On UML as a Modeling Standard for Internal IT Purposes

UML has evolved into a very large and fairly comprehensive Standard (http://www.uml.org/). The size and complexity allows it to be applied to most IT problems and also can create problems of it's own.

I do believe that it could be used to solve some of the problems I see in my day-to-day job and, with proper application, solve some of the problems I face.

'What we've got here is (a) failure to communicate' 

- from 'Cool Hand Luke'. 

Communication problems are the crux of the matter as I see it and come in two basic forms; challenges between two or more people trying to communicate an idea or situation at a point in time and also over time. In the first case there is an opportunity for the two parties to interact and discuss. In the second case that is not typically the case; a document is created and then read months or years later. The original author may no longer be with the company.

Aspects of the problem I see are:

1. Integrity (correctness and completeness), 
2. Comprehensibility (succinctness and semantics), 
3. Usability (navigation and accessibility)

Before I go into these in more detail and describe how UML may fit into the solution, I need to define a scope of applicability - the context within which I am think about this. In my current job I deal mostly with IT investments, processes, business systems (solutions), and requirements. I don't often deal with software architectures (the deep structures of software inside those business solutions), or the deep details of deployment. I also usually only deal with the results of the business requirements process and not the detailed creation of them.

Very often the results of my work (or of a team of people with whom I work) is depicted in the form of diagrams within a PowerPoint. Although the diagrams titles are used over and over again (business context, system context, and anything followed by the word architecture), there are no common rules about what goes into them, no common definitions for what lines and boxes mean, and very little consistency across teams, or time. My common tools for creating and managing this information are: Visio, Excel, Word, PowerPoint, and Sharepoint. All though we do get a lot done with these tools, there are challenges with the integrity, comprehensibility and usability of the resulting documents. Let me illustrate with a Visio example.

A box likely means something exists (physically or conceptually) and a line means that two things are somehow related. The precise meaning of the diagrams parts is defined by the author and may not be included in the diagram itself. This description might sound like total chaos, and that would be misleading. People within my organization have learned what those things usually mean within the context they are presented and can deal with the ambiguities and information gaps that exist. In most cases, the fact that a diagram abstracts a complicated physically deployment and represents it as a simple line is useful.  

For example, I might depict the communication pattern between two applications as a simple line and maybe I put the label MQ on it. That tells many of my peers quite a bit. If they also know that those two systems are deployed within our own datacenter and a vendor datacenter then they can likely guess that there are likely two queue managers involved, a few MQ channels, several servers, likely at least two firewalls and a likely more IP switches than we would care to document. However, if I were the network engineer, I likely care about each and every one of those switches and circuits and not much at all about the communication activity between the two applications. Until there is a problem, or we need to make a major change and at that point all parties are interested in ensuring all levels are understood.

So we need to be able to communicate the idea that systemA talks to systemB and we want to show that as a simple line. We would like to be able to look inside that line to see the MQ specific characteristics and topology. Drilling further down we would see IP socket level details, IP addresses and ports - useful to network engineers and people writing firewall rules. Below that there is even more detail, circuits etc. Of course these layers of abstraction have been documented in another standard reference - the OSI 7-layer model (http://en.wikipedia.org/wiki/OSI_model). Should are architectural diagrams follow the same layers? Perhaps. Perhaps we should be producing artifacts that align with TOGAF 9 (http://www.togaf.com/)? Or Zachman (http://en.wikipedia.org/wiki/Zachman_Framework)? This is a major outstanding question for me. Maybe there are other possibilities.

Some of these frameworks provide better guidance at that than others. Zachman, for instance, provides guidance on many ways we should partition out models. TOGAF takes a different approach and is a little more concrete in some areas, but is generally less specific about deliverables. Which ever framework is chosen, I am thinking the most important part of the application of UML to the problem is getting guidance that is specific enough that two people would produce a models that are similar at the semantic level. What do I mean? If I were to point to people at a running system including all the code, deployment descriptions ands operational documents, and told them to draw the UML diagrams that describe the system at OSI layers 4 through 7, would they produce diagrams that use the same symbols in the same way? Would they define the same stereotypes and make the same profile extensions? I don't think so. There does not seem to be a standard methodology which can be applied to UML that gives good guidance on this. 

