Enterprise Architecture Center

Enterprise Architecture

The definition of an architecture used in ANSI/IEEE Std 1471-2000is: "the fundamental organization of a system, embodied in its components, their relationships to each other and the environment, and the principles governing its design and evolution."

An enterprise architecture (EA) is a conceptual tool that assists organizations with the understanding of their own structure and the way they work. It provides a map of the enterprise and is a route planner for business and technology change.

Normally an enterprise architecture takes the form of a comprehensive set of cohesive models that describe the structure and the functions of an enterprise. Important uses of it are in systematic technology planning and architecting, and in enhanced decision making.

The individual models in an EA are arranged in a logical manner, and this provides an ever-increasing level of detail about the enterprise, including:

• Its objectives and goals.
• Its processes and organization.
• Its systems and data.
• The technology used

Architecture Perspective

The information in the enterprise architecture can be viewed from many perspectives and it can satisfy many needs. Architectural users include business managers and analysts, system architects and designers, workflow and procedures analysts, logistics specialists, organizational analysts, and so on. These people require high-level summary information, detailed data, and all levels in between. These demands are met through the creation of conceptual views, logical analyzes, and physical implementations.

Four general perspectives are important and are commonly used enterprise architecture. These are the business, application, information, and technology perspectives.

The business perspective

The business perspective describes how a business works. It includes broad business strategies along with plans for moving the organization from its current state to an envisaged future state. It will typically include the following:

• The enterprise's high-level objectives and goals.
• The business processes carried out by the entire enterprise, or a significant portion of the enterprise.
• The business functions performed.
• Major organizational structures.
• The relationships between these elements.

The application architecture perspective

The application perspective defines the enterprise's application portfolio and is application-centered. This view will typically include:

• Descriptions of automated services that support the business processes.
• Descriptions of the interaction and interdependencies (interfaces) of the organization's application systems.
• Plans for developing new applications and revising old applications based on the enterprises objectives, goals, and evolving technology platforms.

The application perspective may represent cross-organization services, information, and functionality, linking users of different skills and job functions in order to achieve common business objectives.

The information architecture perspective

The information perspective describes what the organization needs to know to run its business processes and operations. It includes:

• Standard data models.
• Data management policies.
• Descriptions of the patterns of information production and consumption in the organization.

The information perspective also describes how data is bound into the work flow, including structured data stores such as databases, and unstructured data stores such as documents, spreadsheets, and presentations that exist throughout the organization.

The technology architecture perspective

The technology perspective lays out the hardware and software supporting the organization. It includes, but is not limited to:

• Desktop and server hardware.
• Operating systems.
• Network connectivity components.
• Printers.
• Modems.

The technology perspective provides a logical, vendor-independent description of infrastructure and system components that are necessary to support the application and information perspectives. It defines the set of technology standards and services needed to execute the business mission.

Although there can be many perspectives, there is only one enterprise architecture that the perspectives view. The value of the enterprise architecture is not in any one individual perspective, but in the relationships, interactions, and dependencies among perspectives.

While all the perspectives are key elements of the enterprise architecture, this document will focus on the application and technology enterprise architecture perspectives.

Application and Technology Architecture

The functional requirements of a software system describe the business value that the software delivers. For a weather service, a functional requirement might be stated as "given a well-formed message A as input, the service will return a message B correct for the time span and geographic location represented in message A."

An application architecture is the enterprise architecture of any automated services that support and implement such functional requirements, including the interfaces to the business and other applications. It describes the structure of an application and how that structure implements the functional requirements of the organization. Whilst there should ideally be one application architecture in an organization, in practice there are typically many different application architectures in a given enterprise architecture blueprint.

The operational requirements of a software system define the reliability, manageability, performance, security, and interoperability requirements of the software (to list just a few). Common examples might be that the service is only available to authorized subscribers, and that the service be functioning properly 99.999 percent of the time.

A technology architecture is the enterprise architecture of the hardware and software infrastructure that supports the organization and implements the operational (or non functional) requirements, particularly the application and information architectures of the organization. It describes the structure and inter-relationships of the technologies used, and how those technologies support the operational requirements of the organization.

