System-of-Systems Architecting: Critical Success Factors Dr. Azad M. Madni Chief Executive Officer USC-CSSE Convocation: Executive Workshop Presentation October 23-26, 2006 3250 Ocean Park Blvd., Suite 100, Santa Monica, CA 90405 310-581-5440 Fax: 310-581-5430 www.IntelSysTech.com Copyright © 2006 Intelligent Systems Technology, Inc. Outline • • • • • • • • First Hand Experiences System-of-Systems (SoS) Definition SoS Architecture SoS Architecting Complexities Promising Approaches Implementation Options Challenges Ahead Critical Success Factors Copyright © 2006 Intelligent Systems Technology, Inc. Madni/2 Information in this document is the property of Intelligent Systems Technology, Inc. Disclosure is made in confidence. Unless otherwise permitted, use or further disclosure of the depicted information by persons outside Intelligent Systems Technology, Inc. is prohibited. First-Hand Experiences • Principal Investigator on DARPA, Army, Navy, Air Force, DoE, NIST Research Initiatives – Ontology-enabled Agile Visualization of Multi-domain SoS data (sponsor: MDA) – Development of Toolset for DoDAF – compliant SoS Architecting (sponsor: U.S. Army RDECOM) – Process-enabled Formation and Management of Agile Virtual Enterprises (sponsor: DARPA DSO) – Virtual Prototyping of Combat Information Systems (sponsor: NSWCDD) – Integrated Product-Process Development (sponsor: NSWCDD, DARPA ISTO) – Development of Simulation-enabled Activity-Based Costing System (sponsor: AFRL) – Development of ANSI-EIA-632 systems engineering process library (sponsor: ONR, NSWC, DARPA ISTO) – Executable Models in Computer-aided Concurrent Engineering (sponsor: DARPA DSO DICE) – Simulation-based Design and Analysis of Agile Manufacturing Systems (sponsor: DoE TEAM Program) – Semantics of Process Description (sponsor: NIST PSL Program) – Design Process Management for complex products (sponsor: DARPA ESTO) Copyright © 2006 Intelligent Systems Technology, Inc. Madni/3 Information in this document is the property of Intelligent Systems Technology, Inc. Disclosure is made in confidence. Unless otherwise permitted, use or further disclosure of the depicted information by persons outside Intelligent Systems Technology, Inc. is prohibited. SoS Definitions Vary • Arrangement of interdependent systems connected to provide a capability greater than the sum of the member systems. – GAO, January 2006 • A federation of systems, whose context, mission, and operational logic are required for handling the allocation and coordination of shared, integrated resources – Dr. Ray Paul, OASD/NII • Several others Copyright © 2006 Intelligent Systems Technology, Inc. Madni/4 Information in this document is the property of Intelligent Systems Technology, Inc. Disclosure is made in confidence. Unless otherwise permitted, use or further disclosure of the depicted information by persons outside Intelligent Systems Technology, Inc. is prohibited. My Definition of SoS (Architecting Perspective) • A large, complex, ensemble … … of interdependent systems … developed and introduced over different time-frames … by multiple independent authorities … to provide multiple, interdependent capabilities … in support of multiple missions •An SoS capability typically exceeds the sum of the capabilities of the member systems (Madni, 2006) Copyright © 2006 Intelligent Systems Technology, Inc. Madni/5 Information in this document is the property of Intelligent Systems Technology, Inc. Disclosure is made in confidence. Unless otherwise permitted, use or further disclosure of the depicted information by persons outside Intelligent Systems Technology, Inc. is prohibited. DoN Operational Forces Systems-of-Systems support these forces. Copyright © 2006 Intelligent Systems Technology, Inc. Madni/6 Information in this document is the property of Intelligent Systems Technology, Inc. Disclosure is made in confidence. Unless otherwise permitted, use or further disclosure of the depicted information by persons outside Intelligent Systems Technology, Inc. is prohibited. System-to-Capabilities Mapping System System 2 System System 3 System System 4 System System 5 System System 6 System 1 IA1 1 System 2 IA 3 IA 4 IA 5 IA 6 IA System System 2 System 3 System 4 System 5 System 6 1 System 2 System 3 (from System 4 (from System 5 (from System 6 IASystem (from IA (from IA (from IA (from IA (from IA (from (from (from (from NRNRNRIASystem (from 1 IASystem (from 2 IASystem (from 3 IASystem (from 4 IASystem (from 5 IASystem (from 6 IASystem (from 1 NRIASystem (from 2 NRIASystem (from 3 NRIASystem (from 4 NRIASystem (from 5 NRIASystem (from 6 NRNR-KPP) IA (fromNR-KPP) IA (fromNR-KPP) IA (from KPP) IA (from KPP) IA (from KPP) IA (from NRNRNRNRNRNRIA (from KPP)NRIA (from KPP)NRIA (from KPP)NRIA (from KPP)NRIA (from KPP)NRIA (from KPP)NRKPP)NRKPP)NRKPP)NRKPP)NRKPP)NRKPP)NRKPP)NRKPP)NRKPP)NRKPP)NRKPP)NRKPP)NRKPP) KPP) KPP) KPP) KPP) KPP) KPP) KPP) KPP) KPP) KPP) KPP) System-Level Principal Supported