Download ExecutiveArchitecture

“It will not make the
slightest difference to
anything”
Comments by the French Inspector
General of the Infantry concerning the
value of the machine gun.
• Never Rely on Technology to Solve Problems
Organizations and people are flexible.
Technology is not.
• Don’t Ignore History
The strategic use of technology always requires
process change.
• Know the Real Costs
As a rule of thumb, process change will cost 2x4x the price of hardware and software.
Information Architecture
Kirk Kirksey
VP for Information Resources
UT Southwestern Medical Center at Dallas
(214) 648 6252
[email protected]
A Short Exercise
You’re Loan Shark USA is the fastest growing small loan company in the United States. The YLS strategy is to grow
by acquiring small finance companies across the country. Eight acquisitions are planned for the next 10 months.
Each branch has separate computer systems storing detailed customer record. Unfortunately these are different
software platforms. Some are in-house developed. Others have been purchased from various small and large
vendors. The commonality of information collected is unknown.
A major problem is costing millions and is threatening to put the company out of business. Newly acquired offices
are unable to identify deadbeat customers who already have loans with the company. Default rates are soaring.
Consultants from Chicago wearing wool overcoats and carrying $300 fountain pens have determined that prequalifying loans with the company’s existing information would save $10m per year. They recommend integrating
customers’ computer records. Unfortunately, they went back to Chicago before describing exactly how to accomplish
this goal.
Your are the new CEO charged with correcting this problem (the last one was fired). You have called a meeting with
the company’s Chief Information Officer and her council of technical gurus. Before the meeting, you want to set a
direction. As described:
Information Architecture
Part 1: Architecture Defined
Part 2: Levels of Architecture
Part 3: Components of Architecture
Part 4: Information Architecture Overview
Part 5. A Case Study: The Electronic Medical Record
Part 6. An Assessment of Risk
Part 7: Protecting Your Architecture
Part 1:
Information Architecture
The single most misused,
misunderstood, misinterpreted
term in information technology
today.
What does it mean to you????
Part 1: Architecture: What is it?
Information Architecture
“Information Architecture is a high
level or general view of something
that conveys an overall
understanding of its various
components and how those
components interrelate.”
John Hobbs
Moving Toward an
Information Architecture
Stage 3: Clusters of Databases
Clusters of Processes
Required Communications Structure
Stage 2: Required Processes
Geographic Locations
Nature of Process Interaction
Business Rules for Relationships
Stage 1: Structure of Organization
Goals of the Organization
Required Business Functions
Information Needs
Part 2: Levels of Architecture
Levels of an
Information Architecture
Application Architecture
Processing and storage for
a logical function
Network Architecture
Data communications
structure required for
application interaction
Exchange Architecture
Technologies required fo
interchange of informatio
Foundation Architectures
Integration Architecture
Relational technologies required to
create new logical structures from
disparate components
The Architecture of
Findability
Exercise
In keeping with our definition of
architecture….
1. What high level concepts do the
following representations of architecture
convey to you?
