Docstoc

Project Architecture Review Board Response

Document Sample
Project Architecture Review Board Response Powered By Docstoc
					Sample Detailed Architecture Design (DAD)
             Project 123456 – Widget Payment System

                          Office of the Chief Information Officer (OCIO)
                           Government of Newfoundland & Labrador




This document contains highly sensitive, confidential information that may reveal the security
and/or technology posture of the Government of Newfoundland and Labrador's Information
Technology environment. Distribution of this document is limited to Authorized Individuals
only.

As information within this document will be used to protect Government's technology assets
and information, it is essential that its contents remain accurate and up to date. For more
information, please contact sdea@gov.nl.ca.
                                                                    Government of Newfoundland and Labrador
                                                                          Office of the Chief Information Officer
                                                                      Solution Delivery: Enterprise Architecture

                                                       Detailed Architecture Design (DAD) - CONFIDENTIAL

Note – The contents of this document are subject to review and revision upgrade. This template is
owned and maintained by the Enterprise Architecture (EA) Division within the Solution Delivery
Branch of the Office of the Chief Information Officer (OCIO). Direct your questions about this
template to SDEA@gov.nl.ca.

Document History
 Version        Date                     Summary                                        Responsible
 1.0            2009-07-14               Initial creation                               Widget Architect
 2.0            2011-06-21               Updated to use the new DAD template            Widget Architect



Approved By
  Senior Enterprise     Jey Kumar
  Architecture          (name)                              (signature)                         (date)
  Consultant



Important Information for Completing this Document

The purpose of the DAD document is to determine the technical suitability of a project’s architectural
design. It is NOT meant to determine support requirements or the need to assign OCIO resources to
the project (although it may be used as supporting documentation in those decision making
processes).

 1.    This document may contain inline guidance to assist you with the completion of various
       sections. The inline guidance is contained within a table layout. The information and the table
       must be deleted prior to submitting the document to SDEA for review.

 2.    This document also contains a table of contents section as well as a table of figures and a
       table of tables. If you do not use tables or images within this document those headings must
       be deleted prior to submitting the document to SDEA for Review.

 3.    If you encounter any difficulty or are unsure about anything within this document, please
       contact your assigned EA Prime.

Completed in Full

Each section of the DAD must be completed in full. If a particular section is not applicable to this
project, then you must write Not Applicable and provide a reason.

No sections are to be deleted from this document.


Detailed Architecture Design (DAD)                                                                Page 1 of 40
Template Version 3.7, 2011-05-01                                                  Authorized Individuals Only
                                                             Government of Newfoundland and Labrador
                                                                   Office of the Chief Information Officer
                                                               Solution Delivery: Enterprise Architecture

                                                              Sample Detailed Architecture Design (DAD)

Text contained within << >> provides information on how to complete that section and can be deleted
once the section has been completed.

TRIM

TRIM Document Number - Insert the TRIM document number into the footer.             Project teams can
obtain a document number from the ISC (OCIOISC@gov.nl.ca).

Document Embedding

To insert a document (BRD, PPIA, PIA, etc.) into this document, perform the following steps:

       From the Insert Menu, click object;
       Click the Create from File Tab. Find the document via the Browse button;
       Check the Display as icon checkbox;
       Click OK; and
       An object will be inserted directly into this word document.




Sample Detailed Architecture Design (DAD)                                                   Page 2 of 40
Template Version 4.0, 2011-05-12                                                          High Sensitivity
                                                                                              Government of Newfoundland and Labrador
                                                                                                    Office of the Chief Information Officer
                                                                                                Solution Delivery: Enterprise Architecture

                                                                                                           Detailed Architecture Design (DAD)

TABLE OF CONTENTS
1.          Project Information.................................................................................................................. 7
     1.1        SUMMARY DETAILS .......................................................................................................................... 7
     1.2        KEY PROJECT CONTACTS ................................................................................................................ 7
     1.3        KEY DATES ..................................................................................................................................... 7
     1.4        MULTI-PHASED DEPLOYMENT .......................................................................................................... 8
2.          Project Information Assessments .......................................................................................... 8
     2.1    INFORMATION: ................................................................................................................................. 8
       2.1.1 Public Facing ............................................................................................................................. 8
       2.1.2 Solution Location ....................................................................................................................... 8
     2.2    INFORMATION CLASSIFICATION ......................................................................................................... 8
     2.3    RESULTS......................................................................................................................................... 8
       2.3.1 Vulnerability Assessment .......................................................................................................... 8
       2.3.2 IM Assessment .......................................................................................................................... 9
       2.3.3 Preliminary Privacy Impact Assessment (PPIA) ....................................................................... 9
       2.3.4 Pre-Threat Risk Assessment .................................................................................................... 9
3.          Design and Technology Details.............................................................................................. 9
     3.1    SYSTEM PROFILE ............................................................................................................................ 9
       3.1.1 Solution Type ............................................................................................................................ 9
       3.1.2 Project Type .............................................................................................................................. 9
       3.1.3 Solution Attributes ..................................................................................................................... 9
       3.1.4 Solution Focus......................................................................................................................... 10
     3.2    SOLUTION DETAILS ........................................................................................................................ 10
       3.2.1 COTS Customization (NOT Configurations) ........................................................................... 10
       3.2.2 Data Conversion...................................................................................................................... 10
       3.2.3 Data Cleansing ........................................................................................................................ 10
       3.2.4 Solution Maintenance Cost Estimates .................................................................................... 10
     3.3    STANDARDS .................................................................................................................................. 11
       3.3.1 Deviation(s) ............................................................................................................................. 11
       3.3.2 Reason for Deviation(s) .......................................................................................................... 11
       3.3.3 Deviation Approval .................................................................................................................. 11
4.          Business Requirement Document ....................................................................................... 11
5.          User Community .................................................................................................................... 11
     5.1        DESCRIPTION ................................................................................................................................ 11
     5.2        USER COMMUNITY PROFILE ........................................................................................................... 12
6.          Support & Service Requirements ......................................................................................... 12
     6.1        SYSTEM AVAILABILITY REQUIRED ................................................................................................... 12
     6.2        SUPPORT AND SERVICE DELIVERY ................................................................................................. 13
     6.3        MAINTENANCE W INDOWS............................................................................................................... 13
     6.4        SOLUTION SUPPORT GROUPS ........................................................................................................ 13
7.          Solution Stack ....................................................................................................................... 13
     7.1        OPERATING SYSTEM...................................................................................................................... 13
     7.2        W EB SERVER ................................................................................................................................ 13
     7.3        APPLICATION SERVER / MIDDLEWARE ............................................................................................. 13
     7.4        DATABASE MANAGEMENT SYSTEM ................................................................................................. 13
     7.5        CLIENT DEVICE.............................................................................................................................. 14


Detailed Architecture Design (DAD)                                                                                                         Page 3 of 40
Template Version 3.7, 2011-05-01                                                                                                         High Sensitivity
                                                                                                       Government of Newfoundland and Labrador
                                                                                                             Office of the Chief Information Officer
                                                                                                         Solution Delivery: Enterprise Architecture

                                                                                                       Sample Detailed Architecture Design (DAD)

     7.6    DEVELOPMENT LANGUAGES ........................................................................................................... 14
     7.7    VIRTUALIZATION ............................................................................................................................ 14
     7.8    DIRECTORY SERVICES ................................................................................................................... 14
       7.8.1 Active Directory Schema ......................................................................................................... 14
     7.9    NETWORK ..................................................................................................................................... 14
     7.10 W EB DEVELOPMENT STANDARDS ................................................................................................... 14
8.          Application Architecture ....................................................................................................... 14
     8.1     DESCRIPTION ................................................................................................................................ 14
     8.2     LAYERS......................................................................................................................................... 16
       8.2.1 The Web Presentation Layer .................................................................................................. 17
       8.2.1.1   Administrative Path ............................................................................................................. 17
       8.2.2 Non-administrative Path .......................................................................................................... 17
       8.2.3 The Business Logic Layer ....................................................................................................... 17
       8.2.3.1   Administrative Path ............................................................................................................. 17
       8.2.3.2   Non-administrative Path ...................................................................................................... 17
       8.2.4 Data Access Layer .................................................................................................................. 17
       8.2.4.1   Administrative Path ............................................................................................................. 17
       8.2.4.2   Non-administrative Path ...................................................................................................... 18
       8.2.5 Persistence Layer.................................................................................................................... 18
     8.3     SESSION MANAGEMENT ................................................................................................................. 18
     8.4     OPEN SOURCE, FREEWARE, AND OR SHAREWARE .......................................................................... 18
     8.5     PRESENTATION, BUSINESS AND DATA LOGIC .................................................................................. 18
9.          Application Integration ......................................................................................................... 18
     9.1        DESCRIPTION ................................................................................................................................ 18
     9.2        EXTERNAL SYSTEM DEPENDENCIES ............................................................................................... 19
10.         Network Architecture ............................................................................................................ 19
     10.1 NETWORK ARCHITECTURE AND DESIGN DESCRIPTION..................................................................... 19
       10.1.1 Network Diagram................................................................................................................. 20
       10.1.2 Network Enhancements / Changes..................................................................................... 21
       10.1.3 Environments ...................................................................................................................... 21
     10.2 COMMUNICATIONS AND PERFORMANCE .......................................................................................... 21
       10.2.1 Data Flows and Network Protocols ..................................................................................... 21
       10.2.2 Network Traffic .................................................................................................................... 23
       10.2.3 Internet Protocol Version Supported ................................................................................... 24
       10.2.4 Domain Name Services ...................................................................................................... 24
11.         Database Architecture .......................................................................................................... 24
     11.1 SIZE OF DATABASE IN ROWS .......................................................................................................... 24
     11.2 ANTICIPATED GROWTH IN ROWS .................................................................................................... 24
     11.3 DATABASE FEATURES .................................................................................................................... 24
       11.3.1   Database Environment ........................................................................................................ 25
       11.3.2   Database Connection Account Type................................................................................... 25
     11.4 DATABASE LINK PRIVILEGES .......................................................................................................... 25
     11.5 STORED PROCEDURES .................................................................................................................. 25
     11.6 OBJECT-RELATIONAL MAPPING ...................................................................................................... 25
     11.7 ARCHIVE LOG MODE ...................................................................................................................... 25
     11.8 NUMBER OF DATABASE INSTANCES ................................................................................................ 25
     11.9 CLUSTERING ................................................................................................................................. 25
     11.10    DATABASE NORMALIZATION ....................................................................................................... 26
12.         Security Model ....................................................................................................................... 26


