Introduction to NFRs

14 min read

In this article by Sameer Paradkar, the author of the book Mastering Non-Functional Requirements, we will learn the non-functional requirements are those aspects of the IT system that, while not directly affect the business functionality of the application but have a profound impact on the efficiency and effectiveness of business systems for end users as well as the people responsible for supporting the program.

The definition of these requirements is an essential factor in developing a total customer solution that delivers business goals. Non-functional requirements are used primarily to drive the operational aspects of the architecture, in other words, to address major operational and technical areas of the system to ensure the robustness and ruggedness of the application.

Benchmark or Proof-of-Concept can be used to verify if the implementation meets these requirements or indicate if a corrective action is necessary. Ideally, a series of tests should be planned that maps to the development schedule and grows in complexity.

The topics that are covered in this article are as follows:

Definition of NFRs
NFR KPIs and metrics

(For more resources related to this topic, see here.)

Introducing NFR

The following pointers state the definition of NFR:

To define requirements and constraints on the IT system
As a basis for cost estimates and early system sizing
To assess the viability of the proposed IT system
NFRs are an important determining factor of the architecture and design of the operational models
As an guideline to design phase to meet NFRs such as performance, scalability, availability

The NFRs foreach of the domains e.g. scalability, availability and so on,must be understood to facilitate the design and development of the target operating model. These include the servers, networks, and platforms including the application runtime environments. These are critical for the execution of benchmark tests. They also affect the design of technical and application components.

End users have expectations about the effectiveness of the application. These characteristics include ease of software use, speed, reliability, and recoverability when unexpected conditions arise. The NFRs define these aspects of the IT system.

The non-functional requirements should be defined precisely and involves quantifying them. NFRs should provide measurements the application must meet.

For example, the maximum number of time allowed to execute a process, the number of hours in a day an application must be available, the maximum size of a database on disk, and the number of concurrent users supported are typical NFRs the software must implement.

Figure 1: Key Non-Functional Requirements

There are many kinds of non-functional requirements, including:

Performance

Performance is the responsiveness of the application to perform specific actions in a given time span. Performance is scored in terms of throughput or latency. Latency is the time taken by the application to respond to an event. Throughput is the number of events scored in a given time interval. An application’s performance can directly impact its scalability. Enhancing application’s performance often enhances scalability by reducing contention for shared resources.

Performance attributes specify the timing characteristics of the application. Certain features are more time-sensitive than others; the NFRs should identify such software tasks that have constraints on their performance. Response time relates to the time needed to complete specific business processes, batch or interactive, within the target business system.

The system must be designed to fulfil the agreed upon response time requirements, while supporting the defined workload mapped against the given static baseline, on a system platform that does not exceed the stated utilization.

The following attributes are:

Throughput: The ability of the system to execute a given number of transactions within a given unit of time
Response times: The distribution of time which the system takes to respond to the request

Scalability

Scalability is the ability to handle an increase in the work load without impacting the performance, or the ability to quickly expand the architecture.

Itis the ability to expand the architecture to accommodate more users, more processes, more transactions, additional systems and services as the business requirements change and the systems evolve to meet the future business demands. This permits existing systems to be extended without replacing them. Thisdirectly affects the architecture and the selection of software components and hardware.

The solution must allow the hardware and the deployed software services and components to be scaled horizontally as well as vertically. Horizontal scaling involves replicating the same functionality across additional nodes vertical scaling involves the same functionality across bigger and more powerful nodes. Scalability definitions measure volumes of users and data the system should support.

There are two key techniques for improving both vertical and horizontal scalability.

Vertical Scaling is also known as scaling up and includes adding more resources such as memory, CPUand hard disk to a system.
Horizontal scaling is also know as scaling out and includes adding more nodes to a cluster forwork load sharing.

The following attributes are:

Throughput: Number of maximum transactions your system needs to handle. E.g., thousand a day or A million
Storage: Amount of data you going to need to store
Growth requirements: Data growth in the next 3-5 years

Availability

Availability is the time frame in which the system functions normally and without failures. Availability is measured as the percentage of total application downtime over a defined time period. Availability is affected by failures, exceptions, infrastructure issues, malicious attacks, and maintenance and upgrades.

It is the uptime or the amount of time the system is operational and available for use. This is specified because some systems are architected with expected downtime for activities like database upgrades and backups.

