The Principles of Life Cycle Supporting System for Mission-Critical Systems
B.A. Pozin <[email protected]> National Research University Higher School of Economics, 20 Myasnitskaya Ulitsa, Moscow, 101000, Russia
EC-leasing Company, 125 Varshavskoye shosse, Moscow, 117405, Russia
Abstract. The set of outline and guidelines as well as tools for automation to ensure continuity of business-continuity in the lifecycle of mission critical systems are considered. This complex is called the Life Cycle Supporting System (LCSS). The aim of the system is to reduce the risk level of the realization of critical errors in the system and application software throughout the life cycle of mission critical system, reducing operational risks and total cost of ownership of mission critical system. LCSS in the ISO / IEC / IEEE 15288 terms is enabling system. LCSS is created for life cycle of mission critical system support in the organization-owner.
Keywords: enabling system; Information System Life Cycle; Information System Release; Life Cycle Supporting System (LCSS); LCSS infrastructure; Mission-Critical System; Release Management
DOI: 10.15514/ISPRAS-2018-30(1)-7
For citation: Pozin B.A. The Principles of Life Cycle Supporting System for Mission -Critical Systems. Trudy ISP RAN/Proc. ISP RAS, vol. 30, issue 1, 2018, pp. 103-114. DOI: 10.15514/ISPRAS-2018-30(1)-7
1. Problems and risks in the life cycle of mission - critical systems
Mission-critical information systems (MCS) quite common in the financial field, public administration, retail and wholesale trade, transport and other industries where information systems are deeply embedded in the business processes. As a rule, they perform the functions of "back office", i.e. accounting for financial and material flows, the analytical systems of the state or corporate level, or other functionality that is crucial to the business. Such systems are increasingly being
built as centralized, have the contour of information security, as processed and accumulated in the system data have a state or commercial secret. Upon completion of the development of MCS is the transfer of ownership of the MCS owner, the system is its asset. In this regard, the remainder of the life cycle of the system responsible for the quality of the operation and maintenance of the system at the right level of performance lies with the owner of the asset. The aim of organization-owner is to ensure business-continuity in the system lifecycle. For this type of activity in the organization-owner MCS must be put automated processes to ensure reduction of planned and unplanned downtimes, operational risks and total cost of ownership of MCS.
The need for systematic efforts to maintain compliance with the functional and performance characteristics of the destination MCS in the state responsible usability and thereby preserve the asset accounts for the fact that most of its value in the life cycle of the system belongs to does not development. Costs for maintenance and development in the life cycle (15-20 years and more) MCS application software constitute 70-80%, and the actual development of the order of 20%. At lower timing tracking (about 10 years) the share of maintenance costs remains significant (60% vs. 40% for the development). However, the major potential losses that need to reduce or minimize, the risks are being implemented during the phases of system operation and maintenance. These primarily include the following risks:
• loss of efficiency MCS
o due to lack of working out of their architecture, systems
engineering platform, software and information systems; o due to incorrect support of their systems engineering platform;
• violation of the rules of functioning of the system of organization-owner (by activity) due to:
o inadequate performance or availability of MCS (taking into
account the characteristics of the existing and future load flows); o shortcomings allocation of responsibilities and duties of staff; o lack of trained staff;
• loss of integrity of MCS during their maintenance and development. Experience shows that the main causes of the onset of risks in MCSs are the human factor and a poor understanding by managers of the complexity and labor-intensive process of formation and use of services, implemented MCS, conditions of their effective application. This leads to a substantial increase in the maintenance costs of their MCS and software that implements the basic functionality of the services included in the MCS. Neglecting the issues of ensuring the service MCS and application software (AS) during their operation, maintenance and development leads to unreasonably high additional costs and consequently to an increase in the value of the MCS lifecycle.
It is essential that after entering the MCS service or new services sales price risks of default functions required by the system or part of it (sub-system, service, etc.) increases significantly, since MCS is directly involved in the implementation of business functions. Failure or improper execution of a business function because of defects in the MCS leading to direct losses of business, which are much more significant - sometimes several orders of magnitude, than the cost of MCS-holder organization for the development of MCS and its AS. That's why the main risks for businesses using IP implemented in stages of operation and maintenance systems, this is a potentially major loss, which should be minimized.
The most important goal in the life cycle of MCS is the design and implementation of systematic action to prevent or reduce the impact of such risks, primarily related to the presence of defects, with the untimely or inadequate quality of their elimination, with changes to the system and application software, with the modernization of equipment or machines of MCS totally. Eliminating the effects of display defects requires an analysis of the problems encountered in hardware, software, personnel actions. To address the problems involved quite a large number of specialists, and problems of the resolution should be carried out as soon as possible. There is a real need to specifically deal with the methods of software life cycle of information systems, particularly in the area of MCSs serving medium and large business.
