TheOpen Group Certification logo is a trademark and TOGAF is a registered trademark of The Open Group in the United States and other countries. TOGAF® 9 Practitioner Certification Training Level 1 and 2 is an Accredited TOGAF 9 Training Course and complies with the accreditation requirements for The Open Group TOGAF Certification for People program”. EA Dynamics Logo

Specialists in Enterprise Architecture


 
TOGAF accreditation Logo

Specialists in Enterprise Architecture

Tel: 01443 449886










This article was produced after following a blog and Cloud Computing and subsequently doing research to see how TOGAF® can contribute to any organisations considering using TOGAF for business transformation - in this case migrating to the CLOUD.

Keeping Organisations ‘lean and keen’ in today’s economic climate.

An analysis of TOGAF® Enterprise Architecture Framework used for business transformation focused on Cloud computing services.

Contents

Introduction. 2

TOGAF®. 2

Cloud computing. 4

Drivers for utilising Cloud computing Services. 5

Cloud origins, service and deployment models. 5

Enterprise Architecture and Cloud Computing. 7

Summary. 12

 

Introduction

This paper discusses how the cloud and TOGAF® can work together to align business capability with Information Technology.

TOGAF®

TOGAF®, an Open Group standard is a member driven global technology and vendor neutral consortium, with over 350 member organisations, with headquarters in 31 countries.  The organisation formed in 1996 is The Open Group.  TOGAF® services include management, strategy, standards, certification, test development, innovation and research.

By using an overarching framework such as TOGAF®, a top down, holistic approach is applied, with guidance on development overseen by an architectural perspective.  High level principles ensure the various parts of the enterprise employ a consistent approach to business transformation, in line with the long term IT roadmap that supports the business.  High level principles are clearly stated, such as using open standards for data, ensuring the data is accessible from multiple applications.  Another high level principle may be that data should only be entered once.  All these principles help guide the project development provide solutions, and each development has to satisfy the overarching principles based on long term business and IT goals. 

Analysis of the business, data, applications and technology gives information to support business strategy, with technology as the enabling tool.

The TOGAF® framework is adaptable, and implementation of the framework can be achieved by using an analysis method which bests suits your organisational culture and way of working.  The end result is that you have a clearer idea on the ‘who, why, what, where, how and when’ questions required to inform you which areas are performing well and which areas require attention.

TOGAF® incorporates the prioritisation and implementation of the transformation projects. This ensures that the key projects that are critical to the business are given the focus they deserve.  TOGAF supports the full life cycle of the information architecture from alignment with business strategy through implementation management, then monitoring and control through to benefit realisation

The TOGAF® framework enforces end to end processes rather than processes developed in silos.  The results gained from this approach astound the business.  Less resource is required to input and maintain data.  The ‘The ‘right information, at the right time, in the right format’’ slogan suddenly has more meaning and makes more business sense.

Many organisations are characterised by low asset utilization, a fragmented demand for resources, duplicative systems, environments which are dif­ficult to manage, and long procurement lead times.  Is the Cloud the panacea to all these problems?

 An interesting viewpoint heard recently is the trend to outsource service, it has been voiced that this negates the need for performing analysis in the area being transformed.  It is easier and cheaper just to start using the new system and enjoy the efficiencies.

Superficially, it may seem a cost saving exercise in the current economic climate. Transferring services onto a Cloud, could in fact, with a good understanding of the current operations and business be an excellent opportunity to transform the business and ‘cut out all the chaff’ that has built up over time as well as more focused on demand use of IT.  However analysis is required to understand where the chaff is, and also understand what key data, resource and functionality is essential in future operations.  Any business that gets this wrong in a new system risks alienating their customer base and frustrating their staff as they battle with a system/ service which does not allow them to do their jobs.  Another factor to consider is that not every application is suited for a virtualized server. High computational applications or high transaction databases aren't well suited for using "portions" of a server in a virtualized environment. Therefore it’s critical to size your need appropriately.

This lesson has been learnt by many organisations, both in the public and private sector when migrating into SAP's Enterprise Resource Planning solution includes several modules that support key functional areas, including: SAP ERP Financials, SAP ERP Operations, SAP ERP Human Capital Management.