I recently was involved in the review of a large number of infrastructure diagrams that were produced by a team. It wad quite clear that the individual artists had different ideas and rules in their heads. One person would focus on the network topology, another on the data flow (process oriented), and yet another on the IP level session. Production and disaster recovery (DR) path were always on the same diagram, but sometimes the DR paths were dotted or pink, sometimes not. Sometimes you could identify active-active clusters, sometimes not. If we were to re-execute the same task using UML and a common UML tool, would it be any better? I don't see that it would be. The symbols would be more consistent, but beyond that I don't expect much improvement.

It may actually be worse. When you have a free-form Visio diagram you know that there is no defined semantics for the graphical objects. But once you put them into UML and then into a repository you might think you know things we more confidence than you actually do. Garbage in, Garbage out. I have seen the progression from visio diagram to excel spreadsheet and then aggregate all the spreadsheets into a database and run queries. Once we have gotten to that point we are in danger of drawing conclusions from data that was shaky to start with. When it was a visio it was unstructured and it was apparent that only so much could be done with it. Once it becomes more structured (without adding knowledge in the process) one might lose sight of the inherent weaknesses in the source.

So back to my MQ example. In its simplest form this is two boxes and one line. Should the two applications be 'components' in a UML model. Should the MQ connection be a 'Usage', a 'Component Realization', an 'Interface Realization', or an 'Association'?  Or something else? As I have poked around I do find answers, but I am left to think that somebody else doing the same job might get different guidance. When we try to aggregate our work together at some future time we might discover a large amount of rework ahead of us. 

Is there an undiscovered part of internet that holds the answer to my quest? Leave a comment and let me know what you think on the topic.

Goliath and IT Security

Regardless of whether you hold any special significance to the Judeo-Christian scriptures or not, I suggest that there is wisdom to be gained from their study. A large number of topics are covered in these ancient texts, including IT Security.

Yes, IT Security. The story is told about a long running battle between the Philistines and the Israelites (1 Samuel 17 1-53). Everyday the Philistines would send out their champion, Goliath, and challenge the Israelites to a one-on-one battle. Winner takes all. The big problem was, and I do mean BIG, is that Goliath was a giant. One big dude. No Israelite solider knew how to fight such an enemy. So they cowered. The philistines laughed and were comfortable.

One day this kid comes along bringing lunch for his soldier brothers. His name was David. He is witness to Goliath's daily challenge and like most young idealistic people, who can solve all the world's problems, he says, 'yo bros, why aren't we doing something'! They laugh him off. But David persists and soon enough finds himself facing the giant; Armed with the tools he knows best. Goliath laughs and mocks him. David splits his skull with a rock from his slingshot. Fair trade. Goliath dead, the Israelites win and the Philistine army scurries away.

So how do I get from an ancient military battle to IT security? Goliath was proud, he thought he was invincible and so did the rest of his army. He likely was invincible against all attackers who engaged him in the defined model of combat: sword, shield, spear. David didn't play by the rules, he even tried on standard armour but quickly realized it was not going to work for him. Instead he thought outside the box and made use of tools that were not expected on the battle field and won.

All too often in the IT context I hear people say things like: 'our software is perfectly secure', 'It cannot be hacked', 'I signed to SOX attestation so I know that security cannot be circumvented'. Ya - and David can't kill Goliath. We all too often fail to recognize the difference between the truth regarding what is possible and our ability to conceive of what is possible. We only truly know the bounds of the possible once we have exceed them.

If you are convinced that something cannot be hacked, broken, violated, or circumvented then what you are truly admitting to is the limit of your imagination.  And never forget about the possibility of the $5 wrench.

Note taking applications.

I have had my iPad for about 6 months now, and it has certainly changed the way I use computers. It has become the one device that I use the most. Even more than my work laptop - but that has a lot to do with the amount of time I am spending in meetings these days.