2. What strengths are conveyed?
3. What weaknesses do you see?
Application Architecture
A Tiered Architecture
The
Relationship of
Function
BRI
UTSW
CWAN
NK V Bldg
NA Bldg
NB Bldg
FL EXP
Physical Plant
ISDN
PRI
NORTH
CAMPUS
Cisco 3620
Data Center
Router
T1
North Campus
Router
RECORD
CROSSING
T1
VA
CISCO 7000
Internet
DE & DF
Remote Access
MHFP
Router
T1 (12)
Family
Planning
Clinics
Alpha 8400
SWSU65,66,67,6
8
SWRS25, 26
VAX
SunSparc
SWNT201, 175
SWNWGW
IPGATE
CIMS
SNIPS
SWNW160, 150
UTSMC-8
FS1
SWNT200
SWNW122
SWNW175
MEDNET IPGATE
SNIPS
SWNWMHFP
SWNWPUB
SWNWDHCP
100 Mbps
Cisco 7010
THENET
(UTS)
Main
Campus
Router
10 Mbps
DATA CENTER
OFFICES FDDI RING
CWAN BACKBONE
Test Router(LAB)
CISCO 7000
DATA
CENTER
DATA
CENTER
SERVER
FDDI RING
100 Mbps
24E
Netblazer
SWAX32
UTSW
SWVX05
LPS32
IBM 8.1
3 Terminal Servers
SWVX16
SWVX99
DEC
GIGA SWITCH
100 Mbps
Cisco 7010
100mbs
FDDI
ST. Paul
Children's
Memorial
FDDI
CONCENTRATOR
CTRON SMARTSWITCH
Meadow s
F
UT Systems
Sprague
K
B,C,D
J&L
R,Y,P
G
Aston
How ard Hughes
H
SWNT202
SWNW103
SWNW102
SWNW101
SWNWBKP-1
SWNWPUB
UTSW
SWAX33
SWNTDC1
SWNT210
A Network Architecture
ZaleLipshy
Parkland
Memorial
Hospital
MAIN
CAMPUS
Cabletron SmartSw itch
10mbs
Library
E
S
X
Medical
Student
Labs
NIS/DWjr. 3.1.98
CWAN_rev2.vsd
Information
Exchange
Architecture
• Manual
•Batch
•Point to Point
•Screen Scrap
•Transaction Intercept
•Interface Engine
Level 3: Integration
Level 1: Departmental
Systems
Level 2: Communications
Level 4: Linked Repositories
•Interface Engine
Local
Area/Wide
UTSW
Area Network
•Master Patient Index
•Medical Entities Dictionary (proposed)
•Standard
The Architecture
of Integration
•100MB
•Giga Switch
Hospital A
Hospital B
Firewall
The Internet
Part 3:
Architectural Components
or
Why Does this Stuff Cost So Much?
Architectural Components:
A Brief History of Chaos
1950s
Mainframe
1961
RS232
1960
Minis
1992
Internet
&
TCP/IP
1983
Desktop
Computing
1985
Networking
1990
Client
Server
Mainframes
• Single Vendor Solutions
• “Glass House”
Organization
(my way or the
highway)
• Proprietary
Technologies
What is a Mainframe
Mainframe is an industry term for a large computer, typically
manufactured by a large company such as IBM for the commercial
applications of Fortune 1000 businesses and other large-scale computing
purposes. Historically, a mainframe is associated with centralized rather
than distributed computing. Today, IBM refers to its larger processors
as large server and emphasizes that they can be used to serve distributed
users and smaller servers in a computing network.
From Whatis.com
Minicomputers
• Inexpensive
• Clinical Lab Products
• Polorized IT
Organizations
• Specialized
Applications
• DEC and MUMPS
RS232
• Hardware Port
Standard
• Facilitated Real Time
Data Interface
• Made IT Organizations
Hate Each Other Even
More
• Made EDI Possible
Point-toPoint Model
•Two Way Required
•N * (N-1)
•Vendor Cost
•Maintenance
•Change Management
•Personnel
•Standards
•Expensive
Desktop Computing
• Information
dispersed
• IS costs impossible to
calculate
• Little institutional
value
The Network
• Replaces computer
system as single
critical component
• Pathway to
information
• The network is the
system
Networking for the Masses
• Rise of Connectivity
• Corporate Pathway to
Departmental
Information
• Computing over Wide
Geographies
• The Network
Becomes the System
The OSI Model
(Mentioned as Point of Reference Only!!)
Layer
application processes
data interpretation.
code transformation
session control
application
7
presentation
6
session
transport
network
data link
5
4
3
data transfer/control
2
link, error & flow
physical
1
data circuit control
transmission
routing/switching
physical media
Electronic Data Interchange
(EDI)
• Layer 7 in OSI Model
• Standards Based
Data Interface
• Cost of Interface and
Data Exchange Falls
• Real Time
Predictability
Client Server Computing
• Lowers (maybe) total
cost of computing
• Distributes Computing
Functions to Cheap
Machines
• Foster distribution of
large databases
• Promotes Easy to Use
Tools
The Internet
• Global Commerce
• Information Security
Risks
• Really Distributed
Computing
• The Communication
Appliance
Part 4: An Brief Overview of
Information Architectures
Some Assumptions About
Architecture
• Network is present
• Multiple applications. Multiple platforms.
