Skip to end of metadata
Go to start of metadata

Current and future technical infrastructure, including hardware and software, that support Queen's information systems.

This is based on US NIH, which appears to be using a Gartner framework (prior login required).

Core technology building blocks, which we call bricks, are foundational architectural elements, such as operating systems or databases. These bricks are assembled in accordance with design patterns to provide a technology function. Each of these building blocks has a scope of use, tactic, strategy and life cycle in its role within the enterprise architecture. We call the documentation of each core technology and its use an "architectural brick."

Compare also University of Wisconsin's Service Taxonomy and BRICK model.


Life cycle stages
MainstreamPrimary for new systems or legacy transfer
ContainmentNo new development
RetirementTo be eliminated
EmergingTo be evaluated for future use

 

Applications Technology

Technical tools (software), such as application servers and Web servers, that enable the development of software applications that automate specific business tasks.

Principles:

Patterns:

  • SSL session termination is on network load balancers behind the firewall to take advantage of crypto accelerators and consolidate certificate management.

NIH: Applications Technology

Bricks:

Application Server Brick

An application server is a modern form of platform middleware. It is system software that resides between the operating system on one side, and the external resources - such as DBMS, communications and Internet services - on another side, and the users' applications on a third side. At runtime, the application server is to act as host (or container) for the user's business logic while facilitating access and performance of the business application. The application server must perform despite the variable and competing traffic of client requests, hardware and software failures, the distributed nature of the larger-scale applications, and potential heterogeneity of the data and processing resources required to fulfill the business requirements of the applications.

MainstreamApache Tomcat 
 Apache httpd + PHP 5+ 
ContainmentSun Glassfish 
 Microsoft Internet Information Services (IIS)Only as application requirement
 Oracle WeblogicFor PeopleSoft only
Retirement Sun Java Application Server 
Emerging  

Revised: 2013-

Web Server Brick

Web servers are software that serve as engines which run websites. Through a Web listener, they accept HTTP (non-encrypted) and HTTPS (encrypted) connections from Web browsers. The Web server may return HTML based Web pages and other files directly to the browser, or may invoke additional software that performs processes such as database interaction and generates the returned HTML or files.

MainstreamApache httpd 2.4+ 
ContainmentSun Java Web server 
Retirement

Apache httpd 1.x

 
   
Emerging  

Revised: 2013-

Collaboration

Technologies and tools, such as email, messaging, workflow, and document and content management, that enable users to access vital information resources, share information, and work and communicate effectively and efficiently with peers, customers, and the public.

Principles:

Patterns:

NIH: Collaboration

Bricks:Enterprise Directories Brick

Enterprise Directories Brick


MainstreamOracle Directory Server Enterprise Edition 
 Microsoft Active Directory 
Containment  
Retirement  
Emerging  

 

Data Management Technology

Technical tools (software), such as data warehouses or other databases, that enable information storage, retrieval, management, and analysis.

Principles:

Patterns:

NIH: Data Technology

Bricks:

Online Transaction Processing (OLTP) Database Server Brick

The Online Transaction Processing (OLTP) database market is defined by products that are suitable for a broad range of enterprise-level real time applications, including purchased business applications such as enterprise resource planning, customer relationship management, and customized transactional systems.

Mainstream

Oracle Database 10g+, 11g

 
 MySQL 5.+ 
 Microsoft SQL ServerCommercial applications
Containment  
Retirement  
EmergingOracle Database 11g on Exadata 

 Revised: 2013-

Data Warehouse Database Server Brick

Data Warehouse (DW) database functional requirements are different than Online Transaction Processing (OLTP) Database Management Sytems (DBMS) in that they support large databases, complex multi-table join processing and schema support, and have specialized index technology, workload management, and data partitioning capabilities. Most importantly, they support parallel capabilities (e.g., I/O, query and operations), and parallel utilities (e.g., backup/recovery and reorganization). DW databases are generally not updated real time, but are frequently updated via over night, batch oriented processes.

