Professional Documents
Culture Documents
Document
forProject<projectname>
V1.00
CSUTechnicalSolutionDesignDocument
DocumentStatusandRevisionHistory
Version
Author
Issuedate
Revisions
V1.00
PaulCullen
23/07/2009
Firstreleaseversion
DocumentAuthorisation
Name:
PaulCullen
Position:
Manager,EnterpriseSolutionServices,DIT
Name:
BrianRoberson
Position:
Manager,TechnologyIntegration
DocumentDistribution
No.
Recipient
PositionandDivision
1.
TimArcher
EnterpriseSolutionArchitectTesting
2.
WayneMarr
EnterpriseSolutionArchitectApplications
3.
CraigPatterson
EnterpriseSolutionArchitectIntegration
4.
ConradDareEdwards
EnterpriseSolutionArchitectInfrastructure
5.
LukeWeston
EnterpriseSolutionArchitectSecurity
6.
DotCottee
TeamLeader,TechnologyIntegration
7.
ShaneJeffries
TeamLeader,TechnologyIntegration
8.
BrianRoberson
Manager,TechnologyIntegration
DocumentPurpose
Thepurposeofthisdocumentistoserveasatemplateforthecreationofthetechnicalsolutiondesigndocument.Forthetechnical
solutiondesigndocumenttobecompletedthefollowingcpmpletedandsignedoffdocumentsneedtobedeliveredviathe
EA&L/ESSgateway:
BusinessRequirements
Page2of19
CSUTechnicalSolutionDesignDocument
FunctionalRequirements
RelevantEnterpriseArchitecturalStandards
Eachsectioncontainsnotes,considerationsandsuggestionstoguideanenterprisesolutionarchitectinthecompletionofthe
document.Dependingonthetypeofproject,eginternallyorexternallysourced,somecomponentsmaybeoptionalorcompleted
fromsuppliersdocumentation.Sectionscanberenamed,asappropriate,tosuitthetypeandcomplexityoftheproject.
TableofContents
TABLEOFCONTENTS.....................................................................................................................................................................3
1.
PROJECTSUMMARY.............................................................................................................................................................6
2.
APPLICATIONDESIGN...........................................................................................................................................................6
2.1.
Userinterfaces.................................................................................................................................................................6
2.2.
UserManagement...........................................................................................................................................................6
2.3.
DataOutput.....................................................................................................................................................................6
2.4.
DataManagement...........................................................................................................................................................6
2.5.
CodingRequirements.......................................................................................................................................................6
3.
INTEGRATIONDESIGN..........................................................................................................................................................7
3.1.
IntegrationSchematic......................................................................................................................................................7
3.2.
EnterpriseDataRequirements.........................................................................................................................................7
3.3.
MasterDataDefinitions...................................................................................................................................................7
3.4.
IntegrationScope.............................................................................................................................................................7
3.5.
MasterDataDocumentTypes..........................................................................................................................................7
3.6.
EnterpriseInterfaceRequirements...................................................................................................................................7
3.7.
DataTransferVolumes.....................................................................................................................................................8
3.8.
DataAvailability..............................................................................................................................................................8
3.9.
Latency............................................................................................................................................................................8
4.
4.1.
SECURITYDESIGN.................................................................................................................................................................9
Securityrequirementsanalysisandspecification..............................................................................................................9
Page3of19
CSUTechnicalSolutionDesignDocument
4.2.
Assessingsecurityrisks....................................................................................................................................................9
4.3.
Treatingsecurityrisks......................................................................................................................................................9
4.4.
Correctprocessinginapplications....................................................................................................................................9
4.5.
Cryptographiccontrols.....................................................................................................................................................9
5.
5.1.
INFRASTRUCTUREDESIGN..................................................................................................................................................10
SystemArchitecture(development,qaandproductionimplementations)......................................................................10
5.2.
InfrastructureManagement...........................................................................................................................................13
5.2.1.
Availabilityrequirements.................................................................................................................................................13
5.2.2.
Businesscontinuityfailoverandfailback.......................................................................................................................13
5.2.3.
Archivalrequirements......................................................................................................................................................13
5.2.4.
Maintenance....................................................................................................................................................................13
5.2.5.
Logfilerotation................................................................................................................................................................13
5.2.6.
Startingandstoppingtheapplication..............................................................................................................................13
5.2.7.
Monitoringinterfaces......................................................................................................................................................13
5.2.8.