Sample Detailed Architecture Design (DAD)                                                                                                          Page 4 of 40
Template Version 4.0, 2011-05-12                                                                                                                 High Sensitivity
                                                                                                    Government of Newfoundland and Labrador
                                                                                                          Office of the Chief Information Officer
                                                                                                      Solution Delivery: Enterprise Architecture

                                                                                                     Sample Detailed Architecture Design (DAD)

   12.1 OVERVIEW .................................................................................................................................... 26
     12.1.1  High Level Threat Mitigation Plan ....................................................................................... 26
     12.1.2  User Controls (Identification and Authentication) ................................................................ 27
     12.1.3  Roles ................................................................................................................................... 28
     12.1.4  Access Control List.............................................................................................................. 28
     12.1.5  Data Segregation ................................................................................................................ 28
     12.1.6  Separation of Administrative and User Traffic .................................................................... 29
     12.1.7  Shared Infrastructure .......................................................................................................... 29
     12.1.8  Data Integrity ....................................................................................................................... 29
     12.1.9  Operating System Accounts and Privileges ........................................................................ 29
     12.1.10 Server Hardening ................................................................................................................ 29
     12.1.11 Security Logs ....................................................................................................................... 29
     12.1.12 Error Logs ............................................................................................................................ 29
     12.1.13 Remote Archiving ................................................................................................................ 30
   12.2 CRYPTOGRAPHY AND KEY MANAGEMENT ....................................................................................... 30
     12.2.1  Encryption ........................................................................................................................... 30
     12.2.2  Encryption Keys .................................................................................................................. 31
   12.3 INFRASTRUCTURE SECURITY .......................................................................................................... 31
     12.3.1  Infrastructure Security ......................................................................................................... 31
     12.3.2  Security of Interfaces to the Internet and/or Other Systems ............................................... 31
   12.4 APPLICATION SECURITY ................................................................................................................. 31
     12.4.1  Description .......................................................................................................................... 31
     12.4.2  Input Validation.................................................................................................................... 32
     12.4.3  Account Management ......................................................................................................... 32
     12.4.4  Segregation of Data and Privileges..................................................................................... 32
     12.4.5  Segregation of Duties .......................................................................................................... 32
     12.4.6  Use of Mobile Code ............................................................................................................. 32
     12.4.7  SOA / Web Services ........................................................................................................... 33
     12.4.8  Exception Management ...................................................................................................... 33
     12.4.9  Cached Data / Temporary Files .......................................................................................... 33
     12.4.10 Application Logging ............................................................................................................. 33
     12.4.11 Application Auditing ............................................................................................................. 33
   12.5 DATABASE SECURITY..................................................................................................................... 33
     12.5.1  Description .......................................................................................................................... 33
     12.5.2  Local User Management ..................................................................................................... 33
     12.5.3  Database Logging ............................................................................................................... 34
13.        Pre-Production Environment Security ................................................................................. 34
14.        Enterprise Backup and Recovery......................................................................................... 34
   14.1 BACKUPS ...................................................................................................................................... 34
     14.1.1 Description .......................................................................................................................... 34
     14.1.2 Schedule ............................................................................................................................. 34
     14.1.3 Data Retention .................................................................................................................... 35
   14.2 DISASTER RECOVERY .................................................................................................................... 35
     14.2.1 Disaster Recovery ............................................................................................................... 35
     14.2.2 Business Continuity ............................................................................................................. 35



TABLE OF TABLES
Table 1 - Key Project Contacts ..................................................................................................................... 7
Table 2 - Key Dates ...................................................................................................................................... 7
Table 3 - Information Classification ............................................................................................................... 8


Sample Detailed Architecture Design (DAD)                                                                                                       Page 5 of 40
Template Version 4.0, 2011-05-12                                                                                                              High Sensitivity
                                                                                                Government of Newfoundland and Labrador
                                                                                                      Office of the Chief Information Officer
                                                                                                  Solution Delivery: Enterprise Architecture

                                                                                                Sample Detailed Architecture Design (DAD)

Table 4 - Solution Maintenance Cost Estimates ......................................................................................... 10
Table 5 - Deviation Approval Contact Information ...................................................................................... 11
Table 6 - User Community Profile ............................................................................................................... 12
Table 7 - Solution Support Groups ............................................................................................................. 13
Table 8 - Data Flow Inbound and Outbound, Network Protocols ............................................................... 23
Table 9 - Baseline Bandwidth Sample ........................................................................................................ 24


TABLE OF FIGURES
Figure 1 - Application Architecture Diagram (non-administrative path) ...................................................... 16
Figure 2 – Web Front-End Load Balancing Network Diagram .................................................................... 20
Figure 3 – Network Diagram ....................................................................................................................... 21




Sample Detailed Architecture Design (DAD)                                                                                                 Page 6 of 40
Template Version 4.0, 2011-05-12                                                                                                        High Sensitivity
                                                                   Government of Newfoundland and Labrador
                                                                         Office of the Chief Information Officer
                                                                     Solution Delivery: Enterprise Architecture

1. Project Information

1.1 Summary Details

 Name                      Description
 Project Number            123
 Project Name              Widget Payment System
 Project Description       The Government of Newfoundland and Labrador has been selling widgets to the
                           public since 1997. This is an entirely manual process with orders being taken
                           over the phone, payments being accepted via credit card and cheque and orders
                           being mailed out. Due to demand from the customers, a web solution has been
                           authorized to offer widgets over the internet with online payments using credit
                           cards and debit cards. Financial Management has dictated that all online
                           payments will use the WTYM Broker, so this system will integrate with the existing
                           centralized OCIO WTYM Broker for online payments. This Government of
                           Newfoundland and Labrador system supports payments via credit card or
                           INTERAC over the internet and is certified for PCI compliance.


1.2 Key Project Contacts

Role                              Name                    Email                               Phone
Project Manager                   Widget PM               widgetpm@gov.nl.ca                  709-555-1212

Delivery Manager                  Widget DM               widgetdm@gov.nl.ca                  709-555-1212
Enterprise Architecture (EA)      Widget EA Prime         widgeteaprime@gov.nl.ca             709-555-1212
Prime
Manager of Operation        –     Widget DM               widgetdm@gov.nl.ca                  709-555-1212
Server / Storage
Manager of Operation        –     Widget DM               widgetdm@gov.nl.ca                  709-555-1212
Network / Security
Manager of Operations –           Widget DM               widgetdm@gov.nl.ca                  709-555-1212
Service Delivery
Manager     of    Application     Widget DM               widgetdm@gov.nl.ca                  709-555-1212
Services
Table 1 - Key Project Contacts


1.3 Key Dates

Event                                                 Date (YYYY-MM-DD)
Estimated Date for Beginning of Execute Phase         2011-05-15

Anticipated Implementation Date                       2011-10-01
Table 2 - Key Dates

Detailed Architecture Design (DAD)                                                         Page 7 of 40
Template Version 3.7, 2011-05-01                                                         High Sensitivity
                                                                Government of Newfoundland and Labrador
                                                                      Office of the Chief Information Officer
                                                                  Solution Delivery: Enterprise Architecture

1.4 Multi-Phased Deployment

Is this a multi-phased deployment project?                                        Yes         No

The initial phase will provide the ability for online payment for widgets using credit cards or debit cards
using the existing WTYM Broker System. A second phase will implement customer activity and
administration reports, e- mail notification of updates / upgrades to widgets, e-mail and fax
confirmation of shipping, payment using cheques and integration into the Government of
Newfoundland and Labrador website.



