100% found this document useful (4 votes)

3K views19 pages

Technical Solution Design Template

This document provides a template for a technical solution design document, outlining sections to include such as project summary, application design, integration design, security design, and infrastructure design. The infrastructure design section specifies developing, QA, and production system architectures, and covers availability, continuity, archiving, maintenance, monitoring, and access control considerations.

Uploaded by

Luis Arry

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

100% found this document useful (4 votes)

3K views19 pages

Technical Solution Design Template

Uploaded by

Luis Arry

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

CSUTechnicalSolutionDesign

Document
forProject<projectname>

V1.00

CSUTechnicalSolutionDesignDocument

DocumentStatusandRevisionHistory

Version

Author

Issuedate

Revisions

V1.00

PaulCullen

23/07/2009

Firstreleaseversion

DocumentAuthorisation

Name:

PaulCullen

Position:

Manager,EnterpriseSolutionServices,DIT

Name:

BrianRoberson

Position:

Manager,TechnologyIntegration

DocumentDistribution

No.

Recipient

PositionandDivision

TimArcher

EnterpriseSolutionArchitectTesting

WayneMarr

EnterpriseSolutionArchitectApplications

CraigPatterson

EnterpriseSolutionArchitectIntegration

ConradDareEdwards

EnterpriseSolutionArchitectInfrastructure

LukeWeston

EnterpriseSolutionArchitectSecurity

DotCottee

TeamLeader,TechnologyIntegration

ShaneJeffries

TeamLeader,TechnologyIntegration

BrianRoberson

Manager,TechnologyIntegration

DocumentPurpose
Thepurposeofthisdocumentistoserveasatemplateforthecreationofthetechnicalsolutiondesigndocument.Forthetechnical
solutiondesigndocumenttobecompletedthefollowingcpmpletedandsignedoffdocumentsneedtobedeliveredviathe
EA&L/ESSgateway:
BusinessRequirements

Page2of19

CSUTechnicalSolutionDesignDocument

FunctionalRequirements
RelevantEnterpriseArchitecturalStandards

Eachsectioncontainsnotes,considerationsandsuggestionstoguideanenterprisesolutionarchitectinthecompletionofthe
document.Dependingonthetypeofproject,eginternallyorexternallysourced,somecomponentsmaybeoptionalorcompleted
fromsuppliersdocumentation.Sectionscanberenamed,asappropriate,tosuitthetypeandcomplexityoftheproject.

TableofContents
TABLEOFCONTENTS.....................................................................................................................................................................3
1.

PROJECTSUMMARY.............................................................................................................................................................6

APPLICATIONDESIGN...........................................................................................................................................................6

2.1.

Userinterfaces.................................................................................................................................................................6

2.2.

UserManagement...........................................................................................................................................................6

2.3.

DataOutput.....................................................................................................................................................................6

2.4.

DataManagement...........................................................................................................................................................6

2.5.

CodingRequirements.......................................................................................................................................................6

INTEGRATIONDESIGN..........................................................................................................................................................7

3.1.

IntegrationSchematic......................................................................................................................................................7

3.2.

EnterpriseDataRequirements.........................................................................................................................................7

3.3.

MasterDataDefinitions...................................................................................................................................................7

3.4.

IntegrationScope.............................................................................................................................................................7

3.5.

MasterDataDocumentTypes..........................................................................................................................................7

3.6.

EnterpriseInterfaceRequirements...................................................................................................................................7

3.7.

DataTransferVolumes.....................................................................................................................................................8

3.8.

DataAvailability..............................................................................................................................................................8

3.9.

Latency............................................................................................................................................................................8

4.
4.1.

SECURITYDESIGN.................................................................................................................................................................9
Securityrequirementsanalysisandspecification..............................................................................................................9

Page3of19

CSUTechnicalSolutionDesignDocument

4.2.

Assessingsecurityrisks....................................................................................................................................................9

4.3.

Treatingsecurityrisks......................................................................................................................................................9

4.4.

Correctprocessinginapplications....................................................................................................................................9

4.5.

Cryptographiccontrols.....................................................................................................................................................9

5.
5.1.

INFRASTRUCTUREDESIGN..................................................................................................................................................10
SystemArchitecture(development,qaandproductionimplementations)......................................................................10

5.2.
InfrastructureManagement...........................................................................................................................................13
5.2.1.
Availabilityrequirements.................................................................................................................................................13
5.2.2.
Businesscontinuityfailoverandfailback.......................................................................................................................13
5.2.3.
Archivalrequirements......................................................................................................................................................13
5.2.4.
Maintenance....................................................................................................................................................................13
5.2.5.
Logfilerotation................................................................................................................................................................13
5.2.6.
Startingandstoppingtheapplication..............................................................................................................................13
5.2.7.
Monitoringinterfaces......................................................................................................................................................13
5.2.8.
Dependences....................................................................................................................................................................13
AccessControl...............................................................................................................................................................14
5.3.
5.3.1.
BusinessRequirementforAccessControl.......................................................................................................................14
5.3.2.
UserAccessManagement................................................................................................................................................14
5.3.3.
UserResponsibilities........................................................................................................................................................14
5.3.4.
FileSystemAccessControl...............................................................................................................................................14
5.3.5.
NetworkAccessControl...................................................................................................................................................14
5.3.6.
MobileComputingandTeleworking...............................................................................................................................14
5.3.7.
OperatingSystemAccessControl....................................................................................................................................14
5.3.8.
ThirdPartymanagementandaccess...............................................................................................................................14
5.3.9.
PhysicalandEnvironmentalSecurity...............................................................................................................................14
5.3.10.
ApplicationandInformationAccessControl...................................................................................................................14
5.4.
ApplicationManagement...............................................................................................................................................15
5.4.1.
ThirdPartyServiceDeliveryManagement.......................................................................................................................15
5.4.2.
OperationalProceduresandResponsibilities..................................................................................................................15
5.4.3.
Upgradeandcodemigration...........................................................................................................................................15
5.4.4.
OSpatchingandsecuritypatching...................................................................................................................................15
5.4.5.
Solutiondependencies.....................................................................................................................................................15
5.4.6.
Jobmanagement(cron,timedprocesses,...)..................................................................................................................15
5.4.7.
Userinteractions(printing,outputfolders,http,ssh,...)...............................................................................................15
5.4.8.
Licensing...........................................................................................................................................................................15
5.4.9.
Ongoingcosts..................................................................................................................................................................15
5.5.
ClientApplications.........................................................................................................................................................15
5.5.1.
Architecture.....................................................................................................................................................................15
5.5.2.
Installation.......................................................................................................................................................................15
5.6.
Migration.......................................................................................................................................................................16
5.6.1.
Migrationstrategy(howarewegoingtogointoproduction)........................................................................................16
5.6.2.
Rollbackstrategy..............................................................................................................................................................16
5.6.3.
Decommissioning.............................................................................................................................................................16