Dependences....................................................................................................................................................................13
AccessControl...............................................................................................................................................................14
5.3.
5.3.1.
BusinessRequirementforAccessControl.......................................................................................................................14
5.3.2.
UserAccessManagement................................................................................................................................................14
5.3.3.
UserResponsibilities........................................................................................................................................................14
5.3.4.
FileSystemAccessControl...............................................................................................................................................14
5.3.5.
NetworkAccessControl...................................................................................................................................................14
5.3.6.
MobileComputingandTeleworking...............................................................................................................................14
5.3.7.
OperatingSystemAccessControl....................................................................................................................................14
5.3.8.
ThirdPartymanagementandaccess...............................................................................................................................14
5.3.9.
PhysicalandEnvironmentalSecurity...............................................................................................................................14
5.3.10.
ApplicationandInformationAccessControl...................................................................................................................14
5.4.
ApplicationManagement...............................................................................................................................................15
5.4.1.
ThirdPartyServiceDeliveryManagement.......................................................................................................................15
5.4.2.
OperationalProceduresandResponsibilities..................................................................................................................15
5.4.3.
Upgradeandcodemigration...........................................................................................................................................15
5.4.4.
OSpatchingandsecuritypatching...................................................................................................................................15
5.4.5.
Solutiondependencies.....................................................................................................................................................15
5.4.6.
Jobmanagement(cron,timedprocesses,...)..................................................................................................................15
5.4.7.
Userinteractions(printing,outputfolders,http,ssh,...)...............................................................................................15
5.4.8.
Licensing...........................................................................................................................................................................15
5.4.9.
Ongoingcosts..................................................................................................................................................................15
5.5.
ClientApplications.........................................................................................................................................................15
5.5.1.
Architecture.....................................................................................................................................................................15
5.5.2.
Installation.......................................................................................................................................................................15
5.6.
Migration.......................................................................................................................................................................16
5.6.1.
Migrationstrategy(howarewegoingtogointoproduction)........................................................................................16
5.6.2.
Rollbackstrategy..............................................................................................................................................................16
5.6.3.
Decommissioning.............................................................................................................................................................16
Page4of19
CSUTechnicalSolutionDesignDocument
6.
TESTDESIGN.......................................................................................................................................................................17
6.1.
PSC/SDLCAnalysisPhase(RequirementsTesting)...........................................................................................................17
6.1.1.
UseCases.........................................................................................................................................................................17
6.1.2.
RiskRegister.....................................................................................................................................................................17
6.1.3.
Requirementvalidation...................................................................................................................................................17
6.2.
PSC/SDLCDesignPhase(FunctionalTesting)...................................................................................................................17
6.3.
PSC/SDLCTestingPhase(VerificationTesting)................................................................................................................18
6.4.
ImplementationPhase...................................................................................................................................................19
Page5of19
CSUTechnicalSolutionDesignDocument
1. ProjectSummary
Provideadescriptionofwhatapplication/system/productwillbedevelopedusingthissolutiondesign.Includeasummaryof:
Currentapplication,systemorproductinuse,ifany.Thiswillprovideareferencepoint.
Themainfeaturesofthissolutionincludingadescriptionofgeneralfunctionality,maincomponents,outputexpectationsandtarget
usergroups.Thisappliestobothinternallyandexternallysourcedapplications.
2. ApplicationDesign
Thissectionisflexibleinthatcomponentsmayormaynotbeincludeddependingonthecomplexityoftheprojectandwhetheritis
sourced/developedinternally.ProvidesufficientdetailtoallowatechnicalbuilddocumenttobegeneratedbyTIusingthis
documentasabase.Thedepthofdetailisdependentontherelationshipofthesolutiontotheexistingsystem.Forexample,anew
DEEWRSreportwillfollowwelldefinedconventionsandelementswhereasathirdpartyapplicationwillonlyhavehigherlevel
designelements,ornoneatall.
2.1. Userinterfaces
Definespecificelementsoftheuserinterfacesuchaswebpages,oracleforms,etc.,andincludemockupsasagreedwiththeclient.
2.2. UserManagement
Definetheownersandgroupsfortheapplication/systemandthegeneric,administrativeand/orsystemuserloginsandtheir
functions,ifany.Includeanythirdpartyaccessrequirements.Identifythejobpositionthathasownershipandadministrative
responsibilityfortheapplication/system.