2. Project Information Assessments

2.1 Information:

Public information is being displayed in the Widget Payment System, but personal information such as
credit card numbers are being processed in the WTYM Broker application but are not retained there.

2.1.1   Public Facing

Will any component of this system be delivered via the Internet?                 Yes               No

Has the Project Team held a consultation with the Web Development Team to ensure compliance
with the Web Development Standards?                                  Yes           No

2.1.2   Solution Location

Based on the IM Classification, can the proposed solution reside with other applications of same
classification?                                                          Yes            No

2.2 Information Classification

                      High             Medium      Low           Unclassified
Confidentiality                                    X

Integrity                                          X
Availability                                       X
Table 3 - Information Classification

2.3 Results

2.3.1   Vulnerability Assessment



Sample Detailed Architecture Design (DAD)                                                      Page 8 of 40
Template Version 4.0, 2011-05-12                                                             High Sensitivity
                                                            Government of Newfoundland and Labrador
                                                                  Office of the Chief Information Officer
                                                              Solution Delivery: Enterprise Architecture



Is a Vulnerability Assessment (VA) required according to the Pre-TRA?           Yes            No

Although the solution has a Low Sensitivity security classification, it does collect credit card
information and pass it to the WTYM Broker for processing.

2.3.2   IM Assessment

Low Sensitivity - Although the solution processes credit card information, it is not stored in the
database, but is passed through to the WTYM Broker for processing.

Note: To insert the PPIA, follow the instructions found in the “Important Notes for Completing this
Document” section at the beginning of the template. >>

2.3.3   Preliminary Privacy Impact Assessment (PPIA)

Completed with no issues.

2.3.4   Pre-Threat Risk Assessment

Completed with no issues.



3. Design and Technology Details

3.1 System Profile

3.1.1   Solution Type

Select one:

           Commercial Off The Shelf (COTS)
           Software as a Service (SaaS)
           Custom Developed Software

3.1.2   Project Type

Select one:

           Primarily an Infrastructure Project
           Primarily an Application Project

3.1.3   Solution Attributes


Sample Detailed Architecture Design (DAD)                                                  Page 9 of 40
Template Version 4.0, 2011-05-12                                                         High Sensitivity
                                                               Government of Newfoundland and Labrador
                                                                     Office of the Chief Information Officer
                                                                 Solution Delivery: Enterprise Architecture



Select all that Apply:

           Geospatial (GIS) Components
           Web-based User Interface
           Desktop Application Based Interface
           Web 2.0

3.1.4   Solution Focus

Select all that apply:

           Government to Citizen (G2C)
           Government to Employee (G2E)
           Government to Business (G2B)
           Government to Government (G2G)
           Provincial
           Local
           Federal

3.2 Solution Details

3.2.1   COTS Customization (NOT Configurations)

N/A

3.2.2   Data Conversion

Is data conversion part of the project?    Yes            No

Customer information (name, address and contact information) and order information will be extracted
from the Order Tracking System and will be verified prior to initial load of data into system. This is
scheduled to occur on Oct. 2, 2011 over the weekend prior to implementation on Oct. 4.

3.2.3   Data Cleansing

Is data cleansing part of the data conversion?     Yes              No

3.2.4   Solution Maintenance Cost Estimates
  Cost Item                       Costs
  Hardware Maintenance            TBD

  Software Maintenance            TBD

Table 4 - Solution Maintenance Cost Estimates
Sample Detailed Architecture Design (DAD)                                                    Page 10 of 40
Template Version 4.0, 2011-05-12                                                            High Sensitivity
                                                            Government of Newfoundland and Labrador
                                                                  Office of the Chief Information Officer
                                                              Solution Delivery: Enterprise Architecture



3.3 Standards

Note - All projects are expected to follow OCIO standards as outlined in the Enterprise Architecture
(EA) Technology Binder. (http://www.ocio.gov.nl.ca/ocio/itresources/index.html)

3.3.1   Deviation(s)

Are there any deviations from OCIO Standards?                                 Yes              No

Oracle Unbreakable Linux is used on the Application server instead of the OCIO standard, Linux 5.

3.3.2   Reason for Deviation(s)

The solution uses a third party Widget Manager Component that is supported only on this version of
Linux.

3.3.3   Deviation Approval

<< All deviation from OCIO standards must be approved by the EA Division.            Attach the email
providing the project approval to deviate from the OCIO standards. >>

Note: To attach the email, follow the instructions found in the “Important Notes for Completing this
Document” section at the beginning of the template.

Deviation Approval Contact

   Name                                    Email                              Phone
   EA Approver                             eaapprover@gov.nl.ca               709-555-1212
Table 5 - Deviation Approval Contact Information



4. Business Requirement Document

<< Attach Business Requirement Document (BRD) ->>



5. User Community

5.1 Description

Historically, order processing for widgets has been done manually. Widget dealers, as well as
members of the general public, have placed orders, and made payments, over the phone. Account

Sample Detailed Architecture Design (DAD)                                                 Page 11 of 40
Template Version 4.0, 2011-05-12                                                         High Sensitivity
                                                            Government of Newfoundland and Labrador
                                                                  Office of the Chief Information Officer
                                                              Solution Delivery: Enterprise Architecture

information is currently managed, by GNL staff, in the Order Tracking System, an internal system
which is being retired.

There are approximately 25 widget dealers who buy from the Government of Newfoundland and
Labrador and resell to the general public, outside the province of Newfoundland and Labrador.
Widgets are also sold directly to members of the public, within the Province. The Widget Payment
System will enable these users to process, orders, and make payments, online.

5.2 User Community Profile

User                  Number of Users       “Who”               Distinct      User    Connection
                                                                Groups
Internal              1                     Solution            DBA                   Intranet
                                            Delivery
Internal              1                     Application         Help Desk             Intranet
                                            Support
Internal              3                     Widget              Administrator         Intranet
                                            department staff
Internal              2                     Department     of   Financial Clerks      Intranet
                                            Finance
External              1,000 +               25 widget dealers   25 widget dealers     Internet
                                            ~1,000    general   who    buy    for
                                            public
                                            This is based on    resale
                                            current number
                                            of purchasers
Extranet Partners     N/A                   N/A                 N/A                   N/A

Remote       Vendor   N/A                   N/A                 N/A                   N/A
Support
Table 6 - User Community Profile



6. Support & Service Requirements

6.1 System Availability Required

Please select one:

    Standard Government Business Hours
    24 x 7
    Extended Government Business Hours

Sample Detailed Architecture Design (DAD)                                                 Page 12 of 40
Template Version 4.0, 2011-05-12                                                         High Sensitivity
                                                             Government of Newfoundland and Labrador
                                                                   Office of the Chief Information Officer
                                                               Solution Delivery: Enterprise Architecture

6.2 Support and Service Delivery

This system is available during normal business hours only and is available to be included in
Operations regularly scheduled patch schedule.

6.3 Maintenance Windows

This system is available during normal business hours only and maintenance can be applied any day
after 6 PM up until 6 AM on the next business day.

6.4 Solution Support Groups

Area of Focus               OCIO        Vendor       Other


Application                                             - << Identify who. >>
DBMS                                                    - << Identify who. >>
Infrastructure                                          - << Identify who. >>
Other: << Identify. >>                                  - << Identify who. >>
Table 7 - Solution Support Groups



7. Solution Stack

7.1 Operating System

        Database Tier: Linux Red Hat Version 5
        Application Tier: Oracle Unbreakable Linux
        Web tier – Linux Red Hat Version 5

7.2 Web Server

        Apache Web Server Version 2.2.18

7.3 Application Server / Middleware

        Apache Tomcat Version 6.0.32

7.4 Database Management System

        Oracle Enterprise 11G



Sample Detailed Architecture Design (DAD)                                                  Page 13 of 40
Template Version 4.0, 2011-05-12                                                          High Sensitivity
                                                             Government of Newfoundland and Labrador
                                                                   Office of the Chief Information Officer
                                                               Solution Delivery: Enterprise Architecture

7.5 Client Device

       Windows XP SP3, Windows 7 32 or 64 Bit, Internet Explorer 7.0, Internet Explorer 9.0, Mozilla
       Firefox 4.0

7.6 Development Languages

       Java Enterprise Edition Version 6.0
       Java Server Pages Version 3.0
       Java Servlet Version 3.0
       Enterprise Java Beans (EJB)
       JDBC

7.7 Virtualization

Does this system support virtualization, the preferred OCIO choice?           Yes              No

7.8 Directory Services

Are Active Directory service accounts required?     Yes        No

7.8.1 Active Directory Schema

Are schema enhancements/changes required?          Yes        No

7.9 Network

Please refer to
Application Architecture

7.10 Description

The solution is divided into presentation, logic and database layers to support a physical three tier
architecture as this is deemed to be more appropriate for an external facing application of moderate
sensitivity.

The solution consists of 2 separate applications, an internet-facing online-ordering system, and an
internal administrative application.

The ordering system enables members of the general public, as well as licensed widget resellers, to
order widgets, process credit card payments, and track order statuses. The system maintains basic
information about each customer, including name, address, and purchase history.