A good technology enterprise architecture can provide security, availability, and reliability, and can support a variety of other operational requirements, but if the application architecture is not designed to take advantage of the characteristics of the technology, it can still perform poorly or be difficult to deploy and operate. Similarly, a well-designed application structure that matches business process requirements precisely—and has been constructed from reusable software components using the latest technology— may map poorly to an actual technology architecture configuration, with servers inappropriately configured to support the application architecture components and network hardware settings unable to support information flow. This shows that there is a relationship between the application enterprise architecture and the technology enterprise architecture: a good technology enterprise architecture is built to support the specific applications vital to the organization; a good application enterprise architecture leverages the technology architecture to deliver consistent performance across operational requirements.

Figure 1. Relationships between application and technology in enterprise architecture

Architecture Conceptual, Logical, and Physical Views

For all architectural perspectives there are various views of the architecture that are often classified as conceptual, logical, and physical views. Conceptual architecture views are the most abstract and tend to be described in terms that are most familiar to the enterprise (non-IT professional) users of the system. The conceptual view is used to define the functional requirements and the business users' view of the application to generate a business model. Logical architecture views show the main functional components and their relationships within a system independently of the technical architecture details of how the functionality is implemented. Architects create enterprise application models, which are logical views of the business architecture model, as they determine how to meet business objectives and requirements. The application architecture models represent the logical view of the architecture for an application. Physical architecture views are the least abstract and illustrate the specific implementation components and their architecture relationships. Each of the elements in the physical architecture view is implemented, normally by a design and development process, as a software or hardware system. This implementation architecture view is normally owned by the development or operations organizations within an organization and so is outside the scope of this document.

Figure 2. Enterprise Architectural views

There can be (and indeed, normally are) multiple views at each architecture level; for example, there is normally a logical application architecture view per application.These views are driven by sets of requirements and in turn generate input into design, development, setup, and operational processes and systems.

Figure 3. Enterprise Architecture views and patterns

The remainder of this guide will focus on application and technology architecture, their concepts and key patterns for construction of service-based applications architecture that exploit the emerging technology of Web services. The implementation area, including design, development, setup, deployment, and administration, while of vital importance in the overall system generation, is outside the scope of this document.

Application Architecture

As previously discussed, the application architecture provides three views: the conceptual, the logical, and the physical architecture. These views are used by architects to generate models within organizations that support and meet their business requirements. Ideally there is just one architecture model per view, but in reality there may be multiple models per view—the result of growth and change in organizations and technologies. However, the rationalization of these models to a minimum set is the key to the provision of both efficient and flexible organizations.

Conceptual architecture view

The conceptual view is used to define the business requirements and the business users' view of the application to generate a business model. Conceptual modeling techniques, such as use case analysis, activity diagrams, process design, and business entity modeling, help to build a description of the key business processes and the data they use, in way that emphasizes business objectives and requirements, and is free of implementation technology.

Logical architecture view

Architects create application models that are logical views of the business model as they determine how to meet business objectives and requirements. The application models represent the logical view of the enterprise architecture for an application.

Architects here are concerned with the overall structure of the application. They decide on the mapping of data management and process steps, they design the interactions between parts of the model in terms of logical messages and sequences, and they determine what data and state should be held by the model.

Physical architecture view

Each of the elements in the application model requires mapping to elements of real technologies. In this way application models are realized as implementation models. Part of this task is undertaken during conventional development when programmers write detailed business logic as code, but much of the implementation activities are properly classed as framework completion—a technique for development where much of the infrastructure of distributed applications and data management is handled by sophisticated frameworks that are extended by custom application logic and declarative control structures. Framework completion shields developers from the intricacies of, for instance, asynchronous message handling, and allows developers with modest skills to make effective contributions to the project.

Architecting and building these models for an organization at each of the different levels is clearly a considerable amount of work and effort. Additionally, the correct definition of these models is critical for an organization. An incorrect architectural model almost always results in serious design or operational issues such as scalability or reliability problems or, in the worst cases, project non-completion and business impact. Architects are looking for frameworks and roadmaps to assist them in creation and implementation of these models and to minimize the risks associated with the use of incorrect models.