2.3. DataOutput
Defineanyoutputartefactssuchasreports,files,screendisplays,datatransferstodatabasetables,orthirdpartyapplications,etc.
Includecommentsregardingfrequencyofoutputortransferandanyrequirementstoautomateprocesses,suchasovernightbatch
processing.
2.4. DataManagement
Definerequirementsforeachenvironmentincludingfolderstructures,filestorelocations,databaseelementsschemas,tables,
packages,triggersandsequences,asapplicable.
2.5. CodingRequirements
Definespecificrequirementsthatmustbecodedinthesolution.Include:thepreferredcodeplatform;theneedtouseincludefiles
and/ordatabasepackages;datavalidationrequirements;specificmethodologiesoralgorithmsrequiredtoderivedatavalues;
significantspecificoutputrequirementsexpectedbasedoninputdata,includinglogs;referencetoanyexistingcodeelementsthat
canbereused;anyintersystemtransferrequirements;authenticationandaccessmethodology.
Page6of19
CSUTechnicalSolutionDesignDocument
3. IntegrationDesign
TheintegrationdesignprovidesdetailsonhowthesolutionapplicationwillintegratewithotherCSU
applicationsand/orapplicationsoutsidetheuniversity.
3.1. IntegrationSchematic
Acontextdiagramistobeprovidedshowinghowthesolutionintegrateswithotherapplications.Alsoinclude
anysourcesthatmayberequiredformasterdata.
3.2. EnterpriseDataRequirements
AnySolutionDatawhichalreadyexistsintheMasterDataCataloguemustbesourcedfromthere.Ifknown,listthesedataobjects
andindicateifanyofthisMasterDatawillbechangedwithinthesolution.Indicatetheflexibilityforthesolutiontobeableto
consumedatafromanexternalsourceandcontributedatatoanexternaltarget(asmasterdata).Describetheability/flexibilityto
selectwhichtablesorattributeswillbepopulatedfrommasterdata,andwhichwillcontributetomasterdata.
3.3. MasterDataDefinitions
MasterDatadefinitionsareavailableinthefollowingdocumentslocatedintheUNCpath,S:\Administrative\Information
Technology\Architecture\6InformationArchitecture\MasterDataDefinition\1CurrentApproved
3.4. IntegrationScope
ERDshowingthemasterdataentitiestobeusedbythesolutionconsultationmaybewiththeEnterpriseDataArchitect,e.g:
3.5. MasterDataDocumentTypes
Defineenterprisedatastructurestobeusedbytheapplication.Inthecaseofnewstructuresbeingrequiredthatarenot
implementedinthedefinedEnterpiseDataModelornotimplementedinwebMethodsorMDR,thenconsultationwiththe
EnterpriseDataArchitectwillberequired.Forthisconsultation,youshouldgainthenecessaryinformationtocompletethe
structure.i.eName,Attributes,Sizes(?)andsqlnecessarytogatherfromthesourceapplication.Thisneedstoberecordedinthe
design,preferentiallyinatablestructureforTItoimplement.
3.6. EnterpriseInterfaceRequirements
TheITDataArchitectureStandardshowsthestandardmethodsofinteractionwithCSUdata.Showdetailsonhowthissolutionwill
connecttotheMasterDataand/orotherCSUapplications
WillthesolutionusewebMethodsorothermethodstoexchangedatawithotherapplications?Ifso,referto4.2.1to
providedetailsonrequirements.
Willtheapplicationrequiremasterdatatobeprovidedtoitslocaldatabase?
WillservicesbecalledinsidewebMethodstoreturndatafrommasterdata?ifso,providedetailsonservicei.ename,desc,
inputs,outputs,selecttouse(orflowdesign)
WilltherebeconnectionstoActiveDirectoryorLDAPforauthentication?
Willtherebegenericvendorprovidedintegrationbetweenapplications?i.eDegreeworksandBanner,DentistrysSaludand
Romexis
Willpasswordsneedtobepushedtotheapplication?(Currentlywedontprovidethisserviceasanumberofsecurity
questionsareraised...YouwillneedtoconsultwiththeEnterpriseIntegrationArchitect,EnterpriseDataArchitect,
EnterpriseApplicationArchitectandSecurityArchitecttodiscussifitbecomesarequirement.
Willdataberequiredtobepushedtoanexternalhostedapplication?i.eHeims
WillTransactionalControlneedtobeimplemented?i.e.XATransactions..dontcommitunlesstransactionsaresuccessful
onmorethanonedatabase.
