You are on page 1of 22

Detailed Architecture Design (DAD)

<<Project Number Project Name >>


Office of the Chief Information Officer (OCIO)
Government of Newfoundland & Labrador

This document contains highly sensitive, confidential information that may reveal the security
and/or technology posture of the Government of Newfoundland and Labrador's Information
Technology environment. Distribution of this document is limited to Authorized Individuals
only.
As information within this document will be used to protect Government's technology assets
and information, it is essential that its contents remain accurate and up to date. For more
information, please contact sdea@gov.nl.ca.

Government of Newfoundland and Labrador


Office of the Chief Information Officer
Solution Delivery: Enterprise Architecture
Detailed Architecture Design (DAD)

Note The contents of this document are subject to review and revision upgrades. This template is
owned and maintained by the Enterprise Architecture (EA) Division within the Solution Delivery
Branch of the Office of the Chief Information Officer (OCIO). Direct your questions about this template
to SDEA@gov.nl.ca.

Document History
Version

Date

Summary

Responsible

YYYY-MM-DD

Purpose and Responsibilities


Purpose
Evaluates proposed system architectures (e.g. DAD) to:
Ensure adherence to the OCIOs technical standards;
Evaluate the fitness of the proposed design for stability, availability, security, and
supportability; and
Provide feedback to project teams on areas of architectural design fitness or deficiency,
and recommendations for improvement.
Responsibilities
PARB
Provide clear instructions on required updates;
Provide pertinent information, if applicable; and
Streamline the approval process as much as possible.
Project Team
Take advantage of the resources provided, i.e. sample DAD, Guidelines and Best
Practices, EA Prime, etc.
Make updates in a timely manner.

Important Information for Completing this Document


The purpose of the DAD document is to determine the technical suitability of a projects architectural
design. The proposed solution will be reviewed for adherence to OCIO technical standards as well as
stability, availability and security.
A review of the DAD is meant to provide feedback to project managers on areas of architectural
design fitness or deficiency, and recommendations for improvement.
The DAD is NOT meant to determine support requirements or the need to assign OCIO resources to
the project (although it may be used as supporting documentation in those decision making
processes).
Detailed Architecture Design (DAD)
Template Version 6.0, 2012-12-15

Page 2 of 22

Government of Newfoundland and Labrador


Office of the Chief Information Officer
Solution Delivery: Enterprise Architecture
Detailed Architecture Design (DAD)

This document may contain inline guidance to assist you with the completion of various sections. The
inline guidance is contained within a table layout. The information and the table must be deleted prior
to submitting the document to SDEA for review.
The document also contains a table of contents, a table of figures and a table of tables. If you do not
use tables or images within this document those headings must be deleted prior to submitting the
document to SDEA for review.
If you encounter any difficulty or are unsure about anything within this document, please contact your
assigned EA Prime.
Completed in Full
Each section of the DAD must be completed in full. If a particular section is not applicable to this
project, then you must write Not Applicable and provide a reason. No sections are to be deleted from
this document.
Guidance
Text contained within << >> provides information on how to complete that section and should be
deleted once the section has been completed. When appropriate, individual sections of this document
reference the Guidelines and Best Practices for Government Technology Solutions document.
TRIM
Insert the TRIM document number in the footer. Project teams can obtain a document number from
the Information Services Centre (ISC) by emailing OCIOISC@gov.nl.ca.
Document Embedding
To insert a document (BRD, PPIA, PIA, etc.) into this document, perform the following steps:
From the Insert Menu, click Object;
Click the Create from File Tab;
Find the document via the Browse button;
Check the Display as icon checkbox;
Click OK; and
Add the TRIM number.

Detailed Architecture Design (DAD)


Template Version 6.0, 2012-12-15

Page 3 of 22

Government of Newfoundland and Labrador


Office of the Chief Information Officer
Solution Delivery: Enterprise Architecture

TABLE OF CONTENTS
1.
1.1
1.2
1.3

2.

Project Information...............................................................................6
SUMMARY DETAILS................................................................................................................................... 6
KEY PROJECT CONTACTS......................................................................................................................... 6
KEY DATES.............................................................................................................................................. 6

Project Information Assessments...........................................................7

2.1
INFORMATION........................................................................................................................................... 7
2.1.1 Public Facing...................................................................................................................................... 7
2.2
INFORMATION SECURITY CLASSIFICATION.................................................................................................. 7
2.2.1 Availability.......................................................................................................................................... 7
2.3
RESULTS.................................................................................................................................................. 7
2.3.1 Pre-Threat Risk Assessment.............................................................................................................. 7

3.

