Team 2: Gurgle Earth

From SoftwarePractice.org

Contents 1 Team 2 Members 2 System Purpose 2.1 System Overview 3 System Context 3.1 Major Stakeholders 3.2 Software Objectives 3.3 Software Functionality to Offer 3.4 Data Sources 3.5 Quality Attributes 4 Customer Needs 4.1 Stakeholder Narratives 4.2 Quality Narratives 4.2.1 Security 4.2.2 Scalability 5 Conceptual Architecture 5.1 View 5.2 Description 5.3 Use Case Maps 5.4 Impact Maps 5.5 Conceptual Data Models 5.6 Component Responsibilities 5.7 Architectural Decisions and Justification 6 Execution Architecture 6.1 Concurrent View 6.2 Deployment View 6.2.1 Notes 6.3 Use Case Maps 6.4 Impact Maps 6.5 Architectural Decisions and Justifications 6.6 Ongoing Contextual Factors 6.7 Feasibility of Execution Architecture 7 Implementation Architecture 7.1 View 7.2 Component Mapping 7.3 Use Case Maps and Sequence Diagrams 7.4 Impact Maps 7.5 Architectural Decisions and Justification 7.6 Ongoing Contextual Factors 7.7 Design Decisions for Implementation Components 8 Anticipated Issues for Future Milestones 9 Critique 10 References 11 Appendix A: Mindmap of Scenario 12 Appendix B: Prototype Development Notes 12.1 Design Decisions 12.2 Database Design 12.3 Use of Java Packages 13 Instructor comments

Team 2 Members

Name	Student Number
Jensyn Luc	10159871
Anthony Joseph	10187868
Deon Poncini	10147193
Marie White	10159440

For meeting agenda history, please click here

Layers poster 20th May

System Purpose

System Overview

The year is 2045 and, as a product of recent trends in consumption patterns, there is widespread apprehension of a complete ecological collapse. Leading world powers alike have assembled and expressed a need for a Global Monitoring System. A system that, when in full swing, provides information on where resources are being created and consumed.

System Context

Enablers

In designing this Global Monitoring System (popularly dubbed the Gurgle Planet Project – GPP for short), various contextual factors are to be taken into account. The GPP is a gigantic undertaking and will require the collaboration of countries and organisations all over the globe. The necessity of such a tool has received the backing of most governments and multinational companies, thus giving the project the financial, intellectual and hardware resources it requires. Upscale infrastructure needs such as Satellites are being made available; experts in various fields are willing to lend consultation time; and cooperating nations are ready to provide the financial means for the project. It should be noted that technology available is sufficient for the project to commence.

Constraints

Supporters of GPP have placed urgency for such a system, putting pressure on the development time. It is therefore critical that the system utilise as much existing hardware and infrastructure as possible. Having said this, there is the inevitable need of managing the implementation of the project. Standards and procedures will be developed and the system will need to work in concert with this jurisdiction.

Risks

Granted the support of many companies and governments, the ramifications of such a system could lead to falsified data. Companies standing to lose substantial profits and nations in danger of being accused of consuming too much may resort to exercising this practice. There will also be organisations vehemently opposed to the project, refusing to provide Gurgle Planet any information. In this way, the system will have to obtain data via surreptitious methods. In either case, the integrity of GPP’s analysis and conclusions will be reduced if appropriate measures are not taken.

Major Stakeholders

• Manufacturers
  • Sensor Manufacturers
  • Aerospace Manufacturers (Satellite and Aerial)
• Resources
  • Power Companies
  • Oil Companies
  • Mining Companies
  • Agricultural Companies
  • Waste Management/Recycling Companies
• Government
  • Cooperative Sovereign Leaders
  • Uncooperative Sovereign Leaders
  • Intelligence Agencies
  • Military
• Non Government Organisations
  • Policy makers
  • United Nations
  • Non-Profit Organisations
• System Users
  • Environmental Scientists
  • Systems Engineers
  • Network Systems Administrators
  • Developers

Software Objectives

• Reduce consumption of natural resources
• Total assay of available resources
• Locate resource creation and consumption
• Minimise exposure of the remaining ecosystem to harmful toxins

Software Functionality to Offer

• Data collection (monitor global resources)
• Locate and map
  • Oil reserves
  • Other minerals
• Ecosystem classes
  • Forest/agriculture zones
• Presence of animal/plants
  • Food crops
  • Farmed animals
  • Wild plants and animals
• Collect and analyse
  • Water quality
  • Soil quality
• Collect and track
  • Waste management
• Analyse
  • Resource consumption patterns
• "Google Earth" style interface
  • Used for displaying varying contexts
  • Variable information display
  • Spatialisation capabilities
  • Overlay-based system

Data Sources

• Governments/Companies
  • Local, state and national levels
  • Cooperative/Uncooperative organisations
• "Surreptitious" Methods
  • Fly-over aircraft
  • "Smart Dust" wireless sensors
• Satellite Imagery
  • Visible
  • Infrared
  • Radio
  • Data from existing surveys

Quality Attributes

• Security
• Scalability

Customer Needs

Stakeholder Narratives

Sensor Manufacturers

With the assistance of his diving team, Joey places a water quality sensor in the depths of the Murray River. He activates the sensor by defining the river's location, a frequency of analysis and an initial date and time. The sensor establishes a connection to the Gurgle Planet headquarters, where critical information is sent to the system, such as water salinity, elements present, acidity etcetera.

Persona: Joey Arunta is an Environmental Engineer who is working for a team jointly controlled by CSIRO (the developer of the water quality sensor being used on the project) and Gurgle Planet. When he is not making paper aeroplanes, he is often seen watching romantic comedies while taking notes on character interactions.

Aerospace Manufacturers (Satellite and Aerial)

Sean is interested designing and producing aircraft. He must battle with the ethical decision of producing aircraft for surreptitious use against such governments as the Swaziland, who believe they are world rulers who know best but refuse to see the bigger picture, and in turn breaking the law of those particular countries, but for the greater good of improving the planet’s resource management. These aircraft would periodically fly over un-cooperative countries and companies, posing as non-threatening civilian aircraft, and take sweeping images of the country or company in the visible spectra of elevation, soil.

Sean also designs satellites for communication and data collection. Communication satellites are integral to the operation of the Gurgle Planet software system. These are used to beam back data from all the ground-based sensors in the system to the central data servers. Data collection satellites would periodically take satellite imagery in the visible, infrared and radio spectra.

This fly-over aircraft and satellite imagery would then be sent to the system to be stored as numerical data for further comparison and analysis in the future to determine consumption patterns.

Persona: Sean works as an aerospace engineer for Cessna. He started from humble beginnings of designing paper planes, with his first airplane soaring like a bird which had just been shot by a sniper with a shotgun.

Oil Companies

Tony's manager has stated that he is required to send the team at Gurgle Planet a list of all known oil reserves. Tony locates the maps indicating where OilCo has detected oil reserves, and converts this data into a format that Gurgle Planet requests all information in, and sends it to Gurgle Planet.