Note:Whencreationofwebmethodsservicesortransfersarerequired,thereisawebMethodsDevelopersHandbookinthe
followinglocationS:\Administrative\InformationTechnology\Architecture\IntegrationCentre\Handbooks\Developers\Developers
Handbook.doc
Page7of19
CSUTechnicalSolutionDesignDocument
3.7. DataTransferVolumes
Provideestimatesonthevolumeofdatatobetransferredtoandfromthesolution.Thisshouldincludesizeforcurrentdemands
andfuturegrowth.
3.8. DataAvailability
DescribehowthesolutionwillcopeifaccesstotheMasterDataisunavailableforaperiodoftime.Addressspecificsituationssuch
ashowthesolutionwillrespondifuserauthenticationinformationisunavailable,orifCSUInteractisunavailable.Thiscanbecomea
problemfortheapplicationwhereservicestoselectfromMasterdataaretobeused.CurrentlythereisonlyoneMDRdatabasesoif
itbecomesunavailable,thiswillneedtobecateredforintheapplication
.
3.9. Latency
WhenusingMasterDatawithintheSolutionsownschemas.Howquicklywillthisdatahavetoberefreshed?Egrealtime,withinan
hour,overnightetc.Istherethepotentialforanadverseeffectonperformancewhereadatatransferisrunningbetween
campuses?
Page8of19
CSUTechnicalSolutionDesignDocument
4. SecurityDesign
ThegoalofsecuritydesignintheSDLCistoensuresecurityisanintegralpartoftheinformationsystemsolutionsdevelopedAll
securityrequirementsshouldbeidentifiedattherequirementsphaseofaprojectandjustified,agreedanddocumentedaspartof
theoverallbusinesscaseforaninformationsystem.AS/NZSISO/IEC27002:2006.
Thebusinessrequirementsfornewsolutions,orenhancementstoexistingsolutionsshouldspecifytherequirementsforsecurity
controls.Theriskmanagementprocesscanbeusedtoidentifytherequirementsforsecuritycontrols.
Specificationsforsolutionsshouldconsiderbothautomatedcontrolsandtheneedforgovernanceprocessestosupportmanual
controls.Thisalsoneedstobeconsideredwhenevaluatingsoftware,bothdevelopedandpurchased.
Thesecurityrequirementsandcontrolsshouldreflectthebusinessvalueoftheinformationassetsinvolved,andthepotential
impacttoCSUshouldafailureorabsenceofsecurityoccur.(SeealsoCSUMasterDataGovernance.doc)
Purchasedproductsneedtoundergoaformaltestingandacquisitionprocessthatincludessecurityfunctionality.
4.1. Securityrequirementsanalysisandspecification
4.2. Assessingsecurityrisks
ThepotentialrisksassociatedwiththeimplementationofanewsolutionneedtobeassessedatthebeginningoftheSDLC.The
assessmentofsecurityrisksshouldbeincludedinthesolutioncoordinatorschecklistandfollowthemethodspecifiedinthe
SolutionRiskAssessmentMethodologyforSolutionDesign.
Riskassessmentsshouldidentify,quantify,andprioritizerisksagainstcriteriaforriskacceptance(oravoidance)andtheobjectives
ofthesolutionbeingdevelopedand/ortheobjectivesofDIT.Theyshouldbeperformedinamethodical,standardised,reproducible
manner.
Theriskassessmentshouldhaveaclearlydefinedscope.Forthepurposesofthedocumentthescopewouldusuallybethe
individualsolutionbeingdeveloped,howeveritshouldincluderelationshipswithriskassessmentsonothersolutionsin
developmentorproduction.Itmayalsohavetoincludeelementsofrisktotheentireorganisation.
Theoutputofariskassessmentshouldthendeterminetheappropriatelevelofriskmanagement.Theappropriatelevelofrisk
managementwillguideanddetermineprioritieswhenimplementingcontrolstominimiserisk.
Riskassessmentsshouldincludeasystematicapproachofmeasuringorestimatingthemagnitudeofrisks(riskassessment)andthe
processofcomparingtheestimatedrisksagainstriskcriteriatodeterminethesignificanceoftherisks(riskevaluation).
RiskassessmentsshouldalsoformpartoftheSDLCreviewprocessthatincludesreassessingtherisksofasolutionperiodically
and/orwhensignificantchangesoccur.