Organisations that didn’t do their homework ended up with a system that the staff soon learnt to sabotage due to the frustration in excessive administration and poor implementation.  Done properly, a new system is configured to include the elements required and tailored to add the essential pieces that make their day jobs easier and allows them to perform more efficiently. In order to achieve the end goal of getting the most efficient system to transform and enable capability analysis is required to ensure you have the right information  to make informed decisions on which parts of the new system/service are required, which can be switched off as not required, and configured to streamline day to day tasks. The business will also then be able to assess which, if any existing infrastructure within the business can be reused, which processes stay as-is, which are being migrated, what are the training requirements etc. ( back to the Who, why, where, why, how).

The case studies show who have made huge savings through migrating to the Cloud did so in a planned, strategic fashion with a defined planning and evaluation strategy and policy.  The policy 

-Firstly articulates the benefits, considerations, and trade-offs of Cloud computing, 

-Secondly provides a decision framework and case examples to support agencies in migrating towards cloud computing.

-Thirdly highlights Cloud computing implementation resources and finally identifies Federal Government activities and roles and responsibilities for catalysing cloud adoption.

Additionally experience within the federal agency has prompted the following guidance:

Before migrating to the Cloud agencies must ensure that the network infrastructure can support the demand for higher bandwidth and that there is sufficient redundancy for mission critical applications.  Agencies should update their continuity of operations plans to reflect the increased importance of a high-bandwidth connection to the Internet or service provider.  Another key factor to assess when determining readiness for migration to the Cloud is the suitability of the existing legacy application and data to either migrate to the Cloud (i.e., rehost an application in a Cloud environment) or be replaced by a Cloud service (i.e., retire the legacy system and replace with commercial SaaS equivalent).If the candidate application has clearly articulated and understood interfaces and business rules, and has limited and simple coupling with other systems and databases, it is a good candidate along this dimension.  If the application has years of accumulated and poorly documented business rules embedded in code, and a proliferation of subtle or poorly understood interdependencies with other systems, the risks of “breakage” when the legacy application is migrated or retired make this a less attractive choice for early Cloud adoption.

(Ref Federal-Cloud-Computing-Strategy)

Enterprise architecture and cloud computing section outlines how this analysis can be achieved allowing efficient, effective business transformation and minimised disruption to the day to day business operations.

Cloud computing

The National Institute of Standards and Technology (NIST) provide a definition for Cloud computing:

"Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction."

Source: http://en.wikipedia.org/wiki/Cloud_computing

 Enterprises, especially governments, are becoming more interested in cloud technology based on published case studies confirming substantial cost savings in computing resources.  Cloud technologies include options such as exploiting low cost software (e.g. shareware and open source), the opportunity to utilise geographic distribution coupled with the added appeal of focusing on their main business rather than IT.  This in turn reduces their IT manpower resource requirements within their enterprise.  Case studies highlight cases showing server capacity redundancies within individual organisations which are offset by moving to on demand infrastructure service model.  The Cloud also has appeal to smaller enterprises that opt to use public SaaS and public clouds and minimize growth of data centres.

Research in this area show case studies which outline substantial IT cost savings. (Appendix A).  There are various factors for cost reduction - the focus of utilising open source software and open standards, utilising the IT cloud infrastructure on demand revealed substantial financial benefits. (Appendix A)

Drivers for utilising Cloud computing Services

Some organisations are finding their business needs and drivers make Cloud capabilities an option.  The cost associated with refreshing the infrastructure is no longer the focus of the business once it is outsourced; there is no need for repeated deployments and maintenance done internally by the organisation.  The organisation can use just in time services.  It is important  to work out viable cost model to keep track of expenditure – what happens if a service is outsourced and the organisation becomes locked in – can costs subsequently  rise over time and cause unforeseen problems?  There is a cost of moving mail boxes back from an outsourced supplier which must be considered.  Therefore ensure that a sound up front analysis of how Cloud computing can support the  business need and strategy - not just in the short term, but in the long term roadmap.

Cloud origins, service and deployment models

Cloud computing has developed over time - the Cloud initially was associated around networking and TCP/IP abstraction, then www allowed data and document abstraction and the emerging cloud abstracts infrastructure complexities of servers, applications, data and varied platforms. For Government virtualisation and 'green' are also very important.  It helps to understand the various options/flavours of the Cloud. Cloud computing provides three service models, which can be amalgamated within an enterprise based on business requirements. The first service model ‘Cloud Infrastructure as a Service’ (IaaS) rents processing, storage, network, capacity, and other fundamental computing resources. The second service model ‘Cloud Platform as a Service ‘(PaaS) consists of customer-created applications to a cloud. The third service model ‘Cloud Software as a service (SaaS)’ uses provider’s applications over a network.