There are two main types of architectural guidance and assistance that can be provided to architects to speed up model generation and minimize risk.

The first of these is a set of architectural concepts that provide:

• A common understanding and communication.
• Guidance as to how and when specific concepts should be used, and information about their attributes.
• An indication as to when these concepts will be realized and available, either in terms of guidance or real technology.

Figure 4. Views of application architecture

Enterprise Architecture Governance

Levels of Governance within the Enterprise

Architecture governance is the practice and orientation by which enterprise architectures and other architectures are managed and controlled at an enterprise-wide level.

Architecture governance typically does not operate in isolation, but within a hierarchy of governance structures, which, particularly in the larger enterprise, can include all of the following as distinct domains with their own disciplines and processes:

• Corporate governance
• Technology governance
• IT governance
• Architecture governance

Each of these domains of governance may exist at multiple geographic levels - global, regional, and local - within the overall enterprise.

Corporate governance is thus a broad topic, beyond the scope of an enterprise architecture framework such as TOGAF.

This and related subsections are focused on architecture governance; but they describe it in the context of enterprise-wide governance, because of the hierarchy of governance structures within which it typically operates, as explained above.

In particular, this and following sections aim to:

• Provide an overview of the nature of governance as a discipline in its own right
• Describe the governance context in which architecture governance typically functions within the enterprise
• Describe an Architecture Governance Framework that can be adapted and applied in practice, both for enterprise architecture and for other forms of IT architecture

The Nature of Governance

Governance: A Generic Perspective

Governance is essentially about ensuring that business is conducted properly. It is less about overt control and strict adherence to rules, and more about guidance and effective and equitable usage of resources to ensure sustainability of an organization's strategic objectives.

The following outlines the basic principles of corporate governance, as identified by the Organization for Economic Co-operation and Development (OECD):

• Focuses on the rights, roles, and equitable treatment of shareholders
• Disclosure and transparency and the responsibilities of the board
• Ensures:
  • Sound strategic guidance of the organization
  • Effective monitoring of management by the board
  • Board accountability for the company and to the shareholders
• Board's responsibilities:
  • Reviewing and guiding corporate strategy
  • Setting and monitoring achievement of management's performance objectives

Supporting this, the OECD considers a traditional view of governance as: "... the system by which business corporations are directed and controlled. The corporate governance structure specifies the distribution of rights and responsibilities among different participants in the corporation - such as the board, managers, shareholders, and other stakeholders - and spells out the rules and procedures for making decisions on corporate affairs. By doing this, it also provides the structure through which the company objectives are set, and the means of attaining those objectives and monitoring performance" [OECD (1999)].

The Characteristics of Governance

The following characteristics have been adapted from Naidoo (2002) and are positioned here to highlight both the value and necessity for governance as an approach to be adopted within organizations and their dealings with all involved parties:

Discipline

All involved parties will have a commitment to adhere to procedures, processes, and authority structures established by the organization.

Transparency

All actions implemented and their decision support will be available for inspection by authorized organization and provider parties.

Independence

All processes, decision-making, and mechanisms used will be established so as to minimize or avoid potential conflicts of interest.

Accountability

Identifiable groups within the organization - e.g., governance boards who take actions or make decisions - are authorized and accountable for their actions.

Responsibility

Each contracted party is required to act responsibly to the organization and its stakeholders.

Fairness

All decisions taken, processes used, and their implementation will not be allowed to create unfair advantage to any one particular party.

Technology Governance

Technology governance is a key capability, requirement, and resource for most organizations because of the pervasiveness of technology across the organizational spectrum.

Recent studies have shown that many organizations have a balance in favor of intangibles rather than tangibles that require management. Given that most of these intangibles are informational and digital assets, it is evident that businesses are becoming more reliant on IT: and the governance of IT - IT governance - is therefore becoming an even more important part of technology governance.

These trends also highlight the dependencies of businesses on not only the information itself but also the processes, systems, and structures that create, deliver, and consume it. As the shift to increasing value through intangibles increases in many industry sectors, so risk management must be considered as key to understanding and moderating new challenges, threats, and opportunities.