4.3. Treatingsecurityrisks
Oncethesecurityrequirementsandriskshavebeenidentifiedandthedecisionforthetreatmentofriskshasbeenmade,the
appropriatecontrolsshouldbeselectedandaddedtothedesigndocument.ControlscanbeselectedfromtheISO27002standardor
fromothercontrolsets,ornewcontrolscanbedesignedtomeetspecificneedsasappropriate.
Theselectionofsecuritycontrolsisdependentuponthesolutionscriteriaforriskacceptance,andrisktreatmentoptionsandshould
alsobesubjecttoallrelevantnationalandinternationallegislationandregulations.
4.4. Correctprocessinginapplications.
Correctprocessinginapplicationsisneededtopreventerrors,loss,unauthorisedmodificationormisuseofinformationin
applications.Securitycontrolsshouldbeimplementedthatensurethevalidationofinputdata,internalprocessingandoutputdata.
4.5. Cryptographiccontrols.
Cryptographiccontrolscanbeusedtoprotecttheconfidentiality,authenticityandintegrityofinformation.
Theneedforcryptographiccontrolscanbedeterminedbyriskassessmentprocessesandalsothedatasclassificationlevelas
determinedbytheCSUMasterDataGovernanceprocess.
Cryptographiccontrolsmaybeneededinbothinformationstorageandtransmission.
Iftheuseofcryptographickeysistobeconsidered,akeymanagementprocessisessentialtoensuredistribution,storage,changing,
revoking,recovery,archiving,destroyingofkeys.
Page9of19
CSUTechnicalSolutionDesignDocument
5. InfrastructureDesign
Infrastructuredesignprovidesdetailsandguidanceonthecommondesignconsiderationsthatarerequiredtomadewhendesigning
infrastructuresolutionswithintheCSUDIT.
EnvironmentsrequiredMarkrequiredenvironmentswithanX
Environment
Role
Production
clientsconductbusiness
QualityAssurance
Functionaltestingofinhouseenhancements
Development
Inhouseenhancementsdevelopedandtested
Training
Clientapplicationtraining
Implementation
Newversionsimplementedandtestedpriorto
migrationtoproduction
Lifespanofenvironments
Permanent
AdHoc
Production
QualityAssurance
Development
Training
Implementation
5.1. SystemArchitecture(development,qaandproductionimplementations)
OperatingSystem
ServerSpec
Architecture
NumberofCPUs
RAM
Datacentre
RedHatEnterprise5(x86)
Allocatedstorage
RaidType
raid1+0(SASfibrechannel)
Size
20G
MountPoint
/
raid5(SASfibrechannel)
raid5(Sata)
LocalAttachedstorage
Page10of19
CSUTechnicalSolutionDesignDocument
Disk
Size
Type
C1t1d0
146G
SAS
Disk
MountPoint
RaidType
C1t1d0
Raid1
C1t2d0
Raid1
MetaDevices
Device
Submirrorof
MountPoint
RaidType
d10
Raid1
Raid1
MountPoint
RaidType
d11
Raid1
OperatingSystemPartitions
Partition
Raid1
Size
Type
10G
/var
20G
Network
DNS
VLAN(campus,public,
secure)
Ip
Shares
Protocol
Location
Version
RequiredInstalledSoftware
Software
Backup
Page11of19
CSUTechnicalSolutionDesignDocument
Partition
Frequency
Rotational/Archive
Timeframe
Database
Vendor
Version
Machine
Partition
DBName
DBServiceName
DBUser
DBPw
Page12of19
CSUTechnicalSolutionDesignDocument
5.2. InfrastructureManagement
5.2.1. Availabilityrequirements
Howlongcanthesystembeunavailablebeforeitstartstoimpactonthebusiness.Isthisimpactfeltonlyduringbusinesshoursor
doesthisextendafterhoursorduringweekends.
5.2.2. Businesscontinuityfailoverandfailback
Businesscontinuityprovidesalevelofbackupthatwillenabletheservice/applicationtoberestoredtoworkingorderinadefined
period.Whatstandbysystemsareavailableforfailoveroftheapplicationservices.Howisfailoverachievedandwhatprocedures
areinplacetoperformthisprocess.
5.2.3. Archivalrequirements
Arethereanyarchivalrequirementswithlogsorothercreateddata.Ifany,whataretheretentionperiodsforthisinformation?
