Part1 V10 20161008 - TU...

Future-Proof Software

1 Prof. Dr. Frank J. Furrer - WS 2016/17

Future-Proof Software(Zukunftsfähige Software)

Prof. Dr. Frank J. Furrer

TU Dresden WS 2016/2017

Part 1: IntroductionPart 1: Introduction

V1.0 / 08.10.2016




Administrative Information



Prof. h.c. Dr. Frank J. Furrer



1975 -2011: Industry-career in industrial control systems and insystem/software architecture for very large IT systems

1974: Ph.D.EE (Dr. sc. techn. ETHZ) from the Swiss Federal Institute ofTechnology, Zurich (ETH-Z)

1970: MS in Electrical Engineering 1970 from the Swiss Federal Institute ofTechnology, Zurich (ETH-Z)

1945 (January 27): Born in Switzerland (Zurich)

CV Summary

2015 (July 1): Professor h.c. of the Computer ScienceDepartment of the Technical University of Dresden (TUD)

2013/14: Lehrbeauftragter TUD Dresden



I am available for additional questions or discussionsafter each lecture

… or at any time via e-mail:[email protected]

[email protected]

I prefer dialog - rather than monolog: Please feel free toask questions at any time

http

://w

ww

.dia

logdata

.de



Exams:

[Official Text]:

Participants can receive a grade via an oralexam or a not graded certificate of

attendance (Sitzschein).

http

://w

ww

.resu

mew

ritingserv

ice.b

iz



Certificate of Attendance

Participants can receive a not graded certificateof attendance.

(NO credits ECTS)

Please write an email to [email protected] (Secretary of the Chair of SoftwareTechnology).

She will arrange the certificate.

DO NOT CONTACT ME DIRECTLY. THANKS.

For the not graded certificate you need to sign theattendance list provided during each lecture.



Oral Exam

Participants can receive a grade via an oral exam(3 credits ECTS)

Please check your exam regulations which type ofcredit (mark/certificate) you need. If you areinterested in an examination date, please write anemail to [email protected] (Secretary ofthe Chair of Software Technology). She willschedule the exams.

DO NOT CONTACT ME DIRECTLY. THANKS



#

AErkennung derZusammenhängedes Prüfungs-gebietes

(Understanding)

BEinordnung speziellerFragestellungen in dieZusammenhänge desPrüfungsgebietes

(Reasoning)

CGrundlagenwissen gemässdem Stand des Studiums

(Knowledge)

1. What is a goodfuture-proofsoftware-architecture?

Why?

Which are the contra-productive behaviors ofan IT architect?

Which is the most importantskill of a successful ITarchitect?

Why?

2. Why are architectureprinciples soimportant?

Have architectureprinciples to be strictlyenforced in eachsituation and in eachproject?

Which is the resistanceencountered by an ITarchitect while trying toenforce architecture-principles?

Sample Exam Questions:



Date Topic

Wk 41: Wed, 12. Oct. 16 Introduction

Wk 43: Wed, 26. Oct. 16 Managed Evolution for Software

Wk 45: Wed, 9. Nov. 16 Architecting for Agility (1)


Wk 49: Wed, 7. Dez. 16 Architecting for Agility (3)

Wk 51: Wed, 21. Dez. 16 Architecting for Resilience (1)

Wk 3: Wed, 18. Jan. 17 Architecting for Resilience (2)

Wk 5: Wed, 1. Feb. 17 Skills and Personality of the Future-Proof Software-Engineer

Lecture: 3.+4. DS (11:10 – 12:40 und 13:00 – 14:30) in room APB/E010



Part 1: Introduction

Part 2: Managed Evolution Strategy for Software Systems

Part 3: Architecting for Agility

Part 4: Architecting for Resilience

Part 5: Skills of a Future-Proof Software Engineer

Slides + Additional Information:

http://st.inf.tu-dresden.de/teaching/fps

Lecture Structure:



BusinessCase

justifies

Future-ProofSoftware

QualityProperties

definedby

Structure

enables

Architectureforms

guide

control

DevelopmentProcess

builds

ArchitecturePrinciples

enforce

Future-ProofSoftwareEngineer

leads

appliesMetrics

quantify

uses

Conceptual Context:(Lecture Map)

WorkingEnvironment

is embedded in




Start



http

://blo

g.w

estin

tera

ctiv

e.c

om

… Now the Lecture starts !



Why do we need future-proof software?