The administration module allows GNL staff to manage widget inventory, as well as access and
modify information on customers and orders. This module also allows administrative users to process
Sample Detailed Architecture Design (DAD)                                             Page 14 of 40
Template Version 4.0, 2011-05-12                                                     High Sensitivity
                                                                                                   Government of Newfoundland and Labrador
                                                                                                         Office of the Chief Information Officer
                                                                                                     Solution Delivery: Enterprise Architecture

manual payments, bypassing the automated WTYM ePayment System, in order to process orders, in
the event of an online system outage.

The following diagram shows the logical application architecture of the Online Ordering Module.

<<Note: This sample document contains an application architecture diagram for the online order-
processing- system only. In a real Detailed Architectural Design document, an additional diagram
would be required for the administrative path, as well.>>


                                                Web Browser
                                                    HTTP/HTML

                                                      Services
                                                                                                                        Presentation
                  Java Server
                                PDF Library
                                                    HTTP
                                                   Servlet
                                                                     Host
                                                                   Intrusion
                                                                                     Web Server Access
                                                                                   Logging and Forwarding
                                                                                                                           Layer
                     Pages
                                                  Requests         Detection




    External Web Services
                                                                     Web Services
                                                                 (Apache Axis - Servlets)

       WTYM Payment                                                   Services                                         Business Logic
          Broker
                        SOAP                          Business          Data                          Access
                                                                                                                           Layer
                                     Payments                                           Logging
                                                      Objects         Validation                      Control




                                                  Services

                                                                                                                        Data Access
                                              Custom Data Access
                                                   Interface                                                               Layer


                                                    JDBC




                                                  RDBMS
                                                                                                                         Persistence
                                                                                                                            Layer

                                               Oracle 11G



Sample Detailed Architecture Design (DAD)                                                                                        Page 15 of 40
Template Version 4.0, 2011-05-12                                                                                                High Sensitivity
                                                               Government of Newfoundland and Labrador
                                                                     Office of the Chief Information Officer
                                                                 Solution Delivery: Enterprise Architecture

Figure 1 - Application Architecture Diagram (non-administrative path)

7.11 Layers

The Widget Payments system has two separate paths of execution for administrative and non-
administrative access both of which will be configured in a three tier environment. Administrative and
non-administrative paths maintain separate presentation, business-logic, and data layers. A common
data layer is shared by both paths:

7.11.1 The Web Presentation Layer

The web presentation layer resides on the web tier.

7.11.1.1 Administrative Path

This layer includes the admin web server and is where the admin pages will reside. Java Server
Pages (JSP) on an Apache web server will be used to create and host the pages. Some initial data
validations will be performed at this layer.

7.11.1.2 Non-administrative Path

This layer will include the application web server and is where the application pages will reside. Java
Server Pages (JSP) on an Apache web server will be used to create and host the pages. Some initial
data validations will be performed at this layer.

7.11.2 The Business Logic Layer

The business logic layer resides on the application tier. Data in the application logic layer is accessed
via standard java WorkerBean calls to Enterprise Java Beans on the Application Tier. The
communications between the WorkerBeans client on the web presentation layer and the Enterprise
Java Beans on the application logic layer are executed through a pool of persistent connections
protected by the SSL/TLS encryption library.

7.11.2.1 Administrative Path

All administration logic will be installed here. This layer will include a Java application (Web Services
and Class Library) running on an Apache Tomcat Application Server that will perform final data
validation and database calls. Transactions are controlled by Enterprise Java Beans (EJB).

7.11.2.2 Non-administrative Path

The Widget Payments application logic is executed in this layer. It is here where all communications
with the database are initiated. This layer will include a JAVA application (Web Services and Class
Library) running on an Apache Tomcat Application Server that will perform final data validation and
business process. The WTYM Broker will be called to make payments using credit / debit cards from
this layer. No administration logic exists in this layer.
Sample Detailed Architecture Design (DAD)                                                Page 16 of 40
Template Version 4.0, 2011-05-12                                                        High Sensitivity
                                                              Government of Newfoundland and Labrador
                                                                    Office of the Chief Information Officer
                                                                Solution Delivery: Enterprise Architecture



7.11.3 Data Access Layer

The data access logic resides on the application tier.

7.11.3.1 Administrative Path

This layer contains all logic which manages the mapping of database entities to business entities.
Business Objects exist as Enterprise Java Beans (EJB), and communication with the database is
managed through JDBC.

7.11.3.2 Non-administrative Path

This layer contains all logic which manages the mapping of database entities to business entities.
Business Objects exist as Enterprise Java Beans (EJB), and communication with the database is
managed through JDBC.

7.11.4 Persistence Layer

The Widget Payment Database server will reside on the database tier located on the Government of
Newfoundland and Labrador SAN. It will house all the transaction and customer information for the
application and will be called from the Data Access Layer.

7.12 Session Management

A security token is assigned to each session and this token is associated with the customer’s account.
This data will be stored in the database and used to log each of the transactions as payments are
made.

7.13 Open Source, Freeware, and or Shareware

Does the solution utilize open source, freeware or shareware as part of the overall solution?
 Yes     No

7.14 Presentation, Business and Data Logic

Select the software design pattern used to ensure separation of presentation, business, and data
logic:

        Not Applicable (COTS or SaaS Software, or Infrastructure Project)
        Page Controller Pattern
        Model-View-Controller (MVC) Design Pattern
        Other Strategy



Sample Detailed Architecture Design (DAD)                                                   Page 17 of 40
Template Version 4.0, 2011-05-12                                                           High Sensitivity
                                                               Government of Newfoundland and Labrador
                                                                     Office of the Chief Information Officer
                                                                 Solution Delivery: Enterprise Architecture

8. Application Integration

8.1 Description

The system interfaces with the WTYM ePayment broker, using SOAP. WTYM processes credit card
payments, and returns a success, or fail message to the system. Transactions will either continue, or
terminate, based on the success of the ePayment transaction.

8.2 External System Dependencies

In the event the WTYM ePayment broker is unavailable, the Widget Payment System, upon a failed
connection to WTYM, will present a friendly message to the user, that online ordering is unavailable.
The user is also provided with a telephone number to call, at the Department of Widgets, to order by
telephone. Internal administrative users can process the payments, and complete the orders
manually.



Network Architecture section for Network Information.

8.3 Web Development Standards

Note      –   Please     see      the   Web      Development      Standards       for    latest    version
(http://www.ocio.gov.nl.ca/ocio/itresources/index.html)

Does the solution adhere to the OCIO Web Development Standards?

           Yes         No



9. Application Architecture

9.1 Description

The solution is divided into presentation, logic and database layers to support a physical three tier
architecture as this is deemed to be more appropriate for an external facing application of moderate
sensitivity.

The solution consists of 2 separate applications, an internet-facing online-ordering system, and an
internal administrative application.

The ordering system enables members of the general public, as well as licensed widget resellers, to
order widgets, process credit card payments, and track order statuses. The system maintains basic
information about each customer, including name, address, and purchase history.

Sample Detailed Architecture Design (DAD)                                                    Page 18 of 40
Template Version 4.0, 2011-05-12                                                            High Sensitivity
                                                             Government of Newfoundland and Labrador
                                                                   Office of the Chief Information Officer
                                                               Solution Delivery: Enterprise Architecture



The administration module allows GNL staff to manage widget inventory, as well as access and
modify information on customers and orders. This module also allows administrative users to process
manual payments, bypassing the automated WTYM ePayment System, in order to process orders, in
the event of an online system outage.

The following diagram shows the logical application architecture of the Online Ordering Module.

<<Note: This sample document contains an application architecture diagram for the online order-
processing- system only. In a real Detailed Architectural Design document, an additional diagram
would be required for the administrative path, as well.>>




Sample Detailed Architecture Design (DAD)                                                  Page 19 of 40
Template Version 4.0, 2011-05-12                                                          High Sensitivity
                                                                                                   Government of Newfoundland and Labrador
                                                                                                         Office of the Chief Information Officer
                                                                                                     Solution Delivery: Enterprise Architecture



                                                Web Browser
                                                    HTTP/HTML

                                                      Services
                                                                                                                        Presentation
                  Java Server
                                PDF Library
                                                    HTTP
                                                   Servlet
                                                                     Host
                                                                   Intrusion
                                                                                     Web Server Access
                                                                                   Logging and Forwarding
                                                                                                                           Layer
                     Pages
                                                  Requests         Detection




    External Web Services
                                                                     Web Services
                                                                 (Apache Axis - Servlets)

       WTYM Payment                                                   Services                                         Business Logic
          Broker
                        SOAP                          Business          Data                          Access
                                                                                                                           Layer
                                     Payments                                           Logging
                                                      Objects         Validation                      Control




                                                  Services

                                                                                                                        Data Access
                                              Custom Data Access
                                                   Interface                                                               Layer


                                                    JDBC




                                                  RDBMS
                                                                                                                         Persistence
                                                                                                                            Layer

                                               Oracle 11G


Figure 1 - Application Architecture Diagram (non-administrative path)

9.2 Layers

The Widget Payments system has two separate paths of execution for administrative and non-
administrative access both of which will be configured in a three tier environment. Administrative and
non-administrative paths maintain separate presentation, business-logic, and data layers. A common
data layer is shared by both paths:
Sample Detailed Architecture Design (DAD)                                                                                        Page 20 of 40
Template Version 4.0, 2011-05-12                                                                                                High Sensitivity
                                                               Government of Newfoundland and Labrador
                                                                     Office of the Chief Information Officer
                                                                 Solution Delivery: Enterprise Architecture



9.2.1   The Web Presentation Layer

The web presentation layer resides on the web tier.