Not only are organizations increasingly dependent on IT for their operations and profitability, but also their reputation, brand, and ultimately their value are also dependent on that same information and the supporting technology.

IT Governance

IT governance provides the framework and structure that links IT resources and information to enterprise goals and strategies. Furthermore, IT governance institutionalizes best practices for planning, acquiring, implementing, and monitoring IT performance, to ensure that the enterprise's IT assets support its business objectives.

In recent years, IT governance has become integral to the effective governance of the modern enterprise. Businesses are increasingly dependent on IT to support critical business functions and processes; and to successfully gain competitive advantage, businesses need to manage effectively the complex technology that is pervasive throughout the organization, in order to respond quickly and safely to business needs.

In addition, regulatory environments around the world are increasingly mandating stricter enterprise control over information, driven by increasing reports of information system disasters and electronic fraud. The management of IT-related risk is now widely accepted as a key part of enterprise governance.

It follows that an IT governance strategy, and an appropriate organization for implementing the strategy, must be established with the backing of top management, clarifying who owns the enterprise's IT resources, and, in particular, who has ultimate responsibility for their enterprise-wide integration.

An IT Governance Framework - COBIT

As with corporate governance, IT governance is a broad topic, beyond the scope of an enterprise architecture framework such as TOGAF. A good source of detailed information on IT governance is the COBIT framework (Control OBjectives for Information and related Technology). This is an open standard for control over IT, developed and promoted by the IT Governance Institute, and published by the Information Systems Audit and Control Foundation (ISACF).

COBIT also provides a generally accepted standard for good IT security and control practices to support the needs of enterprise management in determining and monitoring the appropriate level of IT security and control for their organizations.

The IT Governance Institute has also developed and built into the COBIT framework a set of Management Guidelines for COBIT, which consist of Maturity Models, Critical Success Factors (CFSs), Key Goal Indicators (KGIs), and Key Performance Indicators (KPIs). The framework responds to management's need for control and measurability of IT, by providing management with tools to assess and measure their organization's IT environment against the IT processes that COBIT identifies.

Architecture Governance: Overview

Architecture Governance Characteristics

Architecture governance is the practice and orientation by which enterprise architectures and other architectures are managed and controlled at an enterprise-wide level. It includes the following:

• Implementing a system of controls over the creation and monitoring of all architectural components and activities, to ensure the effective introduction, implementation, and evolution of architectures within the organization
• Implementing a system to ensure compliance with internal and external standards and regulatory obligations
• Establishing processes that support effective management of the above processes within agreed parameters
• Developing practices that ensure accountability to a clearly identified stakeholder community, both inside and outside the organization

Architecture Governance as a Board-Level Responsibility

As mentioned above, IT governance has recently become a board responsibility as part of overall business governance. The governance of an organization's architectures is a key factor in effective IT/business linkage, and is therefore increasingly becoming a key board-level responsibility in its own right.

This section aims to provide the impetus for opening up IT and architecture governance so that the business responsibilities associated with architecture activities and artefacts can be elucidated and managed.

TOGAF and Architecture Governance

Phase G of the TOGAF ADM (see Part II: Architecture Development Method (ADM), Phase G: Implementation Governance) is dedicated to implementation governance, which concerns itself with the realization of the architecture through change projects. implementation governance is just one aspect of architecture governance, which covers the management and control of all aspects of the development and evolution of enterprise architectures and other architectures within the enterprise.

Architecture governance needs to be supported by an Architecture Governance Framework (described in detail in Architecture Governance Framework) which assists in identifying effective processes so that the business responsibilities associated with architecture governance can be elucidated, communicated, and managed effectively.

Architecture Governance Framework

This section describes a conceptual and organizational framework for architecture governance.

As previously explained, Phase G of the TOGAF ADM (see Part II: Architecture Development Method (ADM), Phase G: Implementation Governance) is dedicated to implementation governance, which concerns itself with the realization of the architecture through change projects.

Implementation governance is just one aspect of architecture governance, which covers the management and control of all aspects of the development and evolution of enterprise architectures and other architectures within the enterprise.