The software for many products and services is:

• mission-critical

• business-essential

• long-lived

Mission-critical means thata malfunction orunavailability of thesoftware inhibits the use ofthe product or service andmay cause damage,accidents or loss

http

://w

ww

.20m

inu

tes.fr



Business-essential impliesthat the software is key to thesuccess and development of acompany or organization

htt

p:/

/n

ew

s.s

oft

pedia

.com

Long-lived signifies that thesoftware-system must bemaintained, extended and evolvedover many years, possibly decades

http

://w

ww

.123rf.c

om



Mission-critical Business-essential Long-lived




«Software everywhere»

6 Software Successes

6 Software Failures



Software Success Story: Example 1Mercedes GLE 500e (Hybrid)

htt

p:/

/w

ww

.moto

r-ta

lk.d

e/bilder

Software-implemented functionality:

• Hybrid-Optimization (Electrical motor/Gasoline V6)

• Elektronic Stabilityprogram

• Various assistent systems (Line keeping, Dead angle, Distance, …)

• …



Software Success Story: Example 22016 European Truck Platooning Challenge

htt

p:/

/w

ww

.its

inte

rnati

on

al.com

Truck platooning, where trucks travel in convoy very close to eachother, provides many benefits. The first truck does the driving whilethe ones following are connected by a wireless electroniccommunications system, like the carriages of a train



Participants: 20 mechanically identical e-cars with more than 300km/h top speed race on Formula-1 tracks

Decisive: Software (Algorithms, artificial intelligence,ability to learn, …)

http

://w

ww

.tele

gra

ph

.co.u

k

Software Success Story: Example 3Driverless e-car racing 2016 (Roborace)



Software Success Story: Example 4Artificial Intelligence plays GO

htt

ps:/

/fr

.wik

ipedia

.org

«GO» is a strategic board game which was invented

in China 2’500 years before.

Board: 19 x 19 Lines, unlimited number of white

and black stones.

http

://w

ww

.bre

ttspie

lnetz.d

e

Goal: Occupy as muchterritory as possible

Number of possible positions on theGO-board: 4,63 x 10170

Chess: 1043

Atoms in the universe: 1080




Impressive/Worrying:

«AlphaGO» has NOT been

programmed: It is a self-learning

program [Deep Learning]

http

://w

ww

.dig

italtre

nds.c

om

March 2016: The AI-program

«AlphaGO» wins in a

tournament against the

multiple world champion Lee

Sedol 4:1htt

p:/

/w

ww

.wats

on

.ch




htt

p:/

/w

ww

.an

dre

asku

ndert

.ch A hurdle has been

overcome – whichwill have unknownand tremendousconsequences

Impressive/Worrying:

«AlphaGO» has NOT been programmed: It is a self-learning program

[Deep Learning]



Have humans lost out in all (intellectual) games?

htt

p:/

/kon

an

galfilm

socie

ty.b

logspot.

ch

NO:

CardPoker

Game:IncompleteInformation

Game:Complete

Information



htt

p:/

/de.s

lidesh

are

.net

Software expert system for diagnosis and therapy of cancer

Knows and «understands» the complete oncological knowledge

Software Success Story: Example 5Medical Oncological Advisor “Watson”



htt

p:/

/data

-in

form

ed.c

om

Software functionality:

• Enormous knowledge-base

• Interactive therapy-, diagnosis advice

• Personalized medicine

Software Success Story: Example 5Medical Oncological Advisor “Watson”



ww

w.m

eta

lwork

ingw

orl

dm

agazi

ne.c

om

Welding-/montage-robots

Software Success Story: Example 6Fully automated production facilities



htt

p:/

/w

eboft

hin

gs.o

rg

Human-less production line«Dark Factory»

Software Success Story: Example 6Fully automated production facilities



htt

p:/

/w

ww

.reu

ters

.com

Software Catastrophe: Example 1Crash Airbus A400M (9. Mai 2015)

A400M: Military Transport PlaneCapacity: 37’000 kg, Range: > 3’000 km



Software Catastrophe: Example 1Crash Airbus A400M (9. Mai 2015)

htt

p:/

/w

ww

.ou

est-

fran

ce.fr

Reason: Incomplete engine data after software-update

Software must never start up without a check of its data

Failure of the thrustcontrol of 3 engines

shortly after the start Crash



Software Catastrophe: Example 2US$ 951 million cyber-theft

In February 2016, instructions tosteal US$ 951 million from thecentral bank of Bangladesh, wereissued via the SWIFT network

Five transactions issued byhackers, worth $101 million,succeeded

The Federal Reserve Bank ofNY blocked the remainingthirty transactions, amountingto $850 million



Software Catastrophe: Example 2US$ 951 million cyber-theft

SWIFT has acknowledged thatthe scheme involved wasaltering SWIFT software on thebank’s computers to hideevidence of fraudulenttransfers

http

://m

ybro

adban

d.c

o.za

A typographical error hadprevented hackers from stealingthe US$ 1 billion they were after

At least 14 additional banks wereattacked with the same scheme



The unwanted acceleration of Toyota and Lexus cars caused

89 traffic deaths and 52 injured from 2000 to 2010

htt

p:/

/bu

sin

esseth

icscases.b

logspot.

