Checklist when you are reviewing a product – technically and architecturally

When reviewing a product technically and architecturally, what are the important aspects that you can think off is listed below (with my experience). The list is just my compilation and in no way exhaustive. It also is not very structurally arranged but these aspects are quite important when such a review is being conducted. If this is useful information that you are looking for, please comment and i will make sure to expand each item more in detail, either as a new blog post or keep adding additional points in this same blog.

  1. Technical Standards alignment
  2. Maintainability aspects (Architectural patterns)
  3. Code Review, Coding standards
  4. Documentation
    1. System Architecture (Architecture Documentation)
      1. Technology View (Version of all Software’s)
        1. Logical architecture (Technically fully explained)
        2. Third party products used, if so Licensing details
      2. Data View
      3. Deployment View
      4. System component Interaction (Component diagram)
    2. Detailed Design Document
    3. Code Documentation
    4. Road Map (Software and technology used)
    5. Details of various exposed web services
    6. Details of other exposed interfaces
  5. Issue tracking system
    1. Dump required, it gives you
      1. Project Health
      2. Various other matrixes
  6. Basic SDLC followed
  7. Basic Configuration management followed
    1. Source Control
    2. Build mechanism
    3. Deployment mechanism
  8. Modularity of code
    1. OSGI capability (Deploying, starting, restarting modules individually)
  9. Performance and availability
    1. Load testing data
    2. Typical deployment time
  10. Logging and Auditing
    1. Transaction auditing
    2. Transaction logging
  11. Non-Functional requirements
    1. Document detailing this
    2. Parameters considered
    3. Any drawbacks
  12. Security
    1. Aspects considered
  13. Architecture overview
    1. Various layers (Client layer, Protocol adapter layer, service layer, business service layer, persistence layer, external interface layer)
    2. Various technology used in each layer
    3. Presentation tier, business tier, database tier, enterprise storage
    4. Components (Functionality – Tools mapping)
      1. Persistence
      2. Transaction management
      3. Job Management
      4. Security
      5. Locking
      6. Audit
      7. Caching
      8. Logging
      9. Web Presentation
      10. Software Distribution
      11. Reports
      12. Health Check & Monitoring
    5. Interface and messaging
      1. Support (web Services, XML, Proprietary)
      2. Modes supported (Email, FTP, MQ, TIBCO)
    6. Connection pooling
    7. Encryption
    8. Performance
    9. Distributed DB
    10. DB backup mechanism
    11. Inter module communication
      1. Dependency, coupling and cohesion
    12. ESB
  14. Architecture framework
    1. Objectives
    2. Approach
    3. Principles
  15. Customization carried for each client
    1. How is source code for each client maintained
    2. Code customization and reuse
    3. Product stack
  16. Standard SDLC in case of complex business process which encompasses multiple components/modules
  17. How are different modules maintained
    1. Teams
    2. Team size
    3. Team composition
  18. Business validation
    1. Approach followed
    2. Declarative or code based
  19. Any existing standards commonly available used while design. Eg. IATA
  20. Can existing application be migrated to this product
    1. SDLC followed
    2. Steps carried out
  21. Integration of system with external legacy systems
    1. Strategy followed
    2. Interface design mechanism
  22. Does it support user preferences?
    1. Favorite screens
    2. Various defaults like date formats, time formats etc.
  23. Application level basic setup configurations
    1. Configuration based
    2. Code based
  24. Authentication and authorization
    1. Level of authorization
    2. Screen based and functionality based
    3. Screen opening in view only mode
    4. Editable based on user role
  25. Internationalization
  26. Workflow
    1. Technology used
  27. Emails
    1. Technology used
  28. Branding for various customers
    1. SDLC followed
    2. How much time it takes to do minimal brand changes
    3. Can customers do the brand changes by their own
    4. Various mails and other configurations (user agreements, disclaimers) how can the customization done?
  29. Any content management system used?
  30. How is web session maintained?
    1. Offloaded to DB?
    2. Memory?
  31. Instant messenger support (web chat)
  32. Specific printers support (Dot matrix etc.)
  33. Barcode generation support
    1. Technology/third party software used
  34. How is various masters taken care?
    1. External sources
    2. Internally maintained
    3. If external customers require data to be sourced from external sources, is it supported?
  35. Different types of data integration mechanism used
    1. Web Services
    2. DB links etc.
  36. Business intelligence capabilities
  37. Data purging mechanism used
    1. Strategy followed
    2. Operational & archive DB
  38. Application hosting models used
  39. Details of exposed web services
  40. Testing capabilities
  41. Integration with ESB’s
  42. System exceptions, error handling and monitoring
    1. Exception classification
    2. Details available for debugging and root cause analysis
      1. User details
      2. Transaction details
      3. Severity
      4. Name of the server in clustered environment
      5. Transaction type – Asynchronous and synchronous
  43. Development environments, explain what is process followed
    1. Test
    2. Stage
    3. Production
  44. Transaction metering (quantity)
  45. TPS and Response time monitoring
  46. Clustering capabilities (Session replication)
    1. Scalability
    2. High-availability
    3. Load balancing
    4. Failover
    5. Fault tolerance
      1. Oracle data grid
      2. Storage level replication
  47. System performance and scalability
  48. Load test methodology – Process used
    1. Smoke test – to understand system behavior
    2. Single instance stress test – to understand the first breaking point
    3. Load test – simulating real life usage
    4. Endurance test – Assess the behavior of the application over longer periods
    5. Application profiling – to understand root cause of the problems caused
  49. Application benchmarking – How is it done?
    1. Users
    2. Machines
    3. CPU utilization
    4. Statistics
    5. SQL’s per second
    6. Transactions per second
    7. Availability percentage
    8. Business transactions per month
  50. Usability considerations
  51. Encryption methodologies used
    1. One way encryption – default algorithm used?
    2. Symmetric (private key) encryption – default algorithm used?
    3. Asymmetric (public key-private key) encryption – default algorithm used?
  52. User authentication mechanisms
    1. Active directory
    2. Single sign on mechanisms
    3. LDAP
  53. Certified platforms
    1. Operating systems
    2. Servers
    3. DB
    4. Browsers
  54. Recommended deployment models available
  55. Approximate planned outage
    1. Time
    2. Process
  56. Roadmap and planned software migrations
  57. Lessons learnt, how is it documented
  58. Bandwidth requirements
    1. Minimum
  59. Workstation configuration
    1. Minimum
  60. Source code maintenance
    1. Tools used
  61. Hosting models available
  62. Horizontal and vertical scaling capabilities
  63. Mobile support available?
  64. Rolling back of implemented delivery – Any process?
  65. Ensuring IT security standards – how is it achieved?
  66. For PCI relevant solution components is it certified according to PCI DSS?
  67. Training materials
    1. For train the trainer
  68. Disaster Recovery
    1. Deployment topologies
    2. Testing methodologies for testing DR

Page Visitors: 420

The following two tabs change content below.
Tomcy John

Tomcy John

Blogger & Author at javacodebook
He is an Enterprise Java Specialist holding a degree in Engineering (B-Tech) with over 10 years of experience in several industries. He's currently working as Principal Architect at Emirates Group IT since 2005. Prior to this he has worked with Oracle Corporation and Ernst & Young. His main specialization is on various web technologies and acts as chief mentor and Architect to facilitate incorporating Spring as Corporate Standard in the organization.
Tomcy John

Latest posts by Tomcy John (see all)

2 thoughts on “Checklist when you are reviewing a product – technically and architecturally

Leave a Reply

Your email address will not be published. Required fields are marked *