Architecture governance needs to be supported by an Architecture Governance Framework, described in detail below. The governance framework described is a generic framework that can be adapted to the existing governance environment of an enterprise. It is intended to assist in identifying effective processes and organizational structures, so that the business responsibilities associated with architecture governance can be elucidated, communicated, and managed effectively.

Architecture Governance Framework - Conceptual Structure

Key Concepts

Conceptually, architecture governance is an approach, a series of processes, a cultural orientation, and set of owned responsibilities that ensure the integrity and effectiveness of the organization's architectures.

The key concepts are illustrated in Architecture Governance Framework - Conceptual Structure .

The split of process, content, and context are key to the support of the architecture governance initiative, by allowing the introduction of new governance material (legal, regulatory, standards-based, or legislative) without unduly impacting the processes. This content-agnostic approach ensures that the framework is flexible. The processes are typically independent of the content and implement a proven best practice approach to active governance.

The Architecture Governance Framework is integral to the Enterprise Continuum, and manages all content relevant both to the architecture itself and to architecture governance processes.

Key Architecture Governance Processes

Governance processes are required to identify, manage, audit, and disseminate all information related to architecture management, contracts, and implementation. These governance processes will be used to ensure that all architecture artefacts and contracts, principles, and operational-level agreements are monitored on an ongoing basis with clear auditability of all decisions made.

Policy Management and Take-On

All architecture amendments, contracts, and supporting information must come under governance through a formal process in order to register, validate, ratify, manage, and publish new or updated content. These processes will ensure the orderly integration with existing governance content such that all relevant parties, documents, contracts, and supporting information are managed and audited.

Compliance

Compliance assessments against Service Level Agreements (SLAs), Operational Level Agreements (OLAs), standards, and regulatory requirements will be implemented on an ongoing basis to ensure stability, conformance, and performance monitoring. These assessments will be reviewed and either accepted or rejected depending on the criteria defined within the governance framework.

Dispensation

A Compliance Assessment can be rejected where the subject area (design, operational, service level, or technology) are not compliant. In this case the subject area can:

1. Be adjusted or realigned in order to meet the compliance requirements
2. Request a dispensation

Where a Compliance Assessment is rejected, an alternate route to meeting interim conformance is provided through dispensations. These are granted for a given time period and set of identified service and operational criteria that must be enforced during the lifespan of the dispensation. Dispensations are not granted indefinitely, but are used as a mechanism to ensure that service levels and operational levels are met while providing a level flexibility in their implementation and timing. The time-bound nature of dispensations ensures that they are a major trigger in the compliance cycle.

Monitoring and Reporting

Performance management is required to ensure that both the operational and service elements are managed against an agreed set of criteria. This will include monitoring against service and operational-level agreements, feedback for adjustment, and reporting.

Internal management information will be considered in Environment Management .

Business Control

Business Control relates to the processes invoked to ensure compliance with the organization's business policies.

Environment Management

This identifies all the services required to ensure that the repository-based environment underpinning the governance framework is effective and efficient. This includes the physical and logical repository management, access, communication, training, and accreditation of all users.

All architecture artefacts, service agreements, contracts, and supporting information must come under governance through a formal process in order to register, validate, ratify, manage, and publish new or updated content. These processes will ensure the orderly integration with existing governance content such that all relevant parties, documents, contracts, and supporting information are managed and audited.

The governance environment will have a number of administrative processes defined in order to effect a managed service and process environment. These processes will include user management, internal SLAs (defined in order to control its own processes), and management information reporting.

Architecture Governance Framework - Organizational Structure

Overview

Architecture governance is the practice and orientation by which enterprise architectures and other architectures are managed and controlled. In order to ensure that this control is effective within the organization, it is necessary to have the correct organizational structures established to support all governance activities.

An architecture governance structure for effectively implementing the approach described in this section will typically include the following levels, which may in practice involve a combination of existing IT governance processes, organizational structures, and capabilities. They will typically include the following:

• Global governance board
• Local governance board
• Design authorities
• Working parties

The architecture organization illustrated in Architecture Governance Framework - Organizational Structure highlights the major structural elements required for an architecture governance initiative. While each enterprise will have differing requirements, it is expected that the basics of the organizational design shown in Architecture Governance Framework - Organizational Structure will be applicable and implementable in a wide variety of organizational types.