Persona: Tony Vermer is a consultant hired by OilCo company to assist with supplying data to the Gurgle Planet project. When Tony is not literally swimming in the amount of money he earns as a contractor, he enjoys going to trance concerts despite not knowing exactly what to do at these concerts.

Mining Companies

Alex and his fellow board members are extremely concerned about the latest developments of the Gurgle Planet software. This is because the board of directors have ignored various petitions by environmental groups and reports from internal engineers who have highlighted alarming trends in both the methods and amount of natural resources being extracted from the Earth. Their concern is twofold: that their company will receive negative feedback from the public once Gurgle Planet highlights the fact that his company extracts large amounts of natural resources, and that governments will introduce policies to limit their usage of natural resources and increase the regulation of the industry by government regulatory bodies.

Alex's company is determined to either discredit Gurgle Planet's reputation, or falsify collected data to mask the extent of their misuse of natural resources. In order to discredit Gurgle Planet's reputation, he sends Gurgle Planet a list of all of the gold that his company has mined, totaling more than 300,000 tonnes (which is twice the amount of gold ever mined in the world).

During Alex's board meeting, he receives a polite phone call from Gurgle Planet administrators indicating that his company has given false data, to the embarrassment of his fellow board members.

Persona: Alex Jones is a member of the board of directors for Northern Mining Corporation, a large multinational company who prides itself on its ability to supply major industries with various natural metals and minerals. Alex enjoys restoring antique cars, and playing Tetris on his various gadgets, especially his BlackBerry phone.

Agricultural Companies

Mr Theodore Grates is CEO of the Australian Agriculture Company (ACco), the world’s largest producer of beef. In recent times, the ACco has enjoyed monstrous profits, chiefly due to the world’s burgeoning consumption patterns and their 46% market share. In addition to beef, the ACco also produces wheat, barley and sugar cane, utilising the 70 million hectares (about 8% of Australia’s land mass) of Australian farmland they currently own. Naturally, Theodore was horrified to hear of the Gurgle Planet project. The business forecast was already looking grim - his consumers’ efforts to curb their consumption patterns were well underway. The thought of some worldwide bureaucracy controlling his production capacity did not sit well with Theodore. In response, he has set up a team of lawyers and analysts ready to fight or perhaps exploit any policies enforced by the UN.

Persona: Theodore Grates attained CEO status by marrying the heiress of ACco, Paris Browbeat. Having already made a name for himself as a highly acclaimed entrepreneur, Paris instantly fell in love with Theodore when they first ran into each other at the local fish and chip shop. Theodore has a knack for film and photography and one day hopes to achieve Mariah Carey’s octave range.

Waste Management/Recycling Companies

Linda views the daily reports automatically generated from the Gurgle Planet subsystem. Linda notices that the Friday report shows that there were 5 tonnes more metal coming out of the recycling plant than going in. After analyzing the data output she investigates the weighing machines. She stops the sorting machines and tests the weighing devices. She notes that the device for outgoing material weight is incorrectly calibrated. She edits the data in her local copy of the database to correct for the error, which means all data was weighed at 5 tonnes more than it was supposed to be. She then sends this updated report to the Gurgle Planet collective data center, and flags her report with an update so the Gurgle Planet system will know to override the old data.

Persona: Linda is the waste collection and tracking officer at Standard Waste, an organization that recycles various metals and plastics to be used in industry again. Standard Waste also handles landfill operations. Linda is in charge of the data tracking from the various sensors installed in the facility. Even waste is machine sorted in categories (by composition, metal or plastic) and weighed before it is buried in the ground. All material that is recycled the raw materials are weighed before hand and after processing to capture the material delta. Linda has been working at Standard Waste for 10 years, some said it was a 'waste' of her talent as a Statistician, but as she would always say "Bad puns are no place for a mighty Statistician".

Cooperative Sovereign Leaders

Arkady oversees the collection of data for all of Conjectistan. He has appointed officers at all the Uranium mines in the country to report daily on the amount of Uranium extracted, as well as the estimated Uranium remaining in the deposit. These reports are collated and transmitted electronically every night to the world wide data storage facility via satellite. Arkady insists the data is encrypted to protect his trade interests in case the data is intercepted.

As Conjectistan is mostly desert Arkady has been advised to choose smart dust sensors to scatter over the land. Only a low density of sensors are required due to the sparse plant and animal life. Arkady has set up automated base stations around the edges of the desert, and every few days the smart dust sensors do a batch upload via radio of all the data they have collected. At the end of each month this data is collated and sent via satellite.

Arkady has employed a great deal of technical skill in rolling out his local data collection. This has brought jobs to Conjectistan, so Arkady is hesitant to let everything become automated, lest his new found economy suffers.

Persona: Arkady is the President of Conjectistan, a large but mostly arid country on the western Asian border. Conjectistan's main export is Uranium, used in nuclear power stations all throughout the region. He is definitely in favor of data being collected in his country to encourage open Uranium trade with other nations, especially those in the west. Educated at Oxford Arkady also believes in freedom of information, unlike his predicessor Vladimir who was a totalitarian dictator, leaving much of the economy in ruins. Arkady sees the collection system an opportunity for more jobs in the nation and revitalise the economy. Arkady also enjoys the game show Jeopardy, and training his homing pigeons.

Uncooperative Sovereign Leaders

Tup Som Bong, president of China, has long been infamous for his cutthroat administration. Regardless, Bong’s leadership has led to 20 years of solid economic growth, pushing the majority of the Chinese population above the poverty line. Bong has opted out of the Gurgle Planet project and remains reluctant on joining any initiatives that may slow down his country’s fragile economy. It is still yet unknown exactly as to how Bong was able to transform the nation’s wealth in so little time and part of his success is owed to his ability to suppress information. Evidently, Bong holds a zero tolerance policy on spying nations and this was exercised last month when four CIA READ agents were captured. The whereabouts of the agents is unknown and from their latest correspondence, it was said that the sensors could be sending falsified information. Bong has not yet gone public with the capture; it is presumed that the agents have not disclosed any valuable information.

Persona: Tup Som Bong, born in Jiangyan, Jiangsu, first attracted international attention in his handling of the Beijing riots where he was Governor. In almost no time, his talent and notoriety quickly carried him to presidency. Bong has a history of taking aggressive stances and saves a 20 million strong army for a rainy day.

Intelligence Agencies

Jack regularly coordinates operations to install sensor networks in uncooperative countries. He commands elite units of soldiers trained to know where to plant the sensors. Jack also leads a school where soldiers are trained to emulate foreign executives in power companies (the data on their actions is collected by spies). The soldiers are then cosmetically altered to look like their intended, and infiltrate the company to collect data on resource usage. Jack supervises these operations almost daily, as the number of renegade nations grow.

The other part of the operation Jack leads must coordinate with the military and united nations to undertake military actions against nations who are flagrantly flaunting excess consumption. Jack logs into Gurgle Planet and queries nations that have a history of bad resource usage and Jack organises the overthrow of the government, installing a puppet regime to control the resources.