2. MCS Life Cycle Supporting System
Experience shows that the primary method of ensuring the specified MCS performance and reduce these costs is to create a life-cycle supporting system (LCSS), which establishes and regulates the life cycle processes and automating these processes, the so-called enabling system (supporting system). According to [1] LCSS as supporting the system is in addition to consideration of MCS throughout the stages of its life cycle, but not necessarily directly contribute to its functioning. LCSS is the same system as the main MCS in the sense that it is being developed under a separate Requirements Specification and documented. Its purpose is to maintain the main MCS in a serviceable condition for any changes made to the MCS, due to both the development of its functionality, and its scaling or upgrade (change of operating system versions, hardware, architecture). LCSS operation makes it possible, for example, to maintain system-wide MCS characteristics while significantly increasing load compared to envisaged in the original MCS Technical Specifications, in which the main MCS was created. The objects provide LCSS are the main components of the MCS, their relationship, the types of the changes, as well as a team, carrying out support and MCS development.
Ensuring operation, maintenance and development of MCS in its life cycle is implemented team of specialists with different skills, so it is important to structure, organize and regulate the activities of this group. One of the most important LCSS functions is delineation of areas of responsibility of staff, the establishment of rules and regulation of the work of the team, expected results of certain operations in the
process of purposeful activity for the operation, maintenance and development of MCS at all stages of its life cycle [2,5].
MCSs automate the organization's activities, so their use is subject to internal rules and regulations, especially in the field of information security (IS). For this reason, the operation of such systems involved employees of the organization-owner or its operator, authorized by a certain set of documents and the types of activities that are essential in terms of the MCS lifecycle. Public organizations usually have a number of rules that restrict the use of material resources for authorized activities. In addition, various experts should be involved in the life cycle of MCS, including representatives of the various activities that shape the rules of work, automation needs to MCS requirements. By virtue of this LCSS construction must be based on certain principles described below:
• focuses on reducing total cost and complexity of operation, maintenance and development of MCS as a whole, not just on development speed of its constituent parts or systems;
• covers all the roles of personnel involved in the life cycle of MCS, and regulates the processes of the life cycle of MCS, both within the organization-owner and with cooperating organizations - contractors;
• supports processes and provide a systematic quality control, including for suppliers of hardware, software and services
• has as the focus interests of MCS organization-owner, it has to be created on the side of the owner and operated by and / or MCS operator;
• has to be deployed predominantly in the contour IS of MCS owner and provides secure interfaces with contractors;
• automates the processes of life cycle the most responsible that provides quality and labor-intensive processes which request attracting a large number of staff with relatively low qualification.
3. Processes of MCS Life Cycle Supporting System
When creating MCS Life Cycle Supporting System (LCSS) must take into account the impact that the requirements to the MCS functioning and development company and business experience, exploit MCS as well as suppliers of products and services involved in the creation of intellectual property and participating in its life cycle (Fig. 1).
In the operation of MCSs is necessary not only to respond quickly to emerging incidents, but also to carry out the current work to ensure the operation of backing up and restoring data, control loading system components to prevent abnormal situations, resource allocation settings to improve the performance provided by the IT - based services accumulating experience exploit MCS and user requests, etc. Requirements for MCS staff to ensure the operation reflected in the regulations and the operating instructions.
During the operation form as techniques and regulations accompanying the components of the system and describes how to interact with the operation of the service staff, develop new possibilities of MCS, as well as with the process of tracking the MCS AS for the transmission of the last information on the MCS and AS manifested defects. In addition, the accumulated experience of the implementation of automated business processes, there are proposals for the functional development of MCS, which are transmitted to the functional development process.
Fig.1. External factors and processes influenced to MCS LCSS
During the operation of the MCS vendors of included in the composition of the products and IT services are developing these products and services. Their plans for the release of new versions of the products do not depend on MCS development plans. Because of this, there is a need to replace the already operating as part of the MCS system software versions with new ones, which are announced as the best suppliers. The need for high availability MCS requires verification of compatibility of new versions of the system software with the other elements of the system, included in the composition of the technical means, as well as compatibility checks AS and new versions of system software. As for the tools used in the development of AS, the circuit works the same: you want to check compatibility of new versions of tools and architecture AS, non-infringement of AS functionality after the transition to new versions of the tools, such as software compatibility code generated by the new version of the compiler, while reassembly of MCS AS. This work is usually carried out on the stands for AS maintenance. Society and business development leads to the fact that over time there needs to change MCS architecture due to changes in business architecture organization, due to the need of MCS productivity growth to hold its modernization, to automate new business processes or sub-processes, to implement requirements related to personnel development organization. These requirements are implemented functional development process (inclusion of new functions in the AS) and a non-functional
development (MCS modernization). Development needs arise in business (or the public administration bodies), especially for those businesses that are not quite satisfied with the existing level of automation of their operations. They arise in the event of new legislative acts and other documents that require changes in the way the data or generating analytical information (e.g., reporting) for business management or management of social processes.