Availability also conveys the number of hours or days per week or weeks per year the application will be available to its end customers, as well as how rapidly it can recover from faults. Since the architecture establishes software, hardware, and networking entities, this requirement extends to all of them. Hardware availability, recoverability, and reliability definitions measure system up-time.

For example, it is specified in terms of mean time between failures or “MTBF”.

The following attributes are:

Availability: Application availability considering the weekends, holidays and maintenance times and failures.
Locations of operation: Geographic location, Connection requirements and the restrictions of the network prevail.
Offline Requirement: Time available for offline operations including batch processing & system maintenance.
Length of time between failures
Recoverability: Time required by the system can resume operation in the event of failure.
Resilience: The reliability characteristics of the system and sub-components

Capacity

This non-functional requirement defines the ways in which the system is expected to scale-up by increasing capacity, hardware or adding machines based on business objectives.

Capacity is delivering enough functionality required for the end users. A request for a web service to provide 1,000 requests per second when the server is only capable of 100 requests a second, may not succeed. While this sounds like an availability issue, it occurs because the server is unable to handle the requisite capacity.

A single node may not be able to provide enough capacity, and one needs to deploy multiple nodes with a similar configuration to meet organizational capacity requirements. Capacity to identify a failing node and restart it on another machine or VM is a non-functional requirement.

The following attributes are:

Throughput is the number of peak transactions the system needs to handle
Storage: Volume of data the system can persist at run time to disk and relates to the memory/disk
Year-on-yeargrowthrequirements (users, processing and storage)
e-channel growth projections
Different types of things (for example, activities or transactions supported, and so on)
For each type of transaction, volumes on an hourly, daily, weekly, monthly, and so on
During the specific time of the day (for example, at lunch), week, month or year are volumes significantly higher
Transaction volume growth expected and additional volumes you will be able to handle

Security

Security is the ability of an application to avoid malicious incidences and events outside of the designed system usage, and prevent disclosure or loss of information. Improving security increases the reliability of application by reducing the likelihood of an attack succeeding and impairing operations. Adding security controls protects assets and prevents unauthorized access and manipulation of critical information. The factors that affect an application security are confidentiality and integrity. The key security controls used to secure systems are authorization, authentication, encryption, auditing, and logging.

Definition and monitoring of effectiveness in meeting the security requirements of the system, for example, to avoid financial harm in accounting systems, is critical. Integrityrequirements are restrictingaccess to functionality or data to certain users and protecting the privacyof data entered into the software.

The following attributes are:

Authentication: Correct identification of parties attempting to access systems and protection of systems from unauthorized parties
Authorization: Mechanism required to authorize users to perform different functions within the systems
Encryption(data at rest or data in flight): All external communications between the data server and clients must beencrypted
Data confidentiality: All data must be protectively marked, stored and protected
Compliance: The process to confirm systems compliance with the organization’s security standards and policies

Maintainability

Maintainability is the ability of any application to go through modifications and updates with a degree of ease. This is the degree of flexibility with which the application can be modified, whether for bug fixes or to update functionality. These changes may impact any of the components, services, functionality, or interfaces in the application landscape while modifying to fix errors, or to meet changing business requirements.

This is also a degree of time it takes to restore the system to its normal state following a failure or fault. Improving maintainability can improve the availability and reduce the run-time defects. Application’s maintainability is dependent on the overall quality attributes.

It is critical as a large chunk of the IT budget is spent on maintenance of systems. The more maintainable a system is the lower the total cost of ownership.

The following attributes are:

Conformance to design standards, coding standards, best practices, reference architectures, and frameworks.
Flexibility: The degree to which the system is intended to support change
Release support: The way in which the system supports the introduction of initial release, phased rollouts and future releases

Manageability

Manageability is the ease with which the administrators can manage the application, through useful instrumentation exposed for monitoring.

It is the ability of the system or the group of the system to provide key information to the operations and support team to be able to debug, analyze and understand the root cause of failures. It deals with compliance/governance with the domain frameworks and polices.

The key is to design the application that is easy to manage, by exposing useful instrumentation for monitoring systems and for understanding the cause of failures.

