From Mike The Architect
As time goes by architects are reviewing less custom / “home grown” solutions and looking at commercial off the shelf (COTS), platforms or cloud based solutions. I thought I would share with you a vendor architecture question template that I have used in the past to fast track my understanding.
Keep in mind that this isn’t an RFI / RFP type template. It can be used to augment one but isn’t the full view, just technology. I try to work with PMO, procurement and others to include this to the RFI / RFP process.For the sake of this post I will assume that’s not the case.
I use this template as a first pass with the vendor. It serves as a base understanding so I can then ask my level two and three questions of the vendor. Here is the process in which I use:
- Modify for the solution – Review the template for any modifications. usually there are tweaks that need to be made based on the type of problem or solution that is needed.
- Send to vendor – Send with instructions that it needs to be returned in a timely manner and decisions will be made based on the quality and accuracy of the information.
- Distillation – I use the information to categorize how well the vendor’s technology:
- Aligns the companies policies and standards
- If they are instantly disqualified for some reason
- If it meets the non-functionals / quality attributes of the requested solution
- Compile additional questions – The vendor solutions that make it will most certainly have additional questions that will be needed to be answered. Compile the extended questions and send to the vendor.
- Deep dive workshop – I like to do a deep dive workshop with the vendor so they can expand on their responses and provide a forum for EA to probe more into the solution.
| Architecture Domain | Question | Response | 
| General | What architecture style used to build this application? (ex: Cloud, SOA, SaaS, N-Tier, client server, etc.) | |
| Is there a separation of concerns in the architecture to the effect that solution components have very specific bounds and are applied at the right layers? | ||
| What documentation can be provided?(Ex: ERD application API’s, UML diagrams of objects, business process models) | ||
| Does the solution support internationalization and localization? | ||
| Define the solution roadmap with product version cycles, expected point and major releases of the current version. | ||
| Is there usage of proprietary technologies? | ||
| Application / Logical | In what languages is the application built? This includes business logic and presentation tiers. | |
| Has the application been ported into other languages? | ||
| Are there a blend of multiple languages and/or versions of languages in you solution? | ||
| Is there a mixture of language interpreters? | ||
| Is the application customizable? If the application is customizable, what methods, languages and tools are needed to customize? Are these tools bundled in the solution? | ||
| Is the source code provided with the solution? | ||
| Are there “out of the box adapters”, plug-ins or accelerators provided as productized and supported by the vendor? | ||
| Is there a cloud based offering? If so, what service models (IaaS, PaaS, SaaS) and deployment models (Private or Public) are supported? | ||
| What client models are supported: 1. Mobile – What platforms, application type (app vs. web based) and the limitations 2. Browser – What browsers are supported and what standards are used (ex: HTML 5) 3. Thick Client – What OS platforms are supported? | ||
| Is there a configurable business rules and or workflow engine included? | ||
| Are there business process or workflow capabilities built into the solution? If so, what standards does it use? | ||
| Are there any open source used in your solution? | ||
| How much of the logic is hard coded vs. being data driven or configurable? | ||
| Interoperability | Do the solution support integration with its processes and information? | |
| At what level and how deep is integration supported? | ||
| Explain how functionality can be extended in the solution | ||
| Describe the various protocols supported by the solution. Indicate required, optional and major non-supported protocols. | ||
| Describe communication ports and ability to move across the enterprise and outside the company firewall. | ||
| Is there support for Enterprise Service Bus (ESB) or middleware technologies? | ||
| If ESB or middleware technologies are supported, how is the solution configured to fit within a services framework? | ||
| Is the integration supported by services? If so, what types of services? (ex: Web Services, EJB, .Net Remoting, Queues, etc.) | ||
| How are the services implemented? | ||
| What service standards are used? (Web Services over HTTP, SOAP, REST, etc.) | ||
| What services directories (ex: UDDI) can the solution hook into? | ||
| Does the solution provide or receive bulk transactions or data feeds? | ||
| Does the solution wrap the database with a service or does the solution access the database directly? | ||
| How does the solution support synchronous and asynchronous transactions? | ||
| Does the solution have publish/subscribe capabilities? | ||
| Are there integration adapters that are provided? If so, identify. | ||
| Platforms | OS Platforms | |
| What are all the supported Operating System (OS) platforms and their versions across the solution? | ||
| Describe the OS platforms and their configurations at all tiers of the solution. | ||
| Has the solution been tested and/or certified with new OS platforms or emerging OS platforms that are in planned release within the year? | ||
| If there are multiple OS platforms available (that compete), provide the recommended OS platform(s) with pros and cons contrasted by your solution set. | ||
| Are there recommended platform recommendations based on size of the organization and/or the size of the solution? If so describe the recommendations. | ||
| Application Platforms | ||
| Describe the application platforms that are required in the solution. (ex: Apache, IIS, BizTalk, WebSphere, etc.) | ||
| If multiple database platforms are supported, what are the preferred DB platform(s)? | ||
| Affordability | What is the solution licensing model? | |
