sw arch final
Briefly describe the six steps presented in the slides that describe the process of a client making a request for services across a network connection.
1. Client obtains the network address of the server. 2. Client opens a connection (TCP/IP Socket) with the server across the network. 3. Client sends a request message to the server across the socket and listens for (reads) a response. 4. The server processes the request message and produces the information needed by the client. 5. The server builds and sends a response message with the needed information back to the waiting client across the socket. 6. The client receives the response message and continues processing with the information contained in the response.
Describe each of the four sections suggested to document a design pattern. Briefly document one of the patterns selected in question 1. Don't select the Singleton. There is no need to include UML or pseudo code.
1. Name - Descriptive name of the pattern. 2. Problem - Describe the problem the design pattern addresses. What are the circumstances of deploying this pattern? 3. Solution - Provides a generic implementation description of the solution. Comprised of UML, sample code and written text. 4. Consequences - What are the drawbacks of using this specific pattern in other aspects of the design? What are alternatives to consider?
Briefly describe the TCP socket and its relationship with communicating processes.
A TCP socket is a two-way communication channel between two processes usually on two machines separated by a network. (Sockets are also used to communicate between two processes on the same machine.)
Describe the meaning and differences between System Faults and System Failures
A failure occurs when the system is unable to deliver one or more of its design services to the users. A fault is a runtime problem that occurs during a system's operations that does not necessarily result in a failure.
Explain in a short paragraph how a load-balanced cluster works.
A load balanced cluster is a set of N processors, each of which provides the same services i.e. runs the same software. The cluster includes a 'load balancer' which is a simple device which assigns incoming requests to processors in the cluster. The balancer utilizes some algorithm that determines which processor to assign the next incoming request e.g. round-robin assigns request to P1, 2, 3, 1, 2, etc.
Explain how the use of an interface decreases the coupling between the client and server's implementation.
Abstracting the service's public methods into an interface allows the designer to decouple the service definition from the service's implementation. The goal is to design service clients against the interface, not the interface's implementing class Notice in the diagram that the client now interacts with an interface. In practice, any implementation of the service can be provided to the client without any changes to the client's design.
Why do we still need Shared Key Encryption (AES) when PPK is available?
Although PPK is revolutionary in the way encryption / decryption keys are used, the RSA encryption / decryption algorithm is computationally very expensive and too slow to be practically used to create secure communication channels. Single key encryption algorithms are an order of magnitude faster than PPK. However PPK plays an important role in establishing a secure channel by allowing the secure exchange of the encryption / decryption key using public & private keys. See the slides concerning SSL for detailed explanation of how this is accomplished.
How can performance of an individual service be scaled through processes and processing nodes?
An executable can be replicated across several processors (i.e. a cluster) to achieve increased performance and reliability i.e. load balanced cluster.
What is the relationship between executables and processes?
An executable file is 'executed' or 'run' in a process.
When are extension points needed in the system's design identified?
An extension is a feature identified by the SME / requirements that will not be included in the initial version of the system currently under development, but is expected to be included in future system releases. The extension point is placed into the design to make the eventual implementation less intrusive into the system's implementation i.e. less reworking of existing services when integrating the new service(s).
What is the meaning of the term "extension point" in a software design?
An extension point is a feature of the design intended to simplify the inclusion of new features into the system i.e. to extend the design to accommodate a future need with the least impact on the design / implementation of the current release.
Describe how application-based authorization protects web services from unauthorized client access.
Application-based authorization are role-based checks that are implemented in the service's implementation. This involves embedding access-rights checks directly in the system's implementation by the software developer. This makes application-based authorization difficult to maintain. However, application-based authorization allows the developer to implement sophisticated rules for service access that goes beyond what can be accomplished using container-based approaches. For example, access control rules can include roles and the time of day when making a decision concerning access to controlled services.
Describe how container-based authorization protects web services from unauthorized client access.