The 5 features of the Cloud are: on-demand self-service, broad network access, resource pooling, location independence, rapid elasticity, measured service.

The options for deploying the cloud are private cloud, community cloud, public cloud and hybrid cloud.

Cloud Deployment Models



Figure 1 Cloud Deployment Options

It is worthwhile considering  potential pitfalls and issues associated with the Cloud e.g. there  is usually more service lock-in as you move up the SPI stack (IaaS->PaaS->SaaS).   The Berkeley paper gives good advice for preventing lock in –by standardising API’s and having compatible software to enable Surge Computing.

Security and data privacy concerns are also critical barriers to adopting cloud computing.  (There is currently lively debate on the pros and cons of Cloud Security). Security advice is to deploy Encryption, VLANs, Firewalls; Geographical Data Storage. It is also important to understand what is being outsourced and who is responsible for the various elements– what are the resiliency and disaster recovery options etc.

It is also important to understand what is being outsourced and who is responsible for the various elements– what are the resiliency and disaster recovery options etc.

Cloud computing is still an evolving paradigm. Its definitions, use cases, underlying technologies, issues, risks, and benefits will be refined in a spirited debate by the public and private sectors. These definitions, attributes, and characteristics will evolve and change over time. 

Enterprise Architecture and Cloud Computing


TOGAF Preliminary PhaseWhere and how does Enterprise Architecture and Service-Oriented architecture fit into the picture? The simple answer is that an organisation still needs to know that business capabilities are catered for by the business, architecture, data, and technology architectures. The driver should be the business strategy and need, rather than having a preconceived idea of using the Cloud. The Cloud options should only be considered if it fits in with the business strategy and makes sound financial and business sense.If the Cloud capability is included in the strategy then the organisation needs to create a strategy for the consumption and management of cloud services.   The organisation needs to create a strategy for the consumption and management of cloud services.  Identifying underlying principles to help guide the informed cloud selection based on the business drivers, strategies and goals.  The Enterprise Architecture method is vendor, tool and technology neutral which can then focus on which option best suits the business need.  If enterprises are including cloud computing additional principles associated with the Cloud will be included.

The Goal: Increase Vendor Independence with the following objectives:  Interchangeable components: only hardware and software that have standards-based interfaces will be selected, so that upgrades or the insertion of new products will result in minimal disruption to the user’s environment.  Non-proprietary specifications: capabilities will be defined in terms of non-proprietary specifications that support full and open competition and are available to any vendor for use in developing commercial products.

The Cloud is an emerging technology and enterprises need to understand how their business operates allowing them to make informed decisions on the infrastructure, applications and capabilities required.  Organisations must be specific on their requirements when choosing the various options and supplying requirements for their outsourced services.  This will be captured in business scenarios in the business architecture phase.

TOGAF development PhasesThe following phases within the Enterprise Architecture help identify standard portable features which can easily be migrated to the Cloud.  The development phases also help define the need for proprietary advanced capabilities which maximize and add value to the business capabilities. The Business phase analysis gives the business vital information – is a Business area under supported? Which areas are most important? Where is the high IT Costs/duplication? What are the system migration targets? Where is the commonality across domains?
When considering Business architecture views the need to capture the stakeholder viewpoints remain constant.  The subtle changes will be introduced as the cloud use application scenarios may affect stakeholders and vary the stakeholder groups.  The use of the applications may be more widespread – potentially community as well as departmental use of applications, which will change security aspects and concerns over data protection etc.  Tthe actual process for capturing the stakeholder’s needs and concerns still fits – though in implementation of the process facilitators may draw out different question sets to elicit the user needs and concerns.  Ownership and responsibilities will shift when migrating to the cloud and the artefacts capturing roles and responsibilities should then highlight retraining and new skill requirements.