The following attributes are:

System must maintain total traceability of transactions
Businessobjectsand database fields are part of auditing
User and transactional timestamps.
File characteristics include size before, size after and structure
Getting events and alerts as thresholds (for example, memory, storage, processor) are breached
Remotely manage applications and create new virtual instances at the click of a button
Rich graphical dashboard for all key applications metrics and KPI

Reliability

Reliability is the ability of the application to maintain its integrity and veracity over a time span and also in the event of faults or exceptions. It is measured as the probability that the software will not fail and that it will continue functioning for a defined time interval.

It alsospecifies the ability of the system to maintain its performance over a time span. Unreliable software is prone to failures anda few processes may be more sensitive to failure than others, because such processes may not be able to recover from a fault or exceptions.

The following attributes are:

The characteristic of a system to perform its functions under stated conditions for a specificperiod of time.
Mean Time To Recovery: Time is available to get the system back up online.
Mean Time Between Failures – Acceptable threshold for downtime
Data integrity is also known as referential integrity in database tables and interfaces
Application Integrity and Information Integrity: during transactions
Fault trapping (I/O): Handling failures and recovery

Extensibility

Extensibility is the ability of a system to cater to future changes through flexible architecture, design or implementation.

Extensible applications have excellent endurance, which prevents the expensive processes of procuring large inflexible applications and retiring them due to changes in business needs. Extensibility enables organizations to take advantage of opportunities and respond to risks. While there is a significant difference extensibility is often tangled with modifiability quality. Modifiability means that is possible to change the software whereas extensibility means that change has been planned and will be effortless. Adaptability is at times erroneously leveraged with extensibility. However, adaptability deals with how the user interactions with the system are managed and governed.

Extensibilityallows a system, people, technology, information, and processes all working together to achieve following objectives:

The following attributes are:

Handle new information types
Manage new or changed business entities
Consume or provide new feeds

Recovery

In the event of a natural calamity for example, flood or hurricane, the entire facility where the application is hosted may become inoperable or inaccessible. Business-critical applications should have a strategy to recover from such disasters within a reasonable amount of time frame. The solution implementing various processes must be integrated with the existing enterprise disaster recovery plan. The processes must be analysed to understand the criticality of each process to the business, the impact of loss to the business in case of non-availability of the process. Based on this analysis, appropriate disaster procedures must be developed, and plans should be outlined. As part of disaster recovery, electronic backups of data and procedures must be maintained at the recovery location and be retrievable within the appropriate time frames for system function restoration. In the case of high criticality, real-time mirroring to a mirror site should be deployed.

The following attributes are:

Recoveryprocess: Recovery Time Objectives(RTO) / Recovery Point Objectives(RPO)
Restore time: Time required switching to the secondary site when the primary fails
RPO/Backup time: Time it takes to back your data
Backup frequencies: Frequency of backing-up the transaction data, configuration data and code

Interoperability

Interoperability is the ability to exchange information and communicate with internal and external applications and systems.

Interoperable systems make it easier to exchange information both internally and externally. The data formats, transport protocols and interfaces are the key attributes for architecting interoperable systems. Standardization of data formats, transport protocols and interfaces are the key aspect to be considered when architecting interoperable system.

Interoperability is achieved through:

Publishing and describing interfaces
Describing the syntax used to communicate
Describing the semantics of information it produces and consumes
Leveraging open standards to communicate with external systems
Loosely coupled with external systems

The following attributes are:

Compatibility with shared applications: Other system it needs to integrate
Compatibility with 3rd party applications: Other systems it has to live with amicably
Compatibility with various OS: Different OS compatibility
Compatibility on different platforms: Hardware platforms it needs to work on

Usability

Usability measures characteristics such as consistency and aesthetics in the user interface. Consistency is the constant use of mechanisms employed in the user interface while Aesthetics refers to the artistic, visual quality of the user interface.

It is the ease at which the users operate the system and make productive use of it. Usability is discussed with relation to the system interfaces, but it can just as well be applied to any tool, device, or rich system.

This addresses the factors that establish the ability of the software to be understood, used, and learned by its intended users.

The application interfaces must be designed with end users in mind so that they are intuitive to use, are localized, provide access for differently abled users, and provide an excellent overall user experience.

The following attributes are:

Look and feel standards: Layout and flow, screen element density, keyboard shortcuts, UI metaphors, colors.
Localization/Internationalization requirements: Keyboards, paper sizes, languages, spellings, and so on

Summary

It explains he introduction of NFRs and why NFRs are a critical for building software systems. The article also explained various KPI for each of the key of NFRs i.e. scalability, availability, reliability and do on.