Inspired by Semantic Software Design.
Design process cheat sheet
...from the book...
Overview poster
- Personas Who will use this work?
- Customer Journey Map
Why are they using this and how do they interact with it?
- Pains
What about their current process is problematic? Where are they thwarted?
- Gains
What new innovations can you offer them that might help them take a leap forward in productivity, delight, options, opportunities?
- Outcomes
What is the change that would make a difference to your customers and other
users? What reward do they want at the end of the journey?
- Metrics
How will your customers measure the difference that was made for them? How
will they know they got great value from your system? Note that these should be
rough and general at this stage.
Use cases
- Overview Provide a one-paragraph description of this use case.
- Actors
Identify primary and supporting actors.
- Relationship to Other Use Cases
This use case is related to the following use cases:
- Extends Use Case 1 (link)
- Includes Use Case 2 (link)
- Preconditions
The following must be true for this use case to be started:
- Postconditions
Describe what will be true when this use case completes:
- Primary Flow
Describe the main flow of this use case, excluding error conditions:
- Alternate Flows
Describe any desired alternative flows or error conditions. Identify step numbers
where the alternative paths begin.
- Special Requirements
Identify performance, scalability, availability, and internationalization requirements
associated with this use case.
Components
...
Approaches
Approaches are short versions of Design Definition Documents (see below). These are perhaps 3 to 10 pages long and cover a specific
engagement.
For example, we had a customer who wanted to integrate with our APIs in a certain
unusual way because of constraints of their legacy system. So, the architect wrote an
Approach document describing how the integration should be performed, the protocols to use, where to get certain data, the security implementation, and so forth.
Design Definition Document (D3) Template
Program Name Design Definition
Executive Summary
State the purpose of the program and what this document covers.
About this Document
This section contains metadata about the design document itself.
Authors
Names of people who did most of the writing.
Contributors
Names of people who contributed some writing or key ideas.
Reviewers
Names of people who did some quality control on this document.
Document State
Is this a draft, in review, or published?
Use of IETF Keywords
This document employs a subset of the Internet Engineering Task Force key‐
words found in RFC 2119. These words are MUST, SHOULD, MAY, and their
counterparts MUST NOT, SHOULD NOT, MAY NOT. They are capitalized
throughout the document to draw attention to their special status as keywords
used to indicate requirement levels.
Business Design
Describe the business objectives, drivers, and expected benefits for undertaking this
program.
Capabilities
Describe what capabilities the solution will have. What new benefits are provided
in functional and nonfunctional terms? What new scalability, reliability, global
distribution, performance, resilience, extensibility, manageability, portability,
security, or other benefits are expected? Don’t advertise or market to your audi‐
ence; be concrete and concise.
Strategic Fit
What element of the business and technology strategies does this help realize?
How?
Business Drivers
Why are we doing this? What priority is it among known others?
Assumptions
What is expected to be in place for this solution approach to be successful? Refer
to funding, availability of key resources, operations support, contracts, key pro‐
cesses, procurement, Global Network Operations Center (GNOC), regulations,
stated standards and guidance or technology patterns from the leadership team,
and so on.
Constraints
Applicable laws
Does the Americans with Disabilities Act (ADA) apply?
Applicable regulations
Reference need to maintain compliance with Payment Card Industry (PCI),
Personally Identifiable Information (PII), General Data Protection Regula‐
tion (GDPR), and System and Organization Controls (SOC). Do not merely
state that these laws exist, state how your design specifically accounts for
supporting them so that the developers can be sure to implement it
accordingly.
Risks
List business risks in doing the project as envisioned, risks to the customer or
existing business prospects or processes, how it can be maintained and operated
properly, availability of staffing resources, securing funding, countries/markets,
the inherent risks in trade-offs made, and so forth.
Impacts
What will this project or this architecture create in terms of organizational, train‐
ing, and process needs that affect the business? How will the business need to
change to best support this? Are there new processes that are expected to be
adopted internally within product development to support a new technology or
skillset? Should any roles and responsibilities change?
Stakeholders
List the organization, roles, and named individuals who stand to win or lose by a
good or bad outcome on this program. Who must change to accommodate it?
