When reviewing a product technically and architecturally, what are the important aspects that you can think off is listed below (with my experience). The list is just my compilation and in no way exhaustive. It also is not very structurally arranged but these aspects are quite important when such a review is being conducted. If this is useful information that you are looking for, please comment and i will make sure to expand each item more in detail, either as a new blog post or keep adding additional points in this same blog.
- Technical Standards alignment
- Maintainability aspects (Architectural patterns)
- Code Review, Coding standards
- Documentation
- System Architecture (Architecture Documentation)
- Technology View (Version of all Software’s)
- Logical architecture (Technically fully explained)
- Third party products used, if so Licensing details
- Data View
- Deployment View
- System component Interaction (Component diagram)
- Technology View (Version of all Software’s)
- Detailed Design Document
- Code Documentation
- Road Map (Software and technology used)
- Details of various exposed web services
- Details of other exposed interfaces
- System Architecture (Architecture Documentation)
- Issue tracking system
- Dump required, it gives you
- Project Health
- Various other matrixes
- Dump required, it gives you
- Basic SDLC followed
- Basic Configuration management followed
- Source Control
- Build mechanism
- Deployment mechanism
- Modularity of code
- OSGI capability (Deploying, starting, restarting modules individually)
- Performance and availability
- Load testing data
- Typical deployment time
- Logging and Auditing
- Transaction auditing
- Transaction logging
- Non-Functional requirements
- Document detailing this
- Parameters considered
- Any drawbacks
- Security
- Aspects considered
- Architecture overview
- Various layers (Client layer, Protocol adapter layer, service layer, business service layer, persistence layer, external interface layer)
- Various technology used in each layer
- Presentation tier, business tier, database tier, enterprise storage
- Components (Functionality – Tools mapping)
- Persistence
- Transaction management
- Job Management
- Security
- Locking
- Audit
- Caching
- Logging
- Web Presentation
- Software Distribution
- Reports
- Health Check & Monitoring
- Interface and messaging
- Support (web Services, XML, Proprietary)
- Modes supported (Email, FTP, MQ, TIBCO)
- Connection pooling
- Encryption
- Performance
- Distributed DB
- DB backup mechanism
- Inter module communication
- Dependency, coupling and cohesion
- ESB
- Architecture framework
- Objectives
- Approach
- Principles
- Customization carried for each client
- How is source code for each client maintained
- Code customization and reuse
- Product stack
- Standard SDLC in case of complex business process which encompasses multiple components/modules
- How are different modules maintained
- Teams
- Team size
- Team composition
- Business validation
- Approach followed
- Declarative or code based
- Any existing standards commonly available used while design. Eg. IATA
- Can existing application be migrated to this product
- SDLC followed
- Steps carried out
- Integration of system with external legacy systems
- Strategy followed
- Interface design mechanism
- Does it support user preferences?
- Favorite screens
- Various defaults like date formats, time formats etc.
- Application level basic setup configurations
- Configuration based
- Code based
- Authentication and authorization
- Level of authorization
- Screen based and functionality based
- Screen opening in view only mode
- Editable based on user role
- Internationalization
- Workflow
- Technology used
- Emails
- Technology used
- Branding for various customers
- SDLC followed
- How much time it takes to do minimal brand changes
- Can customers do the brand changes by their own
- Various mails and other configurations (user agreements, disclaimers) how can the customization done?
- Any content management system used?
- How is web session maintained?
- Offloaded to DB?
- Memory?
- Instant messenger support (web chat)
- Specific printers support (Dot matrix etc.)
- Barcode generation support
- Technology/third party software used
- How is various masters taken care?
- External sources
- Internally maintained
- If external customers require data to be sourced from external sources, is it supported?
- Different types of data integration mechanism used
- Web Services
- DB links etc.
- Business intelligence capabilities
- Data purging mechanism used
- Strategy followed
- Operational & archive DB
- Application hosting models used
- Details of exposed web services
- Testing capabilities
- Integration with ESB’s
- System exceptions, error handling and monitoring
- Exception classification
- Details available for debugging and root cause analysis
- User details
- Transaction details
- Severity
- Name of the server in clustered environment
- Transaction type – Asynchronous and synchronous
- Development environments, explain what is process followed
- Test
- Stage
- Production
- Transaction metering (quantity)
- TPS and Response time monitoring
- Clustering capabilities (Session replication)
- Scalability
- High-availability
- Load balancing
- Failover
- Fault tolerance
- Oracle data grid
- Storage level replication
- System performance and scalability
- Load test methodology – Process used
- Smoke test – to understand system behavior
- Single instance stress test – to understand the first breaking point
- Load test – simulating real life usage
- Endurance test – Assess the behavior of the application over longer periods
- Application profiling – to understand root cause of the problems caused
- Application benchmarking – How is it done?
- Users
- Machines
- CPU utilization
- Statistics
- SQL’s per second
- Transactions per second
- Availability percentage
- Business transactions per month
- Usability considerations
- Encryption methodologies used
- One way encryption – default algorithm used?
- Symmetric (private key) encryption – default algorithm used?
- Asymmetric (public key-private key) encryption – default algorithm used?
- User authentication mechanisms
- Active directory
- Single sign on mechanisms
- LDAP
- Certified platforms
- Operating systems
- Servers
- DB
- Browsers
- Recommended deployment models available
- Approximate planned outage
- Time
- Process
- Roadmap and planned software migrations
- Lessons learnt, how is it documented
- Bandwidth requirements
- Minimum
- Workstation configuration
- Minimum
- Source code maintenance
- Tools used
- Hosting models available
- Horizontal and vertical scaling capabilities
- Mobile support available?
- Rolling back of implemented delivery – Any process?
- Ensuring IT security standards – how is it achieved?
- For PCI relevant solution components is it certified according to PCI DSS?
- Training materials
- For train the trainer
- Disaster Recovery
- Deployment topologies
- Testing methodologies for testing DR
Page Visitors: 413