• Legacy data interfaces present
• Islands of useful information
• Information integration is good
• You’ve got to do Web stuff but nobody knows
why except your consultant
Lets Not Be Confused
• Connectivity
Ability to obtain functional connection
• Interface
Exchange of data
• Integration
Co-mingled information creating a
logical structure.
Enterprise
Department
Enterprise
Dominates
Connectivity to
Departments
Warehousing
Data
Sharing
The
Integration
Food
Chain
Centralize
Infrastructural
Computing
Separate but
Linked
Architectures
Application Philosophy
• Best of Breed
Select best product for the job
Obtain connectivity
Integrate
• Core Systems
Minimize number of vendors (usually central
administration then functional areas)
• Single Vendor
If you find one of these that works, call me.
Separate Applications
Data Interchange
Multiple Connections
Visual
Integration
Visual Integration
Strengths
• Cheap
Weaknesses
• Strategic limitations
• Operational
vulnerabilities
Integration Tools
Data
Warehouse
Data Warehouse
Model
Ancillary
Warehouse
Intranet/Extanet
Integration Tools
Data
Warehouse
Ancillary
Warehouse
Along Comes
the Web
E Commerce
Supply Chain Mgt
EDI
Internet
Data Warehouse
Strengths
• Strategic use of
information
• Create new data
structure
Weaknesses
• Expensive
• May require new
middleware or
backend processes
Data Warehouse
• Integrates disparate information
• Require standardization method
• Allows strategic use of information
• Less subject to operational glitches
• Less expensive to support
• expensive
Building Architectures
Mainframes
EDI
The Internet
The Network
Desktop Computing
Mini Computers
RS232
A Short Exercise
You’re Loan Shark USA is the fastest growing small loan company in the United States. The YLS strategy is to grow
by acquiring small finance companies across the country. Eight acquisitions are planned for the next 10 months.
Each branch has separate computer systems storing detailed customer record. Unfortunately these are different
software platforms. Some are in-house developed. Others have been purchased from various small and large
vendors. The commonality of information collected is unknown.
A major problem is costing millions and is threatening to put the company out of business. Newly acquired offices
are unable to identify deadbeat customers who already have loans with the company. Default rates are soaring.
Consultants from Chicago wearing wool overcoats and carrying $300 fountain pens have determined that prequalifying loans with the company’s existing information would save $10m per year. They recommend integrating
customers’ computer records. Unfortunately, they went back to Chicago before describing exactly how to accomplish
this goal.
Your are the new CEO charged with correcting this problem (the last one was fired). You have called a meeting with
the company’s Chief Information Officer and her council of technical gurus. Before the meeting, you want to set a
direction. As described:
•What is the fundamental problem (one sentence – two words would be better)?
•What do you need to know about the loan application process?
•What do you need to know about the computer systems at the branch offices?
•What do you need to know about industry technology standards and best practices?
•What do you need to know about the company’s technical communication infrastructure?
• What do you believe are the four or five major milestones needed to accomplish the full
integration of company information?
Part 5: Case Study
How to achieve tightly coupled integrated
clinical information systems in a growing
patient population served by multiple
departments and affiliated but separate
institutions?
A Typical Clinical Systems
Environment
• Point to Point
Environment
• Separate Network
Topologies
• Redundancies
• No Enterprise
Information Strategy
Email
Pediatrics
HI
S
Inpatient
Clinical
Lab
Outpatient
Transcripti
on
Scheduling
Ambulatory
Billing
Cardiology
The Goal
• Departmental Autonomy
• The Identification and Integration of
Strategic Information
• Scorched Earth Not Possible
• Widest Access Possible
• Lowest Cost Possible
Strategic
Warehouses
•Clinical
Results
•Research
Engine
The Goal
•Financial
Decision
Support
Organizational Considerations
• Budgeting Methodology
Infrastructure
Increased departmental burden
• Support and Training
Inter Departmental
Inter Institutional
• Information Security
Competitive information
Institutional responsibility
Patient confidentiality
• Technology Standards
Level 3: Integration
Level 1: Departmental
Systems
Level 4: Linked Repositories
Level 2: Communications
•Interface Engine
•Passive Master Entities Index
UTSW
•Medical Entities Dictionary (proposed)
•Standard
An Architecture for
Integration
Patient
•100MB
•Giga Switch
Hospital A
Active
Master
Entities Index
Hospital B
The Internet
Level 1: The Applications
Architecture
Establish Phase 1 Systems
Hospital Information
Systems
Lab Systems
Radiology Systems
Appointment Scheduling
Inpatient Billing
Outpatient Billing
• Build Phase 1 Network
• Establish Connectivity
• Establish EDI Standards
• Establish Connectivity
Standards
• Active person index for
positive identification
Level 2: The Enterprise Data
Communication Architecture
• Single Network Topology
• Centrally Funded and Managed
• Defined Physical and Transport Standards
• NO EXCEPTIONS
Level 3: The Integration
Layer
• Interface Engine Technology
• Master Entities Index
• Standard Vocabularies
• Standard EDI
The Interface Engine
Point-to-Point Model
Interface Engine
•
Object Oriented
•
Two Way Required
•
One to Many
•
N * (N-1)
•
Many to One
•
Vendor Cost
•
Minimize Vendor Involvement
•
Maintenance
•
Can Force Standard EDI
•
Change Management
•
Personnel
•
Standards
Same Person?????