Mainstream  
Containment  
Retirement  
EmergingOracle Exadata 

 Revised: 2013-

Integration Technology

Technical infrastructure, including middleware, Web services, integration adapters, and business process management tools, thatenables applications to communicate with each other effectively while preserving information and data integrity.

Principles:

Patterns:

NIH: Integration Technology

Bricks:

Data Management Middleware Brick

Data management middleware functionality helps programs, including application programs and database management systems (DBMS), read from and write to remote databases or files.

The most widespread forms of middleware today are the remote database access and remote file access middleware bundled into a DBMS or a network operating system, respectively. These support traditional two-tier client/server architectures and can also be used for more sophisticated multi-tier applications. All modern relational DBMSs include a networking capability so that the DBMS engine can optionally be called from a client application located elsewhere.

MainstreamOracle Net Services 
 Oracle JDBC 
 MySQL xxxx 
ContainmentMicrosoft xxxxOnly as application requirement
Retirement  
Emerging  

 Revised: 2013-

File Transfer Middleware Brick

Description

Mainstreamsftp 
 ssh 
 nfs 
 CIFS 
ContainmentWebDAV 
Retirement  
Emerging  

 Revised: 2013-

Integration Broker Brick

An integration broker is a third-party intermediary that facilitates interactions among application systems. By definition, the broker itself provides two primary value-added application-layer functions:

  • Transformation - translates message or file contents, including both syntactic "conversion" and some degree of (greater or lesser) semantic "transformation."  
  • Routing (flow control) - some form of smart addressing, such as content-based routing and/or publish-and-subscribe. Note that intelligent routing is stateless.
Mainstream  
ContainmentOracle PeopleSoft Integration BrokerFor PeopleSoft only
Retirement  
Emerging  

 Revised: 2013-

Extract/Transform/Load Processor Brick

Description

Mainstream  
Containment  
RetirementPentahoudmaint
Emerging  

 Revised: 2013-

Brick Name

Description

Web Services Protocol Brick
Federated Identity Brick

Federated Identity service gives a person the ability to use the same user name, password, or other personal identification to access multiple applications or data sources securely and seamlessly by relying on the identity provider’s authentication process rather than Queen’s, or to use a Queen's identify to access a service operated by another organization. Federated Identity service is enabled through the use of open industry standards and/or openly published specifications.

MainstreamShibboleth 
 Microsoft Active Directory Federation Service (ADFS) 
 Eduroam RADIUS 
 CiscoACS RADIUS 
Containment  
Retirement  
Emerging  

 Revised: 2013-

Brick Name

Description

Mainstream  
Containment  
Retirement  
Emerging  

 Revised: 2013-

Networks

The major technical elements required to provide data and Internet communications across the campus and with locations around the globe.

Principles:

Patterns:

NIH: Networks

Bricks:

Communications Protocol Brick

Communications protocols define the rules for sending blocks of data from one node in the network to another node and are normally defined in layers. A protocol specification defines the operation of the protocol and may also suggest how the protocol should be implemented.

Minimizing the number of protocols in use can benefit NIH by simplifying the environment and improving interoperability. Minimizing the number of network protocols will have a significant return on the total cost of ownership (TCO) for network management.

Mainstream: TCP/IP

MainstreamTCP/IP 
ContainmentFCPExisting storage network only
Retirement  
Emerging  

 Revised: 2013-

Campus Area Network Brick

A Campus Area Network (CAN) is a computer network that interconnects Local Area Networks (LAN) throughout a limited geographical area, such as a university campus or corporate campus.  A Campus Area Network is, therfore, larger than a Local Area Network but smaller than a Widea Area Network.  A Campus Area Network is more flexible to build, upgrade, and operate, as all CAN resources are owned and operated within the organization's boundaries.