9.2.1.1 Administrative Path

This layer includes the admin web server and is where the admin pages will reside. Java Server
Pages (JSP) on an Apache web server will be used to create and host the pages. Some initial data
validations will be performed at this layer.

9.2.1.2 Non-administrative Path

This layer will include the application web server and is where the application pages will reside. Java
Server Pages (JSP) on an Apache web server will be used to create and host the pages. Some initial
data validations will be performed at this layer.

9.2.2   The Business Logic Layer

The business logic layer resides on the application tier. Data in the application logic layer is accessed
via standard java WorkerBean calls to Enterprise Java Beans on the Application Tier. The
communications between the WorkerBeans client on the web presentation layer and the Enterprise
Java Beans on the application logic layer are executed through a pool of persistent connections
protected by the SSL/TLS encryption library.

9.2.2.1 Administrative Path

All administration logic will be installed here. This layer will include a Java application (Web Services
and Class Library) running on an Apache Tomcat Application Server that will perform final data
validation and database calls. Transactions are controlled by Enterprise Java Beans (EJB).

9.2.2.2 Non-administrative Path

The Widget Payments application logic is executed in this layer. It is here where all communications
with the database are initiated. This layer will include a JAVA application (Web Services and Class
Library) running on an Apache Tomcat Application Server that will perform final data validation and
business process. The WTYM Broker will be called to make payments using credit / debit cards from
this layer. No administration logic exists in this layer.

9.2.3   Data Access Layer

The data access logic resides on the application tier.

9.2.3.1 Administrative Path



Sample Detailed Architecture Design (DAD)                                                    Page 21 of 40
Template Version 4.0, 2011-05-12                                                            High Sensitivity
                                                              Government of Newfoundland and Labrador
                                                                    Office of the Chief Information Officer
                                                                Solution Delivery: Enterprise Architecture

This layer contains all logic which manages the mapping of database entities to business entities.
Business Objects exist as Enterprise Java Beans (EJB), and communication with the database is
managed through JDBC.

9.2.3.2 Non-administrative Path

This layer contains all logic which manages the mapping of database entities to business entities.
Business Objects exist as Enterprise Java Beans (EJB), and communication with the database is
managed through JDBC.

9.2.4   Persistence Layer

The Widget Payment Database server will reside on the database tier located on the Government of
Newfoundland and Labrador SAN. It will house all the transaction and customer information for the
application and will be called from the Data Access Layer.

9.3 Session Management

A security token is assigned to each session and this token is associated with the customer’s account.
This data will be stored in the database and used to log each of the transactions as payments are
made.

9.4 Open Source, Freeware, and or Shareware

Does the solution utilize open source, freeware or shareware as part of the overall solution?
   Yes         No

9.5 Presentation, Business and Data Logic

Select the software design pattern used to ensure separation of presentation, business, and data
logic:

          Not Applicable (COTS or SaaS Software, or Infrastructure Project)
          Page Controller Pattern
          Model-View-Controller (MVC) Design Pattern
          Other Strategy



10. Application Integration

10.1 Description




Sample Detailed Architecture Design (DAD)                                                   Page 22 of 40
Template Version 4.0, 2011-05-12                                                           High Sensitivity
                                                              Government of Newfoundland and Labrador
                                                                    Office of the Chief Information Officer
                                                                Solution Delivery: Enterprise Architecture

The system interfaces with the WTYM ePayment broker, using SOAP. WTYM processes credit card
payments, and returns a success, or fail message to the system. Transactions will either continue, or
terminate, based on the success of the ePayment transaction.

10.2 External System Dependencies

In the event the WTYM ePayment broker is unavailable, the Widget Payment System, upon a failed
connection to WTYM, will present a friendly message to the user, that online ordering is unavailable.
The user is also provided with a telephone number to call, at the Department of Widgets, to order by
telephone. Internal administrative users can process the payments, and complete the orders
manually.



11. Network Architecture

11.1 Network Architecture and Design Description

Provide an overview of how the proposed solution aligns with the principles and practices as defined
in the Networking Section of the OCIO Technology Binder:
        The proposed solution will ensure secure and reliable communications for government users
        who access the application from both WAN and LAN access.
        The solution promotes efficiency and cost effectiveness of the province’s business
        requirements by utilizing the existing systems and standards through the use of common
        integration, encouraging the delivery of IT services and information over the same network,
        simplifying the government’s technology development.

Describe the potential impacts on the following areas, should the solution be implemented:
       The analysis of the widget payment solution and its business requirements does not appear to
       impact the enterprise-wide network infrastructure or architecture.
       However, there may be some operational management overhead for the epayment load
       balancing to ensure that communications for the widget system is monitored and support
       respond to alerts that identify problems with the epayment system. It’s important for the
       business of government and revenue streams, that epayment be available 24x7x365.

Outline how the solution is expected to interface with the government network infrastructure and/or
systems. Ensure to include where applicable:
       The widget payment system is a critical component of government e-business. Therefore,
       several interfaces are required in order to provide the level of integration into business
       applications and client functionality for users on the public Internet, and Internal for
       departments doing epayment transactions.
       There are many components and layers to the overall solution. In terms of networking, the
       solution requires physical/virtual server segmentation and logical security segmentation. As
       part of the IM assessment, this system contains highly sensitive data and transactions, thus,

Sample Detailed Architecture Design (DAD)                                                   Page 23 of 40
Template Version 4.0, 2011-05-12                                                           High Sensitivity
                                                                                                                            Government of Newfoundland and Labrador
                                                                                                                                  Office of the Chief Information Officer
                                                                                                                              Solution Delivery: Enterprise Architecture

           IP communications need to be secured and encrypted. No layer 2 encryption or security
           postures for the network are required at this time.
           The widget payment system will require integration to the financial management system and
           some applications that are deemed legacy within government. This system will require secure
           communications to these legacy systems.
           The servers for application and web will require hardware load balancing and the use of
           session management for user transactions, to ensure accessibility and integrity of
           communications.

Describe any training or additional resources needed. Examples include equipment, facilities, testing,
or professional consulting services.
        Since this solution will require the deployment of hardware load balancers, the operational
        network and security teams will require respective training in F5 BIG-IP management and
        configuration.

11.1.1 Network Diagram


           Uncontrolled                                     Perimeter Controlled Public
           Public Zone                                          Access Zone (DMZ)
                                                                                     BIG-IP (Active)
                                                                                                        Big-IP Load Traffic Manager

                                                                         Self-IP                               Self-IP
                                                                        (External)                            (Internal)




                                                 a.a.a.2
                                                                                                                                                                   Server 1
                                                                                                                                                                   b.b.b.2:443

                                          Floating Self-IP
                      Static NAT                (a.a.a.1)                                                                             Floating Self-IP
  Client      Public IP Addressàa.a.a.1
                                                                                                                                       (Internal- b.b.b.1)
                                            Perimeter Firewall
                                                Interfaces                            Virtual Servers
                                                                                        a.a.a.1 :443
                                                                                                                                                                   Server 2
                                                 a.a.a.3                                                                                                           b.b.b.3 :443




                                                                         Self-IP                                Self-IP
                                                                        (External)                             (Internal)

                                                                                     BIG-IP (Passive)




Figure 2 – Web Front-End Load Balancing Network Diagram




Sample Detailed Architecture Design (DAD)                                                                                                                     Page 24 of 40
Template Version 4.0, 2011-05-12                                                                                                                             High Sensitivity
                                                                                                                                                                                                Government of Newfoundland and Labrador
                                                                                                                                                                                                      Office of the Chief Information Officer
                                                                                                                                                                                                  Solution Delivery: Enterprise Architecture

                                                                                                                                                                                                              U.A


                                                                                                     Banks                                   Epayment
                                                                                                                                             Gateway                          Internet

                                                                                                                                                                                                              Client

                                                                                                                                          Service Provider
                                                                                                                                           External DNS

                                                                                                                                                 A-1


                                                                                                                                                                             A.0




                                                                                                                                                                      Virtual Servers
                                               Host 1            Host 2                                                                                                   Web Cluster
                                              <hostname>        <hostname>                                                                                          (Government Public IP:443
                        Widget Payment Web




                                                b.b.b.2          <b.b.b.3>                                                                                            Maps to: a.a.a.1:443)

                                              Services          Services
                                              b.b.b.2:443       b.b.b.3:443
                              Servers




                                                                                                                                            A-2
                                                                                                                                                                     Perimeter Firewall
                                                                                                                               Application Delivery Controller
                                                                                                                                                                          Cluster
                                                                                                                                       External Zone
                                                                                                                                     Virtual IP a.a.a.1

