemented in the organisation.The IT engagement model described in Enterprise Architecture as Strategy, creating a foundation for business execution by Jeanne Ross, Peter Weill and David Robertson is in my opinion a good starting point for reviewing or implementing a governance structure around the EA effort.The IT engagement model is a system of governance mechanisms assuring that business and IT projects achieve both local and company-wide objectives.Companywide IT GovernanceProject ManagementLinking Mechanisms:Business LinkageAlignment LinkageArchitecture Linkage
In the presentation we discussed the standards selecting and managing EA within the organisation and how it relate to other management frameworks. There are however specific styles of e.g. security, SOA and risk that require more customised architecture implementations and here I just want to mentions a few quick start guides that can support the effort:Open Enterprise Security Architecture (O-ESA) Guide Reference resource for practicing security architects and designersISO/IEC 27001/2 standardISO/IEC 16680:2012 is The Open Group Service Integration Maturity Model (OSIMM)It specifies a model against which the degree of service integration maturity of an organization can be assessed, and a process for assessing the current and desired degree of service integration maturity of an organization, using the model.The Open Group Technical Standard: FAIR – ISO/IEC 27005 CookbookThe Factor Analysis for Information Risk (FAIR) is complementary to other risk assessment models/frameworks, including COSO, ITIL, ISO/IEC 27002, COBIT, OCTAVE, etc. It provides an engine that can be used in other risk models to improve the quality of the risk assessment results