 

MainstreamSingle mode dark fibre owned and operated by Queen's supporting 10Gbps coarse wavelength division multiplexing (CWDM) 
ContainmentLeased single mode dark fibre supporting 10Gbps coarse wavelength division multiplexing (CWDM) 
 Multimode dark fibre owned and operated by Queen's 
Retirement  
Emerging  

 Revised: 2013-

Metropolitan Area Network Brick

A Metropolitan Area Network (MAN) is a large computer network that spans a metropolitan area. MANs provide Internet connectivity for Local Area Networks (LAN) in a metropolitan region, and connect them to wider area networks like the Internet. MANs typically operate within 50 kilometres of the campus. Its geographic scope falls between a WAN (Wide Area Network) and a LAN. In the context of Queen's, MANs provide connectivity between off-campus buildings to the core network on campus.

MainstreamLeased dark fibre supporting 10Gbps coarse wavelength division multiplexing (CWDM) 
Containment

Leased Ethernet VLAN service, 10 Mbps to 1 Gbps

 
Retirement  
Emerging  

 Revised: 2013-

Ethernet Router, Switch and Cabling Brick

Core routers are part of the backbone, which also contains all the high-speed transport media. This layer does not provide any packet manipulation.

Distribution routers and switches connect the access layer to the backbone network. The distribution layer directs and filters traffic between access layer and the core layer.

Access routers and switches connect subnets to the distribution layer. In some cases, the access router/switch functionality is combined with the distribution and workgroup layer switches so that a single box performs the functions of access, distribution and/or workgroup layers.

 Core routerDistribution router/switchAccess switchLAN Cabling 
Mainstream

Cisco 6500

Cisco 4500/3700/3500Cisco 4500/3700/2900

Gigabix Category 6

 
    Single mode fibre 
Containment   

Category 5E

 
    Multi mode fibre 
Retirement   Category 3 
Emerging   Fibre to the desktopSpecialized > 1Gbps
    Software based swData centre

 Revised: 2013-

Remote Network Access Brick

Remote access provides the ability to connect to the network from a distant location. This requires a computer and an external internet service provider. Remote access via a virtual private network (VPN) creates encrypted tunnels over an existing Internet connection between remote users and the network data center.

Mainstream

RDP with TLS to Windows Terminal Server

 
 Cisco ASA IPSec VPN 
 Cisco ASA SSL VPN 
ContainmentRDP to desktop 
Retirement  
Emerging

Windows Terminal Services Gateway

PCoIP

 

 Revised: 2013-

Network Load Balancing Brick

Load balancing technology is used to balance workload across servers to improve availability, performance, and scalability. Network Load Balancers are implemented at the workgroup/server switch layer. Load balancing increases performance consistency and application availability and are therefore recommended for NIH enterprise applications. A one-to-one or one-to-many mapping can be used to access a specific server or a group of servers respectively. Additionally, it offers multiple algorithms for mapping user requests to servers (e.g., round-robin, random, or depending on server utilization) and provides proxy services.

The In-line configuration provides Network Address Translation (NAT), essentially acting as a filtering firewall. This configuration provides added security.

In order to deliver improved availability, the load balancers must be deployed in pairs, with hot standby configured.

MainstreamF5 Big IP LTM in NAT mode 
ContainmentF5 Big IP LTM in one-arm mode 
Retirement  
Emerging

Big IP version 11 clustering

Application delivery controllers

Big IP Global traffic manager

 

 Revised: 2013-

Wireless Local Area Network Brick

The role of a wireless local area network (WLAN) is to extend network coverage to allow for in-building or campus communication for mobile users; WLAN equipment can also be used to create ad hoc networks for temporary situations such as conference registrations.

A controller/thin-AP pattern is used to simplify management.