Container based authorization are mechanisms built into the application deployment container (e.g. Tomcat) that verifies a client's access-rights before permitting the client access to the protected service. The service's configuration in the container includes the roles needed to access the service. Container-based authorization is easy to configure. It requires no special code in the service implementation to utilize role-based access-rights. However container-based authorization lacks flexibility in determining whether access is granted.
What are the three important features of design patterns given in the slides? (2)
Design patterns are a mechanism used to capture the experience of software designers and record those experiences for their peers.
What are the three important features of design patterns given in the slides? (3)
Design patterns are a tool used to communicate designs at a higher level than text, diagrams, or code.
What are the three important features of design patterns given in the slides? (1)
Design patterns describe a design problem that occurs many times in software development, and describes the core of a solution to that problem.
Describe each of Kruchten's Four Views of Architecture. (3)
Development View: Presents system components from the implementation components i.e. packages, libraries, and other implementation artifacts. Can also present a work breakdown (work-tasks), scheduling dependencies between work-tasks, and assignment of work-tasks to developers.
How is each end of a socket presented to its process i.e. how does a process / thread use a socket to communicate with the 'other end' of the connection?
Each end of the socket is presented as an input stream and output stream. A sending process 'writes' data to its output stream and the data is transported to the receiving process at the other end. The receiving process reads() the data from its input stream. Both ends of the socket have input and output streams so both ends can act as sending or receiving processes.
What is an example of how extension points can be incorporated into a design i.e. an example including the design patterns used.
Example: adding an interface and stub implementation of a service identified in the analysis of the current version of the system but to be added in a future version. Example: The use of a design pattern (e.g. Factory pattern) in a design to allow the integration of new types and features. Example: the use of inheritance and polymorphism can be used to add a new feature as a subclass of an existing abstract operation or command.
Describe the relationship between the two in terms (system fault v. system failures) of the System's Availability and the role of Availability Tactics.
If the fault can be masked from the users by some recovery or preventative measure the system design has employed (a recovery or preventative tactic) the fault does not become a failure.
Describe each of Kruchten's Four Views of Architecture. (1)
Logical View: Presents the system service classes described by the problem domain and scenarios. Describes services as classes and components. Describes the relationships between services in terms of the responsibilities each has been assigned and their dependency on other services to fulfill those responsibilities.
Describe each of the four sections suggested to document a design pattern.
Name, problem/motive, solution, consequences/drawbacks
Which of these two (unit v integration testing) is used to determine whether the system meets its non-functional requirements e.g. security or performance?
Non-functional testing is performed against the integrated system so would be considered an integration test.
What is the relationship between service classes (a class providing a service to external clients) and an executable (exe file, war file, others)?
One or more services are bundled (linked) into an executable.
Describe each of Kruchten's Four Views of Architecture. (4)
Physical View: Presents the assignment of components or subsystems (processes) onto processors (servers), network communication between processor, subnets, firewalls, physical locations, and other aspects of the system's deployment.
Describe each of Kruchten's Four Views of Architecture. (2)
Process View: 1) Describes the assignment of services to processes / executable programs. 2) Describes the interaction between processes to implement the given scenarios; usually via UML sequence diagrams. 3. Describes the optional use of tasks (threads) to describe scheduled activities needed to implement scenarios.
Why is regression testing important when the project utilizes an iterative (incremental) software development process e.g. Scrum?
Regression testing is especially important in an incremental development process where new features are continually being added during each iteration and each new addition may break code that was added (and working) from a previous iteration.
What is the meaning of "Regression Testing"?
Regression tests are designed to uncover faults that have been introduced into the system's implementation during construction (coding). Generally, these are faults in features / interfaces / services that were once working correctly but have been broken (regressed) during recent development activities.
What type of software reusability does design patterns represent?
Reuse of solutions and of designs. Not the reuse of specific implementation, but of the motivation and general solution to a problem described in a way to allow the solution to be applied to specific implementations.
What is Secure Socket Layer (SSL)? Specifically describe the intrusion that SSL prevents.