Design and Technology Details...............................................................8

3.1
SYSTEM PROFILE..................................................................................................................................... 8
3.1.1 Solution Type...................................................................................................................................... 8
3.1.2 Project Type....................................................................................................................................... 8
3.2
SOLUTION DETAILS................................................................................................................................... 8
3.2.1 COTS Customization (NOT Configurations).......................................................................................8
3.3
VIRTUALIZATION........................................................................................................................................ 8
3.4
GUIDELINES AND BEST PRACTICES........................................................................................................... 9
3.4.1 Deviations.......................................................................................................................................... 9
3.4.2 Reason for Deviation(s)...................................................................................................................... 9
3.4.3 Deviation Approval............................................................................................................................. 9

4.
4.1

5.
5.1
5.2

6.

User Community..................................................................................10
USER COMMUNITY PROFILE.................................................................................................................... 10

Application Architecture......................................................................11
APPLICATION ARCHITECTURE DIAGRAM.................................................................................................... 11
DESCRIPTION......................................................................................................................................... 12

Network Architecture..........................................................................12

6.1
NETWORK ARCHITECTURE AND DESIGN DESCRIPTION..............................................................................12
6.1.1 Network / Technical Architecture Diagram........................................................................................ 12
6.1.2 Network Enhancements / Changes.................................................................................................. 13
6.2
COMMUNICATIONS AND PERFORMANCE................................................................................................... 14
6.2.1 Data Flows and Network Protocols.................................................................................................. 14
6.2.2 Network Traffic................................................................................................................................. 14

7.

Database Architecture.........................................................................16

7.1
INITIAL SIZE OF DATABASE...................................................................................................................... 16
7.2
ANTICIPATED ANNUAL GROWTH............................................................................................................... 16
7.3
DATABASE FEATURES............................................................................................................................. 16
7.3.1 Database Environment..................................................................................................................... 16
7.3.2 Database Connection Account Type................................................................................................16
7.4
STORED PROCEDURES........................................................................................................................... 16
7.5
CLUSTERING.......................................................................................................................................... 17
7.6
DATABASE NORMALIZATION..................................................................................................................... 17

8.

Security Architecture...........................................................................17

Detailed Architecture Design (DAD)


Template Version 6.0, 2012-12-15

Page 4 of 22

Government of Newfoundland and Labrador


Office of the Chief Information Officer
Solution Delivery: Enterprise Architecture
8.1
THREAT MITIGATION PLAN...................................................................................................................... 17
8.2
APPLICATION SECURITY.......................................................................................................................... 17
8.2.1 Roles................................................................................................................................................ 17
8.2.2 Authentication Authorization and Access Control.............................................................................18
8.2.3 Account and Password Management...............................................................................................18
8.2.4 Session Management....................................................................................................................... 18
8.2.5 Cached Data / Temporary Files........................................................................................................ 19
8.2.6 Application Logging.......................................................................................................................... 19
8.3
INFRASTRUCTURE AND NETWORK SECURITY............................................................................................19
8.3.1 Separation of Administrative and User Traffic...................................................................................19
8.3.2 Operating System Accounts and Privileges......................................................................................20
8.3.3 Server Hardening............................................................................................................................. 20
8.4
DATABASE SECURITY.............................................................................................................................. 20
8.4.1 Description....................................................................................................................................... 20
8.4.2 Local User Management.................................................................................................................. 20
8.4.3 Database Logging............................................................................................................................ 21
8.4.4 Database Link Privileges.................................................................................................................. 21
8.5
CRYPTOGRAPHY AND KEY MANAGEMENT................................................................................................ 21
8.5.1 Appropriate Use of Encryption.......................................................................................................... 21
8.5.2 Digital Certificate Management........................................................................................................ 22

9.
9.1

Enterprise Backup and Recovery..........................................................22


BACKUPS............................................................................................................................................... 22

TABLE OF TABLES
Table 1 - Project Summary..................................................................................................................................... 6
Table 2 - Key Project Contacts............................................................................................................................... 6
Table 3 - Key Dates................................................................................................................................................ 6
Table 4 - Information Security Classification.......................................................................................................... 7
Table 5 - Deviation Approval Contact Information.................................................................................................. 9
Table 6 - User Community Profile........................................................................................................................ 10
Table 8 - Data Flow Inbound and Outbound, Network Protocols..........................................................................14
Table 9 - User Locations...................................................................................................................................... 15
Table 10 - Sample Data Object List...................................................................................................................... 15
Table 11 - Data Object List................................................................................................................................... 15