ch

Software Catastrophe: Example 3Unwanted acceleration of Toyota cars



Software Catastrophe: Example 3Unwanted acceleration of Toyota cars

htt

p:/

/w

ww

.au

toevolu

tion

.com

Toyota claimed in thebeginning that thedoormat was the sourceof the acceleration

Independent researchdemonstrated asoftware-problem in thethrottle control

19. March 2014: Toyota pays a US-fine of 1.2 Billion US$



htt

p:/

/bilder1

.n-t

v.d

e

Trading Loss on 1.8.2012 (NYSE): 440 Millionen US$

Knight Capital:

Computer-Trader= high-frequencyautomatedcomputer-trading

[10’000 Trades/secHolding: Milliseconds]

Software Catastrophe: Example 4Automated Trading Big Loss



Reason: Programming mistake in the high-frequency automated

trading algorithm after a software-update

htt

p:/

/w

ww

.nj.com

On 1.8.2012 at 9:30the computers generated(without human activity)millions of faulty trades

At 9:58 Knight Capital hadlost 440 Millionen US$

Software Catastrophe: Example 4Automated Trading Big Loss



Software Catastrophe: Example 5Blockchain Code Exploit

htt

p:/

/w

ww

.coin

desk.c

om

Anyone who invested Ether into the DAO

fund received a particular number of

DAO tokens, which enabled them to vote

on the projects that the DAO will fund.

By the end of May, the DAO had raised

more than US$150 million worth of

Ether from investors.http://www.bitcoinisle.com

17.6.2016: The DAO operating through

a decentralized blockchain (inspired by

Bitcoin), has been robbed of more than

US$ 60 million worth of Ether digital

currency through a code exploit

htt

p:/

/fo

rtu

ne.c

om

http

://w

ww

.extre

mete

ch

.com



Software Catastrophe: Example 6Airbus A380 Cable/Connector Mismatch

htt

p:/

/w

an

ari

efim

ran

.tu

mblr

.com On June 7th 2011, the first

A380 for Malaysia Airlines

entered the Airbus Final

Assembly Line in Toulouse for

the final production phase

http

s:/

/w

ww

.fligh

tglo

bal.c

om

When Airbus was bringing togethertwo halves of the aircraft, the wiringon one did not match the wiring inthe other. The cables could not meetup without being changed



Software Catastrophe: Example 6Airbus A380 Cable/Connector Mismatch

For the design of the wiring in the

plane AIRBUS uses CATIA (Computer

Aided Three-Dimensional Interactive

Application)

htt

p:/

/w

ww

.bu

ildit

soft

ware

.com

The partners “French Dassault Aviation”

and a “Hamburg factory” were usingdifferent versions of CATIA.Put simply, the German system used an

out-of-date version of CATIA and theFrench system used the latest version

http

://corg

en

tum

.com




… and some more



18.9.2015:

Carmaker used software that circumvents

emissions testing for certain air pollutants

As described in the US notice of violation of the Clean Air Act, asophisticated software algorithm on certain Volkswagen vehiclesdetects when the car is undergoing official emissions testing, andturns full emissions controls on only during the test

htt

p:/

/w

ww

.au

togu

ide.c

om



htt

p:/

/w

ww

.lare

vu

eau

tom

obile.c

om

«Road»Motor Control

Software

htt

ps:/

/w

ww

.adac.d

e

«Test»Motor Control

Software



htt

p:/

/w

ww

.gm

x.c

h

Volkswagen can face civilpenalties of $37,500 for eachvehicle not in compliance withfederal clean air rules

There are 482,000 four-cylinder VW and Audi dieselcars sold since 2008 involvedin the allegations. If each carinvolved is found to be innoncompliance, the penaltycould be $18 billion

htt

p:/

/w

ww

.ch

ron

.com

/n

ew

s

VW chief "sorry" afterEPA says firm skirted cleanair law – and resigned



htt

p:/

/w

ww

.tech

spot.

com

Stuxnet… the first digital weapon[June 2010]

Objective: Physical

Destruction of Uranium-

Enrichment Centrifuges

Target: Iranian Uranium-Enrichment Plant in Natanz

http

s:/

/en

.wik

ipedia

.org

/w

iki/

Nu

cle

ar_

facilitie

s_in

_Iran

Example 2



htt

p:/

/w

ww

.tim

esofisra

el.com

Natur-Uran Isotop U235

http

://yalib

nan

.com

Large Scale Natanz Centrifuges



Spin at 1’500revolutions per second

(90,000 RPM)

http

s:/

/en

.wik

ipedia

.org

https://de.wikipedia.org

SIEMENS PLC(Programmable Logic Controller)

http://www.russelectric.com

Control System(PC-based)

htt

p:/

/w

ww

.dow

nlo

adclipart

.net

STUXNET




What’s the Problem ?



What’s the problem ?