Page4of19

CSUTechnicalSolutionDesignDocument

TESTDESIGN.......................................................................................................................................................................17

6.1.
PSC/SDLCAnalysisPhase(RequirementsTesting)...........................................................................................................17
6.1.1.
UseCases.........................................................................................................................................................................17
6.1.2.
RiskRegister.....................................................................................................................................................................17
6.1.3.
Requirementvalidation...................................................................................................................................................17
6.2.

PSC/SDLCDesignPhase(FunctionalTesting)...................................................................................................................17

6.3.

PSC/SDLCTestingPhase(VerificationTesting)................................................................................................................18

6.4.

ImplementationPhase...................................................................................................................................................19

Page5of19

CSUTechnicalSolutionDesignDocument

1. ProjectSummary
Provideadescriptionofwhatapplication/system/productwillbedevelopedusingthissolutiondesign.Includeasummaryof:
Currentapplication,systemorproductinuse,ifany.Thiswillprovideareferencepoint.
Themainfeaturesofthissolutionincludingadescriptionofgeneralfunctionality,maincomponents,outputexpectationsandtarget
usergroups.Thisappliestobothinternallyandexternallysourcedapplications.

2. ApplicationDesign
Thissectionisflexibleinthatcomponentsmayormaynotbeincludeddependingonthecomplexityoftheprojectandwhetheritis
sourced/developedinternally.ProvidesufficientdetailtoallowatechnicalbuilddocumenttobegeneratedbyTIusingthis
documentasabase.Thedepthofdetailisdependentontherelationshipofthesolutiontotheexistingsystem.Forexample,anew
DEEWRSreportwillfollowwelldefinedconventionsandelementswhereasathirdpartyapplicationwillonlyhavehigherlevel
designelements,ornoneatall.

2.1. Userinterfaces
Definespecificelementsoftheuserinterfacesuchaswebpages,oracleforms,etc.,andincludemockupsasagreedwiththeclient.

2.2. UserManagement
Definetheownersandgroupsfortheapplication/systemandthegeneric,administrativeand/orsystemuserloginsandtheir
functions,ifany.Includeanythirdpartyaccessrequirements.Identifythejobpositionthathasownershipandadministrative
responsibilityfortheapplication/system.

2.3. DataOutput
Defineanyoutputartefactssuchasreports,files,screendisplays,datatransferstodatabasetables,orthirdpartyapplications,etc.
Includecommentsregardingfrequencyofoutputortransferandanyrequirementstoautomateprocesses,suchasovernightbatch
processing.

2.4. DataManagement
Definerequirementsforeachenvironmentincludingfolderstructures,filestorelocations,databaseelementsschemas,tables,
packages,triggersandsequences,asapplicable.

2.5. CodingRequirements
Definespecificrequirementsthatmustbecodedinthesolution.Include:thepreferredcodeplatform;theneedtouseincludefiles
and/ordatabasepackages;datavalidationrequirements;specificmethodologiesoralgorithmsrequiredtoderivedatavalues;
significantspecificoutputrequirementsexpectedbasedoninputdata,includinglogs;referencetoanyexistingcodeelementsthat
canbereused;anyintersystemtransferrequirements;authenticationandaccessmethodology.

Page6of19

CSUTechnicalSolutionDesignDocument

3. IntegrationDesign
TheintegrationdesignprovidesdetailsonhowthesolutionapplicationwillintegratewithotherCSU
applicationsand/orapplicationsoutsidetheuniversity.

3.1. IntegrationSchematic
Acontextdiagramistobeprovidedshowinghowthesolutionintegrateswithotherapplications.Alsoinclude
anysourcesthatmayberequiredformasterdata.

3.2. EnterpriseDataRequirements
AnySolutionDatawhichalreadyexistsintheMasterDataCataloguemustbesourcedfromthere.Ifknown,listthesedataobjects
andindicateifanyofthisMasterDatawillbechangedwithinthesolution.Indicatetheflexibilityforthesolutiontobeableto
consumedatafromanexternalsourceandcontributedatatoanexternaltarget(asmasterdata).Describetheability/flexibilityto
selectwhichtablesorattributeswillbepopulatedfrommasterdata,andwhichwillcontributetomasterdata.

3.3. MasterDataDefinitions
MasterDatadefinitionsareavailableinthefollowingdocumentslocatedintheUNCpath,S:\Administrative\Information
Technology\Architecture\6InformationArchitecture\MasterDataDefinition\1CurrentApproved

3.4. IntegrationScope
ERDshowingthemasterdataentitiestobeusedbythesolutionconsultationmaybewiththeEnterpriseDataArchitect,e.g:

3.5. MasterDataDocumentTypes
Defineenterprisedatastructurestobeusedbytheapplication.Inthecaseofnewstructuresbeingrequiredthatarenot
implementedinthedefinedEnterpiseDataModelornotimplementedinwebMethodsorMDR,thenconsultationwiththe
EnterpriseDataArchitectwillberequired.Forthisconsultation,youshouldgainthenecessaryinformationtocompletethe
structure.i.eName,Attributes,Sizes(?)andsqlnecessarytogatherfromthesourceapplication.Thisneedstoberecordedinthe
design,preferentiallyinatablestructureforTItoimplement.