Persona: Jack is the leader of CIA's Resource Enforcement and Allocation Division (READ). CIA READ is used to surreptitiously plant sensors and monitor non complying companies. They also coordinate military action against countries who will not comply with their resource duty. Jack used to be the leader of the Counter Terrorist Unit, and spent two years in a Chinese prison just for protecting the nation. His many near death experiences have done nothing but increase his lust for torture and saving the free world. Jack takes his new role very seriously, and is more than happy to crack down on offending nation. Apart from torture, Jack's other leisure activities include composing limericks and playing the accordion.

Military

General Lincoln Scott is Chief of the Australian Defence Force (ADF). As Australia is backing the Gurgle Planet project, Scott liaises with the CIA READ and various other forms of UN cooperatives to aid the common goal of resource detection and protection. CIA READ agents, for example, regularly use and seek refuge in the ADF’s military capabilities, deploying agents from their numerous spy planes. Currently, the Royal Australian Navy and Air Force, under the instruction of UN leaders, is protecting newly established offshore oil rigs near the coast of Timor. The Indonesian region is under civil strife with East Timor leader Lotsaka Fartiki threatening to destroy the rigs if his diplomatic demands are not met.

Persona: General Lincoln Scott graduated from the Australian Defence Force Academy for Tactical Planning in 2001. Almost immediately after, he headed the celebrated 11th Battalion in the Iraq War, serving with great distinction and receiving the Military Cross.

Policy Makers

Robert's organisation's participation in the Gurgle Planet project is to receive the data summarised by the software and lobby different governments to implement changes to their policies, and use this data for making official press releases to the media about the current environment's state and future.

Robert and his subordinates intend on receiving data summarised by several factors such as country, resource type and consumption rates over a period of time. His organisation wishes to use various graphing tools such as Microsoft Excel and Matlab to observe trends in data as well as Gurgle Planet's graphical interface to prepare reports and press releases, as well as providing a basis for policy decisions.

Persona: Robert Blonde is the leader of the Future Environment Development organisation - a special organisation whose objective is to provide recommendations and define official standards for critical environmental policies policies such as the Kyoto Protocol based on scientific analyses. His hobbies include taking nature hikes with his wife Jane, and doing statistical analyses mentally without a calculator.

United Nations

Mary uses the Gurgle Planet system on a daily basis. Firstly, she loads the software and reads the analysis generated from the raw statistical data gathered all over the world. From this, she reports her findings at meetings and consults with the other members of the United Nations on appropriate action to take to combat this excessive resource usage. For all countries and companies which do not follow the recommendations or take acceptable alternative action, she must find other ways to coerce these parties into taking action.

Persona: Mary Brown is the United Nations representative for Switzerland. During her childhood, she spent numerous hours breaking up arguments between her 4 brothers and as a result, this has made her an expert negotiator as well as equipped her with the ability to instill fear in others.

Non-Profit Organisations

Josie uses Gurgle Planet as a means of identifying countries who are consuming too many natural resources, or who are not managing their resources in an efficient manner. She uses the information obtained to improve her organisation's awareness of potential misuse of natural resources, lobby governments to improve their resource management, highlight company violations of environment policies and legislation to government and enforcement agencies for prosecution, and propose alternative energy and resources to various companies based on recommendations and intelligence collated by Gurgle Planet.

To do this, Josie logs into the Gurgle Planet software, and requests a list of companies that are exceeding agreed thresholds for natural resource consumption sorted by resource, and a list of countries that have decreasing populations of plants and animals by exceeding a pre-defined consumption rate, which is sorted by country and species.

Once she has read the lists, she accesses the graphical interface, and with the assistance of the Gurgle Planet software, she attempts to identify any trends in the data such as coalitions of countries exceeding their expected consumption, or companies that are expanding their resource usage.

Persona: Josie is the Chief Information Officer for the non-profit organisation Greenpeace. She commenced her work for Greenpeace by piloting a small light plane, and is an aeronautical engineer by profession. She enjoys watching slapstick comedy, and listening to classical music.

Environmental Scientists

Milton oversees the sorting and analysis of the incoming data. As it arrives at the global data collection center, the data is processed by software algorithms and consumption reports are generated, as well as a list of all the resources, plants and animals in any data collection region. Milton views this information through the 'Gurgle Planet' interface and from this can mark areas of the world that are exceeding consumption limits. Gurgle Planet will also recommend to him what the consumption should be based on the available resources and impact on the wildlife. Using this in concert with his own knowledge Milton can produce an action report for a country and transmit it back via the Gurgle Planet network. Tabs are then set on the country's resource use to ensure it falls in to line with the report. If a country is violating the report Milton must report this to the UN.

Persona: Milton received his PhD from Brown University with a dissertation on Environmental Statistics and Demographics. He is noted as a world expert in his field, having expertise in Environmental Science, Statistics and Software Development and Management. He has been hired by the 'Gurgle Planet' team as the Senior Analyst on the project, and will make decisions on how to manage the data that is collected. Milton's favorite color is red, and he likes to staple, especially with a Swingline.

Systems Engineers

Lilith produces reports from the Gurgle Planet system for Milton to analyse. She writes scripts using the built-in Gurgle Planet API. She produces reports to augment the graphical display provided by Gurgle Planet, such that detailed information regarding trends in wildlife population growth or decay can be shown graphically, as well as a full assay is produced.

Lilith produces reports in precis every day, and full reports at the end of every month. Reports are compiled with a full delta to the previous month's reports to make any significant changes immediately apparent.

Persona: Lilith is a Systems Engineer working on the Gurgle Planet project. She has a Bachelor in Information Technology from Moscow State University. She also enjoys long walks on the beach and candlelit dinners.

Network Systems Administrators

Mark Kent is president of Gusco, a Network Operations Centre (NOC), made specifically for the Gurgle Planet project. Mark coordinates a team of network administrators that monitor the Gurgle Planet Network 24/7. At the NOC headquarters, a large central screen provides a graphical summary of the networks employed around the world. Each network interface is continuously pinged and, should an interface stop responding, alerts are immediately made to staff. On the central screen, the network subset is located on the map and information on the device is shown. Once notified, the network administrators on watch are quick to exercise their troubleshooting skills and the network diagnostic software on hand to ensure minimal downtime. If the problem cannot be repaired remotely, Mark organises for the nearest Network Engineer to travel on site. While the network components are down, incoming data from sensors and other devices is either rerouted through to other paths or stored within the device until the network is available again. Every night, all Gurgle Planet project data is routed through to three different sites for backup.

Persona: Mark Kent, a Cisco drone at heart, spends most of his time absorbed in his work.

Developers

Fred develops a means of collating and storing the data collected. He also develops a means of analysing this data, either by means of a statistical package, or by creating their own analyses. This data is then to be presented in a user interface, to be easily viewed and interpreted by people such as scientists and the policy makers of this project. He reads bug reports generated by users, and maintains the software by replicating and duplicating these bugs. Also, when enhancements are requested by the project leaders, he designs the components to be implemented, and co-ordinates the implementation and testing with other software engineers.

