Technology Architecture Questions for Vendors

As time goes by architects are reviewing less custom / "home grown" solutions and looking at commercial off the shelf (COTS), platforms or cloud based solutions. I thought I would share with you a vendor architecture question template that I have used in the past to fast track my understanding.

Keep in mind that this isn't an RFI / RFP type template. It can be used to augment one but isn't the full view, just technology. I try to work with PMO, procurement and others to include this to the RFI / RFP process.For the sake of this post I will assume that's not the case. 

I use this template as a first pass with the vendor. It serves as a base understanding so I can then ask my level two and three questions of the vendor. Here is the process in which I use:

  1. Modify for the solution - Review the template for any modifications. usually there are tweaks that need to be made based on the type of problem or solution that is needed.
  2. Send to vendor - Send with instructions that it needs to be returned in a timely manner and decisions will be made based on the quality and accuracy of the information. 
  3. Distillation - I use the information to categorize how well the vendor's technology:
    1. Aligns the companies policies and standards
    2. If they are instantly disqualified for some reason
    3. If it meets the non-functionals / quality attributes of the requested solution 
  4. Compile additional questions - The vendor solutions that make it will most certainly have additional questions that will be needed to be answered. Compile the extended questions and send to the vendor.
  5. Deep dive workshop - I like to do a deep dive workshop with the vendor so they can expand on their responses and provide a forum for EA to probe more into the solution. 
 
Below you will find the questions. Some of the questions are a little dated and need updating. I've been using flavors of this for years, but I think you will find that directionally useful. 
 

Architecture Domain

Question

Response

General

What architecture style used to build this application? (ex: Cloud, SOA, SaaS, N-Tier, client server, etc.)

 

Is there a separation of concerns in the architecture to the effect that solution components have very specific bounds and are applied at the right layers?

 

What documentation can be provided?(Ex: ERD application API’s, UML diagrams of objects, business process models)

 

Does the solution support internationalization and localization?

 

Define the solution roadmap with product version cycles, expected point and major releases of the current version.

 

Is there usage of proprietary technologies?

 

Application / Logical

In what languages is the application built?  This includes business logic and presentation tiers.

 

Has the application been ported into other languages?

 

Are there a blend of multiple languages and/or versions of languages in you solution?

 

Is there a mixture of language interpreters?

 

Is the application customizable? If the application is customizable, what methods, languages and tools are needed to customize? Are these tools bundled in the solution?

 

Is the source code provided with the solution?

 

Are there “out of the box adapters”, plug-ins or accelerators provided as productized and supported by the vendor?

 

Is there a cloud based offering? If so, what service models (IaaS, PaaS, SaaS) and deployment models (Private or Public) are supported?

 

What client models are supported:

 1. Mobile – What platforms, application type (app vs. web based) and the limitations

 2. Browser – What browsers are supported and what standards are used (ex: HTML 5)

 3. Thick Client – What OS platforms are supported?

 

Is there a configurable business rules and or workflow engine included?

 

Are there business process or workflow capabilities built into the solution? If so, what standards does it use?

 

Are there any open source used in your solution?

 

How much of the logic is hard coded vs. being data driven or configurable?

 

Interoperability

Do the solution support integration with its processes and information?

 

At what level and how deep is integration supported?

 

Explain how functionality can be extended in the solution

 

Describe the various protocols supported by the solution. Indicate required, optional and major non-supported protocols.

 

Describe communication ports and ability to move across the enterprise and outside the company firewall.

 

Is there support for Enterprise Service Bus (ESB) or middleware technologies?

 

If ESB or middleware technologies are supported, how is the solution configured to fit within a services framework?

 

Is the integration supported by services? If so, what types of services? (ex: Web Services, EJB, .Net Remoting, Queues, etc.)

 

How are the services implemented?

 

What service standards are used? (Web Services over HTTP, SOAP, REST, etc.)

 

What services directories (ex: UDDI) can the solution hook into?

 

Does the solution provide or receive bulk transactions or data feeds?

 

Does the solution wrap the database with a service or does the solution access the database directly?

 

How does the solution support synchronous and asynchronous transactions?

 

Does the solution have publish/subscribe capabilities?

 

Are there integration adapters that are provided? If so, identify.

 

Platforms

OS Platforms

 

What are all the supported Operating System (OS) platforms and their versions across the solution?

 

Describe the OS platforms and their configurations at all tiers of the solution.

 

Has the solution been tested and/or certified with new OS platforms or emerging OS platforms that are in planned release within the year?

 

If there are multiple OS platforms available (that compete), provide the recommended OS platform(s) with pros and cons contrasted by your solution set.

 

Are there recommended platform recommendations based on size of the organization and/or the size of the solution? If so describe the recommendations.

 

Application Platforms

 

Describe the application platforms that are required in the solution. (ex: Apache, IIS, BizTalk, WebSphere, etc.)

