Saturday, February 05, 2005

Deliverables in the Analysis Phase of the SDLC

There are three deliverables that the development team must build in the Analysis Phase before the Design Phase begins. What are they and why are they important to the customers of the new system? What are the three deliverables?

Deliverable #1: Design Strategy

It is composed of several alternative designs for the new system. It can include several choices for the system’s functionality, hardware, system software platform, and method for acquisition. These are possible courses of actions proposed by the development team. The customers are asked to choose between three designs that differ in cost and functionality.

Low-end: This the least costly that the other two solutions. This is the basic solution that has no extra amenities or enhancement. One could compare Windows Notepad as a basic barebones word processor and lacks many of the features of Microsoft Word 2003. Because it is basic it is the fastest to develop.

High-end: This is the most expensive solution that would contain many enhancements, features and functionality. Microsoft Word 2003 would be a good example of this as compared to Notepad. The extra features for this application is the main focus not the cost.

Middle: This is a in between solution that is basic but with moderate features within a certain set cost that is much less than the high-end solution, and more than the low end solution. Microsoft WordPad would be a good example. It is a very basic Word with formatting and rich text like Word 2003, but without the additional nice features and cost.


Deliverable #2: Recommended Course of Action
This is the course of action that the development team thinks is the best to build and why. The recommendation helps address customer issues before they commit to the project.

Requirements:
- Will all the customer requirements be incorporated in the new system?
- What functions were added or left out and why?

Software:- Will the new system run on a mainframe platform, standalone personal computers, or a client/server platform?
- What are the advantages and disadvantages of each?

Hardware:- Can the new system run on the current hardware or will the company have to spend money to upgrade their computer systems?

Infrastructure:- Will the company be able to trains and support the users.
- How big of a change will the new system require the company to make to the way it does business?

Implementation:- How difficult or easy will the system be to implement?

Organization:- Does the new system work well with the company’s organization?
- Will the users accept it?
- Can the users even understand the new system?
- How will it help the organization?

Deliverable #3: Baseline Project Plan

The plan should show task sequences, dependencies, time requirements and the project critical path. This can be in a Gantt chart like is used in Microsoft Project. It is important to have a plan for both you and the customer. This allows the development team to give the customer a feel for the amount of work involved in the recommended course of action.

Why are they important to the customers of the new system? They are important to the customer because it gives them a understanding of the design, costs and the amount of work involved in the project. It also helps them understand if the project is addressing their needs and goals. By having them sign-off on it means that they claim that they understand the project and agree with the course of action.

In addition to this the deliverables are the bases in which the development team will be their design. The deliverables must be signed-off before proceeding to the design phase. This will provide your CYA and that the customer has committed to paying you for the project.


EFS Network Management
 can help you with the management of your network, servers or desktops systems. Your Expert IT Support.

Monday, January 31, 2005

About Feasibility Studies for the SDLC

Why is it so important?

As the title of the report states, is the project capable of being accomplished or brought about? Is it possible?Is it logical? It answers these questions. It is to establish whether or not at an early stage as possible the project is realistic.
  • The principal work areas for the project will have been identified.
  • Any needs for specialist staff to be involved in the later stages of the project willhave been noted.
  • Possible improvement or potential for savings may have become apparent duringthe investigation.
What is its purpose? It is to establish the feasibility of introducing a computer system. There three main areas: economic, technical and organizational.
Economics
  • Costs (Systems analysis and design, Purchase of hardware, Software costs, Training costs, Installation costs, Conversion and changeover costs, Redundancy costs)
  • Benefits (Savings in labour costs, Benefits due to faster processing, Better decision making, Better customer service, Error reduction)
  • Cost Benefit Comparison (This weights the difference in the hard costs and the non-measurable benefits.)
Technical
This is the technical possibility and desirability of a computer solution. There are several categories that are desired that can make the project more feasible:
  • Does it follow Rule-governed tasks?
  • Does it eliminate Repetitive task?
  • Does it solve Complex tasks?
  • Does it have a High degree of accuracy?
  • Does it have Speed of response?
  • Can the Data used for many tasks?
Organizational Feasibility This is also known as "Operational Feasibility". It addresses:
  • Will the organization accept the system or will there be conflict?
  • Will people be able to cope with the new system?
  • Is the organizational structure compatible with the new system?