                                                                                    A.3        vLAN <2xxx-4xxx> (External)
                                                                                                     (Gateway b.b.b.x)                                       A. 2
                                                                                                                                     (Gateway a.a.a.x)
Application Services/




                                                                                                                         Application Delivery Controller
                                                                                                                                  Internal Zone                                                           vLAN <3xx-8xx>
                                                                                                                              Virtual IP cc.cc.cc.x                                                 B.3
     ePayment

      eBroker




                                                                                      B.2      vLAN <3xx-8xx> (Internal)                                   B.1
                                               Host 1             Host 2                          (Gateway IP c.c.c.x)                                                  Corporate Firewall                                                Widget Payments     Widget Payments
                                             <hostname>         <hostname>                                                                                                   Cluster                                                      User Application    user Application
                                               c.c.c.y           IP c.c.c.z                                                                                                                                                                   Server               Server
                                                                                                                                                                                                                                              d.d.d.y             d.d.d.x
                                             Services           Services
                                             c.c.c.y:7777       c.c.c.z:7777                                                                                                                                  B.4
   Widget Payments




                                                                                                                                                                                                                                                                                  Widget Admin Servers
   Database Server




                                                                                                                                                                                                                                                                                       (Vmware)
                                                                                    C.1           VLAN <1xx-299> (Internal)                                                                                     D.1
                                              Host 1                                                  (Gateway e.e.e.x)
                                             <hostname>                                                                                                                                                                                    Widget Payments    Widget Payments
                                               e.e.e.y                                                                                                                                                                                       Admin Web        Admin Application
                                                                                                                                                                                                                                               Server             Server
                                             Services                                                                                  Widget Payments
                                                                                                                              DB                                                                                                                f.f.f.y            f.f.f.z
                                             e.e.e.y:1521                                                                              Database on SAN
                                                                                                                                                                                                                D.2



                                                                                                                                                                           Corporate
                                                                                                                                                                          Government
    Corporate




                                                                                                                                                                                                                                            U.B
     Servers




                                                                              E.4                                                                                            E.1
                                                 Internal DNS
                                                                                                                                                                                                                       Widget Payments
                                                                                          Active Directory                                                                                                          Administrator / Help Desk
                                                                                                                                           SMTP



Figure 3 – Network Diagram


11.1.2 Network Enhancements / Changes

Are network enhancements / changes required?                                                                                                                           Yes                        No

Changes to the Application delivery Controller (BIG-IP) will be required to accommodate the load
balancing of the internal application for this solution. Currently the network only provides load
balancing for external systems, but because the application layer is inside the corporate network, it
deviates from the network and security standards.

11.1.3 Environments

Diagrams included in relevant sections.

11.2 Communications and Performance

11.2.1 Data Flows and Network Protocols

Sample Detailed Architecture Design (DAD)                                                                                                                                                                                                                     Page 25 of 40
Template Version 4.0, 2011-05-12                                                                                                                                                                                                                             High Sensitivity
                                                                    Government of Newfoundland and Labrador
                                                                          Office of the Chief Information Officer
                                                                      Solution Delivery: Enterprise Architecture



Outline the required communication requirements for the intended solution including the expected
security rules that will be configured in the table below.
                                                                                           Estimated #      of
    Source         Destination         Port(s)/Protocols      Description
                                                                                           Connections
    Internet to Public DMZ
    U.A            A.2                 443/TCP                Internet user access to      200 concurrent
                                                              widget web server
    Within Public DMZ
    A-2            A.3                 443/TCP                Application Controller to    20 load balanced
                                                              clustered web servers
    Public DMZ to Internet
    A-2            1.A                 Random/TCP             Return web traffic to        20 concurrent
                                                              Internet user
    Internet to Extranet DMZ
    A.2            A.1                 53/TCP                 DNS external services        TBD
    Within Extranet DMZ


    Public DMZ to Internal Network
    A.2            B.1                 443/TCP                Web   to    application      20
                                                              communications
    Extranet DMZ to Application DMZ
    n/a            n/a                 n/a                    n/a                          n/a
    Application Sub Zone DMZ to Internal Database DMZ
    B.1            C.1                 1521/TCP               Application to DB            1
    Database DMZ to Internal Network
    n/a            n/a                 n/a                    n/a                          n/a
                                           1
    Teleworker / VPN to Internal Network
    n/a            n/a                 n/a                    n/a                          n/a
    Teleworker to Public DMZ
    n/a            n/a                 n/a                    n/a                          n/a




1
 This access is controlled by Government SSL VPN RSA functionality based on the teleworker’s login ID and
not directly through firewall rules.
Sample Detailed Architecture Design (DAD)                                                      Page 26 of 40
Template Version 4.0, 2011-05-12                                                             High Sensitivity
                                                              Government of Newfoundland and Labrador
                                                                    Office of the Chief Information Officer
                                                                Solution Delivery: Enterprise Architecture

  Management Zone to Restricted Zone
  U.B              f.f.f.y, f.f.f.z   7777                Administration of Widget   1
                                                          Payment servers/service
  Production Sub Zones to Production Zone
  B.1-B.4          E.4                53                  Internal    DNS     and    5
  C.1                                                     Government       common
  D.1, D.2                                                services policies
  Management Zone to Production Restricted Zone
  U.B              D.1, D.2           443                 Administrator / Help       1
                                                          Desk support access
Table 8 - Data Flow Inbound and Outbound, Network Protocols

11.2.2 Network Traffic
Reference the table below to outline the expected network traffic requirements and/or any other
communications requirements for the proposed solution. This should include:

User and application / service connection speeds;
       The bandwidth required for this solution is standard for web to application tier communications.
       The application itself is designed to handle 1000+ users; however, we anticipate the number of
       concurrent users to be higher towards month end during payment periods. Using a Data
       Transfer Calculator the estimated traffic per web user is approximately 20kbps (kilobits per
       second) to the application layer and 64kbps between the user and the web server.
       The traffic will be experience bursts and we do not anticipate more than 100 concurrent users
       during peak periods of use. With the exception of service updates to servers by
       Administrators, traffic patterns should be nominal.
       Processing of transactions is considered nominal as the type of transactions are general text
       based communications and there is no expectation for increased bandwidth.
       However, the transactions are sensitive to latency and thus, this solution takes into account
       that the OCIO will maintain high efficiency on the Internet based transactions for ePayment.
       The production environment of the Widget solution will interface with the existing WTYM
       broker system to complete financial transactions.

Multimedia (video / audio) streaming
       N/A

Data replication
       N/A

Architecture of Solution should provide sufficient bandwidth access during peak rates.
List the size of user base and their expected, average and peak performance requirements.

The table below offers a sample of baseline bandwidth, based on application.      For more information,
consult the EA Prime assigned to your Project.

Sample Detailed Architecture Design (DAD)                                                   Page 27 of 40
Template Version 4.0, 2011-05-12                                                           High Sensitivity
                                                                   Government of Newfoundland and Labrador
                                                                         Office of the Chief Information Officer
                                                                     Solution Delivery: Enterprise Architecture

  Type of Object                                         Size in Kbytes
  Terminal Screen                                        4
  e-Mail message                                         10
  Web Page                                               50
  Spreadsheet                                            100
  Word processing document                               200
  Graphical terminal                                     500
  Presentation Document                                  2000
  High-resolution image                                  50,000
  Multimedia object                                      100,000
  Database (backup)                                      1,000,000
Table 9 - Baseline Bandwidth Sample

11.2.3 Internet Protocol Version Supported

Please select all required protocols:       IP, v4 (traditional)     IP, v6

11.2.4 Domain Name Services

Are fully qualified domain names (FQDN) used in the proposed solution?              Yes          No



12. Database Architecture

Note: For Database Security considerations refer to the Security Model section of this document.

12.1 Size of Database in Rows

Initial total size of the database is estimated to be 1 GB. Initial number of rows in the database will be
1 million.

12.2 Anticipated Growth in Rows

The database will grow an estimated two hundred thousand per year.

12.3 Database Features

Select all that apply:
            Primary keys (all tables)              Triggers
            Indicies (incl. foreign keys)          Views
            Foreign key constraints                Private database links

Sample Detailed Architecture Design (DAD)                                                        Page 28 of 40
Template Version 4.0, 2011-05-12                                                                High Sensitivity
                                                               Government of Newfoundland and Labrador
                                                                     Office of the Chief Information Officer
                                                                 Solution Delivery: Enterprise Architecture

          Stored Procedures                     Public database links
          Transactions                          Global database links

12.3.1 Database Environment

Can the database server run in a virtual environment (VM)?              Yes          No


12.3.2 Database Connection Account Type

          Individual user accounts              Shared user accounts

12.4 Database Link Privileges

N/A

12.5 Stored Procedures

20 stored procedures are used to control access to the tables and functionality to the users.