3.6. EnterpriseInterfaceRequirements
TheITDataArchitectureStandardshowsthestandardmethodsofinteractionwithCSUdata.Showdetailsonhowthissolutionwill
connecttotheMasterDataand/orotherCSUapplications
WillthesolutionusewebMethodsorothermethodstoexchangedatawithotherapplications?Ifso,referto4.2.1to
providedetailsonrequirements.
Willtheapplicationrequiremasterdatatobeprovidedtoitslocaldatabase?
WillservicesbecalledinsidewebMethodstoreturndatafrommasterdata?ifso,providedetailsonservicei.ename,desc,
inputs,outputs,selecttouse(orflowdesign)
WilltherebeconnectionstoActiveDirectoryorLDAPforauthentication?
Willtherebegenericvendorprovidedintegrationbetweenapplications?i.eDegreeworksandBanner,DentistrysSaludand
Romexis
Willpasswordsneedtobepushedtotheapplication?(Currentlywedontprovidethisserviceasanumberofsecurity
questionsareraised...YouwillneedtoconsultwiththeEnterpriseIntegrationArchitect,EnterpriseDataArchitect,
EnterpriseApplicationArchitectandSecurityArchitecttodiscussifitbecomesarequirement.
Willdataberequiredtobepushedtoanexternalhostedapplication?i.eHeims
WillTransactionalControlneedtobeimplemented?i.e.XATransactions..dontcommitunlesstransactionsaresuccessful
onmorethanonedatabase.
Note:Whencreationofwebmethodsservicesortransfersarerequired,thereisawebMethodsDevelopersHandbookinthe
followinglocationS:\Administrative\InformationTechnology\Architecture\IntegrationCentre\Handbooks\Developers\Developers
Handbook.doc

Page7of19

CSUTechnicalSolutionDesignDocument

3.7. DataTransferVolumes
Provideestimatesonthevolumeofdatatobetransferredtoandfromthesolution.Thisshouldincludesizeforcurrentdemands
andfuturegrowth.

3.8. DataAvailability
DescribehowthesolutionwillcopeifaccesstotheMasterDataisunavailableforaperiodoftime.Addressspecificsituationssuch
ashowthesolutionwillrespondifuserauthenticationinformationisunavailable,orifCSUInteractisunavailable.Thiscanbecomea
problemfortheapplicationwhereservicestoselectfromMasterdataaretobeused.CurrentlythereisonlyoneMDRdatabasesoif
itbecomesunavailable,thiswillneedtobecateredforintheapplication
.

3.9. Latency
WhenusingMasterDatawithintheSolutionsownschemas.Howquicklywillthisdatahavetoberefreshed?Egrealtime,withinan
hour,overnightetc.Istherethepotentialforanadverseeffectonperformancewhereadatatransferisrunningbetween
campuses?

Page8of19

CSUTechnicalSolutionDesignDocument

4. SecurityDesign
ThegoalofsecuritydesignintheSDLCistoensuresecurityisanintegralpartoftheinformationsystemsolutionsdevelopedAll
securityrequirementsshouldbeidentifiedattherequirementsphaseofaprojectandjustified,agreedanddocumentedaspartof
theoverallbusinesscaseforaninformationsystem.AS/NZSISO/IEC27002:2006.
Thebusinessrequirementsfornewsolutions,orenhancementstoexistingsolutionsshouldspecifytherequirementsforsecurity
controls.Theriskmanagementprocesscanbeusedtoidentifytherequirementsforsecuritycontrols.
Specificationsforsolutionsshouldconsiderbothautomatedcontrolsandtheneedforgovernanceprocessestosupportmanual
controls.Thisalsoneedstobeconsideredwhenevaluatingsoftware,bothdevelopedandpurchased.
Thesecurityrequirementsandcontrolsshouldreflectthebusinessvalueoftheinformationassetsinvolved,andthepotential
impacttoCSUshouldafailureorabsenceofsecurityoccur.(SeealsoCSUMasterDataGovernance.doc)
Purchasedproductsneedtoundergoaformaltestingandacquisitionprocessthatincludessecurityfunctionality.

4.1. Securityrequirementsanalysisandspecification

4.2. Assessingsecurityrisks
ThepotentialrisksassociatedwiththeimplementationofanewsolutionneedtobeassessedatthebeginningoftheSDLC.The
assessmentofsecurityrisksshouldbeincludedinthesolutioncoordinatorschecklistandfollowthemethodspecifiedinthe
SolutionRiskAssessmentMethodologyforSolutionDesign.
Riskassessmentsshouldidentify,quantify,andprioritizerisksagainstcriteriaforriskacceptance(oravoidance)andtheobjectives
ofthesolutionbeingdevelopedand/ortheobjectivesofDIT.Theyshouldbeperformedinamethodical,standardised,reproducible
manner.
Theriskassessmentshouldhaveaclearlydefinedscope.Forthepurposesofthedocumentthescopewouldusuallybethe
individualsolutionbeingdeveloped,howeveritshouldincluderelationshipswithriskassessmentsonothersolutionsin
developmentorproduction.Itmayalsohavetoincludeelementsofrisktotheentireorganisation.
Theoutputofariskassessmentshouldthendeterminetheappropriatelevelofriskmanagement.Theappropriatelevelofrisk
managementwillguideanddetermineprioritieswhenimplementingcontrolstominimiserisk.
Riskassessmentsshouldincludeasystematicapproachofmeasuringorestimatingthemagnitudeofrisks(riskassessment)andthe
processofcomparingtheestimatedrisksagainstriskcriteriatodeterminethesignificanceoftherisks(riskevaluation).
RiskassessmentsshouldalsoformpartoftheSDLCreviewprocessthatincludesreassessingtherisksofasolutionperiodically
and/orwhensignificantchangesoccur.

4.3. Treatingsecurityrisks
Oncethesecurityrequirementsandriskshavebeenidentifiedandthedecisionforthetreatmentofriskshasbeenmade,the
appropriatecontrolsshouldbeselectedandaddedtothedesigndocument.ControlscanbeselectedfromtheISO27002standardor
fromothercontrolsets,ornewcontrolscanbedesignedtomeetspecificneedsasappropriate.

Theselectionofsecuritycontrolsisdependentuponthesolutionscriteriaforriskacceptance,andrisktreatmentoptionsandshould
alsobesubjecttoallrelevantnationalandinternationallegislationandregulations.

4.4. Correctprocessinginapplications.
Correctprocessinginapplicationsisneededtopreventerrors,loss,unauthorisedmodificationormisuseofinformationin
applications.Securitycontrolsshouldbeimplementedthatensurethevalidationofinputdata,internalprocessingandoutputdata.