Rememberbackupstorageisrotatedsoifyouneeddatafromapointintimegreaterthanthefrequencyofthebackupsyouneedto
specifythisasanarchivalrequirement.
5.2.4. Maintenance
Arethereanymaintenanceplansforanyofthesystems.Whatlevelofmaintenanceisprovided.
5.2.5. Logfilerotation
Arethereanylogsproducedbytheapplication.Whatinformationisavailableinthelogfilesandforwhatperiodaretheyrequired
tobekept.
5.2.6. Startingandstoppingtheapplication
Whatinterfacesareavailabletostartandstoptheapplication.Whatdocumentationisavailabletooperatorstocheckthestatusof
theapplication.Arethereanychecksordependenciesthatneedtobeconsideredbeforetheapplicationcanbestartedorstopped.
5.2.7. Monitoringinterfaces
Whatexternalmonitoringofthesystemcanbedonetoalertpeopleofanoutage.SelfmonitoringIsthereanyconfigurations
requiredtoallowtheapplicationtoalertoperatorsofpotentialissues(ping/Servicebased).
Nagios
ServerName
Test
NotificationTimeframe
ContactGroup
ServerName
Test
NotificationTimeframe
ContactGroup
OEM
5.2.8. Dependences
Whatexternaldependenciesdoesthisapplicationhave.Whatimpactwouldanexternaloutagehaveonthefunctionsofthe
application.Whatdependsonthissystemandhowwouldanoutageofthisapplicationimpactonothersystems.
Page13of19
CSUTechnicalSolutionDesignDocument
5.3. AccessControl
5.3.1. BusinessRequirementforAccessControl
Defineaccesscontrolpolicy
5.3.2. UserAccessManagement
Userregistration,provisioning,privilegeandpasswordmanagement.
5.3.3. UserResponsibilities
Passwordpolicies,unattendeduserequipmentandcleardeskandclearscreenpolicy
5.3.4. FileSystemAccessControl
Physicalorlogicalaccesstosystemsbysuppliersforsupportshouldbemonitoredandchangesauthorisedusingthechange
managementprocess.Protectionofsystemtestdataandaccesstoprogramsourcecodesecuritycontrol.
5.3.5. NetworkAccessControl
Whataccesscontrolsaretobeimplementedonthenetworklevel.Aretheirpoliciesthatrelateusagefromspecificmachinesor
locations?
5.3.6. MobileComputingandTeleworking
Whataretheconsiderationsaroundusingtheapplicationfromoffcampus.
5.3.7. OperatingSystemAccessControl
Securelogonprocedures,useridentificationandauthentication,useofsystemutilities,sessiontimeoutandlimitingofconnection
time
5.3.8. ThirdPartymanagementandaccess
Isthissystemmanagedbyathirdpartyifsowhoandhowdowecontactthem.HowdotheyaccessthesystemandwhoinCSUdo
theyreportto.
5.3.9. PhysicalandEnvironmentalSecurity
5.3.10. ApplicationandInformationAccessControl
Informationaccessrestrictionandsensitivesystemisolation
Page14of19
CSUTechnicalSolutionDesignDocument
5.4. ApplicationManagement
5.4.1. ThirdPartyServiceDeliveryManagement
Servicedelivery,monitoringandreviewofthirdpartyservicesandmanagingchangestothirdpartyservices.
5.4.2. OperationalProceduresandResponsibilities
Documentedoperatingprocedures,changemanagement,segregationofduties,separationofdevelopment,test,andoperational
facilities
5.4.3. Upgradeandcodemigration
Howareupgradestotheapplicationandorhardwaredelivered.
5.4.4. OSpatchingandsecuritypatching
WhatlevelofOSpatchingisrequested.Doesanygroupneedtobeconsultedaboutthetimingofpatching
5.4.5. Solutiondependencies
Arethereanyotherapplicationsorphysicalhardwarethatneedtobeinstalled?Whatversionoftheapplication?Aretheyinstalled
aspartoftheapplicationandhardwareinstallationordotheyneedtobeacquiredandinstalledseparately?
5.4.6. Jobmanagement(cron,timedprocesses,...)
Whattimedprocessesarerequiredandwhatistheirpurposeandfrequency.