TABLE OF FIGURES
Figure 1 - Application Architecture Diagram......................................................................................................... 11
Figure 2 Network / Technical Architecture Diagram Template...........................................................................13

Detailed Architecture Design (DAD)


Template Version 6.0, 2012-12-15

Page 5 of 22

Government of Newfoundland and Labrador


Office of the Chief Information Officer
Solution Delivery: Enterprise Architecture

1. Project Information
1.1 Summary Details
Name

Description

Project Number

<<Please provide the project DTC.>>

Project Name

<<Please provide the name of the project.>>

Project Description

<<Provide a short description of the project, including any planned phases.>>

Table 1 - Project Summary

1.2 Key Project Contacts


Role

Name

Email

Phone

Project Manager
Delivery Manager
Enterprise Architecture (EA)
Prime
Manager of Operations
Server / Storage
Manager of Operations
Network / Security
Manager of Operations
Service Delivery
Manager
of
Application
Services
Table 2 - Key Project Contacts

1.3 Key Dates


Event

Date (YYYY-MM-DD)

Estimated Date for Beginning of Execute Phase


Anticipated Implementation Date
Table 3 - Key Dates

Detailed Architecture Design (DAD)


Template Version 6.0, 2012-12-15

Page 6 of 22

Government of Newfoundland and Labrador


Office of the Chief Information Officer
Solution Delivery: Enterprise Architecture

2. Project Information Assessments


2.1 Information
2.1.1 Public Facing
Will any component of this system be delivered via the Internet?

Yes

No

Please refer to the following section(s) in the Guidelines and Best Practices document for
specific guidance:
Section 3.5: Architectural Patterns
Section 4.4.4: Web Security
Section 6.3: Architecture Components

2.2 Information Security Classification


High

Medium

Low

Unclassified

Confidentiality
Integrity
Availability
Table 4 - Information Security Classification

Please refer to the following section(s) in the Guidelines and Best Practices document for
specific guidance:
Section 7.1: Information Security Classification
Section 7.2: Security Functional Controls
Section 7.3: Security Physical Architecture
Section 7.4: Use Of Cryptography
2.2.1 Availability
<< Explain how your solution is architected to meet availability requirements.>>

2.3 Results
2.3.1 Pre-Threat Risk Assessment
Insert the results of the Pre-TRA performed on this solution.
Note: To insert the Pre-TRA, follow the instructions found in the Important Notes for Completing this
Document section at the beginning of the template.

Detailed Architecture Design (DAD)


Template Version 6.0, 2012-12-15

Page 7 of 22

Government of Newfoundland and Labrador


Office of the Chief Information Officer
Solution Delivery: Enterprise Architecture

3. Design and Technology Details


3.1 System Profile
3.1.1 Solution Type
Select one:
Commercial off The Shelf (COTS)
Software as a Service (SaaS)
Custom Developed Software
Please refer to the following section(s) in the Guidelines and Best Practices document for
specific guidance:
Section 2.1: Principle of Solution Acquisition
3.1.2 Project Type
Select one:
Primarily an Infrastructure Project
Primarily an Application Project

3.2 Solution Details


3.2.1 COTS Customization (NOT Configurations)
<<Identify level of customization within COTS solution, if applicable.>>
Please refer to the following section(s) in the Guidelines and Best Practices document for
specific guidance:
Section 2.7.3: Vendors Supported

3.3 Virtualization
Does this system support virtualization?

Yes

No

<<If no, please explain.>>


Please refer to the following section(s) in the Guidelines and Best Practices document for
specific guidance:
Section 2.6: Principle of Virtualization
Section 3.3: Virtualization of Information Systems

Detailed Architecture Design (DAD)


Template Version 6.0, 2012-12-15

Page 8 of 22

Government of Newfoundland and Labrador


Office of the Chief Information Officer
Solution Delivery: Enterprise Architecture