… our dependence from software is almost total!

htt

p:/

/codeverg

e.c

om

Software




DisruptiveEnvironment

http

://w

ww

.infin

iteu

nkn

ow

n.n

et

http

://w

ww

.cio

.com

Business/Market-Pressure

htt

p:/

/w

ww

.sm

allbu

sin

essdocto

rs.c

om

/h

ttp:/

/w

ww

.expert

bu

sin

essadvic

e.c

om




Market Pressure Disruptive Environment


Dependence




Disruptive Environment


Dependence

We mustbuildfuture-proofsoftware

We mustevolvefuture-proofsoftware

Market Pressure



We mustbuildfuture-proofsoftware

We mustevolvefuture-proofsoftware

This requires:

Principles for building and evolving future-proof software

Engineers for building and evolving future-proof software

Processes for building and evolving future-proof software

Font-size = Weight in the lecture

What’s the solution ?



What’s the solution ?

Principles for building and evolving future-proof software

Engineers for building and evolving future-proof software

Processes for building and evolving future-proof software

System at time tn

System at time tn+y

Pro

ject



Part 1: Introduction

Part 2: Managed Evolution Strategy for Software Systems

Part 3: Architecting for Agility

Part 4: Architecting for Resilience

Part 5: Skills of a Future-Proof Software Engineer

Lecture Structure:

Process

Engineers

Principles

Principles




System-Engineering

Software-Engineering

Program, Module



Software engineering is the application of engineeringto the design, development, implementation, testingand maintenance of software using systematic methods

Software Hierarchy:

Component

Application

Application Landscape



Definition: Application

Application (software) =Software designed to fulfill specific needs of a user: for

example, software for navigation, payroll, or process control(IEEE Std 610.12-1990)

Application



Definition: Application Landscape

Application Landscape =Set of interacting applications and data cooperating to achievea common objective: for example operate a bank, drive a car, orcontrol a manufacturing process




Example: CREDIT SUISSE Application Landscape

ZURICH4’000 Applications LONDON

6’000 Applications

SINGAPORE3’000 Applications

HONG KONG3’000 Applications



Software Development & Integration

NewReqs

Specification Development Integration

ProgramModule


Component

Application



Definition: Project

time

System at time tn

tn

System at time tn+y

tn+y

Project

Functionalityat tn

Properties(Quality

Attributes) attn

Functionalityat tn+y

Properties(Quality

Attributes) attn+y

Properties transformation(following quality

requirements)

Functionality transformation(following business

requirements)



Definition: Project

Project =Planned set of interrelated tasks to be executed over afixed period and within certain cost and other limitationshttp://www.businessdictionary.com/definition/project.html

htt

p:/

/w

olc

ott

wh

isper.

com

Objective Result



ProgramModule


Component Application



ProgramModule



«Quality» ofApplication Landscape

# of changes

+

- Impact



ProgramModule




# of changes

-Design Decision

+

Design Decision

Design Decision

+

-

Design Decision

+ Design Decision+

Design Decision




# of changes

-

++

-

++

htt

p:/

/searc

hen

gin

ela

nd.c

om

http

://explo

ringth

em

ind.c

om

The «quality» of the application

landscape is a consequence of:

• Architecture choices

• Design decisions

• Implementation options

… defined later



Good design decision

Bad design decision


# of changes

++

+ ---

• Missing overall architecture

• Sufficient resources

• Quality process

• Good people

• Proven principles

• Technical debt accumulation

• Time & resource shortage

• Lack of principles enforcement

• Careless people



Good design decision

Bad design decision


# of changes

++

+ ---

htt

ps:/

/w

ww

.em

aze

.com

Even the best designed systemwill be killed by a sequence ofbad design decisions

htt

ps:/

/w

ww

.en

trepre

neu

r.com

• Principles• People• Processes




# of changes

++

+ ---

Functional:

Non-Functional:

• free of defects• match specifications

• … «-illities»• Security, agility, safety, …



Non-functional properties [= Quality Attributes]

• Safety

• Security

• Availability

• Integrity

• Performance

• Maintainability

• Recoverability

• Resource consumption (power, memory, …)

• Diagnosability

• …

Which qualityattributes are

most important?

Depends onthe application!

• … «-illities»



«Fit for Purpose»Quality Attributes:

• Resources

• Security

• Safety

• Availability

• Performance

• Integrity

• Maintainability

• Standards conformance

• …

QualityAttributesScorecard

Application

Resilience

• … «-illities»



Systems-Engineering

„The three devils of systems engineering are:

Complexity,

Change,

Uncertainty”Anonymous

What do they do to our software?

How can we fight them?



Complexity

“Complexity is that property of an IT-system which makes it difficult

to formulate its overall behaviour, even when given complete

information about its parts and their relationships“



Change

“Continuous – sometimes disruptive – change forces relentless

adaptation of the system to new requirements, to changes in the

environment and to technological progress“



Uncertainty

“Uncertainty – both during development and during operation –

forces weakly founded decisions with possibly far-reaching

consequences“

?

?

?

?? ?

? ?

? ?



