Archimate

Archimate is a modeling language for IT architectures.

It was developed by Telin - The Telematics Institute in The Netherlands together with large companies and institutions like Capgemini, The Dutch Tax department, Getronics, Ordina, and several universities.

The Archimate language is mostly based on UML technologies. It is used to model architectures that span multiple domains. By using Archimate one can get a layered model of the business, with business- application and technology architectures in one picture. The main idea behind Archimate is that the impact of a disruption or a change in one architectural component will be reflected in other components, possibly on other layers. As an example, one can create what-if scenarios: What if we would phase out the mainframe? What components of our architecture would be affected?

The Archimate language relies heavily on a concept called Services. These services are not to be confused with the SOA services. Services in Archimate are mainly drawing techniques. The services are not necessarily implemented in software. An example of this can be seen here:

Every layer presents a service for the next layer.  

Several tools are available for modeling architectures using Archimate. The best known tools are BiZZdesign Architect , ARIS ArchiMate Modeler and Casewise Corporate Modeler. There are also (free) Visio templates available if you want to gain some experience in using the Archimate symbols. Here is a quick reference of the symbols used.

Archimate's value is to create a high-level model of an enterprise architecture.

When architectures are modeled with Archimate, The next step would be to model in more detail. This should be done using techniques most suitable for the specific domain. For instance, on the application domain architectures are best modeled in more detail using UML. Technical (infrastructure) models are usually drawn using Visio.

The board of the ArchiMate Foundation and the board of The Open Group have expressed their intentions to adopt ArchiMate as an independent standard for enterprise architecture modelling and analysis under the aegis of The Open Group. This will probably make Archimate a more international standard.

A meeting with John Zachman

Last week I met John Zachman. I wrote about Mr. Zachman and the Zachman model he created earlier.

Mr. Zachman gave the keynote speech on the EAM congress in The Netherlands for about 150 IT architects. The talk was about architecture, and why it is needed. Check here for the slides (push the right-hand button for the next slide).

According to Mr. Zachman, architecture is needed in any system (in IT or otherwise) that has much complexity and a need for change. The reason for this is that if you cannot describe a system, you cannot build it, let alone change it. For systems with low complexity, a architecture description is not always needed, a technical design is enough.

The most important skill an architect needs is what Mr. Zachman calls "drafting skills".

Next, Mr. Zachman explained the reasoning behind the Zachman architecture model. He calls the model an Ontology (no methodology), because it describes what needs to be done to create complex systems. The model was created after consulting many construction engineers, architects and other specialists.

Mr. Zachman pointed out that no one can get his brain around the complete architecture, so it has to be cut into pieces. As he stated: "creating for instance a data model is hard enough in its own right, let alone understanding the connection with interfaces, processes, strategy, etc.". When the architecture is cut into pieces, like it is done in the Zachman model, it can better cope with change.

It is a misconception that flexibility can be reached by creating higher granularity. Flexibility can only be created by separating independent variables, like it is done in the ISO networking stack.

Mr. Zachman is a gifted speaker who speaks faster and faster as he gets excited telling his story. He used old fashioned overhead foils instead of PowerPoint. After the talk I met him and talked about half an hour with him about my thoughts about the position of architecture, his family and his frequent travelling.

ITAC - IT Architect certification

I am working on getting the ITAC certification. ITAC stands for the IT Architect Certification program from The Open Group. For IT architects there are several certifications. Check this article for more on the various possibilities.

The Open Group has two certification programs: TOGAF certified and ITAC.

TOGAF certification tells something about the TOGAF knowledge of the architect. One can learn the TOGAF book and do a multiple choice computer based exam. If the exam is done in good standing, the architect is certified. TOGAF certification looks very much like PRINCE 2 certification for project managers.

ITAC certification does not tell what an architect knows, but what experience he has and what personal skills he has. For ITAC certification, it is not needed to be TOGAF certified or even know the TOGAF framework. One must prove to be able to have done architectural work in real life situations for many years. ITAC certification is very much like IPMA certification for project managers.

There are about 2200 ITAC certified architects around the world.

The ITAC certification is an international standard. There are three levels:

1. Certified IT Architect
2. Master Certified IT Architect
3. Distinguished Certified IT Architect

Level 1 is the easiest to get, level 3 the hardest.

To get ITAC certification, a so called certification package must be created by the applicant. This certification package must contain proof of the various ITAC conformance requirements, including signed documents from clients the architect worked for. After the certification package is applied, the architect is invited to visit a certification board. The architect must then present a case from his certification package to the certification board. The certification board will ask questions to the architect. And if all goes well, the architect can receive certification.

The requirements that lead to the certification package are not easy to conform to. Here is a document describing all ITAC requirements. Some examples are:

• The Candidate must prove that given a scope of architectural work to be accomplished, he planned the work, formed a team to perform the work, and guided the team in performing the work to completion.
• The Candidate must mediate opposing viewpoints and negotiate equitable solutions to ensure successful and stable outcomes.
• The Candidate must prove to have used modeling techniques – such as use case, scenario modeling, prototyping, benchmarking, and performance modeling – to describe the problem space, to size the solution and to validate that the proposed architecture addresses the business requirements.
• The Candidate must have been responsible for the architecture definition activity of a project or engagement across the full lifecycle appropriate to that project or engagement, and must have been involved as an IT Architect, or in some other capacity working with others, to ensure the architecture has been realized.

In total 38 of these type of requirements are stated.

One of the hardest is:

• The Application Package must contain a list of experiences in each of which the Candidate has successfully applied a recognized method.

A list of recognized methods can be found here.

The ITAC certification is very hard to get, but it is a very valuable title to have as an architect.

NLUUG spring conference

Last week I attended the Dutch NLUUG spring conference about Security. The conference presented 18 talks in several tracks about mainly the technicalimplementations of security measures.

The keynote was done by Vincent Rijmen, professor at the university of Leuven and one of the inventors of the Rijndael encryption algorithm, which is the heart of AES encryption. Mr. Rijmen talked about the past and future of hash functions and about methods to break the MD5 and SHA-1 hashing algorithms.

Then I attended a talk about anonymity systems, where PhD student Matthijs Koot explained how anonymous anonymity systems like Tor, MorphMix and I2P really are.

A very interesting talk was from Carel van Straten from the Spamhaus project. The Spamhaus project tries to find out how spammers work and what to do about it. I will publish a separate article about this intriguing subject later.

Another very interesting talk was by the in The Netherlands famous German hacker Henryk Plotz. He was one of the hackers of the Mifare Classic chip card that is about to be used in The Netherlands as a train ticket system. He talked about how the Mifare card was hacked: a combination of monitoring and analyzing the wireless communications from the card and of physically looking at the chip, by polishing off the various layers of silicon and photographing and analyzing them.

After some other, a bit less interesting talks, I saw Karin Spaink. Karin talked about the security of electronic patient records (EPR's). Karin pointed out that everybody seems to want EPR's, but there is little proof these systems will introduce much better healthcare at all. EPR's bring in their own security issues and concerns. Karin lead a hacker team who broke into two hospitals (with their permission by the way) and was able to see, copy, delete and change(!) millions of patients records.

The NLUUG conference was a very interesting event and was perfectly hosted. Highly recommended.