Application Architecture Using TOGAF

05-Application Architecture

At this stage, We are formalizing the expected solution(s) that meet the business architecture.

Phase 01: Architecture Landscape

At enterprise level there will be:

• Application architecture mapped to capabilities, in technology landscape model

• As-Is Model Vs To Be Model

• Gap Analysis:

  • • Find Missing applications

    • Find missing features

    • Responsibility Matrix

• Enterprise continuum: Classification for the solution from the following perspective, to have the proper architecture:

  • • Foundation architecture: Foundation solutions and infra structure, like networking

    • Common system architecture: Common systems and solutions, like CRM solutions that server all infrastructure.

    • Industry Architecture: Includes industry standards, regulations, and best practices, like:

      • • SWIFT in banking solutions

        • HL7 standard for data exchange in EHS(Electronic health record) 

    • Organization Specific architecture: Specific systems for the industry, like:

      • • e-Commerce Solutions

        • Education platforms

        • ERP solutions

Phase 02: Technology roadmap

What do We mean by Technology roadmap in Application Architecture in EA Model? 

As Application architecture represents the required solutions and it's architecture, from solution level to detailed level, that achieve the business strategy.

 Technology roadmap represents the determination of:

• Technologies

• Approaches & Methodologies & Standards

• Best practices this phase, the enterprise digests all requirements for business, application, and data architecture,  and determine the technology roadmap, as following:

- Mobile first: Go for mobile technologies to enable mobility

- Data performance: Go for Oracle technologies to enable data growth and performance

- Micro-Services architecture: to enable: deplorability, fast response to customers feedback, single responsibility, and distributed teams  

- Cloud Solutions: with Multi-Zone enablement, in order to prevent disasters, and increase scalability and growth of the solution adoption.

 - API First approach: in order to encapsulate the business, and govern the implementation across different front ends and channels.

The detailed roadmap can be determined according to the EA/DX drivers, that should be determined and developed in early stages.

• Model-driven architecture: in order to have a single repository of models

  • SAFE management approach: In order to meet time to market, and reserve our position in the community

Phase 03: Application Roadmap (Product Management)

We should have the following practices:

• Mapping model: between Architecture building blocks and capabilities, and required application building blocks

1. • Phased Implementation: Break down the development and deployment into phases, starting with the most critical components.

   • Timeline and Resources: Define a realistic timeline for the development, testing, and deployment of the application, and allocate necessary resources.

   • Consideration of time-to-market

   • Consideration for the importance and ROI

Phase 04: Application Engineering

• Determine business requirements

• Identification of Application(s)

which can be:

• As per type: Web/Mobile/Kiosk

• As per source: Buy or make strategy, according to organization strategy, for example:

  • • Do We have a development department that can develop these solutions

    • How that can comply with the cost

    • How that can comply with time-to-market strategy.

• Identification of Integration between applications

Phase 05: Architecture and Design

• Detailed Architecture and Design

• Identification of Integration service providers

As your solution at the scale most probably will integrate with external parties, they should be identified, in as they will be part of your EA model.

It can be:

• Payment gateways

• SMS gateway

• Mail service gateway

• Governmental entities

• Another solution, provided to the enterprise by another service provider

Phase 06: Application Security

• Tools

  • • SAST: Static analysis security testing, Tools like SonarQube, SonarCloud, Fortify, Checkmarx 

    • DAST: Dynamic analysis security testing, Example Tools: OWASP ZAP, Burp Suite, AppSpider.  

    • WAF: Web application firewall 

    • Pentation testing:

Phase 07: Application Development 

Phase 08: Application Testing

• Testing and Validation

• Functional Testing: Verify that the application functions as intended and meets all business requirements.

• Performance Testing: Ensure the application performs under expected workloads and handles peak traffic effectively.

• Security Testing: Conduct vulnerability assessments and penetration testing to identify and resolve security weaknesses.

Phase 09: Deployment and Integration

• Deploy in Stages: Roll out the application in phases (e.g., pilot, full-scale deployment) to mitigate risk.

• Integration with Enterprise Systems: Connect the new application with other systems in the enterprise environment (e.g., CRM, ERP, etc.).

• Monitor Performance: Implement monitoring tools to track application performance and detect issues post-deployment.

Phase 10: Maintenance and Optimization

• Ongoing Support: Provide regular updates and patches to ensure the application remains secure and operational.

• Continuous Improvement: Gather user feedback and make iterative improvements to enhance application functionality over time.