Persona: Fred Brown is the leading developer for IBM. He has worked there for 10 years, spending each day at work drinking copious amounts of coffee to stay awake after spending all night playing World of Warcraft.

Quality Narratives

Security

The Brash administration of the United States is finding difficulty in controlling and utilising its resources. The industrial sector, in particular, have long been criticised for its inefficient energy use. As a result, President Brash has requested that he gain personal access to the Gurgle Planet Application to aid him in his energy saving agenda. Seeing as the United States had commissioned a significant part of the project, the UN has granted Brash permission on the condition that he is given a limited account and that his activities be logged.

Since then, the Brash administration’s browsing activities have been admissible except on the one occasion when a port scan attempt was detected (used to locate any open ports vulnerable to the system). When asked for an explanation, Brash blamed a loose cannon within his administration who, being a systems analyst, was keen on testing the security of the Gurgle Planet system. The body is also under suspicion for attempting to break into the Gurgle Planet database by including a malicious program inside a data transmission from one of its satellites. This satellite is trusted by Gurgle Planet to send satellite images taken of Earth. Also, since granting Brash access to the system, there has been a sharp increase in the number of incorrect login attempts. When the login attempts were examined, there seemed to be a pattern forming that implied a user was trying every combination of username and password to gain access. The Gurgle Planet login service has been designed so that it would take at least five hundred years to guess the appropriate combination. To do it slowly so as to generate as little suspicion as possible would take an insurmountable amount of time.

Persona: Frederick Brash has been President of the USA for the previous 7 years. A graduate of Yale where he was the leader of the Skull and Bones society (as we all know is part of the Illuminati Power Structure) his presidential dealings have often raised suspicion in the international community. Willing to do anything to keep and hold on to his power, he has been musing to himself about amending the constitution to allow a president to serve more than 2 terms.

Scalability

Narrative 1:

Monica is a ranger for the local council, and as a part of her local council's initiative to contribute to the Gurgle Planet project, she is responsible for reporting the number of an endangered species of koalas in the local national park. Every month she uses a special receiver to identify the number of koalas in the national park.

Lisa from the Gurgle Planet project has to find a way to allow Monica's receiver to communicate directly to the plant and animal information storage. Due to Gurgle Planet's design, Monica only needs to configure the receiver or another device to transmit the data to the external interfaces in the accepted format. Lisa also needs to alter the system software to recognise Monica's receiver data as a trusted source.

Narrative 2:

Fred is a meteorologist for the Bureau of Meteorology. He measures the air quality in Sydney on a daily basis. He wishes to incorporate this data into the Gurgle Planet project to analyse the impacts of excessive resource usage to the air quality.

Lisa from the Gurgle Planet Project must incorporate this data into the information storage, as well as add another external interface for this data. In order to do this, Lisa must add another data store to the system to store this new category of "Air Quality" data. Lisa must also add new set of rules for this type of data. Lisa does not need to make any other architectural changes. Lisa also needs to alter the system software to recognise Fred's receiver data as a trusted source.

Persona: Lisa is one of the systems engineers working on the Gurgle Planet project and is responsible for the top level design and oversees implementation of the Gurgle Planet software system.

Quality scenario posters

Conceptual Architecture

View

Conceptual Architecture - Version 1

Conceptual Architecture - Version 2

Conceptual Architecture - Version 3

Conceptual Architecture - Version 4

Description

Data is entered into the system through external interfaces. These interfaces are to only accept data from trusted (authenticated) sources and in a specified format. The data which is accepted through the interfaces is entered into the appropriate typed data store, such as "Plant/Animal Data". Any data entered in error can be corrected by the user, as all data entered is identified by the time stamp of the observation.

The Data Synthesiser is periodically started by a timer, or can be started manually by the Admin View. It collates the data from the raw data stores containing data entered by external interfaces. It then sorts this data by region, or geographical area, and time. This is then sent to the Pattern Matcher. The Pattern Matcher then calls on the Rules component with the data from the Data Synthesiser and from the Historical Data store.

This data is then stored in the historical store in its synthesised form, and may include any trends detected, any significant results detected and any comments about the data. This is where data processing stops until the Data Synthesiser is invoked again.

However, if the Pattern Matcher identifies any anomalies in the data, it sends alarms to the user views - the World View and the Data View - to alert the system of any alarming trends developing. It also sends an alarm to the Administration view as this data could be anomalous and would require human investigation to determine its status.

If the data is found to be faulty by network administrators after investigation by experts, then they would manually edit the appropriate data stores and mark the data as recently changed. No data would be just deleted, but rather be replaced with data from a trusted source. They would then manually initiate a data synthesis through the Admin View, during which the Pattern Matcher would send an alarm to the user views informing them of this retroactive change in data.

The Generate Reports component is started when a report is requested from one of the user views. This then retrieves data from the Historical Data persistent storage, formats the data and compiles the data into the format as required by the user interface.

The raw data entered from the external interfaces is regularly purged from that store manually by system administrators. This is because the data here is already stored in the Historical Data persistent store, and is only kept as a backup for a short period of time.

If at any time, a network or system error is detected, an alarm is sent to the Admin View. These errors are investigated and corrected by network administration.

Use Case Maps

Waste Management Description: There is one use case map on this diagram, related to the Waste Management use case narrative. editDatabase editDatabase This is when an error has occurred, and the operator must reload the database with data. The user has to edit the database and then initiate data synthesis so there is no discrepancy between the raw data store and the historical data. Responsibilities: WMR1: Edit database. WMR2: Start data synthesis (non-timed). WMR3: Match with Rules. WMR4: Store in Historical Database. Recommendations: From this we can see we are missing two crucial links. We need a link from the Admin View to the database farm to be able to edit the data manually. We also need a link from the Admin View to the Data Synthesiser to start the pattern matching process.

Waste Management Use Case Maps

Environmental Scientists and Intelligence Agencies Description: There are two use case maps on this diagram: generateReports generateReports relates to both the Environmental Scientist and Intelligence Agency use case maps. The difference with the Environmental Scientist use case map is that the Environmental Scientists adds comments to the data. generateReports Description: The user wishes to generate a report based on historical data, to see the current situation in a country. Responsibilities: IA1/ES1: Generate a report. IA2/ES2: Get Historical Data. ES3: Add comment to countries. Recommendations: We need a way to have one editable field in the historical data, but in this case we are adding a comment to a country to any remarkable data. This would cause perhaps a symbol to come up on the World View, and a note/header in the Data View. Rather than having direct access to the database, a better option is for the comment to be passed down through generate reports. This comment can be written by the UI invoking a function that is passed through the generate reports down into the database along with the data request. From this the Pattern Matcher can also flag things automatically based on ideal consumption patterns, and show the delta between ideal consumption and current consumption

Environmental Scientists and Intelligence Agencies Use Case Maps

Cooperative Sovereign Leaders Description: There is one use case map on this diagram: inputData inputData Here we are showing the data input links between various sensor inputs. Not all interfaces connect to every data store, so it is important to show where different data can go. Recommendations: None

Cooperative Sovereign Leaders Use Case Maps

Mining Companies Description: There is only one use case map on this diagram: insertAnomalousData insertAnomalousData Description: This usage narrative involved inserting anomalous data into the Gurgle Planet System, and the system alerting the administrators of a potential data inconsistency. Responsibilities: MC-01: Collate new data from raw data store at defined interval. MC-02: Send synthesised data for analysis. MC-03: Send request for relevant past data. MC-04: Compare past and present data for analysis. MC-05: Return results to the Pattern Matcher. MC-06: Raise an alarm for Admin, World and Data View. Recommendations: Add a connection between the World View and the Pattern Matcher, and the Data View and the Pattern Matcher to allow the Pattern Matcher to send alarms to the respective views.