Complexity

Change

Uncertainty

How can we successfully fight them?

… by using principles, methods,

metrics, strategies and processes for

future-proof software




Future-ProofSoftware



Future-proof software is a structure

that enables the management

of complexity, change and uncertainty

with the least effort,

with acceptable risk,

and with specified quality properties

http

://w

ww

.icon

sh

ut.c

om




Future-Proof Software:Definition



Definition:




with the least effort, with acceptable risk and with specified quality properties

Parts of the systemand their relationsships

Architecture

Activity: Steering thedevelopment & evolution

Strategy

Best value for theparameters ‘money‘ and

‘time-to-market‘ Agility

Acceptable probabilityfor undesired effectsand consequences Resilience

Assuring the desirednon-functional properties

„Fit for Purpose“



Definition:




with the least effort, with acceptable risk and with specified quality properties

Agility Resilience

Business Value

Domain-specificQuality Properties



Primary Characteristics:

Business Value

Agility

Resilience

Secondary Characteristics (Domain-specific):

Non-functional properties:

o Performance, Real-time, …

o Hardware Resource Consumption

o Adherence to industry-standards

o etc.



Primary Characteristics:

Business Value

Agility

Resilience

What are the characteristics of Future-Proof Software-Systems?

Definition

Metric

Example

Importance



If it can’t be expressed in figures,it is not science; it is opinion

Robert Heinlein (1973)




Business Value



Business Value: Definition

Business Value (of a software development) =

The opportunity to gain an advantage for the business

• Financial advantage (earnings), but also:

• Cost avoidance

• Competitive advantage (innovative functionality),

• Compliance to laws and regulations,

• Process improvements

• etc.

htt

p:/

/blo

g.e

nfo

cu

ssolu

tion

s.c

om



Metric: NPV (Net Present Value)

Business Value: Metric

NPV = Net Present Value(€)I = Investment(€)i = Yearly interest rate (%)n = year (n=0: Project start)

(1 + i)n

Benefityear-nNPV = - I

n



Business Value: Example

Business Value = Net Present Value (NPV)

Earnings: Year1 Year2 Year3 Year5 Year6240‘000 € 270‘000 € 230‘000 € 280‘000 € 300‘000 €

htt

p:/

/w

ww

.eco-w

ay.c

h/?p=10846

Investment:

- 860‘000.- €

(1+0.8)-1

1.08(1+0.8)-2

1.17(1+0.8)-3

1.26(1+0.8)-4

1.36(1+0.8)-5

1.478 %/year:

NPV = +165‘000 €

+ 222‘000 €+ 230‘000 €+ 182‘000 €+ 205‘000 €+ 186‘000 €+ 1‘025‘000 €



Business Value: Importance

Why is the business value of asoftware development important?

(Most) development activities must have a positive NPV,i.e. the activity should generate more income than cost

The calculated NPV is an important decision metric(GO/NOGO for a project)

The NPVs of projects are key financial planning data




Agility



Agility: Definition

Agility =

The capability to develop and introduce

new functionality with:

• short time-to-market

• reasonable development cost

Important note: This capability is a property of an organization,

but is heavily based on a good, evolvable structure of the system



Agility: Metric

Metric Idea: Agility ~ Size2/(TtM*DevC)

Functionality with:

• short time-to-market

• reasonable development cost

Size

TtM

DevC



Agility: Metric

Project Start Project End

TtM (Time-to-Market)Unit: days (d)

Project Start Project End

DevC (Development Cost)

WarrantyPeriod

Unit: k€

TtMi DevCi

(Sizei)2

Unit: #UCP2/(days*k€)

Amount of functionality:Functional Size

Size Unit: #UCP or #FP



Clarification: Software Size

Functional Size

ImplementationSize

RequirementsSpecification

FPFunctionPoints

UCPUse CasePoints

SLOCSourceLines ofCode



• David Garmus, David Herron: Function Point Analysis – Measurement Practices for SuccessfulSoftware Projects. Addison-Wesley, Boston, USA, 2001. ISBN 978-0-201-69944-3

• IFPUG: International Function Point Users Group (http://www.ifpug.org)

Clarification: Function Points (FP)

FP Definition:A function point is a unit of measurement to express theamount of business functionality an information systemprovides to its users (https://en.wikipedia.org/wiki/Function_point)

• Function A• Function B• Function C• …

Requirements

Function PointAnalysis Method

# of Function Points

Cost Estimation Agility Metric



Clarification: Function Points (FP)

• Function A• Function B• Function C• …

• Input data• Queries• Output data• Data bases• Reference data• Interfaces

Complexity:o lowo mediumo high

(IFPUG-Factors) DevelopmentProcess

ImpactFactors

(IFPUG-Factors)

# FPsFunctional Size



Clarification: Use Case Points (UCP)

UCP Definition:Use Case Points (UCP) is an estimation method thatprovides the ability to estimate an application’s size andeffort from its use cases (http://www.codeproject.com/Articles/9913/Project-

Estimation-with-Use-Case-Points)

UseCases

UCP = TCF * ECF * UUCP * PF

1. Technical Complexity Factor (TCF).2. Environment Complexity Factor (ECF).3. Unadjusted Use Case Points (UUCP).4. Productivity Factor (PF).