This will eventually feed your Responsible, Accountable, Consulted, Informed
(RACI) document.
Governance
What is the framework you’ll use to govern this project? Must you invent a new
committee? Are there design review processes or cloud governance or financial
governance processes to follow?
Application Design
Application overview and general strategy description.
Applicable Standards and Policies
List of links to published guidelines and conventions for development teams to
follow. For example, any internal policies, industry-specific standards, PCI guide‐
lines, ADA guidelines, and so forth that you expect teams to follow.
Guidelines and Conventions
Links to published guidelines and conventions for Dev teams to follow, such as
published internal standards, Google Java coding guidelines, JavaScript conven‐
tions, code quality guidelines, and so forth.
Patterns
Diagrams, links, and descriptions of patterns for Dev teams to follow in the
implementation. Reference any design patterns for designing and developing
services as applicable.
Services
List services to be created or existing services to be reused, along with the owners
of those services.
Security
Security requirements and design: how data will be secured, encrypted, author‐
ized, authenticated at rest, in transmission, or in processing. Use of Open Web
Application Security Project (OWASP) Top Ten and how those are addressed.
What security groups are required? Highlight security requirements for develop‐
ment such as bastion hosts. List transport or Transport Layer Security (TLS)/
Secure Sockets Layer (SSL) requirements.
Availability
Target SLA in terms of 9’s uptime and how specifically the architecture will sup‐
port such numbers. How recoverability, disaster recovery, and the like is being
supported. Consider these questions:
-
What are the compensating actions taken in a failure?
-
Will a circuit breaker be used?
-
What redundancy is there?
-
How is caching used to support certain failure events?
-
Health-check page?
-
Multideployments?
-
How are specific key components particularly designed for resilience and
high availability? Are you using multiple cloud zones?
-
What is your service replacement and versioning strategy to support zero-
downtime releases?
Scalability and Performance
What number of transactions per second at this latency and CPU utilization
must the solution support? What is the unit of scale (container, virtual machine,
cluster)? Use actual numbers and calculate the impact on server footprint that
will have. What are the ways in which the application and services can scale
through statelessness, Auto Scaling Groups (ASGs)? State the ASG threshold so
developers aren’t left to guess.
Extensibility
Will you use certain patterns in your services such as Strategy or Specification?
How will APIs specifically support the ways that the application affords future
change, how will the application support customizing per customer, and how are
configurations afforded?
Testability
How will this be tested, what tools will be used, and what specific automation and
targets will be in place? Include functional testing, regression testing, integration
testing, and chaos/resilience testing. Load testing plan? How will this be automa‐
ted? What specific toolset used in what process?
Maintainability
What software guidance for developers will help make the code base easier,
cleaner, simple to maintain in the long term? Code repository needs or project
needs? What is the maintenance schedule anticipated or downtime for upgrades
strategy?
Monitorability and Metrics
What tools and dashboards are required, logging requirements, how the software
itself must support event publishing to increase visibility. What are the specific
metrics that will indicate system uptime, health, and proper performance? How
will alerts be triggered at what threshold? Consider CPU, memory, drive/filesys‐
tem volumes, process monitoring, logs, event logs, and required procedures.
Data Design
Database Strategy
Overview the general data management strategy for this application. What spe‐
cial customer requirements should be called out for careful handling? What are
the risks involved with this strategy? Expected benefits?
Standards and Guidelines
What is the applicable set of data technology standards, guidelines, and tools?
Technologies
What database technologies will be used for what purposes, what specific serv‐
ices? Are there any new database technologies being used, or new versions?
Where can developers learn more? What guidance exists for them?
What instance types are being used? Are the available networking modes the
proper type for that database? Have you used the cost calculator to size and price
instances?
Import/Export
How will customers get data into your system?
If you’re porting data, what are the source and target maps?
How will customers get their data back out of your system for their own use?
Replication, Backup, and Recovery
How is data replication supported? How will you distribute data globally?
What is the backup/recovery strategy? Will you store full or partial backups? For
how long? On what systems, for what services?
What is the bulk data replication strategy? What is the multiregion strategy?
Data Versioning
How will your database be versioned? What about the data itself?