Mining Company Use Case Maps

Policy Makers, Systems Engineers, Non-Profit Organisations There are three use case maps on this diagram: accessWorldViewOfTrends accessDataViewOfTrends APIDataRequest These use case maps are based on separate entities. APIDataRequest is used by the systems engineers and non-profit organisations as a means of accessing data from the system. accessWorldViewOfTrends is used by the non-profit organisations as a means of viewing the data analysed by the system on the "Gurgle Planet"-style interface. accessDataViewOfTrends is used by the policy makers as a means of viewing the data in a spreadsheet-style interface.

Policy Makers and Non-Profit Organisation Use Case Maps

• accessWorldViewOfTrends
  • Description:
    • Within this view, the user accesses the Gurgle Planet World View. They request data to be viewed on the graphical interface.
  • Responsibilities:
    • NPO-01: Accept requests for World View reports.
    • NPO-02: Request data for display.
    • NPO-03: Format data according to options set in user interface.
    • NPO-04: Display formatted reports to the user interface.

• accessDataViewOfTrends
  • Description:
    • Within this view, the user accesses the Gurgle Planet World View. They request data to be viewed on the graphical interface.
  • Responsibilities:
    • PM-01: Accept requests for Data View reports.
    • PM-02: Request data for display.
    • PM-03: Format data according to options set in user interface.
    • PM-04: Display text reports to the user interface.

• APIDataRequest
  • Description:
    • The user wishes to connect an application to the Gurgle Planet software. They use the API to request data from the system.
  • Responsibilities:
    • NPOSE_API-01: Process request for historical data.

Recommendations:

• An arrows is required from Gurgle Planet World/Data View to Generate Reports, so the user interface can send orders to the reports component.
  • For example, if the user wishes to see this trend then the report component can receive this request.
• An arrow needs to be added in the other direction from Generate Reports to Historical Data so the generate reports can request information from the historical data persistent storage.
• An aesthetic change - could the arrow heads be moved just below the replication symbol so they are viewable on the diagram.

Sensor Manufacturers, Aerospace Manufacturers, Agricultural Companies and Oil Companies There is only one use case map on this diagram: insertLegitimateData insertLegitimateData Description: This Use Case Map depicts the case where an external body inputs legitimate data into the Gurgle Planet System. Responsibilities: CM-01: Synthesise new data at defined interval. CM-02: Send synthesised data for analysis. CM-03: Send request for relevant past data. CM-04: Analyse past and present data against Rules. CM-05: Return Rules results to the Pattern Matcher. CM-06: Store synthesised data and recommendations in Historical Data. Recommendations: An arrow is required from the Pattern Matcher to Rules component so the Pattern Matcher can send information or request information from the Rules component.

Sensor Manufacturers, Aerospace Manufacturers, Agricultural Companies and Oil Companies Use Case Maps

United Nations Description: There are two use case maps on this diagram: generateCharts viewInteractiveMaps generateCharts Description: The user wishes to generate a chart based on processed data to identify trends. Responsibilities: UN-1: Retrieve data as from historical store as specified by the user. UN-2: Format data from historical store as required. UN-3: Display requested report in required form. viewInteractiveMaps Description: The user wishes to view a map of the world in the 'World View', with visible highlighting of the resource usage in every country. Responsibilities: UN-4: Retrieve image and numerical data from historical store. UN-5: Format data from historical store as required. UN-6: Mark areas on image with numerical data and any trends or options as specified by the user. UN-7: Display interactive map. Recommendations: Add formatting data into chart format into responsibilities for either the Data View or the Generate Reports component (eg. as a bitmap).

United Nations Use Case Maps

Network Systems Administrators Description: There is only one use case map on this diagram: connectionAlert connectionAlert Description: An alarm is triggered by the Pattern Matcher when synthesised data is no longer being received. It is assumed many more connections will be monitored by the Network Administrators that is outside the system (eg. a running ping on a satellite). Most alerts made by the Pattern Matcher would be in regards to connections within the system Responsibilities: CA-01: Display network connection failure alert on screen. Recommendations: None

Network Systems Administrators Use Case Map

Impact Maps

Security Description: There are two use case maps on this diagram: suspiciousDataDetection authenticateUser suspiciousDataDetection: Description: This Use Case Map illustrates the case where a malicious program enters the system, posing as legitimate data from a trusted satellite. The malicious data reaches the Pattern Matcher where, through the Rules component, determines the data as suspicious and sends an alarm to the administrator. Responsibilities: SD-01: Collate new data from raw data store at defined interval. SD-02: Send synthesised data for analysis. SD-03: Send request for relevant past data. SD-04: Compare past and present data for analysis. SD-05: Return results to the Pattern Matcher. SD-06: Raise an alarm for Admin, World and Data View. authenticateUser Description: Here, an authentication system is used to validate users. Data access is limited according to each user and so, only relevant options and features are enabled for the user. Responsibilities: AU-01: Authenticate user access to Gurgle Planet and enable features that are authorised for the user. Recommendations There should be an authentication system within the individual raw data stores that, not only ensures a trusted device is sending the data, but that the data is nonthreatening and legitimate. Malicious programs should not be allowed into the system at all. There should be an authentication system within the UI that validates users and enables features authorised for that user.

Security Use Case Map

Scalability

Description 1: This impact map shows a new sensor input being added. A new external interface is added to the system and is connected to the Plant/Animal Data persistent storage. Since this type of data is already recognised by the Data Synthesiser and Pattern Matcher, no large architectural changes need to be made to accommodate data from this new device.

Scalability Impact Map 1

Description 2: This impact map shows a new sensor input and raw data store being added. No changes need to be made to the Data Synthesiser, as it is able to dynamically detect all connected persistent data stores to retrieve raw data from. Similarly, since the Pattern Matcher does not process the data, it also requires no architectural changes. The Rules component, however, does require new functions to determine whether a country has poor air quality as a result of excessive resource usage. The Historical Data would also be impacted, as the data store would need to be slightly altered to accommodate this new data.