Roy Clem: Project Estimation with Use Case Points. Code Project, 22 March 2005http://www.codeproject.com/Articles/9913/Project-Estimation-with-Use-Case-Points



Agility: Example

Project Size(#UCP)

TtMi(days)

DevCi(k€)

End Date

P1 1’200 900 5’600 Jan 2012

P2 650 645 2’566 Jan 2012

P3 4’400 5’280 27’270 March 2012

P4 980 620 5’400 April 2012

P5 11’250 6’600 75’600 April 2012

P6 2’300 1’900 13’900 June 2012

P7 800 390 6’200 August 2012

P8 1’850 1’250 13’200 August 2012

etc. … … … …

AgilityTtMi DevCi

(Sizei)2

Unit: #UCP2/(days*k€)

availability data

measurementperiod

CREDIT SUISSE values:

~ 4.2 k€/UCP

~ 0.8 days/UCP

[Murer/Bonati/Furrer

ISBN 978-3-642-01632-5]



Agility: Importance

Why is agility so important?

time

Time to market

Reqs

Time to market

Time to market

we

Competitor A

Competitor B

time

Development Cost

Reqs

Development Cost

Development Cost

we

Competitor A

Competitor B



Agility: Importance


“It is not the strongest of the species that survives,nor the most intelligent that survives.It is the one that is the most adaptable to change.”

Charles Darwin: The Origin of Species (1859)

Today: «most adaptable to change»applies to software-systems and thecompanies which live from them



Agility impacts every project

Low agility: (all) projects are late and expensive

= high resistance to change bad!

High agility: (all) projects are in time and cost-efficient

= low resistance to change good!

High agility allows to use the company resources moreefficient

Agility is an important competitive market factor

Agility: Importance





Resilience



Why is resilience very important for future-proof software?

The world has become a dangerous place for software The world has become a dangerous place for software



Incident System& Environment

Impact

http://www.403wg.afrc.af.mil

http

s:/

/w

ww

.berita

tekn

olo

gi.c

om

Dis

rupti

on



Marc Elsberg:

BLACKOUT - Morgen ist es zu spät

Blanvalet Taschenbuch Verlag17. Juni 2013

ISBN-13: 978-3-4423-8029-9

Black Swan Publishing9. February 2017

ISBN-13: 978-1-78416-188-0

Marc Elsberg:

BLACKOUT – Tomorrow will be too late

Resilience (Security)

Strongly recommended reading:

• Technically sound

• Thriller storyline



Resilience: Definition

Resilience is the capability of a system

• to absorb the disruption,

• to recover to an acceptable level ofperformance,

• to sustain that level for an acceptableperiod of time

http://www.incose.org/practice/techactivities/wg/rswg/

Engineering Tasks:

Before – Allows anticipation and corrective action to be considered

During – How the system survives the impact of the disruption

After – How the system recovers from the disruption

http

://botte

ga.a

valo

nceltic

.com



Example: Nucelar Power Plant

Terrorist

Hacker

Earthquake

Impact: None

Impact: Shutdown

Impact:TemporaryShutdown

http://www.cleanenergyinsight.org/energy-insights

DisruptiveIncident

Result (Impact)



Environment

SoftwareSystem

Error

htt

ps:/

/sou

ndclo

ud.c

om

Crash

t

Degraded operation

t

t

Malfunction

htt

p:/

/kan

to.s

trip

es.c

om

Resilience: Definition



Example: Immune System

http://ageless-society.com

2n

dlin

eofdefe

nse:

Un

specific

defe

nse

3rd

lin

eof

defe

nse:

Specific

defe

nse

4th

lin

eof

defe

nse:

Learn

ing/A

dapta

tion

1stlin

eofdefe

nse:

Ph

ysic

albarr

ier

adjust



The four cornerstones of resilience

responding[actual]

knowingwhat to do

Holln

agel,

2011,

ISB

N978-1

-4724-2

074-9

monitoring[critical]

knowingwhat to look

for

learning[factual]

knowingwhat hashappened

anticipating[potential]

knowingwhat toexpect

t

before during after

adjust

adjust



Resilience: Metric

Incident System& Environment

Impact

Damage Potentialof the Incident:

• catastrophic• critical• severe• marginal• negligible

Resulting Impact:

• catastrophic• critical• severe• marginal• negligible

Response ofthe system



Resilience: Metric

Damage Potential:• catastrophic: 5• critical: 4• severe: 3• marginal: 2• negligible: 1

Resulting Impact:

• catastrophic: 5• critical: 4• severe: 3• marginal: 2• negligible: 1

Incid

ent

Impact

Response ofthe system

Resilience against 1 incident: 1 = [Potential – Impact]

Weight:

• Predicted (= before

the incident)

• Actual (= after the

incident)

Example 1: [Potential (= 2) – Impact (= 3)] = -1

Example 2: [Potential (= 4) – Impact (= 2)] = +2

Amplification

Resilience



Resilience: Metric

System resilience over a time period :

=1n [Potentiali - Impacti]; i = 1 … n

n incidents in a time period



Resilience: Metric Example: Banking System Incidents

Date Incident Damage

Potential

Damage Impact Remarks

4.1.13 DB2 Database

Crash

4 Operational blackout for 3

hrs (Recovery time)

2 4 – 2 = 2 Save & recovery procedures

worked well

6.1.13 Semnager Virus

Infection

3 Small number of customers

affected

2 3 – 2 = 1 Payment check procedures

worked well

21.2.13 Crash of

authentication

servers

3 Employees could not access

the IT system for 1 hour

1 3 – 1= 2 Backup/recovery mechanisms

worked well

4.5.13 Fibre trunk cable

damaged (by

construction work)

4 No external communications

for 5 hours

3 4 – 3 = 1 Emergency repair in time

9.12.13 Illegal financial

transaction

executed (fault in

sanction filter)

3 Legal & compliance

consequences

3 3 – 3 = 0 Sanction filter update process

improved

System resilience over 5 incidents: 5 =1n i = 1.20



Resilience: Importance

Why is resilience so important?

Software has an enormous impact on people and society:

• Functionality in all areas of life and work

• Tremendous business opportunities & risks

• etc.

Software failures may have grave consequences:• Accidents in safety-critical systems (death, injury)

• Financial or reputation loss

• Legal & regulatory consequences

• Product liability cases

• etc.



Resilience: Importance

Disruptions:rate &severity

time

Dependenceon software

htt

p:/

/blo

g.q

ate

stl

ab.c

om

htt

p:/

/w

ww

.com

pu

terp

erf

orm

an

ce.c

o.u

k



2020 2010

t

Complexity

t

Tractability

System

Safety Case

Disruptive Incidents1. Xxx2. Yyy3. Zzz

predictpredict adjustadjust

System

Incid

ent

?

ResilientSystem



Resilience must be planned and built-in

- Not added as an afterthought!

htt

ps:/

/w

ww

.in

tivix

.com



If we continue to develop our technology withoutwisdom or prudence, our servant may prove to be

our executionerOmar N. Bradley (U.S. Army General, Chairman of the Joint Chiefs of Staff [1949])

htt

p:/

/w

ww

.1zo

om

.me/en

/w

allpaper




Summary



… our dependence from

software is almost total!

htt

p:/

/codeverg

e.c

om

Software

Responsibility: We must build and maintain software

which not only serves us, but also protects us

• Business Value

• Agility

• Resilience

Safety Security Availability …

• Quality Properties

Performance Energy-efficiency Resource optimization …



• Business Value

• Agility

• Resilience

Safety Security Availability …

• Quality Properties

Performance Energy-efficiency Resource optimization …

ProgramModule

ApplicationLandscape


«Quality»



improvement

deterioration

technicaldebt

architectureerosion

goodarchitects

evolution strategy

«Quality» ofApplicationLandscape

# of changes

complexity

change

uncertainty



technicaldebt

architectureerosion

complexity

change

uncertainty

Part 2(nextlecture)

deterioration


# of changes



goodarchitects

Evolutionstrategy

improvement


# of changes

Part 2(nextlecture)

Part 5




Literature



References: Business Value

Reference

Theo J.W. Renkema :

The IT Value Quest – How to Capture the Business Value of IT-Based Infrastructure

John Wiley & Sons, Inc., Chichester, UK, 2000. ISBN 978-0-471-98817-0

Roger Gutbrod, Christian Wiele:

The Software Dilemma – Balancing Creativity and Control on the Path to Sustainable Software

Springer-Verlag, Heidelberg, 2012. ISBN 978-3-642-27235-6

Luke Hohmann:

Beyond Software Architecture – Creating and Sustaining Winning Solutions

Pearson Education, Addison-Wesley, Boston, USA, 2003. ISBN 978-0-201-77594-8

Gerrit Muller:

Systems Architecting – A Business Perspective

CRC Press (Taylor & Francis), Boca Raton, FL, USA, 2012. ISBN 978-1-4398-4762-6

Dan Remenyi, Arthur Money, Michael Sherwood-Smith:

The effective measurement and management of IT costs and benefits

Butterworth-Heinemann, Oxford UK, 2nd edition, 2000. ISBN 0-7506-4420-6

Jeanne W. Ross, Peter Weill, David C. Robertson:

Enterprise Architecture as Strategy – Creating a Foundation for Business Execution