5.4.7. Userinteractions(printing,outputfolders,http,ssh,...)
Howdousersinteractwiththeapplicationoutputfolders,webaccess,ssh,ftp,fileshares,telnetorotheraccess.Isprintingrequired
fromaWebor/andApplicationserver,pleasespecifyanyUNIXprintqueuesthatwillberequiredandiftheyneedanyothersettings
eg:portrait/landscape
5.4.8. Licensing
Whatsoftwareand/orhardwarelicenceshavebeenpurchased.Whatinsummaryarethelimitationsoftheselicenses.
5.4.9. Ongoingcosts
Whatongoingcosts(licensing,maintenance)areassociatedwiththeapplication.Whatprocessiscapturingtheseandmanaging
these.
5.5. ClientApplications
5.5.1. Architecture
Howdo/willtheclientsconnecttotheapplication?
5.5.2. Installation
Howwilltheapplicationbedeliveredandtowhatuserbase
Page15of19
CSUTechnicalSolutionDesignDocument
5.6. Migration
5.6.1. Migrationstrategy(howarewegoingtogointoproduction)
Howisthesystemgoingtobemadeavailablewithoutimpactingoncurrentsystems.Whatchangestoothersystemsneedtobe
madetomakethisserviceoperational.
5.6.2. Rollbackstrategy
Whatchangeshavebeenmadetoothersystemstoaccommodatethisapplication.Documenthowthesecanberemovedwithout
impactingonothersystems.
5.6.3. Decommissioning
Doesthissystemreplacethefunctionsofotherproductionsystems?Whatsystemsaretheseandwhatprocessisinplacetoremove
thesesystemsthatarenowredundant?
Page16of19
CSUTechnicalSolutionDesignDocument
6. TestDesign
TestingshouldoccurateachstageintheDevelopmentLifecycle.Someoftheactivitiesbelowshouldbeperformedaspartof
ProjectManagementactivities.
Note:Currentlytestingwilloccurinthisdocumentasanendtoendprocess,butwillhavesomesectionsmovedtotheSDLCintro
documentasrevisionsoccursothatthereisatestingoverlayintheintrodocandachecklistinthisdocumentoftestingelements
thatshouldcoverthesolutiondesign.
6.1. PSC/SDLCAnalysisPhase(RequirementsTesting)
6.1.1. UseCases
Astherequirementsarecompleted,UseCasesshouldbedevelopedtomodelprocessflows.Thesearethenusedatmultiplelevels
throughouttheprocessandoncesignedoffbythebusiness,arethemselvesatesttoensurerequirementsarecorrectlydefined.
UseCasesshouldbedevelopedbytheBusinessAnalyst(BA)and/orBusinessExpert(BE)andshouldincludesampledatawhichcan
beusedintestexecution
6.1.2. RiskRegister
Akeyreasonfortestingistoreducethelevelofriskandconveythecurrentlevelofrisktothemanagementandstakeholders.In
realworldsituationstestingislikelytobeconstrainedbyavailabilityofresourcesortimeorbothandthereforeitisimperativethat
testingisprioritisedbasedontherisksidentified.Risksshouldbeidentifiedforeachrequirementdefinedaswellasforgeneral
risks.UseofariskchecklistsuchasonemodelledonISO9126ishighlyrecommended.
TheRiskRegistershouldbedevelopedbytheProjectManager(PM)inconjunctionwiththeProjectTeam.
Thefollowingtableshowstheriskmatrix:
Likelihood
VeryHigh
High
Low
VeryLow
Severity
VeryHigh
A
A
A
B
High
A
B
B
C
Low
A
B
C
C
VeryLow
B
C
C
C
6.1.3. Requirementvalidation
AtleastonetechniquesuchasCauseEffectorStateTransitiontestingshouldbeappliedtotherequirementstounearthpotential
problemsbeforeprogressingfurtherthroughthedesign.
Thesetechniquesshouldnotbeperformedbythesamepersonwhowrotetherequirements,andislikelytobetheresponsibilityof
thePMorBE.
6.2. PSC/SDLCDesignPhase(FunctionalTesting)
Functionaltestingensuresthatthefunctionalcomponentsofthesolutionhavebeenconstructedinlinewithfunctional
specificationspriortoundertakingintegrationandacceptancetesting.
Testcasesshouldbedevelopedfromthefunctionalspecificationandusecases.Usecasesprovideavaluablebackbonetotestcase
preparationduetothecorrelationbetweenausecaseandassociatedtestcases.