Scalability Impact Map 2

Conceptual Data Models

General notes

• All data stored in the Gurgle Planet system has to be time stamped based on when each observation was made not when the data was entered into the system, so all data can be traced back to its source.
• All data units would be standardised so it would not be necessary to store this in the software system.
  • For example, it is assumed that all distances would be specified in metres.
• The Source class identifies what data collection method was used to obtain the measurement.
  • For example, water pH value could be determined by a person testing the water with a pH kit and manually recording the data by a local school, and a remote pH sensor could be used by a scientific organisation to observe water quality for the same location and country.
  • This data can be used to consider potential discrepancies between identical observation types from different sources.
• Some persistent storage components will be associated with the location and country of the sensor.
  • This is can be used to identify resource consumption, energy use, water/soil quality etc. for a particular country.
• Sources are composed of observations as there is refinement between a source of data, and the individual observations.
• Since not all observations are on land owned by a specific country, "International Waters" is declared its own country here for auditing purposes.

Plant/Animal Persistent Storage Description: The species of the plant or animal observed is stored for data classification. Human population data is also to be stored (as species being human, family being homo-sapien). Recommendations: The data collection interfaces are responsible for verifying that the data matches the specified format.	Plant/Animal Data Persistent Storage Conceptual Data Model
Forest/Agricultural Persistent Storage Description: The type of forest and ecosystem zones must be stored. The origin and radius is used to define a circle around the ecosystem zone's region. A circle has been chosen as it is a simple method of defining the ecosystem zone. Recommendations: The data collection interfaces are responsible for verifying that the data matches the specified format.	Forest/Agricultural Data Persistent Storage Conceptual Data Model
Energy Use Persistent Storage Description: The entities which produce (for example, a company, government, organisation or person that can produce energy) and consume energy is stored, to track the flow of energy from generation to consumption. The location is the place (for example, a house or a factory) that is consuming the energy. Recommendations: The data collection interfaces are responsible for verifying that the data matches the specified format.	Energy Data Persistent Storage Conceptual Data Model
Water and Soil Persistent Storage Description: None Recommendations: The data collection interfaces are responsible for verifying that the data matches the specified format.	Water/Soil Quality Data Persistent Storage Conceptual Data Model
Geological Information Persistent Storage Description: The company being stored is the company responsible for extracting the resource. For example, if Northern Mining Company is mining 500 units of gold, then the company would be Northern Mining Company, whose resource is the mineral gold and the observation is 500 units. Recommendations: The data collection interfaces are responsible for verifying that the data matches the specified format.	Geological Data Persistent Storage Conceptual Data Model
Data Synthesiser / Pattern Matcher Interface Description: This interface sends combined data from the Data Synthesiser to the Pattern Matcher. The Data Synthesiser combines and sorts data from the persistent storage components based on the date and time of each observation. The ResourceObservation is based on the Geological Information Persistent Storage. As an example: It is possible to have 10 units of coal from a mine in Broken Hill, Australia (a location in the country) run by BHP, 20 units of coal from another mine nearby operated by a different company. This coal extraction would be associated with a coal-powered power station who uses 30 coal units to generate 500 kW of energy within one observation. Recommendations: None	Data Synthesiser/Pattern Matcher Interface Conceptual Data Model
Pattern Matcher / Rules Interface Description: Each rule is defined by a mathematical function (for example, a country cannot have more than 5kW of energy per capita) with one or more parameters (for example, against total population and total energy used). The output as defined by the rule is the result of the implemented function (in the example this would be "Country X is exceeding its energy consumption"). Recommendations: The Rules component is responsible for comparing input data.	Pattern Matcher/Rules Interface Conceptual Data Model
Historical Data Persistent Storage Description: Note that the only difference between this persistent storage and the Data Synthesiser/Pattern Matcher interface is the storage of the recommendation made by the Pattern Matcher component. This is indicated by the dashed-line box on the data model. The recommendation is comprised of: A user comment highlighting recommendations (for example this could be "Country X needs to decrease its energy consumption by 25%"). The trend as identified from the analysis by the Pattern Matcher and Rules. Recommendations: The Pattern Matcher is responsible for highlighting trends between common data.	Historical Data Persistent Storage Conceptual Data Model

Component Responsibilities

Generate Reports:

• Read from Historical Data
• Format data according to the options set by the user interface
• Send data to be displayed on the Gurgle Planet GUI
• Present data to the Gurgle Planet Data View

Rules:

• Store a list of rules for the data
• Compare incoming data against those rules
• Return rules results to the Pattern Matcher

Data Synthesiser:

• Collate new data from all data stores
• Sort collated data based on country/region/area/company
• Automatically synthesise the data and
• Dynamically detect new data stores added to the system
• Add synthesised data to the Historical Data store

Gurgle Planet API:

• Authenticate users to the system
• Allow restricted read only access to data in Historical Data store

Pattern Matcher:

• Use synthesised data and data from historical store to search for patterns as identified by the Rules component
• Raise alarm to Gurgle Planet general user clients if any anomaly in data is detected
• Update the recommendations against the data in the historical store
• Read data from the historical data store to synthesise historical reports
• Make mathematical recommendations on resource consumption for each country based on patterns
• Highlight trends between common data
• Raise alarm to World and Data View if data is retroactively updated
• Raise alarm to Admin View for loss of connectivity/abnormal data termination

Data Collection Interfaces:

• Authenticate users to the system
• Accept incoming data which conforms to a particular format as required by the data stores
• Reject all data received which does not conform to the required format

Admin View:

• Present network status to the administrator user
• Authenticate admininstrative users to the system
• Display network failure and corrupt data alarms from the Pattern Matcher
• Edit the raw data persistent storage
• Initiate Data Synthesis

World View:

• Authenticate users to the system
• Display an interactive world map
• Mark areas on image with numerical data and any trends or options as specified by the user
• Show statistics and results as processed from the Pattern Matcher
• Display anomalous data alarms to the user
• Add user comments to Historical Data persistent storage

Data View:

• Authenticate users to the system
• Output format processed data as text lists
• Output format data in a range of chart options
• Shown in per region basis, and filterable on per resource etc
• Show statistics and results as processed from the Pattern Matcher
• Display anomalous data alarms to the user
• Add user comments to Historical Data persistent storage

Architectural Decisions and Justification

• External interfaces were listed separately to allow easy extensibility of the system for adding new interfaces to common databases. This is a consequence of the Scalability Quality Attribute.
• Suspected anomalous data is to be stored in the Historical Data and treated as legitimate until analysed by system administrators and found to be false data. However, this data will be flagged as potentially anomalous to general users of the system by adding a comment in the comment field of the historical database. Faulty data is never to be deleted from the system automatically. Instead, the administrator must log into the Historical store and delete it manually. Once data is deleted or changed by the administrator, an alarm is sent to the user views by the Pattern Matcher.
• Alarms for anomalous data which does not comply with the Rules as identified by the Pattern Matcher and any retroactive data changes are asynchronously sent to the World View and Data View, as they flag items for the attention of the operator.
• Admin View is able to initiate data synthesis, because only administrative users are able to correct faulty data in the persistent storage, and for this purpose, would need to be able to do this.
• It is assumed that raw data incoming from sensor equipment and/or external sources complies with the correct data structure described in the Conceptual Data Models. Once the particular external source is authenticated, data is accepted only if it is in the correct format. An acknowledgment is sent as to whether the data has been accepted or rejected. This ensures data consistency and reduces processing overhead.
• The need for any real time components is not necessary. Firstly, the complexity associated with having a real-time system will increase the complexity of the project. Secondly, the usage narratives all suggest the use of batch uploads into the Gurgle Planet, thus suggesting that real-time constraints are excessive. Data would be continuously processed when input into the system, and capability will be incorporated to manually invoke data synthesis and processing.