3.4 Guidelines and Best Practices


Note - All projects are expected to follow the Guidelines and Best Practices for Government
Technology Solutions document and the Enterprise Architecture (EA) Web Development Standards
document. (http://www.ocio.gov.nl.ca/ocio/itresources/index.html)
Please refer to the following section(s) in the Guidelines and Best Practices document for
specific guidance:
Section 4.3.3: Web Standards
3.4.1 Deviations
Are there any deviations from Guidelines and Best Practices for Government Technology Solutions?
Yes
No
<<If yes, identify all deviations.>>
3.4.2 Reason for Deviation(s)
<<Identify the reason(s) for the deviations.>>
3.4.3 Deviation Approval
All deviations must be approved by the EA Division. Embed the email approval for the deviation into
this document.
Note: To embed the email, follow the instructions found in the Important Notes for Completing this
Document section at the beginning of the template.
Deviation Approval Contact
Name

Email

Phone

Table 5 - Deviation Approval Contact Information

Detailed Architecture Design (DAD)


Template Version 6.0, 2012-12-15

Page 9 of 22

Government of Newfoundland and Labrador


Office of the Chief Information Officer
Solution Delivery: Enterprise Architecture

4. User Community
4.1 User Community Profile
User

Number of Users

Who

Distinct User
Groups

Connection

Internal

<<Identify estimated
number of internal
users.>>

<<Identify who
the users are.>>

<<Identify
estimated number
of departments.>>

<<How do they
connect (e.g.
VPN, Intranet,
etc.).>>

External

<<Identify estimated
number of external
users.>>

<<Identify who
the users are.>>

<<Identify
estimated number
of distinct external
organizations.>>

<<How do they
connect (e.g.
VPN, Intranet,
etc.).>>

Extranet Partners

<<Identify estimated
number of users from
extranet partners.>>

<<Identify who
the users are.>>

<<Identify
estimated number
of distinct extranet
partners.>>

<<How do they
connect (e.g.
VPN, Intranet,
etc.).>>

Remote Access

<<Identify estimated
number of Remote
Access users.>>

<<Identify who
the users are.>>

<<Identify
estimated number
of distinct Remote
Access groups.>>

<<How do they
connect (e.g.
VPN, Intranet,
etc.).>>

Table 6 - User Community Profile

Detailed Architecture Design (DAD)


Template Version 6.0, 2012-12-15

Page 10 of 22

Government of Newfoundland and Labrador


Office of the Chief Information Officer
Solution Delivery: Enterprise Architecture

5. Application Architecture
Please refer to the following section(s) in the Guidelines and Best Practices document for
specific guidance:
Section 4: Application Architecture

5.1 Application Architecture Diagram


<<Insert an application architecture diagram for this section. The following template is included as a
guide.>>

Figure 1 - Application Architecture Diagram

Note: Ensure the diagram is labeled appropriately, including all application components, and
integration of internal and external components / applications.
Page 11 of 22
Detailed Architecture Design (DAD)
Template Version 6.0, 2012-12-15

Government of Newfoundland and Labrador


Office of the Chief Information Officer
Solution Delivery: Enterprise Architecture

5.2 Description
<<For Custom Applications: Describe the logical layers and where they reside within the physical
architecture and the method of inter-layer/inter-tier communication.>>

6. Network Architecture
Please refer to the following section(s) in the Guidelines and Best Practices document for
specific guidance:
Section 6.2: Network Best Practices
Section 6.3: Architecture Components
Section 6.4: Network Topologies

6.1 Network Architecture and Design Description


<<Provide a detailed description of the network architecture, including:
An overview of how the proposed solution aligns with the Networking Section of the Guidelines
and Best Practices for Government Technology Solutions;
A description of the potential impacts on the following areas:
Enterprise-Wide network infrastructure and architecture; and
Operational management.
An outline of how the solution is expected to interface with the government network
infrastructure and/or systems, including:
System tier segmentation/separation across perimeter and production firewalls; and
Legacy systems, servers, firewalls, security zones, ports, protocols, and traffic
management devices (e.g. load balancers).>>
6.1.1 Network / Technical Architecture Diagram
<<Provide a network / technical architecture diagram of the production environment proposed for this
solution. The following template is provided for your reference. To edit the Technical Architecture
Design Template within Microsoft Visio, right click the image below and select Visio Object Open.