Name: Bob Smith
Sex: Male
Addrs: 4141 Gilbert
Dallas 75219
DOB: 8/27/52
SSN: 464-98-7628
Name: Robert Smith
Sex: Male
Addrs: 4141 Gilbert
Dallas 75214
DOB: 8/27/52
SSN: 464-98-7628
Master Entities Index
• Probabilistic Matching
• Weighting
• Suspense Queue for Human Intervention
Name: Bob Smith
Sex:
Male
Addrs: 4141 Gilbert
Dallas 75219
DOB: 8/27/52
SSN: 464-98-7628
Master Person
Index
Name: Robert Smith
Sex:
Male
Addrs: 4141 Gilbert
Dallas 75214
DOB: 8/27/52
SSN: 464-98-7628
P=80%
Patient Match
P<80%
No Patient Match
Level 4: Warehousing
• Reconciled Data
• Allows Multiple Views
• Data Mining
• Can be linked to other warehouses
Part 6:
An
Assessment
of
Risk
Sources of Information Loss
Respondents Sources of Financial Losses and Concerns
• System Downtime or Failure
- 72%
• Inadvertent Errors
- 71%
• Viruses
- 46%
• Malicious Acts by Employees
- 29%
• Malicious Acts by Outsiders
- 19%
• Natural Disasters
-
17%
• Unknown Source
-
15%
• Industrial Espionage
-
8%
Source: CSI Computer Crime and Security Survey (1999 Results)
Impact and Likelihood
Impact
Probability
• High - > $500,000
• Certain
• Medium - $1K-$500K
• Possible
• Low - <$1,000
• Unlikely
UT Southwestern
Top 20 Events
4/7/99 - 5/11/99
IP_Half_Scan
FTP_Syst
HTTP_ActiveX
FTP_IN
IP Duplicate
Smurf
Trace_Route
TELENET_IN
HTTP_Java
TELENET_OUT
HTTP_IN
PingFood
0
20000
40000
60000
80000
100000 120000
Certainty of Loss
VS
Value of Loss
Unlikely
High
>$500K
Med
$100K – 500K
Low
<$100K
Possible
Certain
X
Exercise
Identify 5 high probability risks associated
with both the computerized medical record
and the YLS example.