Who is it written for?
It is for everyone involved in the process the developers, management and the customer.

Why is SIGN-OFF necessary on this deliverable? Sign off means that all parties agree and it is a must in order to move onto the next stage. It is also there for the CYA factor. The fact that someone signed off means that they understand the project being proposed and are giving the ok to proceed.



EFS Network Management
 can help you with the management of your network, servers or desktops systems. Your Expert IT Support.

Pharming - The New Buzzword

Let me be the first to introduce to you a new security buzzword that I just read about today.

Pharming

Like Phishing it attempts to capture your user name and password by directing you to an evil web site that appears to be legit. Phishing requires the user to click on a link in SPAM. Pharming is handled at the DNS level. The evil doer changes your local host file to direct your request to your banking site to their evil server.

Another methods is to change your default ISP DNS server in your TCP/IP setting to the evil doers evil DNS server. Once that happens you can not tell if you are really at your banks web site or the evil doers web site. Once you enter your user name and password they have your banking account.

We have seen this with spyware putting entries into the local host file and changing the DNS settings over the last six months. Now evil doers are going for your bank account using the same methods.

More on Pharming
http://www.theregister.co.uk/2005/01/31/pharming/

Here is an article about Phishing.
http://security.efsnm.com/index.php/weblog/phishing_scams/



EFS Network Management
 can help you with the management of your network, servers or desktops systems. Your Expert IT Support.


System Audits Tools

There are hundreds of different tools out there. For example: When I do a network audit I use three different companies audit tools. They all claim to do the same thing, but I have found each has it strengths and weakness.

So I run all three to get the information I really need and disregard where they over lap or do not provide any new information. I have not found a single be all do all tool. So you will have to try several for the project that you may be working on.

Once you have identify the system you need to audit, let me know I can point you to a couple that you can try. Most provide a 15 to 30 day free trial. You will know on the first one or two audits if the tool is right for the job at hand.

Here are a couple of network audit tools that I use.

GFI: Network Security Scanner (Affordable)
http://www.gfi.com/lannetscan/

Shavlik: HFNETCHKPro: Security & Patch Management (Free for small businesses)
http://www.shavlik.com/hfn_windows.aspx

Sunbelt Network Security Inspector (Very Expensive, but not only ID's the issues, but provides supporting detailed documentation on how to fix the issues)
http://www.sunbeltsoftware.com/product.cfm?id=987

If systems are automated with self documentation, company policy mandates it, and the SDLC a lots time for it, then it can stay up to date. To get a company to get to that point really takes a lot of time and growth.

Sunday, January 30, 2005

What Diagrams Provide

1. Flow block diagrams: (If available, it has answers) Questions can be derived for the information contained or missing from them.

2. Organizational charts: (If available, it has answers) Questions can be derived for the information contained or missing from them.

3. Task templates: (If available, it has questions) The task templates a good baseline start but do not contain all the questions for everything.

4. Data flow diagrams: (If available, it has answers) Questions can be derived for the information contained or missing from them.

They are all important and merit value. The more data you have the better an informed decision you can make.


EFS Network Management
 can help you with the management of your network, servers or desktops systems. Your Expert IT Support.

Analysts Channels of Information

Contrast and compare the five Analysts Channels of Information

There are five channels are as follows:.
  • Documentation
  • Interviews
  • Observation
  • Questionnaires
  • Measuring

I would also like to add to this with "System Audits". I will explain more in a moment.

Documentation
It has been said that this channel provides the least value. Ten years ago I would say that this is true, and it may still hold true for a number of organizations today. However our customer management database and work order system have become invaluable tools in keeping documentation up to date and current. So many people rely on it, it has become self updating as work is planned and completed.