4.5. Cryptographiccontrols.
Cryptographiccontrolscanbeusedtoprotecttheconfidentiality,authenticityandintegrityofinformation.
Theneedforcryptographiccontrolscanbedeterminedbyriskassessmentprocessesandalsothedatasclassificationlevelas
determinedbytheCSUMasterDataGovernanceprocess.
Cryptographiccontrolsmaybeneededinbothinformationstorageandtransmission.
Iftheuseofcryptographickeysistobeconsidered,akeymanagementprocessisessentialtoensuredistribution,storage,changing,
revoking,recovery,archiving,destroyingofkeys.

Page9of19

CSUTechnicalSolutionDesignDocument

5. InfrastructureDesign
Infrastructuredesignprovidesdetailsandguidanceonthecommondesignconsiderationsthatarerequiredtomadewhendesigning
infrastructuresolutionswithintheCSUDIT.

EnvironmentsrequiredMarkrequiredenvironmentswithanX
Environment

Role

Production

clientsconductbusiness

QualityAssurance

Functionaltestingofinhouseenhancements

Development

Inhouseenhancementsdevelopedandtested

Training

Clientapplicationtraining

Implementation

Newversionsimplementedandtestedpriorto
migrationtoproduction

Lifespanofenvironments

Permanent

AdHoc

Production
QualityAssurance
Development
Training
Implementation

5.1. SystemArchitecture(development,qaandproductionimplementations)

OperatingSystem

ServerSpec
Architecture
NumberofCPUs
RAM
Datacentre

RedHatEnterprise5(x86)

Allocatedstorage
RaidType
raid1+0(SASfibrechannel)

Size
20G

MountPoint
/

raid5(SASfibrechannel)
raid5(Sata)
LocalAttachedstorage

Page10of19

CSUTechnicalSolutionDesignDocument

Disk

Size

Type

C1t1d0

146G

SAS

Disk

MountPoint

RaidType

C1t1d0

Raid1

C1t2d0

Raid1

MetaDevices
Device

Submirrorof

MountPoint

RaidType

d10

Raid1

MountPoint

RaidType

d11

Raid1

OperatingSystemPartitions
Partition

Raid1

Size

Type

10G

/var

20G

Network
DNS

VLAN(campus,public,
secure)

Shares
Protocol

Location

Version

RequiredInstalledSoftware
Software

Backup

Page11of19

CSUTechnicalSolutionDesignDocument

Partition

Frequency

Rotational/Archive

Timeframe

Database
Vendor
Version
Machine
Partition
DBName
DBServiceName

DBUser
DBPw

Page12of19

CSUTechnicalSolutionDesignDocument

5.2. InfrastructureManagement
5.2.1. Availabilityrequirements
Howlongcanthesystembeunavailablebeforeitstartstoimpactonthebusiness.Isthisimpactfeltonlyduringbusinesshoursor
doesthisextendafterhoursorduringweekends.

5.2.2. Businesscontinuityfailoverandfailback
Businesscontinuityprovidesalevelofbackupthatwillenabletheservice/applicationtoberestoredtoworkingorderinadefined
period.Whatstandbysystemsareavailableforfailoveroftheapplicationservices.Howisfailoverachievedandwhatprocedures
areinplacetoperformthisprocess.

5.2.3. Archivalrequirements
Arethereanyarchivalrequirementswithlogsorothercreateddata.Ifany,whataretheretentionperiodsforthisinformation?
Rememberbackupstorageisrotatedsoifyouneeddatafromapointintimegreaterthanthefrequencyofthebackupsyouneedto
specifythisasanarchivalrequirement.

5.2.4. Maintenance
Arethereanymaintenanceplansforanyofthesystems.Whatlevelofmaintenanceisprovided.

5.2.5. Logfilerotation
Arethereanylogsproducedbytheapplication.Whatinformationisavailableinthelogfilesandforwhatperiodaretheyrequired
tobekept.

5.2.6. Startingandstoppingtheapplication
Whatinterfacesareavailabletostartandstoptheapplication.Whatdocumentationisavailabletooperatorstocheckthestatusof
theapplication.Arethereanychecksordependenciesthatneedtobeconsideredbeforetheapplicationcanbestartedorstopped.

5.2.7. Monitoringinterfaces

Whatexternalmonitoringofthesystemcanbedonetoalertpeopleofanoutage.SelfmonitoringIsthereanyconfigurations
requiredtoallowtheapplicationtoalertoperatorsofpotentialissues(ping/Servicebased).

Nagios
ServerName

Test

NotificationTimeframe

ContactGroup

ServerName

Test

NotificationTimeframe

ContactGroup

OEM

5.2.8. Dependences
Whatexternaldependenciesdoesthisapplicationhave.Whatimpactwouldanexternaloutagehaveonthefunctionsofthe
application.Whatdependsonthissystemandhowwouldanoutageofthisapplicationimpactonothersystems.

Page13of19

CSUTechnicalSolutionDesignDocument

5.3. AccessControl
5.3.1. BusinessRequirementforAccessControl
Defineaccesscontrolpolicy

5.3.2. UserAccessManagement
Userregistration,provisioning,privilegeandpasswordmanagement.

5.3.3. UserResponsibilities
Passwordpolicies,unattendeduserequipmentandcleardeskandclearscreenpolicy

5.3.4. FileSystemAccessControl
Physicalorlogicalaccesstosystemsbysuppliersforsupportshouldbemonitoredandchangesauthorisedusingthechange
managementprocess.Protectionofsystemtestdataandaccesstoprogramsourcecodesecuritycontrol.

5.3.5. NetworkAccessControl
Whataccesscontrolsaretobeimplementedonthenetworklevel.Aretheirpoliciesthatrelateusagefromspecificmachinesor
locations?

5.3.6. MobileComputingandTeleworking
Whataretheconsiderationsaroundusingtheapplicationfromoffcampus.

5.3.7. OperatingSystemAccessControl
Securelogonprocedures,useridentificationandauthentication,useofsystemutilities,sessiontimeoutandlimitingofconnection
time

5.3.8. ThirdPartymanagementandaccess
Isthissystemmanagedbyathirdpartyifsowhoandhowdowecontactthem.HowdotheyaccessthesystemandwhoinCSUdo
theyreportto.