12.6 Object-Relational Mapping

Is an Object-Relational Mapping (ORM) layer used?            Yes           No

<< If Yes, which ORM layer is being used and why? >>

12.7 Archive Log Mode

Will the database be in archive log mode?        Yes         No

12.8 Number of Database Instances

Number of database instances: ____1__

<< Identify the quantity and purposes of each production database instance if more than one is used.
>>

12.9 Clustering

Is database clustering required?       Yes        No

<< If yes, explain why. >>



Sample Detailed Architecture Design (DAD)                                                    Page 29 of 40
Template Version 4.0, 2011-05-12                                                            High Sensitivity
                                                               Government of Newfoundland and Labrador
                                                                     Office of the Chief Information Officer
                                                                 Solution Delivery: Enterprise Architecture

12.10 Database Normalization

Database is normalized to Third Normal Form.



13. Security Model

13.1 Overview

13.1.1 High Level Threat Mitigation Plan
This analysis is roughly based on Microsoft’s STRIDE and DREAD threat modeling methodology:

       Step 1: Identify Assets
              The most valuable asset is the payment card (credit and debit) information. In case of
              the credit card information, it also falls under the scope of the PCI (Payment Card
              Industry) security compliance requirements.             PCI compliance effort will grow
              exponentially if credit card details persist locally within this application.
              In addition, the integrity of orders must be protected during the transit and storage.

       Step 2: Identify Threats
              The major threat to payment card information is unauthorized sniffing of payment card
              numbers over the Internet and (to lesser extent) within the OCIO trusted boundary.
              Another threat to payment card information is the secure protection of stored data
              which are vulnerable to a variety of attacks externally and internally.
              The threats to integrity of orders are modification of agreed price, corruption or deletion
              of orders by malicious users from the Internet and (to lesser extent) within the OCIO
              trusted boundary if the trusted boundary is also compromised by attackers (unlikely but
              possible).
              Common web-based attack vectors may include SQL injection, cross site injection,
              broken authentication, etc. Non web-based attack vectors may include zero-day
              exploits, loss of backup media (if not encrypted), unauthorized copying in development
              environment (if not sanitized), etc.
       Step 3: Rate Threats
              The external threats from the Internet to confidentiality of payment card information and
              integrity of orders are high.
              The threat to payment card information and PCI compliance in storage are considered
              medium.
              The threats to both assets once they are inside the OCIO internal network are
              considered low.
       Step 4: Recommend High-Level Risk Mitigation Plan
              While it is entirely possible to encrypt the payment card information in storage within
              this application, managing the encryption key is a significant challenge. The design
              decision is do not store the payment card information within the Widget Payment


Sample Detailed Architecture Design (DAD)                                                    Page 30 of 40
Template Version 4.0, 2011-05-12                                                            High Sensitivity
                                                             Government of Newfoundland and Labrador
                                                                   Office of the Chief Information Officer
                                                               Solution Delivery: Enterprise Architecture

              System but simply pass through the payment transaction to the WTYM Payment
              Broker.
              Deploy SSL secure communication between the web clients and servers to prevent
              unauthorized sniffing of network traffic over the Internet.
              Identify, authenticate, authorize and monitor users to ensure integrity and
              accountability of transaction.
              Protect the session tokens once users are authenticated from unauthorized copying of
              the tokens.
              Within OCIO network perimeters, as a compensating control, deploy network
              segmentation using firewall and VLAN technologies instead of database link encryption
              which is not available for this project.
              Assure the security quality of the web application development from common exploits
              such as SQL injection, Cross Site Scripting, etc. by mitigating the OWASP Top 10
              Security Risks and adhering to the OWASP development and testing best practices.

13.1.2 User Controls (Identification and Authentication)

A user table in the database holds all accounts, passwords and roles for each user with access to the
database. The password hash (SHA-512) is stored in the database. Each user of the system will
have an entry in this user table.

Each customer completes a secure on-line registration process resulting in the assignment of an
account number. The account number is used as the username; the customer must select a
password that complies with password complexity requirements which requires a minimum of 8
characters, both upper and lower case as well as one digit or special character.

The customer account is stored in a user table and does not result in the creation of a corresponding
database account. The customer account does not expire and the account passwords do not expire.
The customer may change their passwords at any time using a profile update page. They must login
to the application using this account and password which is authenticated against the credentials
stored in the Widget Payment database.

No Active Directory or any other kind of directory account is created for these customers. This may
change with the next phase as Government is in the process of implementing an Identity Management
Authentication and Authorization system.

The system will be seeded with an administrative account and a helpdesk account upon initial
implementation. The administrative account may create other administrative accounts or helpdesk
accounts.

No user account whether administrative, helpdesk or customer will have an account in the database.
Four database accounts will be created corresponding to the four defined roles. During login, the
connection to the database will use a special login account with role WPSLogin to connect to the
database and verify the user’s credentials. Each user will be assigned one of the three predefined

Sample Detailed Architecture Design (DAD)                                                  Page 31 of 40
Template Version 4.0, 2011-05-12                                                          High Sensitivity
                                                                 Government of Newfoundland and Labrador
                                                                       Office of the Chief Information Officer
                                                                   Solution Delivery: Enterprise Architecture

roles and the connection to the database will use the appropriate account corresponding to the role
assigned to the user once the user has been successfully authenticated.

13.1.3 Roles

The following is a list of the Oracle roles and the activities to which each role will be granted access:

Role                                                  Activity
                                                      Create customers (user accounts);
                                                      Create orders;
                                                      Create payments;
                                                      Retrieve customer;
                                                      Retrieve customer details;
WPSUser
                                                      Retrieve widgets;
                                                      Update customer;
                                                      Update orders; and
                                                      Delete customer (customer will not be physically
                                                      deleted, but will be set to inactive).
                                                      Create widgets;
                                                      Retrieve widgets;
                                                      Update widgets;
WPSAdmin                                              Delete widgets (only widgets with no orders can be
                                                      deleted);
                                                      Reset customer password; and
                                                      Create user accounts
WPSHelp                                               Reset customer password
WPSLogin                                              Retrieve user account details


13.1.4 Access Control List

Administrators are granted read-only access to infrastructure log files.

13.1.5 Data Segregation

All data resides in a single schema in the database with access to data based on the user’s Oracle
role.

Application Administrators can only create widgets, accounts and change passwords.

Helpdesk users can only reset passwords.

Sample Detailed Architecture Design (DAD)                                                      Page 32 of 40
Template Version 4.0, 2011-05-12                                                              High Sensitivity
                                                               Government of Newfoundland and Labrador
                                                                     Office of the Chief Information Officer
                                                                 Solution Delivery: Enterprise Architecture

Normal users can create accounts, orders, payments, retrieve / modify customer details, update
orders and delete their accounts (inactivates the account).

13.1.6 Separation of Administrative and User Traffic

Users may access the system only over the internet and administrators and helpdesk users may
access the system only over the Government of Newfoundland and Labrador internal network using a
specific administration interface running on a separate server.

13.1.7 Shared Infrastructure

Will this project be deployed on shared infrastructure?         Yes             No

13.1.8 Data Integrity

All data entry is initially validated at the presentation layer and re-validated by the application layer
before being written to the database. Information transiting between adjacent tiers (web server to
application server; application server to database server) uses SSL for encryption. Additionally, the
link between the application layer and the WTYM broker also uses SSL to encrypt all
communications.

13.1.9 Operating System Accounts and Privileges

An Oracle client account must be created and its credential stored in the configuration file on the
application server in order to securely connect to the Oracle database. This account must be given
least privilege to retrieve and update the transaction table only and no more.

A service account is also required to communicate with the WTYM broker for payment transaction
purposes. This account should be allowed only to perform payment transaction for amounts under
CAD$1,000.00 only and query payment transaction reference numbers only.

13.1.10 Server Hardening

Servers will be hardened to the current Center for Internet Security (CIS) standards.

13.1.11 Security Logs

All system event logs are stored locally and can be found in the /var/logs directory. See syslog.conf
output in error log information below. Read-only access to logs will be available to administrators
only.

13.1.12 Error Logs

All system error logs are sent to the central OCIO syslog server which is monitored by the UNIX /
Linux administration team.
Sample Detailed Architecture Design (DAD)                                            Page 33 of 40
Template Version 4.0, 2011-05-12                                                    High Sensitivity
                                                               Government of Newfoundland and Labrador
                                                                     Office of the Chief Information Officer
                                                                 Solution Delivery: Enterprise Architecture



Standard Redhat Linux /et cetera/syslog.conf file:

     1. # Log all kernel messages to the console.
     2. # Logging much else clutters up the screen.
     3. #kern.*
          /dev/console
     4. # Log anything (except mail) of level information or higher.
     5. # Don't log private authentication messages!
     6. *.info;mail.none;authpriv.none;cron.none
          /var/log/messages
     7. # The authpriv file has restricted access.
     8. authpriv.*
          /var/log/secure
     9. # Log all the mail messages in one place.
     10. mail.*                                                      -
          /var/log/maillog
     11. # Log cron stuff
     12. cron.*
          /var/log/cron
     13. # Everybody gets emergency messages
     14. *.emerg                                                *
     15. # Save news errors of level crit and higher in a special
          file.
     16. uucp,news.crit
          /var/log/spooler
     17. # Save boot messages also to boot.log
     18. local7.*
          /var/log/boot.log
     19. kern.*;*.alert;*.err;*.notice;*.warn
          @syslogserver




13.1.13 Remote Archiving

Can the logs be archived remotely?      Yes            No

The web and application servers will send the audit logs to the remote syslog server designated by
OCIO. The database audit log will remain on the local server until it is backed up periodically based
on the normal backup schedule.