Detailed Architecture Design (DAD)


Template Version 6.0, 2012-12-15

Page 12 of 22

Government of Newfoundland and Labrador


Office of the Chief Information Officer
Solution Delivery: Enterprise Architecture

Figure 2 Network / Technical Architecture Diagram Template

Note: Ensure the diagram is labeled appropriately, including:


Application/solution structure;
All components (servers, firewalls, zones, etc.);
Integration with external and internal components / applications; and
Ports and/or protocols.>>
Indicate which of the following environments are being deployed to the OCIO infrastructure:
Production
Staging
Test
Development
6.1.2 Network Enhancements / Changes
Are network enhancements / changes required?

Yes

No

<<These changes could include but are not limited to any of the following:
Detailed Architecture Design (DAD)
Template Version 6.0, 2012-12-15

Page 13 of 22

Government of Newfoundland and Labrador


Office of the Chief Information Officer
Solution Delivery: Enterprise Architecture

Implementing Quality of Service on WAN links that are at capacity; and


New networking devices such as routers, switches, firewalls, or load balancers that are
required for the new solution.
If yes, outline and describe any network enhancements or changes required.>>

6.2 Communications and Performance


6.2.1 Data Flows and Network Protocols
<<Outline the required communication requirements for the intended solution including the expected
security rules that will be configured in the table below. Refer to the Sample DAD for assistance.>>

Source

Port(s) /
Protocols

Destination

Encrypted
or Not
Encrypted

Description

Estimated
Number of
Connections

Between Untrusted Zone (Internet) and Public Access Zone (DMZ)


Within Public Access Zone (DMZ)
Between Public Access Zone (DMZ) and Production Zone (Restricted)
Within Production Zone (Restricted)
Between VPN and Production Zone (Restricted) [1]
Table 7 - Data Flow Inbound and Outbound, Network Protocols

6.2.2 Network Traffic


Identify the location of the users of the application the network access required.
Site

Number of
Users
at Location

Local Area
Network

Wide Area
Network

Internet

Table 8 - User Locations

Identify the types of data objects that will be passed between the user and the application, and the
anticipated size.
[1]

This access is controlled by Government SSL VPN RSA functionality based on the users login ID and not
directly through firewall rules.
Page 14 of 22
Detailed Architecture Design (DAD)

Template Version 6.0, 2012-12-15

Government of Newfoundland and Labrador


Office of the Chief Information Officer
Solution Delivery: Enterprise Architecture

The table below offers a sample list of data objects. For more information, consult the EA Prime
assigned to your project.
Type of Object

Size in Kbytes

Terminal Screen

E-Mail Message

10

Web Page

50

Spreadsheet

100

Word Document

200

Graphical Terminal

500

Presentation Document

2000

High-Resolution Image

50,000

Multimedia Object
Table 9 - Sample Data Object List

Type of Object

100,000

Size in Kbytes

Table 10 - Data Object List

Detailed Architecture Design (DAD)


Template Version 6.0, 2012-12-15

Page 15 of 22

Government of Newfoundland and Labrador


Office of the Chief Information Officer
Solution Delivery: Enterprise Architecture

7. Database Architecture
Please refer to the following section(s) in the Guidelines and Best Practices document for
specific guidance:
Section 5.3: Database Security
Note: For Database Security considerations refer to the Security Model section of this document.

7.1 Initial Size of Database


<<Identify the estimated size of the database in gigabytes.>>

____ GB

7.2 Anticipated Annual Growth


<<Identify the anticipated annual growth in gigabytes.>>

____ GB

7.3 Database Features


Select all that apply:
Primary Keys (all tables)
Indices (including foreign keys)
Foreign Key Constraints
Stored Procedures
Transactions

Triggers
Views
Private Database Links
Public Database Links
Global Database Links

7.3.1 Database Environment


Must the database server run in a physical environment?

Yes

No

<<If yes, please explain.>>


7.3.2 Database Connection Account Type
Individual user accounts

Shared user accounts

Please refer to the following section(s) in the Guidelines and Best Practices document for
specific guidance:
Section 3.5: Architecture Patterns for Information Systems
Section 7.5: Application Level Security Requirements

7.4 Stored Procedures


Are stored procedures used?