5.3.9. PhysicalandEnvironmentalSecurity

5.3.10. ApplicationandInformationAccessControl
Informationaccessrestrictionandsensitivesystemisolation

Page14of19

CSUTechnicalSolutionDesignDocument

5.4. ApplicationManagement
5.4.1. ThirdPartyServiceDeliveryManagement
Servicedelivery,monitoringandreviewofthirdpartyservicesandmanagingchangestothirdpartyservices.

5.4.2. OperationalProceduresandResponsibilities
Documentedoperatingprocedures,changemanagement,segregationofduties,separationofdevelopment,test,andoperational
facilities

5.4.3. Upgradeandcodemigration
Howareupgradestotheapplicationandorhardwaredelivered.

5.4.4. OSpatchingandsecuritypatching
WhatlevelofOSpatchingisrequested.Doesanygroupneedtobeconsultedaboutthetimingofpatching

5.4.5. Solutiondependencies
Arethereanyotherapplicationsorphysicalhardwarethatneedtobeinstalled?Whatversionoftheapplication?Aretheyinstalled
aspartoftheapplicationandhardwareinstallationordotheyneedtobeacquiredandinstalledseparately?

5.4.6. Jobmanagement(cron,timedprocesses,...)
Whattimedprocessesarerequiredandwhatistheirpurposeandfrequency.

5.4.7. Userinteractions(printing,outputfolders,http,ssh,...)
Howdousersinteractwiththeapplicationoutputfolders,webaccess,ssh,ftp,fileshares,telnetorotheraccess.Isprintingrequired
fromaWebor/andApplicationserver,pleasespecifyanyUNIXprintqueuesthatwillberequiredandiftheyneedanyothersettings
eg:portrait/landscape

5.4.8. Licensing
Whatsoftwareand/orhardwarelicenceshavebeenpurchased.Whatinsummaryarethelimitationsoftheselicenses.

5.4.9. Ongoingcosts
Whatongoingcosts(licensing,maintenance)areassociatedwiththeapplication.Whatprocessiscapturingtheseandmanaging
these.

5.5. ClientApplications
5.5.1. Architecture
Howdo/willtheclientsconnecttotheapplication?

5.5.2. Installation
Howwilltheapplicationbedeliveredandtowhatuserbase

Page15of19

CSUTechnicalSolutionDesignDocument

5.6. Migration
5.6.1. Migrationstrategy(howarewegoingtogointoproduction)
Howisthesystemgoingtobemadeavailablewithoutimpactingoncurrentsystems.Whatchangestoothersystemsneedtobe
madetomakethisserviceoperational.

5.6.2. Rollbackstrategy
Whatchangeshavebeenmadetoothersystemstoaccommodatethisapplication.Documenthowthesecanberemovedwithout
impactingonothersystems.

5.6.3. Decommissioning
Doesthissystemreplacethefunctionsofotherproductionsystems?Whatsystemsaretheseandwhatprocessisinplacetoremove
thesesystemsthatarenowredundant?

Page16of19

CSUTechnicalSolutionDesignDocument

6. TestDesign
TestingshouldoccurateachstageintheDevelopmentLifecycle.Someoftheactivitiesbelowshouldbeperformedaspartof
ProjectManagementactivities.

Note:Currentlytestingwilloccurinthisdocumentasanendtoendprocess,butwillhavesomesectionsmovedtotheSDLCintro
documentasrevisionsoccursothatthereisatestingoverlayintheintrodocandachecklistinthisdocumentoftestingelements
thatshouldcoverthesolutiondesign.

6.1. PSC/SDLCAnalysisPhase(RequirementsTesting)
6.1.1. UseCases
Astherequirementsarecompleted,UseCasesshouldbedevelopedtomodelprocessflows.Thesearethenusedatmultiplelevels
throughouttheprocessandoncesignedoffbythebusiness,arethemselvesatesttoensurerequirementsarecorrectlydefined.
UseCasesshouldbedevelopedbytheBusinessAnalyst(BA)and/orBusinessExpert(BE)andshouldincludesampledatawhichcan
beusedintestexecution

6.1.2. RiskRegister
Akeyreasonfortestingistoreducethelevelofriskandconveythecurrentlevelofrisktothemanagementandstakeholders.In
realworldsituationstestingislikelytobeconstrainedbyavailabilityofresourcesortimeorbothandthereforeitisimperativethat
testingisprioritisedbasedontherisksidentified.Risksshouldbeidentifiedforeachrequirementdefinedaswellasforgeneral
risks.UseofariskchecklistsuchasonemodelledonISO9126ishighlyrecommended.

TheRiskRegistershouldbedevelopedbytheProjectManager(PM)inconjunctionwiththeProjectTeam.
Thefollowingtableshowstheriskmatrix:

Likelihood
VeryHigh
High
Low
VeryLow

Severity
VeryHigh
A
A
A
B

High
A
B
B
C

Low
A
B
C
C

VeryLow
B
C
C
C

6.1.3. Requirementvalidation
AtleastonetechniquesuchasCauseEffectorStateTransitiontestingshouldbeappliedtotherequirementstounearthpotential
problemsbeforeprogressingfurtherthroughthedesign.

Thesetechniquesshouldnotbeperformedbythesamepersonwhowrotetherequirements,andislikelytobetheresponsibilityof
thePMorBE.

6.2. PSC/SDLCDesignPhase(FunctionalTesting)

Functionaltestingensuresthatthefunctionalcomponentsofthesolutionhavebeenconstructedinlinewithfunctional
specificationspriortoundertakingintegrationandacceptancetesting.

Testcasesshouldbedevelopedfromthefunctionalspecificationandusecases.Usecasesprovideavaluablebackbonetotestcase
preparationduetothecorrelationbetweenausecaseandassociatedtestcases.

Testcasesshouldidentifythefunctionalrequirement,usecaseorriskbeingtested,thestepsnecessarytoperformthetestandthe
expectedoutcomeofthetest.

