TOGAF - The Open Group Architecture Framework

TOGAF means The Open Group Architecture Framework. It is an extensive method for establishing (Enterprise) Architectures.

TOGAF is one of the few methods not developed by one company (like for instance IAF and DYA). The Open Group is a consortium of companies and institutions, developing several standards.

TOGAF describes 4 types of architectures:

• Business architecture
• Information Systems architecture, which consists of:
• • Data architecture
  • Applications architecture
• Technical architecture

To develop these architecture, TOGAF is split in three parts:

• ADM: The Architecture Development Method;
• Enterprise Continuum;
• Resource base.

The ADM is the heart of TOGAF. It is a architecture development method. The method describes the following steps:

• Preliminary phase: Frameworks en Principles
• A: Architecture Vision
• B: Business Architecture
• C: Information Systems Architecture
• D: Technology Architecture
• E: Opportunities and Solutions
• F: Migration Planning
• G: Implementation Governance
• H: Architecture Change Management

Every step itself consists of (a large amount of) several smaller steps. Normally, all steps are done in sequel. If in phase H it is concluded that a change of architecture is necessary, the ADM can be re-started from phase A.

The Enterprise Continuum is a virtual repository containing all architecture assets (models, patterns, descriptions) of an enterprise. It starts as an empty framework, which is filled during the execution of the ADM steps.

The basis for an Enterprise Continuum can be the TOGAF Foundation Architecture. It consists of:

• Technical Reference Model (TRM) – a generic multi-layered model with which systems can be modeled.
• Standards Information Base (SIB) – a list of accepted standards that can be used in a architecture.
• Integrated Information Infrastructure Reference Model (III_RM) - a model for developing application architectures.

Industry standards can also be part of the Enterprise Continuum.

The resource base is a collection of resources, guidelines, templates and background information for using the ADM. Among other things, it contains architecture governance structures.

Because TOGAF is an open framework, the description can be found on the Internet. TOGAF is also published as a book (349 pages!).

While TOGAF is very extensive, and can be hard to master at first, I find it a very useful, complete method, full of practical guidelines. This makes TOGAF a good method to use in real enterprise situations.

The Open Group also has a TOGAF certification: TOGAF 8 Certified.

Layers in IT security

A layered security strategy is a good practice to enhance the overall IT security in companies.

The essence of layered security is to implement security measures in different parts of the IT infrastructure.

This approach is comparable with physical security. If a burglar wants to steal money from your house, he has to go over the fence in the garden, than through an closed front door with locks, then he has to find the safe with the money, he has to break it open, get the money and leave the premises. All of this must be done without being seen or heard, and he must not be noticed by anyone during all these steps.

It is obvious why this works so well in daily practice:

• Many barriers must be crossed (fence, door, safe);
• Opening every barrier takes different technical skills (climbing over the fence, lockpicking a door with a mechanical lock, opening a safe with a digital lock);
• The burglar is slowed down by every barrier he tempts to cross, which increased the possibility of detection;
• The burglar doesn't know in advance how many barriers he has to cross, how much time each barrier takes, and which knowledge is needed for every barrier, which is very demotivating;
• The chance of getting caught is present in every step;
• When one barrier is crossed, the security of all other barriers are still intact.

It will be obvious for everyone that this works much better than having one big expensive safe somewhere in a dark forest without taking further measurements.

In IT security this principle works the same (layered security). Instead of having one big firewall and let all your security depend on it, it is better to add several layers. Preferably these layers make use of several different technologies, which makes it harder for hackers to break through all barriers. They will need much knowledge for this.

Every layer can be utilized with an IDS (Intrusion Detection System) or some other measurement to detect break-ins (increase the chance of getting caught). On top of this, more layers introduce uncertainty for the hacker: How many barriers must be passed to get to the data, and how long will this take (demotivation).

If one layer is passed unnoticed, or if one security layer contains a vulnerability (caused by a bug or a mistake in the configuration), the total security is still intact (although with less layers).