Key Areas

Architecture Governance Framework - Organizational Structure identifies three key areas of architecture management: Develop, Implement, and Deploy. Each of these is the responsibility of one or more groups within the organization, while the Enterprise Continuum is shown to support all activities and artefacts associated with the governance of the architectures throughout their lifecycle.

The Develop responsibilities, processes, and structures are usually linked to the TOGAF ADM and its usage, while the Implement responsibilities, processes, and structures are typically linked to Phase G (see Part II: Architecture Development Method (ADM), Phase G: Implementation Governance).

As mentioned above, the Architecture Governance Framework is integral to the Enterprise Continuum, and manages all content relevant both to the architectures themselves and to architecture governance processes.

Operational Benefits

As illustrated in Architecture Governance Framework - Organizational Structure , the governance of the organization's architectures provides not only direct control and guidance of their development and implementation, but also extends into the operations of the implemented architectures.

The following benefits have been found to be derived through the continuing governance of architectures:

• Links IT processes, resources, and information to organizational strategies and objectives
• Integrates and institutionalizes IT best practices
• Aligns with industry frameworks such as COBIT (planning and organizing, acquiring and implementing, delivering and supporting, and monitoring IT performance)
• Enables the organization to take full advantage of its information, infrastructure, and hardware and software assets
• Protects the underlying digital assets of the organization
• Supports regulatory and best practice requirements such as auditability, security, responsibility, and accountability
• Promotes visible risk management

These benefits position the TOGAF Architecture Governance Framework as an approach, a series of processes, a cultural orientation, and a set of owned responsibilities, that together ensure the integrity and effectiveness of the organization's architectures.

Architecture Governance in Practice

This section provides practical guidelines for the effective implementation of architecture governance.

Architecture Governance - Key Success Factors

It is important to consider the following to ensure a successful approach to architecture governance, and to the effective management of the Architecture Contract:

• Establishment and operation of best practices for the submission, adoption, re-use, reporting, and retirement of architecture policies, procedures, roles, skills, organizational structures, and support services
• Establishment of the correct organizational responsibilities and structures to support the architecture governance processes and reporting requirements
• Integration of tools and processes to facilitate the take-up of the processes, both procedurally and culturally
• Management of criteria for the control of the architecture governance processes, dispensations, compliance assessments, SLAs, and OLAs
• Meeting the internal and external requirements for the effectiveness, efficiency, confidentiality, integrity, availability, compliance, and reliability of all architecture governance-related information, services, and processes

Elements of an Effective Architecture Governance Strategy

Architecture Governance and Corporate Politics

There is a similarity between enterprise architecture and architecture in the physical world, in that politics has an important role to play in the acceptance of both architectures. In the real world, it is the dual politics of the environment and commerce, while in the world of enterprise architecture a consideration of corporate politics is critical.

An enterprise architecture imposed without appropriate political backing is bound to fail. In order to succeed, the enterprise architecture must reflect the needs of the organization. Enterprise architects, if they are not involved in the development of business strategy, must at least have a fundamental understanding of it and of the prevailing business issues facing the organization. It may even be necessary for them to be involved in the system deployment process and to ultimately own the investment and product selection decisions arising from the implementation of the Technology Architecture.

Key Strategic Elements

There are three important elements of architecture governance strategy that relate particularly to the acceptance and success of architecture within the enterprise. While relevant and applicable in their own right apart from their role in governance, and therefore described separately, they also from an integral part of any effective architecture governance strategy:

• A cross-organizational Architecture Board (see Architecture Board) must be established with the backing of top management to oversee the implementation of the IT governance strategy.
• A comprehensive set of architecture principles (Architecture Principles) should be established, to guide, inform, and support the way in which an organization sets about fulfilling its mission through the use of IT.
• An Architecture Compliance (see Architecture Compliance) strategy should be adopted - specific measures (more than just a statement of policy) to ensure compliance with the architecture, including Project Impact Assessments, a formal Architecture Compliance review process, and possibly including the involvement of the architecture team in product procurement.