 TechnologyVendors 
Mainstream

802.11a/b/g/n

Aruba 6000 series controlers, 100 series APs 
    
Containment   
Retirement   
Emerging802.11acAruba 7200 series controllers 

 Revised: 2013-

Platforms

Basic technologies of a computer system's hardware and software that defines how it is operated and determine what other kinds of software can be used with it.

Enterprise servers consist of the platform hardware and the operating system that together support the operating environment to support application and database servers that serve the entire university. They typically serve hundreds, if not thousands, of concurrent users and utilize high availability and redundant configurations to minimize downtime. 

Mid-range servers consist of the platform hardware and operating system that together support the operating environment for applications and databases that serve a smaller group of users.Because the distinctions between enterprise and mid-range servers depend on subjective estimates of workload magnitude, this brick addresses both enterprise and mid-range servers. These standards are meant to provide guidance when selecting a server for a new application or when upgrading the server environment for an existing application. It cannot replace the capacity planning and operational support analysis needed to ensure the new server environment (including storage subsystems and peripherals) that is not addressed here is capable of meeting the size, maintainability, performance, and availability requirements of the business. This brick specifically provides baseline information and the future direction for deploying enterprise and mid-range servers at NIH in terms of the preferred operating systems.

Principles:

Patterns:

NIH: Platforms

Bricks:

Enterprise and Mid-Range Server Operating System Brick
Description
Mainstream

Microsoft Windows Server 2012

 
 Red Hat Enterprise Linux 
ContainmentMicrosoft Windows Server 2008 R2 
 Oracle LinuxOnly for PeopleSoft
RetirementSun Solaris 10 
Emerging

 

 

 Revised: 2014-05

Enterprise and Mid-Range Server Platform Processor Brick

Description

  Server Vendors 
Mainstream

Intel x64

IBM 
  Dell 
    
Containment   
RetirementIntel x86  
 SPARCOracle 
EmergingIntel x64HP 

 Revised: 2014-05

On-line Storage Brick

Description

   
Mainstream

EMC VNX

 
Containment  
RetirementSun 6140 
Emerging  

 Revised: 2014-05

Security

Confidentiality, integrity, and availability of NIH information and information systems such that the level of protection is commensurate with risk.

Principles:

Patterns:

NIH: Security

Bricks:

  • Intrusion Detection Brick
  • Federated Identity Authentication / Authorization Brick
Identification and Authentication Brick

This standard establishes Queen's NetID as the required method of implementing authentication in web-based applications at Queen's. Authenticated identities are the basis for many other information security services. Therefore, Queen's needs to:

  • Verify user identity as the basis for access control to Queen's resources
  • Control individual user access to the resources and services provided by those systems 
  • Create an audit trail of individual user access or attempted access to those systems, resources and services

Authentication services are crucial to access control and auditing services. If users' identities are not properly authenticated, Queen's has no assurance that access to resources and services are properly controlled. In most situations, NetID and password combinations will provide an appropriate level of security if the User ID and password conform to Queen's policy. However, Queen's will implement stronger authentication for enterprise users with high system privileges (e.g. system, network and security administrators).

MainstreamQueen's NetID 
ContainmentApplication specific user authentication 
RetirementRSA SecurID for two-factor authentication 
Emerging  

 Revised: 2014-05

Federated Identity Authentication / Authorization Brick

See Federated Identity above.

Systems Management

Processes and tools that monitor the hardware, software, applications, networks, and operational elements in the university information technology (IT) environment.

Principles:

Patterns:

NIH: Systems Management

Bricks:

  • Availability - Application Management Brick
  • Availability - Database Management Brick
  • Availability - Server Management Brick
  • Availability - Storage Management Brick
  • Availability - Network Management Brick
  • Configuration Management Software Brick
Backup Brick

Description

   
Mainstream

EMC Networker

Tivoli Storage Manager 

Solaris servers

Windows servers and PCs

Containment  
Retirement  
Emerging

Veeam

CommVault Sympana

 VMWare servers & VMs

 Revised: 2014-05


 

 

  • No labels