In meetings I do use my iPad for note taking. The most common application I use for that is Evernote. I like that it automatically synchs my notes back to my computer. I have been taking monthly subscriptions to the premium service so I can have offline notebooks as well. The one short coming I find is that I cannot draw with Evernote. So I have started looking for another program to fill the gap.

I have been using Adobe Ideas for a bit as well. It is good. I like the zoom in and out capability. It also smooths out jittery lines nicely. But it does not work so well for written notes. The new version allows for emailing of completed drawings. I would like some better interop with Evernote.

With Evernote's Trunk feature there was an app called Inkest. I gave it a try. It seems to be geared towards artist who would like to sketch. I didn't find that it worked well for written notes. It does allow for drawings to be saved to Evernote's web site (not the local app). If you are connected that doesn't page much difference, but if you are not connected you will have to remember to Upload your notes latter.

On to my third try. InkShelf. It has a nice notebook interface similar to iBooks. Some templates that help get things organized. It does have the nicest writing experience ... The ink flows really nice. The multipage paradigm within a notebook is nice. It does allow you to pick different papers for your notebooks, which is nice, but it is a choice for the entire notebook, so if you want lined paper on one page and grid paper on the next, tough. It does allow you to save your notebooks to both Dropbox and Evernote.

There are two features from all of these that I am still looking for. The ability for the app to transcribe cursive writing into typed notes and the ability to edit the notes once they have been saved to a cloud mechanism.

I have used penultimate on other peoples iPads. It seems nice, but I think I prefer InkShelf.

The next thing I need to get is a stylus.

Free Music at Walmart

I just downloaded six free songs at walmart. Check it out.You'll need a walmart account.

Camera Connection Kit.

I have been giving the Camera Connection Kir for IPad a pretty food work while on the road.

So far I like the capabilities. But I do have some gripes. I am hard to please.

First, it works as expected. I am working with CF cards from my Canon. All shots are RAW. It can see the RAW images and import them, but I think it is just grabbing the embedded jpeg. I don't know for sure.

Things I would like to see improved. I'd like to be able to:
- know how much space I am using. There is an app for that but it should be native.

- create albums and place pictures in them.

- edit places.

- crop, straighten and adjust.

- import videos (avchd) - may support others, but not my cameras format.

Overall I'd like "Lightroom for iPad". That does all of this. It should work in concert with the regular Lightroom as well. For example, import embedded jpegs (or better) into iPad, classify, assign metadata, titles, create collections, etc. Then later import same images as raw from card into lightroom for the desktop and have lightroom for iPad provide an update feed.

There are apps for many of those features, but it would be nice to have it all in one app. "Lightroom of iPad"?

I also did some two image HDR processing on the ipad using TrueHDR. Very easy and good results. See here.

TrueHDR sample

Happy Canada Day ... The Canadian Bookstore Arrives

Previously I lamented about the lack of selection in the iBook store. It was just the free titles at that time. Today the Canadian content came online and there is a lot more to choose from. I still find the selection to be thin.

One thing I didn't notice before was alerts. You can set an alert on an author so you notified when a new book by that author becomes available. It would be nice if you could set an alert on a search phrase.

A feature I like about the amazon store is the wish list. Sometimes I am interested in something but don't want to buy it quite yet. Amazon let's me make a note about that by adding it to the wish list.

Zinio - I like it.

One of the apps I decided to try out based on somebody else's recommendation was Zinio. It is a magazine reader much like iBooks is book reader. There is a fairly wide variety of magazines available, but not as complete as I would like. They do offer a few complimentary issues which allows you to check out the experience without having to subscribe to anything. The app itself is free.

I browsed through the compliementary issues and was impressed enough that I have subscribed to a two. The text clarity is excellent, images are good as well. These magazines are more than just the print version render in electronic form. The ones I have explored have embedded videos, and slide shows. It is generally an engaging reading experience.

One quibble have will point out is the app is not the most stable. I have found it to crash about every 10 to 15 minutes. Long enough between crashes to be tolerated but definitely annoying. Fortunately it does a pretty good job of saving where you left off when you restart the application.

I have not done much to explore oth magazine readers. Have you? If you have found a good one leave a comment to let us know.