Database Automation
How will the database farm be automated and updated? What tools, pipelines,
and processes are in place or should be developed?
Database Performance Considerations
What performance thresholds for transactions within the database are expected?
Do you have a known level you must support?
Data Warehousing, Storage, and Management Requirements
What data volumes must be supported? Data movement policies and require‐
ments. Reference how logs will be stored, managed, or forwarded.
Data Maintenance
How data will be maintained, data retention policies, scripting to offload, data
restoration. How will data be populated for different environments for this appli‐
cation? Will data be truncated? At what interval? How will data be encrypted?
Are there GDPR or PII/PCI requirements to be stated for development teams or
infrastructure admins?
Data Migration
How will data get into the system? Is connecting to a legacy system required? Is
Golden Gate or Kafka or Extract, Transform, and Load (ETL) or another tool in
use? What time period is anticipated for this? Will data need to be synchronized
over a certain period of time?
Data Volume
What is the expected starting volume of data? What size database is anticipated?
Will there be multiple data stores? How many rows are anticipated to be added or
removed daily for the key services?
Logging
What are your log rotation policies? Are there requirements for Splunk or
another monitoring tool?
Reporting
How will we do reporting for customer use? For internal use?
Auditing
How must the system audit user changes to track and report in case of a security
breach or for compliance?
Security
How is the database farm itself specifically secured? Will data be encrypted at
rest, and how will that be managed? How will access to different environments be
managed, including at the development level?
Analytics
What data must be exposed by the application to support business analytics. How
must that data be exposed to support analytics tools? Will you have a data lake?
How will that be maintained, accessed, and used properly?
Caching Strategy
Requirements for caching and the locations and technology to support caching.
How distributed is it? Any guidance for application developers as applicable.
Guidelines on caching for implementers and for developers subsequently using
it.
Machine Learning
What specific processes must be called out for machine learning? How will data
pipelines be supported? What is that entire subsystem design? Feature engineer‐
ing considerations.
Infrastructure Design
Infrastructure overview statement.
Infrastructure Strategy
What are the patterns you employ? Are there deployment diagrams, component
diagrams, other UML? Cloud infrastructure design? Do you need to include load
balancers, DNS, application servers, networks, CIDR allowances, security, data
servers, firewalls, storage, queues, and so on?
Latency and Performance
How does your infrastructure support the specific application and customer-level
SLAs described earlier?
Infrastructure Security
How will the environments be secured?
Maintenance
How will teams perform patching (hopefully no-patching)? Related policies such
as operating system (OS) upgrades, replacements.
Standards, Guidelines, Conventions
References or links to existing guidelines that you want the teams to follow.
Infrastructure as Code (IaC)
References to templates, best practices, samples.
Environment Guidelines
When/how to use reserve instances, autoscaling groups, VPN access to different
environments by different teams, and so on.
Global Distribution
How do we enable and maintain the ability to distribute our applications glob‐
ally? Are there any particular concerns, such as regarding the Chinese firewall?
Concerns associated with performance and security in globally distributing?
Server replication processes and automation?
Immutable Infrastructure
Describe how your infrastructure is immutable, including process automation.
Hybrid
Are there any necessary strategies for hybrid architectures (solutions that span
on-premise and cloud)?
SLAs
State SLAs that you must meet. Put them in mathematically testable terms, from
a customer perspective. Include the panoply of customers, not only the end user.
END OF TEMPLATE
See also:
D3 in a nutshell
Writing a hundred pages up front is not the answer. What is the answer is this:
- Creating a concept of the whole picture as well as it’s understood and committing
that to an external, formal format beyond the designer’s internal thoughts and
conversations that others can see, read, understand, and use.
- Performing a thorough and ongoing analysis and deconstruction of the concept
based on its semantics. You don’t need to complete the entire document up front.
We just must make sure we do visit all of these concerns, understanding that they
will evolve.
- Making a crisp, declarative, unambiguous, directive, testable set of design deci‐
sions that are clearly derived from the concept and record them formally in a
public recording for the many diverse stakeholders.
Position papers
...
RAID
Risks, Assumptions, Issues, Dependencies.