Yes

No

<<If yes, please explain.>>


Detailed Architecture Design (DAD)
Template Version 6.0, 2012-12-15

Page 16 of 22

Government of Newfoundland and Labrador


Office of the Chief Information Officer
Solution Delivery: Enterprise Architecture

Please refer to the following section(s) in the Guidelines and Best Practices document for
specific guidance:
Section 3.5: Architecture Patterns for Information Systems

7.5 Clustering
Is database clustering being used?

Yes

No

Yes

No

7.6 Database Normalization


Does the database conform to third normal form or above?
<<For custom application: If no, please explain. >>

8. Security Architecture
8.1 Threat Mitigation Plan
<<Describe any controls in the application that would address vulnerabilities such as those identified
in the Open Web Application Security Project (OWASP) Top Ten Vulnerabilities, and the following:
Input validation: Describe the level of validation used when implementing precautions against
malicious input at each tier;
Security of interfaces to the Internet and/or other systems: Describe the security
methodologies used to interface with the Internet and/or other systems (e.g. ePayment
System);
Use of Mobile Code: Describe the use of secure mobile coding practices (e.g. ActiveX,
Javascript, etc.); and
Exception handling: Indicate security strategy for handling application errors in order to
prevent Denial of Service attacks and information disclosure to unauthorized users such as
displaying stack trace to users, etc.>>
Please refer to the following section(s) in the Guidelines and Best Practices document for
specific guidance:
Section 3.5: Architecture Patterns for Information Systems
Section 5.3: Database Security
Section 7.5: Application Level Security Requirements
Section 4.4.4: Web Security

8.2 Application Security


8.2.1 Roles
<<List roles with elevated privileges such as:
Detailed Architecture Design (DAD)
Template Version 6.0, 2012-12-15

Page 17 of 22

Government of Newfoundland and Labrador


Office of the Chief Information Officer
Solution Delivery: Enterprise Architecture

Administrative privileges to system objects such as user account create, modify, and delete of
user;
System privileges such as starting or stopping services or view/modify rights to audit and
logging files; and
Roles should support the principle of least privilege and segregation of duties.>>
Please refer to the following section(s) in the Guidelines and Best Practices document for
specific guidance:
Section 5.3.1 Roles
8.2.2 Authentication Authorization and Access Control
<<Identify how the application authenticates and stores user credentials and implements authorization
and access control (e.g. passwords are hashed in the database, authorization is carried out by the
application checking for a specific group membership, and access controls are in place to enforce
authorization such as file permissions, IP restrictions, or time of day restrictions).>>
Please refer to the following section(s) in the Guidelines and Best Practices document for
specific guidance:
Section 5.3.1 Roles
Section 7.2: Security Functional Controls
Section 7.3: Security Physical Architecture
8.2.3 Account and Password Management
Are OCIO Password Management and Application Account Management standards being
followed?
Yes

No

<<If no, explain why.>>


Please refer to the following section(s) in the Guidelines and Best Practices document for
specific guidance:
Section 7.3: Security Physical Architecture
8.2.4 Session Management
<<Describe how user sessions are managed, including:
How the user session object is stored and linked to user session ID;
How the user session ID is generated randomly to prevent session hijacking;
Whether session timeout can be set; and the duration; and
Whether multiple user sessions are limited.>>

Detailed Architecture Design (DAD)


Template Version 6.0, 2012-12-15

Page 18 of 22

Government of Newfoundland and Labrador


Office of the Chief Information Officer
Solution Delivery: Enterprise Architecture

Please refer to the following section(s) in the Guidelines and Best Practices document for
specific guidance:
Section 3.5: Architecture Patterns for Information Systems
Section 6.6.5: Encryption - Data in Transit
Section 7.3: Security Physical Architecture
Section 7.5: Application Level Security Requirements
8.2.5 Cached Data / Temporary Files
<<Describe any cached data and/or temporary files either within the system or at the endpoint, and
describe the lifetime of this data and how it is secured.>>
Please refer to the following section(s) in the Guidelines and Best Practices document for
specific guidance:
Section 7.6.2: Protection at Rest
8.2.6 Application Logging
<<Identify application / product log files generated, their location(s) and which role(s) have access to
them. Events to log may include, but not limited to:
Start-up and shutdown;
Successful / failed login;
Use of privileges;
Change of rights / privileges;
Addition / removal of user accounts;
Access (read and write) to sensitive information (e.g. configuration information, registry keys,
classified information, etc.);
Administrative activity;
Backup and restore;
Data imports and exports;
Password changes; and
Exceptions.>>
Note: All logged events must be accompanied by event ID, user ID, timestamp, application generating
event and resource reference at a minimum.
Please refer to the following section(s) in the Guidelines and Best Practices document for
specific guidance:
Section 7.6.4: Logging and Auditing
Section 7.2: Security Functional Controls

