java-certified-architect
I gave my Essay in a week after uploading my project. It’s suggested not to have long gap between assignment and essay because project is still fresh in mind and it will help us referencing the filenames in essay. I felt that easy would need you to remember your architecture/design, hardware with its configuration and few filenames.

Suggestions:

  • Try to keep the time between step-2 and step-3 as minimal as possible.
  • Remember the project particularly the technologies, patterns and file names that were used in the project. It will help to reference them in your essay.
  • Prepare for the following questions before you take step-3
    • How does your design handle availability? Why did you choose it? pros and cons of your approach?
    • How does your design handle reliability? Why did you choose it? pros and cons of your approach?
    • How does your design handle scalability? Why did you choose it? pros and cons of your approach?
    • How does your design handle performance? Why did you choose it?  pros and cons of your approach?
    • How does your design handle security? Why did you choose it? pros and cons of your approach?
    • How does your design handle extensibility? Why did you choose it? pros and cons of your approach?
    • How does your design handle maintainability? Why did you choose it? pros and cons of your approach?
    • Set of design patterns on which layer and why?
    • How does your design support session/state handling?
    • How does your design handle persistence?
    • How does your client tier talk to business tier?
    • How does your design handle Qos 5 Sec in peak time?
    • How does your design handle transactions?
    • How does your design handle authentication and authorization?
    • What technology u have used in presentation and business tier why?
    • How many SB’s you used and purpose of them?
    • Why have you chosen framework If any If not why not ?

    Here is my notes that I have prepared

  •  How does your design handle availability? Why did you choose it? pros and cons of your approach?Backup application server: Although primary application server is technically capable of handling 200 users, I chose to add a less powerful backup server to be able to handle case when primary server fail for some reason. Also load balancer will be configured to route traffic to standby box when primary’s CPU spikes.Backup database: Same with database.
  • How does your design handle reliability? Why did you choose it? pros and cons of your approach?Elastic Load balancing provided by Amazon for the cloud is capable of sending routing all traffic to back up server if the primary goes down.Primary application server although serves most of the request, a backup server is added to take traffic if primary goes down.Same with database server.Data Integrity achieved due to multiple security layers which will prevent third party from making any unauthorized changes. All the Entities and EJBs are serializable which would mean that they will be ready for session failover without any data loss. Transactions would make sure that there is data integrity as it is a full commit or a rollback.Authentication and Authorization
  • How does your design handle scalability? Why did you choose it? pros and cons of your approach?Additional application servers can be added.Additional databases can be added.Application is designed to be deployed on multiple servers which can be clustered both vertically and horizontally.
  • How does your design handle performance? Why did you choose it?  pros and cons of your approach?DTO (decrease multiple network calls)Business delegateClient validation (reducing the server calls),Caching.Connection pooling.By not using JSF which are not performance centric.
  • How does your design handle security? Why did you choose it? pros and cons of your approach?Validation – SQL injection decreases denial of attack.Filters to reduce SQL injection, CSS attacks and Script attacks. All secure communications only (Secure Transport layer – secure HTTP using SSL). Fire wall.Authentication and authorization
  • How does your design handle extensibility? Why did you choose it? pros and cons of your approach?The application is designed with separation of concerns- Presentation Tier, Business tier, persistence tier and  Integration tier.Each layer is loosely coupled with each other with good usage of design patterns, interfaces and best practices of Object oriented design like encapsulation, inheritance.So any change to sub systems will have less impact on systems which are using it as long the interfaces remain same. Even if there are changes the impact will be minimal for adapting new changes.
  • How does your design handle maintainability? Why did you choose it? pros and cons of your approach?Due to the layered architecture each layer address a particular need so any enhancement can be made easily. Also each layer is loosely coupled with best design practices which makes understanding functionality and making changes easier.
  • How does your design handle Manageability?Application can be monitored by using websphere monitoring. Logging is in place.
  • How does your design support session/state handling?Distributed session handling is done by stateful session beans. Any session variables which are not serializable are stored in Http Session. All the variables stored in Http Session can be established by application logic on session fail over.
  • How does your design handle persistence?As JPA is a specification, this can be deployed without any further configuration changes in any J2ee compliant servers. Easy development ().Considered:JDBC: No Transactions, Development not easy.Hibernate/iBatis: This brings in tight coupling between frameworks and code. Need developer to have framework knowledge. While deploying we will have to make sure that all the dependencies are taken care of as all J2ee compliant servers might not be able to support these frameworks. Might need extra testing of frameworks when upgrading to new versions of Java/J2ee to make sure that these frameworks will work fine in new environments.
  • How does your client tier talk to business tier?Client here is a browser as this is a web application.Browser(on https) -> load balancer -> Controller -> EJBs.
  • How does your design handle transactions?EJB Transactions and JPA Transactions.I have decided to use bean managed transactions so that I can have more control over when transaction starts and ends inside a method call. All transactions thatDisadvantage of JTA Transactions is that it doesn’t support nested transactions.
  • How does your design handle authentication and authorization?Authentication details and role details are stored in Ldap. Spring’s JAAS (Java Authentication and Authorization Service) is used to control the authentication and authorization in the application. Spring is configured to connect to ldap and control access of user according to the role in the application.   Access to each jsp page is controlled by the spring-security taglib.Authentication is done by HTTP form. Username is the email address all the time. Once the user submits the form with username/password, application checks the details with Ldap.
  • What technology u have used in presentation and business tier why?
    • Presentation Tier:
      Struts 2.0:Shown below
    • Business Tier:
      Stateful and Stateless Session Beans: Easy development for distributed applications. Also provides system level services which helps developer to concentrate on solving business problems. Allows scalability in distributed systems, transactions ensures data integrity.
  • Why have you chosen framework If any If not why not ?Front end:
    • JSF – not good with performance
    • JSP with taglibs: good but not packed with many features that are provided by struts
    • Struts: Advantages below
  • Which design pattern you have used for communicating with external system and why? Proxy Pattern
  • Potential security threats and how your architecture solves this?
    • Phishing – all communication happen through secure channels. Https, smtpsSQL injection – solved by client side validation and server side validation
    • Unwanted access – authentication and authorization.
  • which web framework you are using and why? Advantages of Struts 2
    • POJO forms
    • Validation.
    • POJO Actions
    • Easy Spring integration
    • Easy testing.
    • Interceptors.
    • Less coupling between MVC so easy manageability and extensibility.

    Advantages of Spring:

    • Spring – Ldap functionality
    • Spring – Email transport
    • Spring – Struts Plugin available
    • Dependency Injection
    • Abstract Oriented programming (AOP)

My other posts related to SCEA: SCEA Experience (Step-1), SCEA/OCMJEA Assignment