LCSS regulates the composition, order of implementation and automation of the life cycle of MCS processes (see. Fig. 2). These processes for the projects, attracted by the staff, nature and results of operations are divided into two groups: processes of operation and processes for development.
Operation of
Support of set of technical means and system software
Providing user support
Support of application software
Fig. 2. Life Cycle Supporting System Processes
The first group consists of the following processes:
• ensuring the operation;
• provision of support of the technical means (Complex of Technical Means - CTM) and system software (SS);
• providing support to users;
• providing maintenance to AS [4,5]
• the composition of the second group consists of the following processes:
• providing MCS functional development;
• ensuring MCS non-functional development (scaling) [3].
The regulation process is carried out with the help of institutional and normative and methodological support - set of relevant documents. The composition and content of these processes, as well as the maintenance of the complex documents discussed below.
4. Content of MCS Life Cycle Supporting System
MCS Life Cycle Supporting System (Fig. 3) represents a set of:
• complex normative-methodical and organizational - administrative documents,
• personnel who carries out maintenance and development of MCS, its system and application software on all over the life cycle of MCS from idea creation to remove the system from the service,
• tools, databases and repositories to automate the activities of personnel involved in the provision of MCS lifecycle,
• infrastructure i.e. hardware and software tools used to automate activities of LCSS staff.
Fig.3. Content of MCS Life Cycle Supporting System
All components of this set of tools determines the actions and / or placed in one of three areas: the development area belonging to contractor (s), maintenance area belonging to the organization, the owner of the MCS or perhaps rented them fully or partially and operation area usually belonging to the organization, the owner of the MCS and a characteristic highest information security requirements. Maintenance
area in any case should be in the MCS Information Security contour. There must be defined security policy, data types and exchange procedures for transferring data from one area to another within the MCS lifecycle.
5. The complex normative-methodical and organizational -administrative documents
Enter the new MCS in the action leads to changes in the organization of MCS-owners. In most organizations, these changes of personnel roles and interaction of units are regulated in terms of the use of MCS in the changed business processes. However, the need to maintain the relevance of MCS for its use also requires changes in the organization:
• determining the order of formation of change requests MCS functionality,
• connection of new facilities to its use,
• organization of MCS exploitation and work with the new system by the users,
• retraining of end users to use the new functionality of MCS features (new services), etc.
These changes are introduced in the organizations in the form of normative -methodical guidance documents (for example, standards organizations) and organizational and administrative documents (orders, regulations, instructions, etc.). The main purpose of the formation of the complex of these documents is to create policies and procedures that describe the delineation of areas of responsibility of the owner of MCS-organization of staff while ensuring its operation and development. It is expected that as a result of the changes recorded in this complex document, will reduce the total cost of labor input on the functioning of the organization and development of MCS. The documents should be regulated life cycle processes (see. Item 3) that run the personnel organization of the owner of the system in parallel with the development process, operation and maintenance of MCS. The documents must include a description of the role models of personnel in the performance of the MCS organization owner lifecycle processes, including life cycle stages, tasks each role, the results of each role in the phases of the stages, the procedure and the form of the transfer of results and accountability for results between the roles in the implementation processes. Documents must also regulate:
• procedure of formation and fixing the functional requirements for the production of MCS release, the general rules of its planning, initiation, implementation, in cooperation with contractors, monitoring the progress of work and results, the procedure for release documenting and completing;
• kinds of products, of which the MCS is going, the procedure for their acceptance of contractors and input control as an integral part of MCS criteria;
• the procedure of implementation of MCS products, scope of work on the target platform, and with the use of information security;
• the procedure to implement the integration of products, control of the functional integrity of purpose and performance, documentation, the quality assurance of integrated systems on impersonal data and its tests are impersonal and real data;
• procedure to enter the tested system in operation.
The necessity and importance of creating such documents due to the fact that these activities are determined, ultimately, the ability to reduce total costs. In working out their estimated ability to perform work on their own organization or with the assistance of an authorized contractor (s) with the unconditional implementation of the IS requirements. It is important to recall that the vast majority of these activities is carried out within the IS contour of the organization.
The basis for the formation of normative and methodological support LCSS are basic and subsequent standards, the composition of which is shown in Fig. 4. These standards define the properties of processes and quality requirements as a life cycle processes and system organization and the quality of the owner of the MCS quality.