Page17of19

CSUTechnicalSolutionDesignDocument

TestCasepreparationandexecutionshouldbeprioritisedbasedontheriskregisterforthesystem.Highriskitemsshouldhave
moretestcasesassociatedwiththemandbetestedmorethoroughlyandlowriskitemsmaynotbetestedatallgiventimeand
resourceconstraints

Functionaltestcasesarespecifictothefunctionbeingtestedandtesttheexecutionofthatfunction.Howeverthereshouldbe
additionaltestcasesthatcoverfunctionalityofthesystemoncethecomponentsareintegratedtogether.

UnitTestPreparation
Description:UnitTestsareusuallyautomatedandgetruneachtimeabuildofthesystem
happens.Whiletheyadddevelopmenttime,theygreatlyassistintheconfidenceinthesystemcomponentsandreducetheriskthat
changeswillintroducedefects.Theyarewrittenattheverylowestleveloftestingoutputsfromknowninputs.
Responsibility:Developer
Preconditions:SignedoffRequirementsDocuments
Outputs:Unittestexecutionreports

InputValidation&BoundaryValueTestPreparation
Description:InputValidationandBoundaryValuetestsensurethatinvalidinputtothesystemiscorrectlytrappedandhandled.
Theytrytomakethedataascleanaspossibletoavoiddatainconsistenciesandunformattederrorbeingreportedtotheenduser.
Responsibility:Developer
Preconditions:CompletedUnitTestExecution
Outputs:TestCaseexecutiondocumentation

UnitTestExecution
Responsibility:Developer
Preconditions:SignedoffRequirementsDocuments
Outputs:Unittestexecutionreports

InputValidation&BoundaryValueTestExecution
Responsibility:Developer
Preconditions:CompletedUnitTestExecution
Outputs:TestCaseexecutiondocumentation

AccessibilityTestPreparation
Description:
Accessibleapplicationsandsystemsarenowlegalrequirements.Systemsshouldcomplywiththerelevant
accessibilitypoliciesandguidelines,suchastheCSUWDAAP.
Responsibility:Developer
Preconditions:Allotherdesignphasetestingcompleted
Outputs:AccessibilityTestcases

AccessibilityTestExecution
Responsibility:Developer
Preconditions:Allotherdesignphasetestingcompleted
Outputs:Accessibilityreport

6.3. PSC/SDLCTestingPhase(VerificationTesting)

IntegrationTestexecution
Description:Integrationtestingisperformedoncetestingofdiscretefunctionsiscompletedandensuresthatthefunctionsofthe
solutionoperatetogetherasspecifiedinthefunctionalrequirements
Responsibility:SystemsOfficer
Preconditions:Systemcomponentsindividuallytestedandassembled
Outputs:TestCaseexecutiondocumentation

Page18of19

CSUTechnicalSolutionDesignDocument

SystemTestexecution
Description:Systemtestsfocusnotonlyonthedesign,butalsothebehaviourandeventhebelievedexpectationsofthecustomer.
Theyalsotestuptoandbeyondtheboundsdefinedintherequirementsspecification,andincludeareassuchasregressionsand
Securitytesting.
Responsibility:SystemsOfficer
Preconditions:Systemcomponentsindividuallytestedandassembled
Outputs:TestCaseexecutiondocumentation

Performance,LoadandStressTestexecution
Description:Performancemeasuringsystemresponsetimesandloadunderexpectednormalconditionsincludingother
applicationsandusernumbersLoadmeasuringsystemresponsetimesandloadunderexpectedpeakperiodsStressfindingthe
breakingpointofthesystemintermsofvolumeoftraffic,numbersofusersetc
Responsibility:SystemsOfficer
Preconditions:SystemOfficercompletesothertesting,codemovedtoQA
Outputs:Performancemetrics

6.4. ImplementationPhase

UserAcceptanceTesting(UAT)
Description:Testingofrealworldsituationswithrealisticdatabyactualusersofthesystem.
Responsibility:BusinessUserswithguidancefromsystemofficers
Preconditions:SystemOfficercompletestesting,systemreadyforrelease,codemovedtoQA
Output:Signedoffdocumentstatingthatthebusinessishappywithreleasingtheproducttoproduction,
listingtestsconductedindetailandtheresultsofthosetests.

Page19of19

Common questions

The procedures for handling archival requirements include specifying retention periods for logs and other data needing backup beyond regular frequencies. Log file rotation involves creating, managing, and archiving log files efficiently to ensure information from logs is available for the required periods and to prevent data loss from overridden files . These archival strategies help maintain compliance and provide a comprehensive security overview and are vital for audit trails and data retrieval purposes .

Testing phases in the SDLC process are structured to ensure comprehensive evaluation of the software. The phases include requirements testing during the Analysis Phase (verification of use cases and risk assessment), functional testing in the Design Phase (ensuring alignment with specifications), verification testing before implementation (system integration and user acceptance), and performance testing (stress, load, and user environment testing). Each phase aims to reduce risks, validate requirements, ensure functionality, verify system integration, and confirm readiness for real-world deployment .

Access Control in the design document covers various aspects including Business Requirement for Access Control, User Access Management, User Responsibilities, File System Access Control, Network Access Control, Mobile Computing and Tele-working, Operating System Access Control, Third Party Management and Access, Physical and Environmental Security, and Application and Information Access Control . Each of these components requires detailed procedures and policies to ensure secure access management, including user registration, password management, monitoring supplier access, secure logon procedures, session time-outs, and managing third-party access .

Functional testing ensures that individual software elements meet functional specifications, typically before integration. It involves testing specific functional components with detailed test cases derived from specifications and use cases . Integration testing, on the other hand, follows functional testing and ensures that these components work together as a cohesive system, validating interactions and data flows between them to meet overall system requirements . While functional testing checks each unit, integration testing focuses on the collaboration between units, critical for system coherence and identifying defects that occur at integration points .

User Access Management is vital for system security as it includes user registration, provisioning, privilege management, and password policies. Effective management controls unauthorized access and reduces vulnerabilities. It impacts system security by ensuring that access rights are granted based on least privilege, with strict protocols for password management and monitoring user activities to enforce standards like clear desk policies, ensuring systems remain protected against internal and external threats .