8.3 Infrastructure and Network Security


8.3.1 Separation of Administrative and User Traffic
Detailed Architecture Design (DAD)
Template Version 6.0, 2012-12-15

Page 19 of 22

Government of Newfoundland and Labrador


Office of the Chief Information Officer
Solution Delivery: Enterprise Architecture

<<Describe how administrative and user traffic are separated (e.g., the application user and
administrative modules are deployed on separate hosts).>>
Please refer to the following section(s) in the Guidelines and Best Practices document for
specific guidance:
Section 3.5: Architecture Patterns for Information Systems
8.3.2 Operating System Accounts and Privileges
<<Identify the operating system service accounts used to manage the infrastructure and the
associated privileges of those accounts. For sensitivity reasons, do not include actual system
usernames and passwords.>>
Please refer to the following section(s) in the Guidelines and Best Practices document for
specific guidance:
Section 7.2: Security Functional Controls
Section 7.3: Security Physical Architecture
8.3.3 Server Hardening
Will the servers be built and hardened by Solution Deliverys Project Support Team?
Yes
No
<<If not, identify how server hardening was applied throughout the n-tier architecture and what
hardening standards were applied.>>
Please refer to the following section(s) in the Guidelines and Best Practices document for
specific guidance:
Section 7.3: Security Physical Architecture
Table 7 - Minimal Security Physical Control Requirements for the OCIO

Section 7.6.3: Host and Infrastructure Hardening

8.4 Database Security


8.4.1 Description
<<Describe the type of database security implemented (e.g. role based security).>>
Please refer to the following section(s) in the Guidelines and Best Practices document for
specific guidance:
Section 5.3.1: Roles
8.4.2 Local User Management
<<Describe how user credentials that are stored locally in the database are protected.>>

Detailed Architecture Design (DAD)


Template Version 6.0, 2012-12-15

Page 20 of 22

Government of Newfoundland and Labrador


Office of the Chief Information Officer
Solution Delivery: Enterprise Architecture

Please refer to the following section(s) in the Guidelines and Best Practices document for
specific guidance:
Section 5.3.2: Logins
8.4.3 Database Logging
<<Identify database log files generated, their location(s) and which role(s) have access to them.
Events to log may include, but not limited to:
Access to specific tables;
Creation of data files external to the database;
Execution of DDL statements that affect objects;
Create, Drop or Alter statements for the following:
Tables;
Database links;
Directories;
Indexes;
Stored procedures;
Profiles;
Roles;
Tablespace;
Triggers;
Users; and
Views.
Note: All logged events must be accompanied by event id, user id, timestamp, application generating
event and resource reference at a minimum.>>
Please refer to the following section(s) in the Guidelines and Best Practices document for
specific guidance:
Section 7.6.4: Logging and Auditing
8.4.4 Database Link Privileges
<<Describe the privileges associated with any database links. For example, can the database link be
used to update, insert, or delete data into the target database?>>

8.5 Cryptography and Key Management


8.5.1 Appropriate Use of Encryption
Is encryption used within application?

Yes

No

<<If yes, describe the encryption.>>

Detailed Architecture Design (DAD)


Template Version 6.0, 2012-12-15

Page 21 of 22

Government of Newfoundland and Labrador


Office of the Chief Information Officer
Solution Delivery: Enterprise Architecture

Is database encryption used?

Yes

No

Yes

No

<<If yes, describe the encryption.>>


Is network encryption used?

<<If yes, describe the encryption (e.g., SSL, IPSec, SSH, SFTP/FTPS, etc.>>
Is data-at-rest encryption used?

Yes

No

<<If yes, describe the encryption (e.g., file/folder/disk/USB drive encryption etc.>>
Is backup encryption used?

Yes

No

<<If yes, describe the encryption.>>


Please refer to the following section(s) in the Guidelines and Best Practices document for
specific guidance:
Section 7.4: Use of Cryptography
8.5.2 Digital Certificate Management
Are X.509 certificates being used?
Internal

External

<<If external, explain the requirement.>>

9. Enterprise Backup and Recovery


9.1 Backups
Does the backup strategy adhere to the processes defined in the Guidelines and Best Practices for
Government Technology Solutions?
Yes
No
<<If no, describe and justify the variations in the backup strategy.>>
Please refer to the following section(s) in the Guidelines and Best Practices document for
specific guidance:
Section 8: Backup and Recovery

Detailed Architecture Design (DAD)


Template Version 6.0, 2012-12-15

Page 22 of 22