Data views are also still required but will differ due to on demand and scaling on a larger platform giving rise to logical data changes of the model.  The decisions made as to whether running own applications on a platform or using cloud software design of the application logical model may change ownership of the application design – one cloud application used by multiple customers’ for example.  The wider application usage results in user groups needing to outline their configuration setup to suit their customer base needs.    If this is the case it is essential for the organisations to analyse how the applications should be configured to maximise efficiencies and ease of use.

Organisations migrating to the cloud initially can opt to move their existing legacy applications onto the cloud; in this case a bottom up design approach is employed.  Over time this approach can change to a top down approach as cloud applications are designed to suit the business needs.

Architecture views for applications will change as the ownership of the infrastructure on which the application sits will shift ownership.  Will a more traditional ‘black box, white box’ approach start to appear instead of mapping individual platform components, where the customer owned application on a cloud then just specifies requirements such as performance, security etc?  This in effect then just becomes reusable building blocks already defined, which in this case is defined by the cloud suppliers.  Therefore the cloud reference model will be important addition to the organisations repository and be included in these phases.

Cloud reference model

Figure 2 -Cloud Reference Model

 

Below are some of the artefacts that can be used to obtain answers:

                          •   Driver/Goal/Objective
                          •   Business Service/Function Catalogue
                          •   Current Systems Catalogue
                          •   Requirements Catalogue
            Key Matrices
                          • Objectives to Business Functions
                          •  Current Systems to Business functions
                          •   Target Requirements to business function

Insights/Benefits

                          •   Business Arch is foundation for scoping and Business/IT alignment
                          • Current to target matrices facilitated migration planning

Opportunities and solutions phaseOpportunities and Solutions (phase E) can identify parts of the cloud that can be entered into the repository as architectural and solution building blocks as appropriate to the business. It can group projects as appropriate into transition architectures. It can also decide on approach such as make, buy, outsource or reuse.
A Cloud service provider will still need to be advised on security concerns; role and access privileges etc in order to ensure the services are correctly configured.  This knowledge helps the monitoring and control aspects of a supplied service ensuring that efficiencies are maximised.  The aim of enterprise architecture is to be able to understand how the business operates and align IT with the business.  This will still be the case whether capabilities are outsourced or managed in house.  Decisions on how the capabilities are sourced may start to engage different roles – but especially as cloud is still emerging it is critical to have governance to monitor the decisions, with lines of business taking more ownership becoming more involved with the decision making, it is crucial to monitor operations and ensure the stakeholder viewpoints are correctly represented prior to making key business decisions.    The organisation needs to identify who owns the Business Cloud from a user perspective and a service provider perspective. This will allow the organisations to make informed choices and reduce problems further downstream.  The reallocation of business processes, applications, data and technical services and security are still appropriate within the Architecture Development Model(ADM) development phases.  This will be ongoing activity through business transformation, and the business architecture phase will include a cloud reference model. The opportunities and solutions phase will ensure prioritisation and candidates for the clouds are based on business needs, goals and strategies. 

Migration PlanningMigration planning phase will produce operational expenditure outlines, cost/benefit analysis and risk assessment.  The cloud may include infrastructure maintenance activities such as patch management, upgrades, disaster recovery.  well managed Enterprise Architecture modelling will ensure correct mapping and ownership of tasks and responsibilities and monitor their effectiveness.  High value and ready services  move to the cloud first, which can be categorised appropriately.  Federal government used first movers , medium term movers  and long term movers, when defining the migration plan.

Even after migration to the cloud there will be ongoing analysis activity as organisations are continuously evolving and innovating. based on market, competitor and customer activity. Enterprise Architecture maps well, both to COBIT, ITIL, reinforcing their implementations ensuring a robust foundation as businesses start the journey of migrating to the cloud. 

GovernanceThe governance structure will provide clear authority structure and that the right participants are included – i.e. responsible, involved accountable.  The governance phase also produces a Business Value Realisation, helping monitor the ongoing benefits and outcomes from the transformation.  Governance to ensure that cloud computing service providers are sufficiently transparent, have adequate security and management controls, and provide the information necessary for the agency to appropriately and independently assess and monitor the efficacy of those controls.

RequirementsThe requirements phase is linked to all of the phases and will provide guidance for: Statutory compliance to laws, regulations, and agency requirements.  The data characteristics necessary to assess which fundamental protections an application’s data set requires. The privacy and confidentiality aspects of data held to protect against accidental and nefarious access to information. Integrity to ensure data is authorszed, complete, and accurate. Data controls and access policies  determine where data can be stored and who can access physical locations. Governance requirements as mentioned above.