Third Party Service Delivery Management plays a crucial role in the application's lifecycle by ensuring that all outsourced services are delivered effectively and meet expected standards. It involves monitoring and reviewing third-party services and managing any service changes. Proper management ensures that external dependencies do not lead to vulnerabilities and that service levels are maintained through defined agreements, aiding in seamless operation and risk mitigation connected with external service dependencies .

Performance, load, and stress testing provide insights into a system's capacity to handle expected and peak loads. Performance testing measures system response times under normal conditions, assessing reliability. Load testing evaluates performance during peak activity, assessing system scalability. Stress testing determines the breaking point under extreme conditions, identifying limitations and robustness. Together, these tests inform stakeholders of the system's capacity and constraints, guiding improvements and confirming readiness for deployment .

File System and Network Access Controls assure data integrity and security by restricting access to authorized users, monitoring access by service suppliers, and protecting test data. File System Access involves authorizing changes via a change management process, while Network Access Controls are enforced by policies restricting access based on locations or machines. These measures prevent unauthorized access, reduce potential data breaches, and ensure that system data remains secure and uncompromised .

Business continuity in application service management is ensured by having standby systems available for failover. Failover is achieved through predefined procedures, which include restoring the service/application to working order in a defined period. The design document specifies the processes and approaches for failover, emphasizing the need for backup systems to maintain continuous service availability .

The design document outlines a migration strategy focusing on system availability and minimizing impact on current systems. Changes to other systems might be necessary to accommodate the new service. The rollback strategy involves documents on how changes can be reversed without affecting other operations, enabling a planned and smooth decommissioning process of systems rendered redundant by new implementations .