CRR: A Risk Analysis
4
Low/Unlikely
18
Low/Certain
6
Med/Possible
2
Low/Possible
6
High/Unlikely
11
Med/Certain
14
High/Possible
16
High/Certain
0
Total Risks: 77
5
10
15
20
High Risk/Certain
• Lack of Campus-Wide
Security Standards
• No Std for Adding New
Users
• Unauthorized Browsing
• No Procedures for
Controlling Physical
Access
• Political Change in
Direction
• Compromise of Security
in Dept Systems
• Unprotected Dial-in
• Viruses Spread by Vendor
• No Central Security Adm
• No Owner Defined
• Inaccurate Info in the
CRR
• Wrong Patient ID
• Hardware/Network
Capacity Exhausted
High Risk/Certain (cont)
• Rules for Decision
Support Assumed Present
• Incomplete or Improper
Matching Info
• No Record Retention Plan
Wrong Patient ID
• Master Patient Index
• Probabilistic Matching
– Name (Soundex)
– DOB
– SSN
• Two Year Backload as Test
Unprotected Dial-in
• No Web Access
• Controlled Citrix Server
• Personal Validation of Password
Hardware/Network Exhausted
• Standard Management Metrics in Place
– CPU Utilization
– Disk Usage
– Segment Usage
• Central Network Monitor with Remote
Disconnect Capabilities
• Fiber Backbones with Giga Switch
Connectivity
No Owner Defined
• UT Southwestern established as Service
Bureau
• Dissolution Agreements in Place
• Hardware/Software Agreements in Place
in Case of Institutional Split
Political Change in Direction
• Service Level Contract
• Dissolution Agreement
• Purchased Hardware in Divisible Chunks
Viruses Spread By Vendor
• All Servers Checked Daily
• All Workstations Checked Daily
(minimum). Shield Required
• Disconnect Infected Users
Part 7: Protecting Your
Architecture
Recovery Strategies – Cost VS
Risk
• Hot Site
Remote hardware on
standby
• Warm Site
Remote hardware
(minimal)
• Cold Site
No hardware. Site only
• Business Continuation
Down time procedures
How to Recover from a
Disaster
• Do your backups
• Test your backups
• See your backups
• Touch your backups
• Store your backups off site
• If backups take too long, get a new computer
Disaster Recovery
• Risk Assessment (don’t forget the phones and
network)
• Communications (who calls who)
• Hot Site (Comdisco, Sunguard, IBM)
• Cold Site and Drop Shop Contracts
• Crises Recovery Team
• Declaring a Disaster
• Business Contingency Planning
Chicago Hot
Site
Grand Prairie
Work Site
DR Vendor’s
National
Network
Permanent T1
•Step 1: Declare Disaster
•Step 2: Retrieve backup media
from offsite storage.
BRI
UTSW
CWAN
NK V Bldg
NA Bldg
NB Bldg
FL EXP
Physical Plant
ISDN
PRI
NORTH
CAMPUS
Cisco 3620
Data Center
Router
T1
North Campus
Router
RECORD
CROSSING
T1
VA
CISCO 7000
Internet
DE & DF
Remote Access
MHFP
Router
T1 (12)
Family
Planning
Clinics
Alpha 8400
SWSU65,66,67,6
8
SWRS25, 26
VAX
SunSparc
SWNT201, 175
SWNWGW
IPGATE
CIMS
SNIPS
SWNW160, 150
UTSMC-8
FS1
SWNT200
SWNW122
SWNW175
MEDNET IPGATE
SNIPS
SWNWMHFP
SWNWPUB
SWNWDHCP
100 Mbps
Test Router(LAB)
CISCO 7000
Cisco 7010
THENET
(UTS)
Main
Campus
Router
10 Mbps
DATA CENTER
OFFICES FDDI RING
CWAN BACKBONE
X
DATA
CENTER
DATA
CENTER
SERVER
FDDI RING
100 Mbps
Netblazer
SWAX32
UTSW
SWVX05
LPS32
IBM 8.1
3 Terminal Servers
SWVX16
SWVX99
DEC
GIGA SWITCH
100 Mbps
Cisco 7010
100mbs
FDDI
ST. Paul
Children's
Memorial
FDDI
CONCENTRATOR
CTRON SMARTSWITCH
Meadow s
F
UT Systems
Sprague
K
B,C,D
J&L
R,Y,P
G
Aston
How ard Hughes
H
24E
SWNT202
SWNW103
SWNW102
SWNW101
SWNWBKP-1
SWNWPUB
UTSW
SWAX33
SWNTDC1
SWNT210
ZaleLipshy
Parkland
Memorial
Hospital
•Step 4: Establish UTSW
environment
MAIN
CAMPUS
Cabletron SmartSw itch
10mbs
Library
E
S
X
Medical
Student
Labs
NIS/DWjr. 3.1.98
CWAN_rev2.vsd
•Step 3: Fly media and
personnel to Chicago
Local Cold Site
•Step 5: Evaluate. Begin
building local cold site
In Closing, Remember. . .
“Nothing hard is every easy.”
My Grandmother