13.2 Cryptography and Key Management

As the overall information security classification of this application is determined to be low (by not
persisting any payment card information), only sensitive data in transit will need to be encrypted with
SSL protocol while database encryption is not required. Other encryption methods are not used
except the backup storage system which is encrypted using AES algorithm with 256 bit key length and
secure storage of passwords is hashed using SHA-2 hashing algorithm which does not require any
encryption key at all. Note that this application has a signed Java applet component but the signature
key is securely protected by OCIO.

13.2.1   Encryption

Sample Detailed Architecture Design (DAD)                                                    Page 34 of 40
Template Version 4.0, 2011-05-12                                                            High Sensitivity
                                                                Government of Newfoundland and Labrador
                                                                      Office of the Chief Information Officer
                                                                  Solution Delivery: Enterprise Architecture



Is application encryption used?      Yes          No
The Java Applet is signed by using VeriSign publisher digital certificate.

Is database encryption used?         Yes          No

Is network encryption used?         Yes        No
Network traffic is encrypted with SSL between the web clients and servers over the Internet.

Is backup encryption used?           Yes         No
Target encryption with encryption keys managed transparently by OCIO Operations Branch.

13.2.2 Encryption Keys

The Java Applet Publisher signing key, SSL private key and backup encryption key are protected by
using strong passphrases maintained by OCIO. The strength of encryption for publisher/SSL
certificate is RSA 2048 bit length and for backup media is AES 256 bit length. All encryption keys are
periodically re-keyed on regularly basis or immediately if they are compromised in accordance with
OCIO Operating Procedures. The SSL private key materials for Internet facing web servers are
securely stored within SSL accelerator firmware.

13.3 Infrastructure Security

13.3.1 Infrastructure Security

The Widget Payment System is a 3-tier application architecture with all traffic between each tier
separated by firewalls and there is no direct traffic traversal between the web and database security
zones. All the traffic flow is restricted by the firewall rules as the dataflow diagram shown in the
Network Architecture section.

13.3.2 Security of Interfaces to the Internet and/or Other Systems

The network communication between the web client/web server/application server/WTYM brokers are
encrypted with SSL protocol. However, the network flow between the application server and
database is not encrypted but is segmented in its own network using VLAN technology as a
compensating control. In addition, all interfaces require password authentication whether they are
coming from interactive or non-interactive users.

13.4 Application Security

13.4.1 Description

Each customer is assigned an account number and specifies the initial account password upon setup
of a new account. The customer account does not expire and the account passwords do not expire.
The customer may change their passwords at any time using a profile update page. There is no
Sample Detailed Architecture Design (DAD)                                            Page 35 of 40
Template Version 4.0, 2011-05-12                                                    High Sensitivity
                                                               Government of Newfoundland and Labrador
                                                                     Office of the Chief Information Officer
                                                                 Solution Delivery: Enterprise Architecture

database account created for these customers. They must login to the application using this account
and password which is authenticated against the credentials stored in the Widget Payment database.
A security token is assigned to each session and this token is associated with the customer’s account.

This data will be stored in the database and used to log each of the transactions as payments are
made.

The administration GUI will be installed only on the internal Government network and will be
accessible only from there.

13.4.2 Input Validation

Input data sanitized to mitigate SQL injection, cross site scripting and other common attacks.
Each input field is validated in the presentation layer and again in the application layer.

13.4.3 Account Management

User accounts can be created by the users themselves and they can update their own passwords as
well. These accounts are assigned the default role of WPSUser.

Administrators can create other administrative accounts and helpdesk account. They can reset
passwords for all accounts. Administrative accounts are assigned the WPSAdmin role. Helpdesk
accounts are assigned the WPSHelp role.

Helpdesk cannot create accounts but can change passwords for any account.

Password complexity rules are enforced: password complexity requirements, which require a
minimum of 8 characters, both upper and lower case as well as one digit or special character. There
are no password expiry or lockout policies. Password changes are communicated via phone only.

13.4.4 Segregation of Data and Privileges

There is no sensitive information stored in the database, however, roles are used to determine what
data can be accessed and updated.

13.4.5 Segregation of Duties

All transactions are logged in the audit trails which are reviewed periodically by internal financial
auditors to detect any financial fraud. Any orders over CAD$500.00 in amount must be authorized by
the financial clerks’ supervisors before the transaction is completed.

13.4.6 Use of Mobile Code

Signed Java Applet is used to display order and customer information. The Java Applet is signed by
using VeriSign’s publisher digital certificate.
Sample Detailed Architecture Design (DAD)                                            Page 36 of 40
Template Version 4.0, 2011-05-12                                                    High Sensitivity
                                                              Government of Newfoundland and Labrador
                                                                    Office of the Chief Information Officer
                                                                Solution Delivery: Enterprise Architecture



13.4.7 SOA / Web Services

The external transactions with the WTYM payment broker are performed via Web Services using SSL
secure network protocol and authenticated by credentials embedded in SOAP header using the SAML
protocol.

13.4.8 Exception Management

The main entry point into the application will be wrapped in an exception trapping block to prevent the
possibility of an exception stack trace being returned to the user.

All exceptions will be logged and any account with 5 login failures from the same IP address within a 5
minute period will be blocked.

All error messages returned to the user will contain the minimum amount of information required to
convey the error.

13.4.9 Cached Data / Temporary Files

No sensitive data or file is cached locally.

13.4.10 Application Logging

The presentation layer logs logins, logouts, failed logins and any errors encountered. The application
layer again logs logins, logouts, failed logins and all errors encountered in input received from the
presentation layer, communications with the database layer and communications with the WTYM
Broker.

Note: - All logged events must be accompanied by event id, user id, timestamp, application
generating event and resource reference at a minimum. >>

13.4.11 Application Auditing

Some auditing is required for PCI compliance based on the low sensitivity classification of this
application.

13.5 Database Security

13.5.1 Description

Roles have been implemented in the database and each user of the system is assigned a database
role.

13.5.2 Local User Management
Sample Detailed Architecture Design (DAD)                                                   Page 37 of 40
Template Version 4.0, 2011-05-12                                                           High Sensitivity
                                                              Government of Newfoundland and Labrador
                                                                    Office of the Chief Information Officer
                                                                Solution Delivery: Enterprise Architecture



N/A

13.5.3 Database Logging

Database log files are stored on the SAN in the same directory structure as the database. Access
has been restricted to the system administrators and DBAs. Logged events include:
      Logins and logouts
      Creation of new accounts
      Deactivation of existing accounts
      Password changes / resets
      Placing orders
      Deletion of orders
      Payment confirmation/rejection from WTYM Broker



14. Pre-Production Environment Security

All Pre-Production environments are running on their own sandboxes in the virtual environments that
are provisioned and de-provisioned quickly on the assigned OCIO development security zone. The
following are the security controls put in place in these environments:
        Production data will be extracted from the existing production database into the development
        environment.
                Sensitive data fields will be masked by custom developed script before loading into the
                target database.
                No production data reside outside of the (OCIO) datacentre, province or country.
        The project team includes a configuration management process to manage access to
        codebase and change control approval.
        No external access is required to the pre-production environment.



15. Enterprise Backup and Recovery

15.1 Backups

15.1.1 Description

Does the backup strategy deviate from the normal OCIO processes as defined in the Enterprise
Architecture (EA) Technology Binder?                                Yes          No

15.1.2 Schedule

Backups can be scheduled anytime outside of normal business hours on a daily basis.

Sample Detailed Architecture Design (DAD)                                                   Page 38 of 40
Template Version 4.0, 2011-05-12                                                           High Sensitivity
                                                              Government of Newfoundland and Labrador
                                                                    Office of the Chief Information Officer
                                                                Solution Delivery: Enterprise Architecture

15.1.3 Data Retention

Does the proposed solution have a data retention plan?                         Yes             No
Data retention is not required.

15.2 Disaster Recovery

15.2.1 Disaster Recovery

Does the proposed solution have a disaster recovery (DR) plan?                  Yes             No

At this time, the DR plan for this solution is currently being assessed with a requirement for the
recovery of the E-payment and WTYM broker systems to be available, should the primary internet
accessible website experience a service disruption.

E-services are important to Government and we will work with the DR team to appropriately plan and
test our functionality. A DR plan for this solution will hinge on the redundancy and configuration of
Government’s Internet and application solution in general.

15.2.2 Business Continuity

Does the proposed solution have a business continuity plan?             Yes            No




Sample Detailed Architecture Design (DAD)                                                    Page 39 of 40
Template Version 4.0, 2011-05-12                                                            High Sensitivity

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:2
posted:2/8/2012
language:
pages:40