Solution Architecture Document Template
100% (3)
Solution Architecture Document Template
16 pages
Solution Design Document (SDD) : Project Name: Project Code: Author: Position: Phone: Email: (Your Email Address)
100% (2)
Solution Design Document (SDD) : Project Name: Project Code: Author: Position: Phone: Email: (Your Email Address)
33 pages
03 - SDD - Solution Design Document
77% (30)
03 - SDD - Solution Design Document
33 pages
Solution Architecture Example
No ratings yet
Solution Architecture Example
35 pages
Solution Architecture SDD
No ratings yet
Solution Architecture SDD
35 pages
Solution Architect Role Overview
No ratings yet
Solution Architect Role Overview
4 pages
Enterprise Architecture Insights
No ratings yet
Enterprise Architecture Insights
20 pages
Enterprise SOA Reference Architecture
100% (33)
Enterprise SOA Reference Architecture
20 pages
Solution Architecture Document: (Project Name)
No ratings yet
Solution Architecture Document: (Project Name)
16 pages
Solution Architecture
100% (1)
Solution Architecture
16 pages
SolutionArchitectureReport PDF
No ratings yet
SolutionArchitectureReport PDF
261 pages
Software Design Document - Template
100% (1)
Software Design Document - Template
11 pages
IDA Technical Design Document Template
No ratings yet
IDA Technical Design Document Template
21 pages
Solution Design Template
No ratings yet
Solution Design Template
14 pages
A Practical Approach To Application Modernization: Presented By: Vmware
No ratings yet
A Practical Approach To Application Modernization: Presented By: Vmware
17 pages
High Level Design Guidelines Document
No ratings yet
High Level Design Guidelines Document
9 pages
Delloite Technical Design Document
100% (1)
Delloite Technical Design Document
32 pages
Solution Architecture Document Word Formatdoc147
100% (1)
Solution Architecture Document Word Formatdoc147
24 pages
IT4IT Overview and Value Chain Insights
100% (1)
IT4IT Overview and Value Chain Insights
71 pages
A Software Design Specification Template
No ratings yet
A Software Design Specification Template
12 pages
Detailed Design Document
100% (1)
Detailed Design Document
50 pages
Solution Architecture Review Template
No ratings yet
Solution Architecture Review Template
15 pages
IT Architecture in a Changing Landscape
No ratings yet
IT Architecture in a Changing Landscape
60 pages
11 Architecture Review Board Charter
100% (2)
11 Architecture Review Board Charter
9 pages
Whitepaper Esb Event Driven Ipaas
No ratings yet
Whitepaper Esb Event Driven Ipaas
21 pages
Cognizant Ai First For Mainframe Modernization
No ratings yet
Cognizant Ai First For Mainframe Modernization
5 pages
WA Enterprise Architecture Framework - 0
100% (1)
WA Enterprise Architecture Framework - 0
59 pages
Sample High Level Design
100% (2)
Sample High Level Design
12 pages
Project Requirements Document Draft
No ratings yet
Project Requirements Document Draft
9 pages
Building Effective Enterprise Architecture (EN) PDF
No ratings yet
Building Effective Enterprise Architecture (EN) PDF
12 pages
ERP Tech Architecture Guide
100% (5)
ERP Tech Architecture Guide
28 pages
Software Requiremen Specification Template
100% (1)
Software Requiremen Specification Template
19 pages
Solution Architect Role & Responsibilities
0% (1)
Solution Architect Role & Responsibilities
10 pages
SystemDesign Document
100% (1)
SystemDesign Document
31 pages
ITD Business Requirements Document - 2013
No ratings yet
ITD Business Requirements Document - 2013
78 pages
Technical Design Document Template
100% (4)
Technical Design Document Template
11 pages
Solution Architecture for Business Problems
100% (3)
Solution Architecture for Business Problems
44 pages
Architecture Overview Diagram
No ratings yet
Architecture Overview Diagram
12 pages
Technical Design Document
No ratings yet
Technical Design Document
21 pages
Application Modernization
No ratings yet
Application Modernization
2 pages
Enterprise Architects: Bridging IT & Business
100% (2)
Enterprise Architects: Bridging IT & Business
1 page
SRS Document For Review
No ratings yet
SRS Document For Review
11 pages
UAT Test Plan Template for Donor Drive
No ratings yet
UAT Test Plan Template for Donor Drive
11 pages
05 - High-Level Solution Architecture and Fit Gap Report - Dynamics - AX
100% (1)
05 - High-Level Solution Architecture and Fit Gap Report - Dynamics - AX
12 pages
BRS Template PDF
100% (1)
BRS Template PDF
105 pages
Sol Arc
No ratings yet
Sol Arc
26 pages
SDD Example
0% (1)
SDD Example
51 pages
Solution Design Document
No ratings yet
Solution Design Document
5 pages
Pcce B Soldg-For-Packaged-Cce Chapter 010 PDF
No ratings yet
Pcce B Soldg-For-Packaged-Cce Chapter 010 PDF
106 pages
Solution Design Guide For Cisco Unified Contact Center Enterprise 11.6
No ratings yet
Solution Design Guide For Cisco Unified Contact Center Enterprise 11.6
504 pages
Ucce B Soldg For Unified Cce
100% (1)
Ucce B Soldg For Unified Cce
508 pages
HCS SA Recommended Deployment White Paper
No ratings yet
HCS SA Recommended Deployment White Paper
77 pages
Ucce B Ucce Soldg For Unified Cce 1261
No ratings yet
Ucce B Ucce Soldg For Unified Cce 1261
520 pages
UCCE SRND 8-5 Dated 08-03-2011
No ratings yet
UCCE SRND 8-5 Dated 08-03-2011
367 pages
Ucce Reporting Guide116
No ratings yet
Ucce Reporting Guide116
476 pages
Ucce - B - Ucce - Soldg For Unified Cce 1262
No ratings yet
Ucce - B - Ucce - Soldg For Unified Cce 1262
552 pages
Cuaca DG 120501
No ratings yet
Cuaca DG 120501
98 pages
Solution Design Guide For Cisco Unified Contact Center Enterprise
No ratings yet
Solution Design Guide For Cisco Unified Contact Center Enterprise
526 pages
Solution Infrastructure Engineer Role
No ratings yet
Solution Infrastructure Engineer Role
2 pages
Ucce - B - Soldg For Unified Cce 120
No ratings yet
Ucce - B - Soldg For Unified Cce 120
512 pages
Flashcards - 02 Reliability in Computer Systems
No ratings yet
Flashcards - 02 Reliability in Computer Systems
5 pages
Grade 9 TLE CSS Final
No ratings yet
Grade 9 TLE CSS Final
9 pages
Dell EMC 1000 Enterprise)
No ratings yet
Dell EMC 1000 Enterprise)
69 pages
RAIDXpert2 UserGuide Enu
No ratings yet
RAIDXpert2 UserGuide Enu
140 pages
Fujitsu Server Primergy rx2540 m1 GFK Etilize
No ratings yet
Fujitsu Server Primergy rx2540 m1 GFK Etilize
86 pages
Chapter-2 Data Acquisition
No ratings yet
Chapter-2 Data Acquisition
24 pages
Technical Document - Pundi
No ratings yet
Technical Document - Pundi
40 pages
Security+ Cram Sheet
83% (24)
Security+ Cram Sheet
2 pages
DS3000 End User Demo Guide
No ratings yet
DS3000 End User Demo Guide
47 pages
Unit 4 Cloud Storage and Its Database
No ratings yet
Unit 4 Cloud Storage and Its Database
79 pages
Tcs Itis Hardware Qa
No ratings yet
Tcs Itis Hardware Qa
6 pages
CompTIA CV0-003 Exam Dumps & Q&A
No ratings yet
CompTIA CV0-003 Exam Dumps & Q&A
15 pages
HP 3PAR StoreServe ELearning 1 2Q15 Full Deck
100% (2)
HP 3PAR StoreServe ELearning 1 2Q15 Full Deck
323 pages
AIX Install Guide
100% (1)
AIX Install Guide
78 pages
Business Continuity Management Quiz
100% (2)
Business Continuity Management Quiz
8 pages
Honeywell hn35 Pro Datasheet
No ratings yet
Honeywell hn35 Pro Datasheet
6 pages
Dell EMC Unity Concepts and Features - Participant Guide
No ratings yet
Dell EMC Unity Concepts and Features - Participant Guide
104 pages
Vsan 801 Planning Deployment Guide
No ratings yet
Vsan 801 Planning Deployment Guide
92 pages
Intelligent Disk Subsystems
No ratings yet
Intelligent Disk Subsystems
69 pages
MCP6P-M2 Setup Manual
No ratings yet
MCP6P-M2 Setup Manual
45 pages
Ism v2 Lab Guide Ilt
No ratings yet
Ism v2 Lab Guide Ilt
38 pages
CyberCity Deployment Manual V1.0.0 en
100% (1)
CyberCity Deployment Manual V1.0.0 en
32 pages
IT Infrastructure Specs for Offices
No ratings yet
IT Infrastructure Specs for Offices
2 pages
S322-01 S+ Operations - Advanced Configuration - Design and Engineering Considerations RevC
No ratings yet
S322-01 S+ Operations - Advanced Configuration - Design and Engineering Considerations RevC
29 pages
Pelco Endura NVR5100 Series Network Video Recorder Spec
No ratings yet
Pelco Endura NVR5100 Series Network Video Recorder Spec
2 pages
Storage Basics
100% (1)
Storage Basics
71 pages
P3ag 4062 en
No ratings yet
P3ag 4062 en
213 pages
HP2-T16 Practice Test: Architecture & Tech
No ratings yet
HP2-T16 Practice Test: Architecture & Tech
58 pages
VSP G Series Family Matrix Product Line Card PDF
No ratings yet
VSP G Series Family Matrix Product Line Card PDF
5 pages
VTU S8 Syllabus
No ratings yet
VTU S8 Syllabus
10 pages

Technical Solution Design Template

Uploaded by

Technical Solution Design Template

Uploaded by

CSUTechnicalSolutionDesign

Common questions

Can you elaborate on the procedures for handling archival requirements and rotation of log files as per the system design?

Explain how the testing phases are structured and what each phase aims to achieve in the SDLC process.

What are the key considerations and procedures detailed for Access Control in the design document?

What is the role of functional and integration testing in software verification, and how do they differ?

Discuss the importance and implementation of User Access Management and its impact on system security.

Discuss the role and significance of Third Party Service Delivery Management in the application's lifecycle.

How do various types of testing (performance, load, and stress testing) contribute to evaluating a system's readiness for deployment?

How is data integrity and security assured through File System and Network Access Controls?

How is business continuity ensured in the application service management, and what strategies are outlined for failover?

What are the specified strategies for migration and rollback in the event of production deployment challenges?

You might also like