Harvard Business Review Press, USA, 2006. ISBN 978-1-5913-9839-4



References: Agility

Reference

Barry Boehm, Richard Turner:

Balancing Agility and Discipline – A Guide for the Perplexed

Pearson Education, Addison-Wesley, Boston, USA, 2004. ISBN 978-0-321-18612-5

Richard de Neufville, Stefan Scholtes:

Flexibility in Engineering Design

MIT Press, Cambridge, USA, 2011. ISBN 978-0-262-01623-0

James Coplien, Gertrud Bjornvig:

Lean Architecture for Agile Software Development

John Wiley & Sons, Inc., Chicester UK, 2010. ISBN 978-0-470-68420-7

Fred A. Cummins:

Building the Agile Enterprise – with SOA, BPM and MBM

Morgan Kaufmann (Elsevier), Amsterdam, 2009. ISBN 978-0-12-374445-6

Jez Humble, David Farley:

Continuous Delivery – Reliable Software Releases through Build, Test, and Deployment Automation

Pearson Education (Addision-Wesley), Boston, USA, 2011. ISBN 978-0-321-60191-9

Bertrand Meyer:

Agile! – The Good, the Hype and the Ugly

Springer Verlag, Berlin und Heidelberg, 2014. ISBN 978-3-3190-5154-3

Dean Leffingwell:

Scaling Software Agility – Best Practices for Large Enterprises

Pearson Education (Addison-Wesley), Boston, USA, 2007. ISBN 978-0-321-45819-3



References: Resilience (1/2)

Reference

Erik Hollnagel, David D. Woods, Nancy Leveson (Editors):

Resilience Engineering – Concepts and Precepts

Ashgate Publishing Ltd., Aldershot, UK, 2006. ISBN 978-0-7546-4904-5

Erik Hollnagel, Jean Pariès, David D. Woods, John Wreathall (Editors):

Resilience Engineering in Practice – A Guidebook

Ashgate Publishing Ltd., Farnham, UK, 2011. ISBN 978-1-4724-2074-9

Erik Hollnagel :

FRAM: The Functional Resonance Analysis Method – Modelling Complex Socio-Technical Systems

Ashgate Publishing Ltd., Farnham, UK, 2012. ISBN 978-1-4094-4551-7

Michael Howard, David LeBlanc:

Writing Secure Code – Practical Strategies and Techniques for Secure Application Coding in a Networked World

Microsoft Press, Redmond, USA, 2003. ISBN 0-7356-1722-8

Clifford J. Berg:

High-Assurance Design – Architecting Secure and Reliable Enterprise Applications

Addison-Wesley, N.J., USA, 2006. ISBN 0-321-37577-7

Scott Jackson:

Architecting Resilient Systems – Accident Avoidance and Survival and Recovery from Disruptions

John Wiley & Sons, Inc., New Jersey, USA, 2010. ISBN 978-0-470-40503-1



References: Resilience (2/2)

Reference

C. Warren Axelrod:

Engineering Safe and Secure Software Systems

Artech House, Norwood, USA, 2013. ISBN 978-1-60807-472-3

Stuart Anderson, Massimo Felice:

Emerging Technological Risk – Underpinning the Risk of Technology Innovation

Springer-Verlag, London, UK, 2012. ISBN 978-1-4471-2142-8

Nancy G. Leveson:

Engineering a Safer World – Systems Thinking applied to Safety

MIT Press, Cambridge MA, USA, 2011. ISBN 978-0-262-01662-9

Mark S. Merkow, Lakshmikanth Raghavan:

Secure and Resilient Software Development

CRC Press, Taylor & Francis Group, Boca Raton, USA, 2010. ISBN 978-1-4398-2696-6

Kim Zetter:

Countdown to Zero Day – Stuxnet and the Launch of the World's First Digital Weapon

Crown Publishing, 2014. ISBN 978-0-7704-3617-9

Drew Chapman:

The Pattern of Fear – Paranoia is all in the Mind

Penguin Books, London, UK, 2013. ISBN 978-1-405-91287-7

Jeffrey Papows:

Glitch – The Hidden Impact of Faulty Software

Prentice Hall Inc., USA, 2010. ISBN 978-0-132-16063-6



Date Topic

Wk 41: Wed, 12. Oct. 16 Introduction

Wk 43: Wed, 26. Oct. 16 Managed Evolution for Software



Wk 49: Wed, 7. Dez. 16 Architecting for Agility (3)

Wk 51: Wed, 21. Dez. 16 Architecting for Resilience (1)

Wk 3: Wed, 18. Jan. 17 Architecting for Resilience (2)

Wk 5: Wed, 1. Feb. 17 Skills and Personality of the Future-Proof Software-Engineer

Lecture: 3.+4. DS (11:10 – 12:40 und 13:00 – 14:30) in room APB/E010

Part1 V10 20161008 - TU...

Documents

Transcript of Part1 V10 20161008 - TU...