| What client licensing is required for each end user or desktop? | ||
| What is the server licensing model? (ex: per CPU, per CAL, per Core, etc.) | ||
| Are there any third party licenses required? | ||
| Infrastructure | What class of hardware is recommended across the tiers of the solution? (ex: processor, disk, memory, etc.) | |
| Provide a profile of recommended server counts and configurations. | ||
| Is virtualization supported? If so, by which vendors? | ||
| Provide example physical topologies of the solution. | ||
| What is the scaling model for the architecture (Scale-Up / Scale-Out ) | ||
| Data Communications | Are there any network requirements for this solution? | |
| Are there any solution limitations with implementing network segmentation? | ||
| Are there any solution limitations with implementing multiple DMZ tiers? | ||
| Are there any solution limitations with implementing VLAN’s? | ||
| Are there any solution limitations with implementing network appliances such as SSL / XML acceleration or network load balancing? | ||
| SaaS Solutions | Is there a solution hosting model? If so, define. | |
| Is a cloud platform provided for optional development or integration? | ||
| Is the solution hosted on a third party platform? (ex: Amazon or MSFT?) | ||
| What is the solutions connectivity to the internet or to internal systems? | ||
| Define the solution inbound and outbound traffic. | ||
| Is multi-tenancy supported? | ||
| What level of business continuity and disaster recovery supported? | ||
| Performance and Scalability | Is load balancing supported and implemented in the solution? | |
| At what level is load balancing supported? (ex: application and/or at the network level) | ||
| Describe how high availability is supported. | ||
| If available, provide a performance and/or stress test report. | ||
| Describe the number of transactions per hour that the solution can handle with the recommended solution implementation. | ||
| Describe the number of concurrent user sessions that the solution can handle with the recommended solution implementation. | ||
| What is the recommended scaling model? Scale up or out? | ||
| What factors determine hardware, OS, database or other system component upgrades? | ||
| Describe the algorithm or guidance that you use to determine the solutions configuration and scaling model. | ||
| Describe your systems capabilities for automated fail-over and/or error detection and prevention | ||
| Security | What is the authentication model? | |
| What is the authorization model? | ||
| Does the solution support Single Sign On? If so, is customization required? | ||
| Can the security be externalized into an enterprise identity store such as Microsoft Active Directory? | ||
| Are trust boundaries defined with users that are authenticated across those trust boundaries. | ||
| If security is custom and internal to the system, can the solution support strong passwords? | ||
| Is there security API’s for application level integration? | ||
| What auditing mechanisms are available from within the tool? | ||
| If externalization of authentication and authorization is unavailable can identities be provisioned and de-provisioned? If so, elaborate? | ||
| How are transaction secured? | ||
| What protocols are used to secure the solution? | ||
| Are data or message level transactions supported? (ex: ws-security) | ||
| Is federated identity supported? | ||
| What level of hardening is supported on the platforms and protocols/ports? | ||
| Is there unsecured data at rest along the process chain? | ||
| Training | What end-user training options are available and at what cost? | |
| What administration training options are available and at what cost? | ||
| What application development training options are available and at what cost? | ||
| Databases | Is an ERD available for the solution? | |
| Is a data dictionary for the solution available and if so what is the format and what metadata does it include? | ||
| What databases and versions are supported by the solution? | ||
| What database versions have been certified and/or tested? | ||
| If multiple databases are supported what is the preferred database? | ||
| How is access to the database achieved from the application? | ||
| How is access to the database achieved from external applications? | ||
| Are there specific database access components or drivers required at any tier in the solution? (ex: client tier) | ||
| Identify all the locations in the solution where data may be kept. This can include flat files, cookies, XML files, access databases, etc. | ||
| Is referential integrity handled at the application, services, database or not implemented? | ||
| What is the typical size, number of transactions and complexity of the database compared to the requirements given by our company? | ||
| Under what conditions can the database significantly expand? (ex: increase in customers, employees, assets, transactions, etc.) | ||
| What is the largest database implementation that you currently support? | ||
| Provide a list of all the database platforms you support. | ||
| Does the solution have special fault tolerance mechanisms? | ||
| Will the solution support native database fault tolerance mechanisms? | ||
| Does the solution allow for SSIS or ETL solution integration? | ||
| Are there any special considerations for backup and recovery of the solution? | ||
| Are there any batch processing events that occur within the application? | ||
| Is the supported solution database schema modifiable? | ||
| Support | What is the delay before the solution supports a next release of dependent platform such as OS, database, Web Server, etc. | |
| Describe the instrumentation included in the solution that allows for the health and performance of the application to be monitored. | ||
| Is there a defined support model based on technology or platform selection? | ||
| How often are new versions released? | ||
| How often are patches released? | ||
| What is the support model for the solution in relation to the co-existence with OS patch releases? | 
If you decide to use these questions as a starting point for your evaluations, please tell me about it as I would love to hear how you have changed the questions based on the solutions you are evaluating.
