Architectural Profiling is a method of understanding the relative complexity of different areas of concern for an architecture.
Architecture addresses a number of concerns and so a useful early approach is to consider the profile of the architecture in terms of the relative complexity of each of these areas. This helps to give a feel for the shape of the requirements, architecture and overall solution. We can also identify possible areas in which we can reuse existing components, frameworks or maybe standard packages of requirements, components and tests. Architectural profiles may be useful at any level of architecture (Enterprise, Solution and System) and are useful to understand areas of complexity in the requirements space, especially for understanding the relative complexity of non-functionals.
The y-axis ranges from no complexity to high complexity but it is deliberately not labeled (not something we'd normally recommend!) so we can focus on the relative complexity of these dimensions of the requirements, quality, architecture and therefore solution. Complexity here is a subjective opinion, adding false accuracy of scale is not worthwhile.
The height of one of these bars helps us shape the architectural approach that the work needs, including how implicit or explicit the elaboration and documentation needs to be.
For example, let’s take the security dimension and consider it from simple, complicated and complex.
If it's empty/simple we know that we don’t need users, audit logs etc. Maybe we just need a username for personalization but we could pick that up from the Operating System or session state.
- logging in
- changing password
- managing users
- managing permissions
- checking permissions
In most organizations, and for most developers, these are very common requirements which have been implemented many times. There is unlikely to be a need to do detailed requirements documentation, design or even significant testing as the quality risk is likely to be low. Hopefully we will be able to reuse corporate authentication and authorization mechanisms or standard mechanisms such as LDAP integration or Oauth and so not have to implement any of this stuff directly. Of course just because quality risks are likely to be low doesn't mean we can assume there are no bugs, a minimal level of testing might still be required by our Definition of Done.
If the bar for security is higher/complex up then we might need to consider elements such as fine grained security, overlapping groups, encryption, auditing, digital signing, federated user data stores, legal compliance, information assurance, biometric identification, multi-factor authentication, etc.
If the bar for security is at the very top, then we are in a high complexity security context. In this case we may be dealing with an unstable cyber security situation such as needing to operate securely in a hostile environment where adversaries are actively trying to compromise our software or operational effectiveness. These situations are not resolved through up-front design, but through architecting for change, experimentation and learning.
As well as the standard non-functional "URPS+" dimensions we also often look at as standard is "Data Processing" which covers the volume and shape of data a system might need to deal with. Simple entity management is typically fairly low, whereas running significant algorithms across that data will push the bar up. Large datasets start to bring in some elasticity concerns, "Big Data" and massively parallelized processing will push the bar up further.
For lower levels of complexity, dealing with simple entity creation, editing and deletion we do not recommend elaborating textual requirements or CRUD stories/simplistic scenarios, similarly we do not recommend creating a lot of designdiagrams that describe CRUD operations for each entity. However a simple persistency mechanism and data model are frequently worthwhile.
Another dimension we frequently use for user facing systems is "Reporting and Visualization" means graphical rendering of data or processing. At its simplest level this dimension can be simple GUI feedback but it can range to interactive touch displays, augmented reality, VR etc. As the bar increases, the requirement for User Experience (UX) practices increases.
The Functional Dimension
The first dimension we title "Differentiating Functionality" which represents the functional requirements which make the product or product family unique. If this bar is low then the product is likely to be a commodity offering rather than a market differentiating product, in which case there should be a strong strategic reason to buy not build. A significant non-functional difference between the proposed product and existing alternatives may be a perfectly valid reason, but we recommend making that explicitly visible.
If, during product evolution, this bar lowers significantly then the product should be considered for retirement or replacement with a commodity solution. Sometimes market disruption will out-move a business in which case cutting losses, and redirecting onto more differentiating business value, is a sensible business decision.
Other than these cases, the functional dimension is typically the source of business value and so is often prioritized by customers and users above the other dimensions. Using an architectural profile is a useful way of balancing the requirements and development work to consider the whole problem. We tend to use a different color for the functional bar to help draw out this distinction and ensure a realistic balance of concerns.
Technical risks, and likely quality risks, will be hiding in any dimension with a high complexity and so will be fertile ground for finding fringe cases. Complex areas are excellent candidates for early iterative development as their implementation can help to de-risk project, programmes and portfolios.