Testcasesshouldidentifythefunctionalrequirement,usecaseorriskbeingtested,thestepsnecessarytoperformthetestandthe
expectedoutcomeofthetest.
Page17of19
CSUTechnicalSolutionDesignDocument
TestCasepreparationandexecutionshouldbeprioritisedbasedontheriskregisterforthesystem.Highriskitemsshouldhave
moretestcasesassociatedwiththemandbetestedmorethoroughlyandlowriskitemsmaynotbetestedatallgiventimeand
resourceconstraints
Functionaltestcasesarespecifictothefunctionbeingtestedandtesttheexecutionofthatfunction.Howeverthereshouldbe
additionaltestcasesthatcoverfunctionalityofthesystemoncethecomponentsareintegratedtogether.
UnitTestPreparation
Description:UnitTestsareusuallyautomatedandgetruneachtimeabuildofthesystem
happens.Whiletheyadddevelopmenttime,theygreatlyassistintheconfidenceinthesystemcomponentsandreducetheriskthat
changeswillintroducedefects.Theyarewrittenattheverylowestleveloftestingoutputsfromknowninputs.
Responsibility:Developer
Preconditions:SignedoffRequirementsDocuments
Outputs:Unittestexecutionreports
InputValidation&BoundaryValueTestPreparation
Description:InputValidationandBoundaryValuetestsensurethatinvalidinputtothesystemiscorrectlytrappedandhandled.
Theytrytomakethedataascleanaspossibletoavoiddatainconsistenciesandunformattederrorbeingreportedtotheenduser.
Responsibility:Developer
Preconditions:CompletedUnitTestExecution
Outputs:TestCaseexecutiondocumentation
UnitTestExecution
Responsibility:Developer
Preconditions:SignedoffRequirementsDocuments
Outputs:Unittestexecutionreports
InputValidation&BoundaryValueTestExecution
Responsibility:Developer
Preconditions:CompletedUnitTestExecution
Outputs:TestCaseexecutiondocumentation
AccessibilityTestPreparation
Description:
Accessibleapplicationsandsystemsarenowlegalrequirements.Systemsshouldcomplywiththerelevant
accessibilitypoliciesandguidelines,suchastheCSUWDAAP.
Responsibility:Developer
Preconditions:Allotherdesignphasetestingcompleted
Outputs:AccessibilityTestcases
AccessibilityTestExecution
Responsibility:Developer
Preconditions:Allotherdesignphasetestingcompleted
Outputs:Accessibilityreport
6.3. PSC/SDLCTestingPhase(VerificationTesting)
IntegrationTestexecution
Description:Integrationtestingisperformedoncetestingofdiscretefunctionsiscompletedandensuresthatthefunctionsofthe
solutionoperatetogetherasspecifiedinthefunctionalrequirements
Responsibility:SystemsOfficer
Preconditions:Systemcomponentsindividuallytestedandassembled
Outputs:TestCaseexecutiondocumentation
Page18of19
CSUTechnicalSolutionDesignDocument
SystemTestexecution
Description:Systemtestsfocusnotonlyonthedesign,butalsothebehaviourandeventhebelievedexpectationsofthecustomer.
Theyalsotestuptoandbeyondtheboundsdefinedintherequirementsspecification,andincludeareassuchasregressionsand
Securitytesting.
Responsibility:SystemsOfficer
Preconditions:Systemcomponentsindividuallytestedandassembled
Outputs:TestCaseexecutiondocumentation
Performance,LoadandStressTestexecution
Description:Performancemeasuringsystemresponsetimesandloadunderexpectednormalconditionsincludingother
applicationsandusernumbersLoadmeasuringsystemresponsetimesandloadunderexpectedpeakperiodsStressfindingthe
breakingpointofthesystemintermsofvolumeoftraffic,numbersofusersetc
Responsibility:SystemsOfficer
Preconditions:SystemOfficercompletesothertesting,codemovedtoQA
Outputs:Performancemetrics
6.4. ImplementationPhase
UserAcceptanceTesting(UAT)
Description:Testingofrealworldsituationswithrealisticdatabyactualusersofthesystem.
Responsibility:BusinessUserswithguidancefromsystemofficers
Preconditions:SystemOfficercompletestesting,systemreadyforrelease,codemovedtoQA
Output:Signedoffdocumentstatingthatthebusinessishappywithreleasingtheproducttoproduction,
listingtestsconductedindetailandtheresultsofthosetests.
Page19of19