Execution Architecture

Concurrent View

Execution Architecture - Version 1

Execution Architecture - Version 2

Deployment View

Execution Architecture - Deployment View

Notes

• The Gurgle Planet system has been divided into three main systems:
  • Data Storage Server which is responsible for storing, maintaining and securing data stored in the system
  • Application Server which is responsible for data analysis and formatting for display, and
  • User Interface System which is responsible for displaying the data to users in various formats over the Gurgle Planet application and its web interface.
• A User Interface Server has been added to provide a common interface for the web server and the Administrator, World and Data view. This interface will interact directly with Generate Reports.
• Decoupling the databases from the rest of the applications in its separate layer will allow decreased development time whilst increasing the maintainability of the system. This is because database development can be performed simultaneously with application development based on a previously agreed interface specification
• The three tiers have been designed to improve the scalability of the system, as it is intended to be distributed on at least four different computers:
  • Database server
  • Application server
  • User Interface client and web client

Use Case Maps

Waste Management Description: There are two use case maps on this diagram related to the Waste Management use case narrative. E_WM-01 Describes the process of an administrator editing data in the raw data store. E_WM-02 Describes the process of an administrator manually starting the Data Synthesiser. This will initiate the Data Synthesiser to retrieve new and altered data and perform analysis on this data. Recommendations: Currently the prototype will demonstrate the raw data access via synchronous calls to the data store. However for future milestones this will be implemented as callback functions through the use of threads. This will improve the performance of the calling functions as the calling components will not be blocked from operation. Data stored in the raw data store will need to be identified by three states to differentiate between the three states an observation can be in: Unsynthesised Synthesised Altered However, the execution architecture is capable of simulating this scenario.

Waste Management Execution Architecture Use Case Maps

Cooperative Sovereign Leaders Description: There is one use case map on this diagram related to the Cooperative Sovereign Leaders use case narrative. E_CSL-01 Describes the process of an external data source storing legitimate data in the raw data store. Recommendations: Similar to the previous use cases, the prototype callbacks will be implemented as synchronous calls to the data store. However, the execution architecture is capable of simulating this scenario.

Cooperative Sovereign Leaders Execution Architecture Use Case Maps

Mining Companies Description: There are three use case maps on this diagram related to the Mining Companies use case narrative. E_MC-01 Describes the process of an external data source storing falsified data in the raw data store. E_MC-02 Describes the process of the Data Synthesiser synthesising and analysing a data set that contains falsified data and detecting the falsified data. E_MC-03 Describes the process that the system undergoes when falsified data is detected. The Pattern Matcher stores the falsified data along an alarm in the historical data store for auditing purposes and displaying past alarms, and the pattern matcher sends this alarm to the World and Data view and the Admin view. Recommendations: Similar to the previous use cases, the prototype callbacks will be implemented as synchronous calls to the data store. In order to display past alarms it is important to store these in a secure storage medium. Therefore the historical data store can be used to store this data. The execution architecture is capable of simulating this scenario.

Mining Companies Execution Architecture Use Case Maps

Sensor Manufacturers and Oil Companies Description: There are three use case maps on this diagram related to the Sensor Manufacturers and Oil Companies use case narrative. E_SM-01 Describes the process of an external data source storing legitimate data in the raw data store. E_SM-02 Describes the process of the Data Synthesiser synthesising and analysing a data set that contains legitimate data and storing a recommendation(s). Recommendations: Similar to the previous use cases, the prototype callbacks will be implemented as synchronous calls to the data store. The execution architecture is capable of simulating this scenario.

Sensor Manufacturers and Oil Companies Execution Architecture Use Case Maps

Intelligence Agencies and Environmental Scientists Description: There is one use case map on this diagram related to the Intelligence Agencies and Environmental Scientists use case narrative. E_IA-01 Describes the process of a user generating a report using the historical data store. Recommendations: The execution architecture is capable of simulating this scenario.

Intelligence Agencies and Environmental Scientists Execution Architecture Use Case Maps

Policy Makers and Non-Profit Organisations Description: There is one use case map on this diagram related to the Policy Makers and Non-Profit Organisations use case narrative. E_PM-01 Describes the process of a user interfacing to the historical data store to retrieve data. Recommendations: The execution architecture is capable of simulating this scenario.

Policy Makers and Non-Profit Organisations Execution Architecture Use Case Maps

Impact Maps

Availability and Reliability Description: This impact map details the components that fall into a degraded state should its connected components fail. It is intended to identify single points of failure and provide a set of recommendations to mitigate these risks. EIM-RDB-01 Should the raw database fail then: The Data Synthesiser would be unable to process new data and as a consequence the Pattern Matcher will not commence. The Administrator View would be unable to update the raw database. The external interfaces would be unable to connect to the raw databases and add new information. EIM-HDB-01 Should the historical database fail then: The Pattern Matcher will be unable to read and write analysed data in the historical database. The external API will be unable to accept new connections, and existing requests will be lost. Generate Reports will be unable to service requests for data, and the user interfaces would be disabled as a result. EIM-DS-01 Should the Data Synthesiser fail then: The Administrator View will be unable to view the status of the Data Synthesiser. The Pattern Matcher would not be able to analyse data. EIM-PM-01 Should the Mattern Matcher fail then: The administrator will be unable to view any network alarms and hence will operate in a degraded state. The Administrator, World and Data Views will be unable to view any general alarms and hence will operate in a degraded state. Recommendations: It is recommended that the raw data store is replicated to allow redundant, backup databases to accept new transactions when the primary raw database fails. It is recommended that the historical data store is replicated to allow redundant, backup databases to accept new transactions when the primary historical database fails. It is recommended that the administrator have the ability to restart the Data Synthesiser manually through the Administrator View. It is recommended that the administrator have the ability to restart the Data Synthesiser. When the Data Synthesiser is restarted, the Pattern Matcher, according to the conceptual Use Case Maps for Sensor Manufacturers and Oil Companies, will be restarted.