 

If multiple database platforms are supported, what are the preferred DB platform(s)?

 
   
   

Affordability

What is the solution licensing model?

 

What client licensing is required for each end user or desktop?

 

What is the server licensing model? (ex: per CPU, per CAL, per Core, etc.)

 

Are there any third party licenses required?

 
   
   

Infrastructure

What class of hardware is recommended across the tiers of the solution? (ex: processor, disk, memory, etc.)

 

Provide a profile of recommended server counts and configurations.

 

Is virtualization supported? If so, by which vendors?

 

Provide example physical topologies of the solution.

 

What is the scaling model for the architecture (Scale-Up / Scale-Out )

 
   

Data Communications

Are there any network requirements for this solution?

 

Are there any solution limitations with implementing network segmentation?

 

Are there any solution limitations with implementing multiple DMZ tiers?

 

Are there any solution limitations with implementing VLAN's?

 

Are there any solution limitations with implementing network appliances such as SSL / XML acceleration or network load balancing?

 
   
   

SaaS Solutions

Is there a solution hosting model? If so, define.

 

Is a cloud platform provided for optional development or integration?

 

Is the solution hosted on a third party platform? (ex: Amazon or MSFT?)

 

What is the solutions connectivity to the internet or to internal systems?

 

Define the solution inbound and outbound traffic.

 

Is multi-tenancy supported?

 

What level of business continuity and disaster recovery supported?

 
   
   

Performance and Scalability

Is load balancing supported and implemented in the solution?

 

At what level is load balancing supported? (ex: application and/or at the network level)

 

Describe how high availability is supported.

 

If available, provide a performance and/or stress test report.

 

Describe the number of transactions per hour that the solution can handle with the recommended solution implementation.

 

Describe the number of concurrent user sessions that the solution can handle with the recommended solution implementation.

 

What is the recommended scaling model? Scale up or out?

 

What factors determine hardware, OS, database or other system component upgrades?

 

Describe the algorithm or guidance that you use to determine the solutions configuration and scaling model.

 

Describe your systems capabilities for automated fail-over and/or error detection and prevention

 
   
   
   

Security

What is the authentication model?

 

What is the authorization model?

 

Does the solution support Single Sign On? If so, is customization required?

 

Can the security be externalized into an enterprise identity store such as Microsoft Active Directory?

 

Are trust boundaries defined with users that are authenticated across those trust boundaries.

 

If security is custom and internal to the system, can the solution support strong passwords?

 

Is there security API's for application level integration?

 

What auditing mechanisms are available from within the tool?

 

If externalization of authentication and authorization is unavailable can identities be provisioned and de-provisioned? If so, elaborate?

 

How are transaction secured?

 

What protocols are used to secure the solution?

 

Are data or message level transactions supported? (ex: ws-security)

 

Is federated identity supported?

 

What level of hardening is supported on the platforms and protocols/ports?

 

Is there unsecured data at rest along the process chain?

 
   
   
   

Training

What end-user training options are available and at what cost?

 

What administration training options are available and at what cost?

 

What application development training options are available and at what cost?

 
   
   

Databases

Is an ERD available for the solution?

 

Is a data dictionary for the solution available and if so what is the format and what metadata does it include?

 

What databases and versions are supported by the solution?

 

What database versions have been certified and/or tested?

 

If multiple databases are supported what is the preferred database?

 

How is access to the database achieved from the application?

 

How is access to the database achieved from external applications?

 

Are there specific database access components or drivers required at any tier in the solution? (ex: client tier)

 

Identify all the locations in the solution where data may be kept. This can include flat files, cookies, XML files, access databases, etc.

 

Is referential integrity handled at the application, services, database or not implemented?

 

What is the typical size, number of transactions and complexity of the database compared to the requirements given by our company?

 

Under what conditions can the database significantly expand? (ex: increase in customers, employees, assets, transactions, etc.)

 

What is the largest database implementation that you currently support?

 

Provide a list of all the database platforms you support.

 

Does the solution have special fault tolerance mechanisms?

 

Will the solution support native database fault tolerance mechanisms?

 

Does the solution allow for SSIS or ETL solution integration?

 

Are there any special considerations for backup and recovery of the solution?

 

Are there any batch processing events that occur within the application?

 

Is the supported solution database schema modifiable?

 
   
   

Support

What is the delay before the solution supports a next release of dependent platform such as OS, database, Web Server, etc.

 

Describe the instrumentation included in the solution that allows for the health and performance of the application to be monitored.

 

Is there a defined support model based on technology or platform selection?

 

How often are new versions released?

 

How often are patches released?

 

What is the support model for the solution in relation to the co-existence with OS patch releases?

 

 

If you decide to use these questions as a starting point for your evaluations, please tell me about it as I would love to hear how you have changed the questions based on the solutions you are evaluating.