SSL is a secure TCP socket (two-way communication channel) whose contents is encrypted on the sending side and decrypted on the receiving side. This prevents a man-in-the-middle from reading the message as it moves through the public internet.
Describe the three responsibilities the Monitoring Agent has in implementing availability tactics?
The Monitoring Agent is responsible for: Detecting: Monitoring the components under its supervision for faults. Reporting: Reporting any faults detected. Acting: Executing programmed actions designed to recover from or prevent the fault from becoming a failure.
How are the public and private keys (PPK) used to encrypt data?
The PPK (aka RSA) algorithm relies on a utility to generate a 'key pair' that contains a matched set of public key and private key. The public key is intended to be distributed to anyone that wishes to communicate securely with the holder of the private key i.e. the public key is 'public'. The private key is to be held securely by the key owner. Each key (public or private) can be used to encrypt a message / data into cypher text that can only be decrypted using the alternate key. For example, to send a secure message, the sender would use the receiver's public key to encrypt the message into cypher text that can only be decrypted with the private key. The owner of the private key is assumed to securely hold their private key(s) so only the key holder is able to read the sender's message.
Describe the 4 steps involved with establishing a SSL connection.
The client (e.g. a browser) requests a SSL connection with the server. The Server provides the client its signed certificate that contains the server's public key. The client generates a shared symmetric key, encrypts the key with the server's public key, and sends the encrypted shared key back to the server. The server decrypts the symmetric key with its private key. With the shared key held by both client and server, the data passed over the TCP socket can be encrypted / decrypted at both ends of the connection creating a secure communication channel.
How does this tactic (load balancer) protect the system from the failure in the event of a single processor fault (Availability)?
The load balancer is also a monitoring agent capable of detecting when one of the cluster's processors has failed. This could be done using ping / echo. When a failed processor is detected, the balancer can suspend assigning requests to that processor until such time as the fault is repaired and the processor becomes available. This tactic works when all of the processors are able to respond to incoming requests i.e. are executing the same services.
What does a Process represent?
The process is an operating system construct that can be started, halted, is scheduled for execution, and monitored.
What is the primary mechanisms used to synchronize a receiving process with a sending process over sockets?
The socket's input stream is blocking i.e. if the receiving process / thread reads from its input stream, and the channel (socket) is empty (contains no data), the receiving thread will block until data is placed into the channel at the other end's output stream. This is how the receiving process / thread synchronizes with the sending.
How does this tactic (load balancer) accommodate scaling of the system's throughput (Performance)?
The system's performance can be scaled up by adding additional processors to the cluster. Additional processor roughly equates to additional request processing capacity. Naturally, this strategy of adding additional processors will not scale (1x, 2x, 3x, etc) indefinitely. There are always critical sections and shared resources which will block one or more processors when the resource comes into contention e.g. a shared database server.
Provide a brief description in your own words of the three goals of modifiability tactics.
To make changes without modification of the system's existing architecture and high-level design. To add new services without the need to modify the implementation of existing (working) services. Minimize the cost of development, testing, and deployment of new services.
Name and describe the two types of testability tactics in the slides?
Unit Testing: Testing of individual classes or components in the implementation. Integration Testing: Testing of the system as an integrated, functioning whole.
How does PPK solve the key distribution problem?
Unlike Single Key Encryption, the public key can be openly distributed across unsecure channels. For example, the owner of the key pair can email their public key to anyone they wish to securely communicate with. Certificate Authorities (CA) is an organization that securely distributes public keys to the public in 'signed certificates'.
Name, describe, and provide specific examples of the two methods of measuring system performance presented in the slides.
Work Performed: The amount of work the system can execute, usually measured over a time period e.g. transactions (units of work) processed per minute. Latency: The amount of time the system needs to respond to an event i.e. the amount of time between the arrival of an event and the execution of a handler routine e.g. the amount of time needed by a service to return a response after receiving a request. AKA Event Response Time