MCP (determines Lead FA CHENG) Secondary supported MCP (determines Supporting FA CHENGs) Sub-Functional ISR/BA MCP C&N/I MCP TAMD MCP Areas Strike MCP C2/DS MCP Surface Warfare MCP Functional Areas FORCEnet IA Sea Strike IA Logistics MCP Force Deployment MCP EMW Intel EMW C2 Legal Portfolio Comms, Networking, and Services Infrastructure Sea Shield IA Sea Basing IA EMW IA Sea Enterprise Enterprise NP21 Integrated Architecture IA Integrated Architecture Performance Parameter MCP Military Capabilities Package NR-KPP Net-Ready Key One system can serve in different SoSs to satisfy requirements of different military capability packages. Copyright © 2006 Intelligent Systems Technology, Inc. Madni/7 Information in this document is the property of Intelligent Systems Technology, Inc. Disclosure is made in confidence. Unless otherwise permitted, use or further disclosure of the depicted information by persons outside Intelligent Systems Technology, Inc. is prohibited. System Versus SoS Comparison Criteria System System-of-System (SoS) Focus creation of the system creation of a capability Lifetime finite; can be extended indefinite; continually extended through replacement/addition of member systems Governance single, dominant oversight multiple, overlapping stakeholders Boundaries well-defined continually changing as new systems become part of SoS, while others leave Membership fixed; parent-offspring dynamic; based on SoS capability requirements Information Flows well-understood, mostly internal to the system changing; based on changes in information sharing requirements (Madni, 2006) Copyright © 2006 Intelligent Systems Technology, Inc. Madni/8 Information in this document is the property of Intelligent Systems Technology, Inc. Disclosure is made in confidence. Unless otherwise permitted, use or further disclosure of the depicted information by persons outside Intelligent Systems Technology, Inc. is prohibited. System Versus SoS Comparison Criteria System (cont’d) System-of-System (SoS) Development COTS or custom-developed systems procured from/developed by 3rd party under control of system authority organizations; some COTS Complexity designed out mostly ignored; imposed by dynamic mix of systems, emergent behavior Autonomy ceded by the components/parts to the system retained by member systems which contribute to SoS Unintended Consequences negligible; foreseen/tested and designed out high likelihood; changing boundaries; emergence Biggest Challenge satisfaction of all functional and performance requirements subject to cost, schedule and “ility” constraints interoperability at the programmatic, constructive and operational levels (Madni, 2006) Copyright © 2006 Intelligent Systems Technology, Inc. Madni/9 Information in this document is the property of Intelligent Systems Technology, Inc. Disclosure is made in confidence. Unless otherwise permitted, use or further disclosure of the depicted information by persons outside Intelligent Systems Technology, Inc. is prohibited. An Apt Analogy City SoS • Collective action of multiple individuals acting locally over time • City emerges and changes over time through loosely coordinated and regulated action of multiple individuals • Exhibits coherence without central control -- mechanisms that regulate local action • Mechanisms include city regulations, communications, distribution, emergency services • Built gradually in parts by people, companies, communities to serve their own purpose • Grows and thrives based on cultural and economic necessities • City is always in a state of perpetual changes • Collective action of multiple entities acting locally over time • SoS behavior emerges and changes over time through loosely coordinated and regulated action of multiple systems • Exhibits coherence without central control -- mechanisms to regulate local action • Mechanisms include acquisition policies, communications, distributed governances • Built and introduced gradually by organizations to satisfy mission capability packages • Grows and is sustained based on mission requirements • SoS has dynamically changing boundaries (construction, repairs, mods, demolitions, operations) (systems enter, leave, are modified, while operating) Adapted from SEI ULS report, 2006 Copyright © 2006 Intelligent Systems Technology, Inc. Madni/10 Information in this document is the property of Intelligent Systems Technology, Inc. Disclosure is made in confidence. Unless otherwise permitted, use or further disclosure of the depicted information by persons outside Intelligent Systems Technology, Inc. is prohibited. SoS Realities • Different missions require different Mission Capability Packages (MCP) • Different capability packages require different aggregations of systems, with the potential for some overlap • Interoperability is key to realizing the desired capability – syntactic interoperability assures ability to exchange data – semantic interoperability assures ability to use