 

TOGAF ChangePhase H Change Management is an ongoing activity giving the opportunity to review and evaluate implemented services.  Organisations should actively track SLAs and hold vendors accountable for failures and monitor security and possible threat attacks.  Regular user feedback is an essential part of the evaluation process.  The charges should also be monitored against other suppliers and internal budgets.

 

 

Summary

It is imperitive that enterprises have a clear business and IT strategy combined a planned roadmap to align to the long term business goals and a framework for ensuring that transformation is implemented in a controlled and prioritised manner.  Enterprise Architecture supports this.  Buying decisions are simpler, because the information governing procurement is readily available in a coherent plan. The procurement process is faster - maximizing procurement speed and flexibility without sacrificing architectural coherence.  Enterprise architecture supports the ability to procure heterogeneous, multi-vendor open systems.  However, Enterprise Architecture is equally as valid to manage and develop any transformation whatever technology or solutions are selected.

Cloud Technology Suppliers are keen to develop the synergies between the Enterprise Architecture framework and the emerging cloud methodologies..  This should allow businesses an effective route to migrate their business capabilities onto the cloud as appropriate to business needs and drivers.

How the cloud, Enterprise Architecture and SOA develop over the next few years will be interesting. One point is clear – as Enterprise Architecture is focused on boudaryless information flow and aligning business capability to align with IT cost effectively, then it is a vehicle businesses can utilise to ensure smooth transition into the cloud computing. TOGAF® and Cloud suppliers will focus effort and research to respond to the dynamic environment aligning their framework and methodologies to encompass enterprise business changing operational requirements.  The case studies and identified cloud best practice will be added to the enterprise repository and update the framework as required.


 

Appendix A

 

Case studies showing cost benefits of utilising cloud computing services.

www.info.apps.gov/content shows examples of implementations with clear expenditure savings:

Migrating to the Cloud and using Google software:

- George Reese, founder Valtira and enStratus  Using cloud infrastructures saves 18% to 29% before considering that you no longer need to buy for peak capacity.

...City of Washington DC Vivek Kundra, CTO for the District (now OMB e-gov administrator)Migrating 38,000 employees to Google Apps, Replace office software, used Gmail, Google Docs (word processing and spreadsheets),Google video for business, Google sites (intranet sites and wikis), “It's a fundamental change to the way our government operates by moving to the cloud. Rather than owning the infrastructure, we can save millions.”, Mr. Kundra

500,000+ organizations use Google App, GE moved 400,000 desktops from Microsoft Office to Google Apps and then migrated them to Zoho for privacy concerns.  The implications of lower software and infrastructure costs are causing interest in many organisations.

The following is a case study from info apps Gov:

http://www.info.apps.gov/content/federal-labor-relations-authority-flra

Project Name: Case Management System

The Challenge:  The Federal Labour Relation Authority’s decade-old, off the shelf case management system no longer met the agency’s needs and was financially unsupportable.

The Solution:  The agency migrated to a cloud-based Software-as-a-Service case management system that allows users the flexibility to monitor case activity anytime and anyplace.

Projected Results:

·         88% reduction in total cost of ownership over a five year period

·         Eliminated up-front licensing cost of $273,000

·         Reduced annual maintenance from $77,000 to $16,800

·         Eliminated all hardware acquisition costs

·         Secure access from any Internet connection

·         Ability to operate and access case information from any location in the world, supporting the virtual enterprise

http://www.info.apps.gov/content/department-treasury-office-comptroller-currency

Department of the Treasury, Office of Comptroller of the Currency

Project Name: Vulnerability Assessment System

Treasury’s Move to the Cloud Improves Vulnerability Assessments and Cuts Costs

The Challenge:  The Department of the Treasury’s Vulnerability Assessment System needed improved security and reliability.

The Solution:  Move to a cloud-based scanning system with greater capacity and quality, reduced operating cost, and increased security capability.

Projected Results:

·         458% increase in scanning

·         86% reduction in cost per scan

·         12% increase in detection

·         Production operation and deployment in 1 day.

·         Freed 2 FTE Engineers

·         Improved reporting capabilities

·         Improved resolution time for vulnerabilities