6. Conclusion
In the life cycle of MCS LCSS responsible role is extremely high, both from the standpoint of enabling system of conservation investments in MCSs, increasing its lifetime and reduce its total cost of ownership. Understanding this leads to the need to lay the necessity of creating and commissioning LCSS simultaneously with the development of a MCS. It is necessary to carry out the necessary investments in support of LCSS in the feasibility study on the establishment of a MCSs. What is important is the experience of about 10 years of practical development and use LCSS. He showed that the increase in the number of changes in the MCS around 40% did not lead to the urgent need to increase the staff responsible for the maintenance and functional development of middleware systems and responsible uses automated technology to carry out their functions. Of course, the complexity does not limit possibilities are endless. However, the very fact quite accurately describes the subject matter and result.
The key issue is the implementation of a road map for the establishment and commissioning of the MCS LCSS, namely the following key steps in the organization of IP-owners:
• There must be put in place regulations governing the interaction of functional units (functional customer) organization and IT - Service;
• There should be developed and put into action common to organize documents: Terms and regulations of interaction of staff in dealing with the
tasks of ensuring the functioning of the MCS, its maintenance and development, to ensure the distribution of responsibilities between people with all levels of management: strategic, tactical and operational and regulate this distribution establishing criteria for the evaluation of human activity;
• In addition to the infrastructure MCS operation must be regulated by a separate document and the infrastructure to ensure the functioning of the MCS, its maintenance and development, provides a process for the implementation of the modified AS of the MCS on the target platform, as well as releases of acceptance from the developer - the infrastructure without diverting operation resources;
Fig. 4. Regulatory support MCS lifecycle.
• The most systemically - significant, time-consuming and repetitive processes should be automated, especially the requirements management processes, delivery of tasks and monitoring their implementation, planning and configuration management versions and releases of MCS AS, automated functional and load testing.
References
[1] ISO/IEC/IEEE 15288: 2015 Systems and software engineering. Systems Life Cycle Processes.
[2] ISO/IEC 14764:2006 Software Engineering - Software Life Cycle Processes -Maintenance
[3] Forsberg K., Mooz H., The Relationship of System Engineering to the Project Cycle.
- Center for Systems Management, 1995, 12pp.
[4] Pozin B., Galakhov I. Models in Performance Testing. Programming and Computer
Software, Vol. 37, No. 1, 2011, pp.15-25. DOI: 10.1134/S036176881101004X
[5] ISO/IEC 12207:2008 Systems and software engineering - Software life cycle processes
Принципы построения системы обеспечения жизненного цикла ответственных систем
Позин Б.А. <[email protected]> Национальный исследовательский университет Высшая школа экономики, 101000, г. Москва, ул. Мясницкая, д. 20 ЗАО «ЕС-лизинг», Варшавское шоссе 125, 117405, Москва, Россия
Аннотация. Рассмотрен комплекс мер и средств автоматизации для обеспечения непрерывности бизнеса в жизненном цикле ответственных систем. Этот комплекс получил название система обеспечения жизненного цикла (СОЖЦ). Целью системы является снижение уровня рисков от проявления критических ошибок в системном и прикладном программном обеспечении на всем жизненном цикле ответственной системы, снижение эксплуатационных рисков и совокупной стоимости владения ответственными системами. СОЖЦ в терминах ISO/IEC/IEEE 15288 представляет собой обеспечивающую систему (enabling system). СОЖЦ создается для обеспечения деятельности организации-собственника ответственной системы.
Ключевые слова: обеспечивающая система; система обеспечения жизненного цикла (СОЖЦ); ответственная система; процессы жизненного цикла информационной системы; выпуск ИС; управление выпусками; инфраструктура СОЖЦ.
DOI: 10.15514/ISPRAS-2018-30(1)-7
Для цитирования: Позин Б.А. Принципы построения системы обеспечения жизненного цикла ответственных систем. Труды ИСП РАН, том 30, вып. 1, 2018 г., стр. 103-114. DOI: 10.15514/ISPRAS-2018-30(1)-7
Список литературы
[1] ISO/IEC/IEEE 15288: 2015 Systems and software engineering. Systems Life Cycle
Processes
[2] ISO/IEC 14764:2006 Software Engineering - Software Life Cycle Processes -Maintenance
[3] Forsberg K., Mooz H., The Relationship of System Engineering to the Project Cycle.
- Center for Systems Management, 1995, 12 p.
[4] Позин Б.А., Галахов И.В. Модели в нагрузочном тестировании. Программирование, том 37, №. 1, 2011, стр. 20-35
[5] ISO/IEC 12207:2008 Systems and software engineering - Software life cycle processes.