The drug company that I used to be a consultant at now has a wonderful change control database and it is company policy that all systems documentation be kept current and the time to keep them current is built into the project. They have come a long ways from no or obsolete documents to very current and detailed documentation on all systems, the networks, severs, and mainframe systems.

The worlds biggest bank that a friend of mine works at carries it to level even more detailed. For example that have a specialist group for each phase of a project. Let's say you are the HR department and you need a new server. There is one groups that does the specs, one group that does the order from the vendor, one group that does the hardware build, testing and certification, one group that loads the baseline OS, one group that does all the updates and certifies the OS. The server is handed off to the group that handles the third party enterprise applications on the server. It is then hand to the security group and certified. Then the installation team does the install, testing for the customer/department. The server is then handed off the final group that does the support. This group is handed all the documentation for every phase and has detailed instructions on how to do each step and includes the log files and certification from the different groups. This is the most extreme documentation on a system that I have known. From the time of request for a server to the time of deliver is five to six months for a single server.

Interviews
These are very important. Spending a few minutes with a key player can yield huge insights that could save you from chasing a rabbit down a dead end hole and save you time and resources during your research.

Observation
Working with people is a must. Setting back and watch them drive the application can be an interesting experience. Each user has developed their own personal method of interacting with the system based upon their knowledge level, skills and usage of the system. As a developer it is very important to watch a user. They will have a different interpretation of the system and interface. The amazing part is they will do things that you would never have conceived possible, or why they are doing a task a certain way. Then you modified the system to trap for their issues or make it better for them. What is really incredible is the ways users will adapt the system to track or do something that it was never indented by the developer to do.

Questionnaires
These are great, but getting people to fill them out is like pulling teeth. You have to have it mandated, corner them or do it during an interview.

Measuring
This is important to size up the scale of the project, the scale for the database need, the number of users, the number of database transactions, etc. all aid in better understanding the systems.

System Audits
This is not part of the lecture or the reading material. This comes from my experience. In the old days most all system audits had to be done manually. Where is the system physically located? How is it connected? What is it used for? What is it's configuration? What are it's specs? What is it's current software update level. This is for all components involved, hardware, software, OS's, databases, network connectivity, etc.

With software interconnected components it has become too time consuming and too overwhelming complex with too many parts. In recent years there are new software tools that can do the job for you. There are network scanning and management tools. There are database reverse engineering and documentation tools. There are project development code management tools. There are tools for just about all aspects for creating data flow diagrams and flow charts automatically. All these tools can create the documentation that you need for your research.

White Papers
White Papers really help as case studies, lessons learned, a detail insight and the gotchas of a certain system. If there are white papers available for your project or a part of your project I encourage you to take a little time and review them. They can shape your ideas and opinions. The really nice thing is you can learn from other peoples pain and mistakes and avoid those in your project.

A Vendor created White Paper about their product DNS:
http://support.microsoft.com/default.aspx?scid=kb;en-us;810733

A Third Party White Paper about the Vendors DNS:
http://itresearch.forbes.com/data/detail?id=1094838407_866&type=RES&src=TRM_TOPN

What is a White Paper:
http://www.whitepapercompany.com/pages/387998/index.htm

Why White Papers:
http://www.whitepapercompany.com/pages/387343/index.htm

Here are IT White Paper Sources. The UoP Library contains some too.
http://itpapers.com/index.aspx

http://www.bitpipe.com/

Example of how you used one on a development project.
I recently did a security audit for a 15 user network with two servers for the purpose of checking overall security of their system, so they could allow a customer to connect and gain access to their network and database systems from a remote office. The auditing tool I used took about 20 minutes to complete the entire network and yielded 183 pages of quality current documentation. A manual audit would have taken me several days, and I still would not have the level of detail. Now do an audit on a very large system and you will have a new problem. That is information overload. The next thing is to learn what information is important and relative to the project.

All these are part of the documentation process and aid in your research and analysis.