Design Priorities
To provide guidance for the ITO when making design decisions, the Company prioritized the major features of the system. These priorities give the ITO the freedom to implement the best possible system while carefully considering the business requirements of the Company. TABLE 6-2 lists the priorities. The ITO uses these priorities to resolve the decision when the design involves a trade-off between two major features.
| Feature | Priority |
|---|---|
| Availability | 1 |
| Reliability | 2 |
| Serviceability | 3 |
| Security | 4 |
| Recovery | 5 |
| Cost | 6 |
| Performance | 7 |
Availability
Availability is the highest priority. The Company realizes that many external users have direct system access. The availability of the service provided to these customers directly impacts the highest-rated critical-to-quality issue of the external users. The system architecture must be optimized to provide available services. This avail- ability includes scheduled and unscheduled outages. The Company expects to offer services in the event of a number of failures, including component failures and a disaster at either the primary or secondary data centers. In addition, all software and hardware upgrades should have minimum impact on service availability.
Reliability
Reliability is given a high priority too. Component reliability affects service availability. If components are unreliable and require frequent servicing, the probability of being able to deliver the required services decreases. Component reliability drives the requirements for component features such as these:
RAID-protected persistent storage—ECC protection on system main memory
Onsite and offsite backup media storage
Onsite spare parts
Hot-pluggable hardware field replaceable units (FRUs)
Software upgrade procedures that minimize required downtime and allow rollback to the previous state
Serviceability
The Company ITO has enough operators to provide continuous support for the systems at the primary data center. However, not all operators are experts in all systems. As a result, the Company relies on its organizational ability to call in resources as needed. Internal personnel work toward providing a continuous human presence in the event of an abnormal event that requires systems to be serviced. The component supplier service contracts are written to provide phone and rapid onsite support for critical components.
At the component level, the Company wants to purchase only components that can be easily serviced. For hardware, this includes:
Uniquely identifiable parts
Hot-pluggable parts
Clear and unambiguous labels and indicators
Security
The Company believes that the physical and network security are sufficient. However, both the e-commerce and CMS databases can contain customer confidential information that must be protected. The obvious places for protecting this information is in the applications themselves. The Company places special emphasis on testing the e-commerce applications for unauthorized access to sensitive data. The CMS system is largely off-the-shelf, so that the data security requirements are met by the supplier. In addition, any copies of the database used for reporting or development are restricted. To prevent eavesdropping, the Company encrypts the logs shipped to the secondary site.
In addition to online security, all copies of the database are kept at secure sites. These copies include backup data located in the data centers. Periodic offsite copies of the backups are kept in a physically secure vault with controlled access.
Recovery
The recovery of the system in the event of data corruption or disaster is important. To ensure that the database can be successfully recovered, the Company tests the offsite backups before shipment to the offsite vault. The Company also tests the other backups periodically to ensure that the daily, incremental backups are good.
Cost
The Company performed a cost analysis and determined that the costs of a mid-range, clustered system are in line with the desired system profit over its lifetime.
Performance
The services the system provides are interactive in nature. The large number of external online users makes prediction of the system performance over time somewhat difficult. The ITO will measure capacity over time and will size the systems in accordance with projected performance requirements. In addition, the ITO philosophy is to purchase systems that have internal expansion capability so the Company can expand CPU, memory, and I/O within reason over the lifetime of the system.