and understand data • Mission Capability Package can vary with locale and type of threat – urban environment versus jungle environment versus desert environment – type of threat (e.g., NBC, IED,…) • Operational documents not in step with current understanding • Acquisition process not in step with SoS interoperability requirements Copyright © 2006 Intelligent Systems Technology, Inc. Madni/11 Information in this document is the property of Intelligent Systems Technology, Inc. Disclosure is made in confidence. Unless otherwise permitted, use or further disclosure of the depicted information by persons outside Intelligent Systems Technology, Inc. is prohibited. SoS Architecture • A framework for structuring nodes that define the SoS – regardless of their source (i.e., COTS, NDI, custom, legacy) • Captures scope of the nodes, and how they are intended to interact within the SoS • A vehicle for: – – – – incorporating existing/planned nodes into the SoS performing tradeoffs and making decisions communicating and discussing issues documenting SoS state/status Copyright © 2006 Intelligent Systems Technology, Inc. Madni/12 Information in this document is the property of Intelligent Systems Technology, Inc. Disclosure is made in confidence. Unless otherwise permitted, use or further disclosure of the depicted information by persons outside Intelligent Systems Technology, Inc. is prohibited. SoS Architecting Complexities • SoSs are dynamic entities – systems are added, modified, or removed as mission requirements change – such changes are handled a priori or “on-the-fly” • The integration infrastructure needs to change with – technological advances – changes in Quality-of-Service (QoS) requirements • These considerations imply that a SoS architecture needs to enable the evolution of the SoS and be evolvable itself • Evolvability requires up front engineering because it is costly and difficult to introduce later Copyright © 2006 Intelligent Systems Technology, Inc. Madni/13 Information in this document is the property of Intelligent Systems Technology, Inc. Disclosure is made in confidence. Unless otherwise permitted, use or further disclosure of the depicted information by persons outside Intelligent Systems Technology, Inc. is prohibited. SoS Architecting Challenges • Overcoming development friction – complex, independent-overlapping governance • Getting all stakeholders to develop shared interests – multiple, independent concurrent developments, overlapping governances • Maintaining coherence at SoS level – independently planned programs pulling in different directions • Achieving robustness despite inability to perform critical tradeoffs – complexity renders certain tradeoffs incalculable • Maintaining interoperability (syntactic, semantic) – dynamically changing, uncertain information sharing requirements Copyright © 2006 Intelligent Systems Technology, Inc. Madni/14 Information in this document is the property of Intelligent Systems Technology, Inc. Disclosure is made in confidence. Unless otherwise permitted, use or further disclosure of the depicted information by persons outside Intelligent Systems Technology, Inc. is prohibited. SoS Architecting Myopia • Focus solely on technical issues at the expense of operational mission goals – evident in the rush to migrate to service-oriented architectures (SoA) • Ignore critical issues such as: – SoS architecture coverage relative to SoS mission requirements – likely changes to mission and SoS ability to handle these changes – mission-imposed QoS requirements and implications for SoS architecture – most likely and most challenging operational scenarios and the ability of the SoS architectures to support them Copyright © 2006 Intelligent Systems Technology, Inc. Madni/15 Information in this document is the property of Intelligent Systems Technology, Inc. Disclosure is made in confidence. Unless otherwise permitted, use or further disclosure of the depicted information by persons outside Intelligent Systems Technology, Inc. is prohibited. SoS Architecture Tradeoffs (examples) • Mission Coverage vs. Lifecycle Costs – how well does the SoS architecture satisfy mission requirements and at what cost (lifecycle, recurring) • Security vs. Performance – how does the SoS address security when dealing with heterogeneous, remote nodes – do these measures come at the expense of reduced performance • Functionality vs. QoS – granularity of node interface – risk of extraneous data or multiple trips to acquire data • Standard vs. Proprietary Communication Mechanisms – do standard mechanisms adequately satisfy QoS requirements – do proprietary mechanisms preclude new nodes from joining the SoS Copyright © 2006 Intelligent Systems Technology, Inc. Madni/16 Information in this document is the property of Intelligent Systems Technology, Inc. Disclosure is made in confidence. Unless otherwise permitted, use or further disclosure of the depicted information by persons outside