Skip to content
This repository has been archived by the owner on Oct 2, 2024. It is now read-only.

Questions from an IT manager

Jump to bottom
Unicus-Tom edited this page Nov 21, 2019 · 4 revisions

General

  • Who are the users?
  • Application description (brief)
  • Main technologies (programming languages, frameworks, run-time environments etc) Backend: C#, dotnet 3.0 Frontend: Javascript, npm, React.
  • Where will the software be hosted? Azure
  • Link to architecture diagrams (preferably C4 Model for software architecture)

Software Development & Software Architecture

  • Have you evaluated how the application should handle personal data, with GDPR regulations in mind? This includes logging of information that can identify a person, like name name, userID, email, etc.
  • Is the software subject to export control?
  • Have you made your software open source? If not, please explain why. Software is fully open source. But ties into systems that are not open source.
  • If you are considering buying (or already have bought) software tools, frameworks, libraries; Have you evaluated open source alternatives?
  • If you are considering consuming services based on proprietary software; Have you evaluated alternative services based on open source software?
  • Does the team follow a documented Software Development Lifecycle Process? Describe very briefly. We use a 2 week sprint cycle with our development following a trunk based principle with rapid commits to master. Releases are branched off separately and stabilized.
  • Do you do auditable code reviews for at least the major/central parts of the code? All code is audited when a pull request has been generated. With two approvals required to pass into master.
  • Do you deliver your software in iterations, with short feedback loops? Yes, we use two week development sprints.
  • Do you have a process for continuous improvement (e.g. by regular retrospectives)? Partially, we do revisit and rework code frequently to improve it but this would be expected from a software this early in development.
  • Do the software developers have direct contact with the users of the software? Currently, yes.
  • Do you have an automated CI/CD pipeline?
  • Please describe (using keywords) how the software is being tested?
  • Do you have automated tests, run as part of your CI/CD pipeline?
  • Have you assessed the technical debt in the software? How will you handle it?

Data & Information Architecture

  • Where is data in your application coming from? Azure and application private database.
  • How is the data flowing into your application?
  • How will other applications consume data from your application? Only planned consumer is webbrowsers so they will present it to users visualy.
  • Must your application be kept in sync with other applications (where same or related data appears multiple places? If yes, how are they kept in sync (e.g. Event-based? Sync-based?) Yes, we plan to use complete Model objects at first and later downsize to smaller objects. The syncs are triggered via user events. Data is backed up to database whenever a request has been completed.
  • Is data in your application immutable, i.e. data is never updated or deleted? Are there any special requirements regarding retention? No, most of the data is supposed to be very dynamic. The immutable components consist of identifiers and data from external systems.
  • Is your application considered to be "systems of records" for all data or a subset of data in the application? I.e. It holds the source of truth. If there is a deviation between another system and system of record, the value in the system of record is by definition the correct one. Yes, the application holds a state in its memory that acts as the "source of truth" with a database that is also kept up to date with this in case of system shutdown or crashes.
  • Is your application considered to be a "derived data system", i.e. data in your application is the result of taking some existing data from another system and transforming or processing it in some way. If you lose the derived data in your application, can you easily re-create from the original sources? Currently no, but it should be possible to adapt the planned systems to make this work. Data exclusive to Sepes will be lost(studynames, users, podnames).
  • If we want to exit the application, but keep data usable other places - how do you plan doing that? The system running sepes should never be shutdown. The frontend simply reaquires information from the backend at the start of every session. If we need the data for other systems in a read only manner they could use the database as a failover if the backend is down.
  • Is your data named / structured / modeled according to established international or national open standards?

Security and information management

  • Have you assessed how the information sensitivity impact the security in the software?
  • If you will move data into the cloud, in many cases a Risk Assessment must be performed. Have you done this, if relevant?
  • Will you (or have you) ordered a penetration test?

Operations

  • Has the RunBook been created?
  • Has service design been done?
  • Do you have any operational monitoring of the application? Azures built in monitoring will be used for this. Both with the data azure takes from its systems and with data sent by our backend/frontend systems.
  • What have you done to ensure reliability and resilience in the software? All data is mirrored to a database that serves as an up to date backup. And all assets within azure have tags that can be used to identify where they belong in case of a loss of data. Incrimental updates are performed according to schedule of host corporaition. Currently no automated way to recover lost data, but systems that can be used for this are planned for later feature updates.
  • What have you done to make it as easy and efficient as possible to operate the solution (reducing Total Cost of Ownership)?
Clone this wiki locally