The business aspect
Proposition 0
By definition, any purposive compound of objects and their relations is called a
system. (Examples can include a software application, a datacenter, a business
organization, a business process, a chemical compound, a written document, a
play, a music composition, and so forth.)
Proposition 0a
These compounded elements and their relations are not innate, but are proposed,
socially constructed, captured, augmented, determined, and filtered by the design‐
ers of that system.
Proposition 0b
Any system is either designed explicitly (purposively), or implicitly. If the design
is implicit, its design is regarded and comprehended only after the fact, after the
system is in place, as a result of a series of accidents, which is likely non-optimal.
Proposition 1
Certain principles apply to well-designed systems, and these same principles can
be employed across the design of any system, though seemingly disparate.
Proposition 1a
The attributes of any well-designed system include, at a minimum:
Fitness to purpose
It must serve what it purports to serve, to help users achieve their goals
efficiently.
Felicity
It must afford that purpose in a way that minimizes friction and noise, mak‐
ing it easy and delightful to use, consume, and participate in.
Flexibility
Given that the system operates in a world of frequent change, it should be
designed in a way to allow modifications, updates, and extension according
to future needs.
Proposition 1b
An additional set of attributes contemplated for a well-designed system (software
or otherwise) include the following:
Maintainability
It should be easy to correct faults, improve performance, and adapt to a
changed environment.
Manageability
You should be able to keep the system safe, secure, and operating smoothly.
Monitorability
You should be able to see into the system, to measure and understand how it
is working.
Performance
It must excel at its purposes.
Portability
It should be able to operate in a variety of contexts.
Scalability
It should be able to operate at the same level, even under increased load.
Proposition 2
The software system you design will operate within a business context, and there‐
fore, to be optimally designed, the software system must be designed to support
and operate within this business context or a new business context the software,
in its innovation, potentially requires the creation of.
Proposition 3
The business is a system of systems (these are business elements that are also sys‐
tems: your service-oriented development organization, the sales delivery process,
the architecture review board, the strategic funding process, local executive steer‐
ing committee meetings, the joint venture strategy, the project execution plan,
and so forth).
Proposition 4
The business therefore can be designed as systems; it operates according to these
same principles.
Proposition 5
Because the semantic designer (creative architect) is foremost a designer of sys‐
tems, the purview of the role includes the proper design of the software as well as
the design of the business systems themselves.
Conclusion
The business is a system just like the application is, so you as the creative director
must help design the business itself as a cohesive and coherent system according
to these principles, to achieve a better overall business outcome. The resulting
business, as a context in which software is developed, will help improve the soft‐
ware itself, and help you make it on time and on budget and according to user
needs. They inform and help (or hurt) each other.
So there are two points here:
-
You might not have historically considered it part of your job, but to be especially
effective, consider your purview to include the design of the organization itself
and its processes according to received architecture and design principles.
-
When you design especially effective software, you not only consider the applica‐
tion frameworks and software attributes, but consider the impact the business
will have on your system, and the impact your system will have on the business.
Therefore, now we turn our attention to the business itself, to ask specifically:
-
How can you see your organization and processes as systems in themselves to be
understood and purposively designed?
-
After you begin to see your organization through the lens of systems, how can
you optimize the organization and processes toward maximum effectiveness?
-
How can you determine the impact your burgeoning system might have on the
business?
• How aligned is the business with the system you are creating? As you bring it to
life, can it be properly supported?
By the end of this chapter, you will be able to answer these questions with the practi‐
cal tools we’ll introduce.
Go and buy the book to read more.
My notes
...based on my recent professional experience
Requirements
- Did you ask "Why?"
- Do you know who the users are/will be?
- Have you personally spoken to any of the users?
Maintenance
- Is there good MVC separation? Could it be improved?
- Is there good MVVM separation? Could it be improved?
- Is there good test coverage? Even of the error conditions? Even of the test code itself?
Links
There are a number of ways to evaluate these software packages:
Flowchart vs Database
Online vs Desktop
Visual-only vs Generated from source
Source language: General (e.g. Dot) vs Specific (e.g. PlantUML + C4)
Source-generated diagrams have many benefits:
Dot is the easiest to learn, and PlantUML has the most features.