Intelligent Systems Technology, Inc. is prohibited. Promise of Executable Representations • SoS architecture and design will necessarily evolve iteratively to respond to critical capability requirements • Executable representations of the architecture produced/refined in each iteration can potentially: – clarify understanding and reduce development risks – provide key early insights into the behavior of the target SoS – explore sensitivities of SoS attributes to changes in mission requirements (“Mission Capability Packages”) – validate operational scenarios using “what-if” perturbations – verify technical realizability of the architecture Copyright © 2006 Intelligent Systems Technology, Inc. Madni/17 Information in this document is the property of Intelligent Systems Technology, Inc. Disclosure is made in confidence. Unless otherwise permitted, use or further disclosure of the depicted information by persons outside Intelligent Systems Technology, Inc. is prohibited. SoS Architecture Implementation Options • The three major implementation options are: – Service-oriented Architecture – Grid Architecture – Component-based Architecture • Each has its advantages and disadvantages • Technological maturity to implement each tends to vary Copyright © 2006 Intelligent Systems Technology, Inc. Madni/18 Information in this document is the property of Intelligent Systems Technology, Inc. Disclosure is made in confidence. Unless otherwise permitted, use or further disclosure of the depicted information by persons outside Intelligent Systems Technology, Inc. is prohibited. Challenges Ahead • No guidance on how to architect a SoS – especially when goal(s) need to be created “on the fly” • Creating a SoS on the fly involves dynamic discovery, composition, and invocation – therefore, the architecture may not be known until run-time…risky! • Open questions – how to determine architecture of such a SoS? is it only determined at run time or is there sufficient static information to determine the architecture a priori? – what is the potential impact of not knowing the architecture on the quality attributes and performance of the SoS? is it possible to evaluate the desired quality attributes of such a system? – is it possible to guarantee some level of service for a SoS under development? – how can a SoS that is put together at run-time distinguish between legitimate and illegitimate service? … can this knowledge be used to guarantee an acceptable QoS level? Copyright © 2006 Intelligent Systems Technology, Inc. Madni/19 Information in this document is the property of Intelligent Systems Technology, Inc. Disclosure is made in confidence. Unless otherwise permitted, use or further disclosure of the depicted information by persons outside Intelligent Systems Technology, Inc. is prohibited. Critical Success Factors • Do as much up-front engineering as possible – evolvability is costly and difficult to infuse later • Avoid “SoS architecture myopia” – attend to mission capability requirements – map them onto SoS architecture nodes to assess coverage, and to identify and fill gaps • Focus on mostly likely and most challenging operational scenarios in defining architectural requirements • Define fundamental vocabulary, semantics, and models to build and share best practices • Employ iterative process in SoS architecting to increase understanding and reduce risks • Experiment with “guided” emergence by creating conditions and policies that result in desired SoS capabilities Copyright © 2006 Intelligent Systems Technology, Inc. Madni/20 Information in this document is the property of Intelligent Systems Technology, Inc. Disclosure is made in confidence. Unless otherwise permitted, use or further disclosure of the depicted information by persons outside Intelligent Systems Technology, Inc. is prohibited. Critical Success Factors (cont’d) • Employ executable representations of the architecture at the appropriate levels of abstraction in each iteration to: – – – – – clarify understanding and reduce risks in each iteration acquire early initial insights into the behavior of the target SoS explore sensitivities of critical SoS attributes to perturbations validate operational scenarios verify technical realizability of the architecture • Simulate, analyze and resolve human-system integration issues arising from: – spikes in cognitive load – frequent context-switching on the part of humans • Aid/Train humans to effectively function in scenarios where: – changes in collaborators and collaboration perspectives occur frequently – context-switching occurs periodically – cognitive load spikes suddenly Copyright © 2006 Intelligent Systems Technology, Inc. Madni/21 Information in this document is the property of Intelligent Systems Technology, Inc. Disclosure is made in confidence. Unless otherwise permitted, use or further disclosure of the depicted information by persons outside Intelligent Systems Technology, Inc. is prohibited.