Reliability and Availability Impact Map

Availability and Reliability Description: This impact map details the various interfaces an intruder can access data and processes within the system. EIM-SEC-01 and EIM-SEC-02 The user interfaces require authentication before users are allowed access to the system. Therefore intruders will require a correct username and password combination to access this interface. To mitigate the risk of unauthorised access, security policies will be implemented to reduce this risk. Examples of security policies would be a minimum complexity for passwords, advanced encryption algorithms and maximum password life. EIM-SEC-03 The external API has direct, read-only access to the historical database. Therefore it is of paramount importance to ensure that all users are adequately authenticated to the database before access is granted, and that these users have only read-only access to the historical database. EIM-SEC-04 The external data source connection has direct, write-only access to the raw database. However, through the execution flow this data is processed and indirectly affects the historical database. Similar to EIM-SEC-03, all connections to the raw database will require authentication before access to the raw database is granted. Recommendations: It is recommended that one uses a ubiquitous authentication component to handle all inbound connections. However, this issue will be addressed in further detail in the implementation architecture.

Security Impact Map

Architectural Decisions and Justifications

• There is replication of databases for the purpose of data Reliability (quality attribute). If a primary database has failed, a backup database can brought online.
• Alarms to the Admin View are synchronous calls, as they indicate data corruption or network failure. The data processing must stop until these alarms are be addressed.
• The callback on the initial data collection into the first database cluster is an acknowledgment packet sent back to data provider to indicate that the data has been transmitted correctly.
• The Data Synthesiser has a process that executes once per time period that will initiate a processing of the data and comparison with the Rules before it is entered into the historical database. From the Admin View, it is possible to manually initiate this process, usually after data has been manually changed in the persistent data store. This is implemented as a callback because the Data Synthesiser will notify the listening UI if any errors occur, whilst still allowing the UI to be free to do other tasks.
• The Admin View can manually edit the data in the databases to purge erroneous data.
• The Data Synthesiser implements scalability by reading a location tag on any database, and then getting all the data associated with this. The advantage of this is that it doesn't matter how many databases are added or what new metrics are reported on as long as the data is tagged correctly
• It is anticipated that a high level of security is required for the historical database (possibly a higher level than the raw databases). Several architectural solutions were proposed, such as:
  • Using the same database management system software with different databases for isolation and an authentication component to secure the database.
  • Use a demilitarised zone to allow restricted public access to the raw data store and private access to the historical data store via firewalls, stored on two isolated database management systems
  • Upon further analysis of the stakeholder needs, we decided to use the same database management system to store the raw and historical databases and protect both databases with the similar level of protection. Stakeholders are committing sensitive data into the database, and as a consequence the raw database requires a similar level of protection. It is not feasible to implement two separate database management systems due to the increased complexity associated with managing mutually exclusive data access and its associated risk.

Ongoing Contextual Factors

The system as it stands is very data driven. Everything relies on data input, output and processing. There are relatively few active processes compared to services. This will impact on our process model, leaving us with perhaps a barren model.

The majority of the detail in the process view will be detailing the intricate processes present within the Data Synthesiser. The Pattern Matcher in essence contains only one process to call Rules.

Buffering issues may still arise in areas of the architecture. For example, a FIFO is currently implied to exist between the Data Synthesiser and the Pattern Matcher. It may be the case that the Data Synthesiser can write faster than the Pattern Matcher can read, and hence a buffer will need to be entered into the system.

From a deployment point of view we would need quite a large data processing capacity on our main computers. Hence, it would make sense to move the databases off to an external server and we will need to show this on our deployment model. Also, due to scalability of the system we want to have our user interfaces being able to be replicated over many computers, and hence we want a public connection interface such as a TCP socket to connect between server and client, with the server being able to service a high load within an acceptable time frame, as a result of the user interface duplication.

Feasibility of Execution Architecture

We believe that the execution architecture is feasible for the following reasons:

• All issues relating to quality attributes can be mitigated either through existing functionality or implemented processes.
• Software functionality defined in the conceptual architecture phase has been translated into the execution architecture successfully. This is represented by the translation of conceptual architectural use cases to execution architectural use cases.
• There is a minimal number of components translated into concurrent processes which reduces the risk, development time and performance overhead associated, and
• A synthesis of two standard styles - a three tier, thin client model and a three tier web client model - has been adopted for the deployment view. This was adopted to meet the functional requirements for this milestone, a native Java interface and a web client was required. Both architectures had presentation components, application components and data models which allowed for adapting this architecture.

Implementation Architecture

View

Implementation Architecture - Version 1

Implementation Architecture - Version 2

Component Mapping

This table outlines the mapping of components between the three architectures:

• Conceptual Architecture
• Execution Architecture
• Implementation Architecture

Implementation Architecture Component	Conceptual Architecture Component	Execution Architecture Component
Display Client	-	Client User Interface - Deployment View (note i)
Display Server	-	User Interface System - Deployment View (note i)
Admin User Interface	Gurgle Planet Admin View	Admin View
World User Interface	Gurgle Planet World View	World and Data View
Data User Interface	Gurgle Planet Data View	World and Data View
Scheduler	Data Synthesiser Responsibility "Automatically synthesise the data..."	Data Synthesiser Active Process Stereotype
Data Synthesiser	Data Synthesiser	Data Synthesiser
Pattern Matcher	Pattern Matcher	Pattern Matcher
Rules	Rules	Rules
Generate Reports	Generate Reports	Generate Reports
Authenticate	-	Authentication stereotypes on components
Database Operations	- (see note ii)	- (see note ii)
Raw Data Database	Plant/Animal Data, Forest/Agricultural Data, Energy Use, Geological Data, Water/Soil Quality	Raw Data
Historical Data Database	Historical Data	Historical Data

Notes:
(i) Display Client and Display Server were added as a decision to use the three tier, thin client architecture as specified in the Execution Architecture Deployment View
(ii) Database Operations was introduced as a response to the Implementation Architecture Impact Map for Maintainability

Use Case Maps and Sequence Diagrams

Policy Makers Description: There is one use case map on this diagram, related to the Policy Makers use case narrative. I_PM-01 Describes the process of a user having read-only access to the historical database through the external API. Recommendations: To reduce the overhead encountered when authenticating access to the system, a single login is required to initially access the system. Once all required transactions have been complete then the connection will be disabled. This is intended to improve the performance of connecting applications and reduce the impact of large transactions on the authentication components.

Policy Makers Implementation Architecture Use Case Maps

Waste Management Description: There are four use case map on this diagram, related to the Waste Management use case narrative. I_PM-01 Describes the process of an administrator accessing the Administrator view through the user interface. I_PM-02 Describes the process of an administrator performing a modification to the raw database. I_PM-03 Describes the process of a data synthesis being manually invoked by the administrator. This involves the data synthesiser retrieving new and altered data, performing synthesis on the data and sending it to the pattern matcher for further analysis. I_PM-04 Describes the process of the administrator view displaying results from operations performed. Recommendations: There is no link between the administrator view and the raw database. Therefore a link will be added between the administrator view and the raw database to allow an administrator to alter the contents of the raw database. There is no means of authenticating access between the display client and display server. Therefore an authentication component will be added between the display client and its TCP/IP socket, and the display server component and its TCP/IP socket.

Waste Management Implementation Architecture Use Case Maps