A disadvantage of the use of layered security is that the complexity of system management increases. Every security layer must be managed, and administrators must have knowledge about all used technologies.

But as always with security: It costs money and causes inconvenience. But is it always better than having insufficient security.

Some examples of layered security can be found here and here.

Secret key 09-f9-11-02-9d .....

Although the photo's were only seen by a few people at first, the publicity of the court order took many people to the site. This caused much more damage to the image of the singer, than the original publication of the photo's did.

The latest incarnation of the Streisand Effect is cuased by the so-called AACS encryption key, of which the first numbers are in the title of this article.

Background

Commercial HD-DVD's and Blu-Ray discs contain a copy protection system (Advanced Access Content System, AACS). Internally in the system, a secret key is used for decrypting movies. When this key is known, modified software-based DVD players can show these movies on PC's and the movies can be copied using the PC's.

Of course, using secret keys is a bad idea. When a key is compromised, the security is broken and cannot easily be repaired. It is an excellent example of "Security by Obscurity".

The key

A few weeks ago the key was found by a few hackers in the RAM memory of a software DVD player for PC's. The 16 byte hexadecimal key (starting with 09-f9-11-02-9d...) was published on the Internet on the website doom9.org. The AACS-LC, the organisation managing the security, did something foolish: Through a lawyer firm, they threatened to take legal steps, because the key fell under the American Digital Millennium Copyright Act (DMCA).

This way, the secret key became so called “Secret Information”. This means it is now illegal to speak about- or discuss the key. Creative publishing of the key, for instance by using riddles with the key in it, of using colors to represent the key, are also prohibited.

The effect on the Internet was that lots of people began to publish the key on lots of websites and blogs. The secret key was out on the web and could not be removed anymore.

A recent search in Google on the key delivered more than 1.1 million hits!

A nice piece of Streisand Effect!

There is also a complete website dedicated to the key.

High performance clusters and grids

On operating system level, two cluster architectures exist: High performance clusters and High availability clusters.

Clusters

High performance clusters are meant to create large computing power by combining many computer systems. Usually a large amount of cheap off-the-shelf PC's are used, connected by a high-speed network (gigabit Ethernet of Infiniband). This creates one large supercomputer.

These clusters are used for calculation-intensive systems, like weather prognosis, geological, nuclear of pharmaceutical investigations. The challenge is to have all systems doing useful calculations most of the time, without wasting resources and time communicating to other systems in the cluster.

0n www.top500.org a list of the world's 500 most powerful computers is published. Most of these systems really are clusters, based on a large amount of smaller systems. Many of these systems run Linux. A well-known high-performance open source project for Linux is Beowulf.

Grids

A Grid is a high-performance cluster that consists of systems that are geographically diverse. The limited bandwidth is the bottleneck when architecting grid systems. Therefore, grids can only be used for specific tasks.

The best known (and relatively old) example of a grid  is the SETI@HOME project, where a large amount of PC's of Internet users are searching for extraterrestrial life. These type of grids use the unused computer time of PC's (for instance when the computer is showing it's screensaver). Tasks to be done can be distributed through the Internet and can be calculated on the idle PC's. When a piece of calculation is finished, the result will be sent back via the Internet and a new task can be retrieved.

Applications

A more serious example of a grid is a project that is searching for a cure for cancer or the analyses of the human DNA.

Broker firms exist for commercial exploitation of grids. People can get paid for contributing computer time, and companies can pay money to get computertime on the grid. This way companies can have access to a virtual supercomputer for a relatively small amount of money, and just for the time they need it.

Security

An important subject of grids architecture is their security. PC's running calculations should be sufficiently secured against illegal use by third parties. Also, data that is sent through the grid should not be altered and the grid infrastructure must be sure the PC's calculate their tasks as expected. Much work in this field must be done, as grids are a relatively new technology.