Non‐Functional Specifications - bonafide-ngo/timetable-viewer GitHub Wiki

Home / Non Functional Requirements

Non Functional Requirements (NFR) cut across the software functionality, spanning across all the modules and features. These requirements go deep into the overall Architecture.

Scalability HP

Real-time timetabling operates under an on-demand business model, making it challenging to forecast system loads accurately. Timetable Viewer is specifically crafted to operate on Virtual Machines (VMs), whether they are hosted on-premises or in the cloud. This setup leverages the on-demand resource consumption model, enabling swift and efficient scaling of resources both up and down.

The architecture of the system revolves around Modular Components, offering flexibility to enable or disable modules based on current business requirements. This modular approach also facilitates seamless integration of new modules, ensuring the system remains future-proof and adaptable throughout its life-cycle. By continuously evolving and expanding its capabilities through modular design, Timetable Viewer maintains agility and scalability in meeting evolving demands and technological advancements.

Performance HP

Timetable Viewer keeps up with the constant increase of internet speed and variety of devices available by offering a full responsive and lightweight user interface.

Performance is consciously taken in to considerations and features like asynchronous processing, micro services and caching are all implemented to avoid or minimize potential bottlenecks. The system is optimized for low-bandwidth connections through data compression and microservices, ensuring compatibility with a wide range of current mobile and desktop devices.

Flexibility HP

The Timetable Viewer is designed to achieve the maximum degree of flexibility by implementing a Multi-Tiersystem architecture, where specialised services are delegated to tiers. Tiers work as an independent module, availing of standard integration mechanisms and protocols, as well as supporting horizontal and vertical scaling.

Timetable Viewer is designed on the following tiers:

  • Server: primarily responsible for handling micro-service requests, processing business logic, and interacting with databases, caching mechanism or other storage solutions. It receives requests, processes the necessary data, and sends appropriate responses using well known standards and protocols. This tier ensures secure communication, implements authentication and authorization, and performs data validation and error handling. Additionally, it manages sessions, handles routing, and integrates with third-party services, all while maintaining scalability and performance. This proposed tier is primarly based on PHP, the popular, efficient and consolidated open source engine.

  • Client: it is responsible for presenting a responsive and user-friendly interface to users. It uses web technologies such as HTML5, CSS and JavaScript, leveraging the Bootstrap's framework to ensure a consistent and visually appealing design across different devices and screen sizes. This tier handles user interactions, such as form submissions, navigation, and dynamic content updates. It also communicates with the Server tier via standard AJAX requests to fetch and display data, providing a seamless and interactive user experience while ensuring cross-browser and cross-device compatibility and accessibility.

  • Database: this is based on open-source solutions such as MariaDB and it is responsible for storing, organizing, and managing data for the application. It handles data definition, manipulation, and querying through SQL commands, ensuring data integrity, consistency, and security. This tier interacts with the Server tier by responding to queries sent from the server, which involve fetching, updating, inserting, or deleting data based on the business logic. The server tier communicates with the database using database connectors or drivers, executing SQL queries and retrieving results to process and send back to the client-side tier. Additionally, the database tier ensures performance optimization through indexing, caching, and query optimization techniques.

  • Cache: it is responsible for temporarily storing frequently accessed data in memory to reduce the load on the database and speed up data retrieval processes. It interacts with the server-side tier by caching query results, session data, and other computationally expensive data. When a request is received, the server checks the cache first to see if the required data is available, which significantly reduces the time needed to access information. If the data is not in the cache, the server retrieves it from the database, processes it, and then stores a copy in the cache for future requests. This tier is based on the open source MemCacheD, which is a distributed in memory-caching system to optimize performance by minimizing database hits, reducing latency, and enhancing the overall scalability and responsiveness of the application.

Availability HP

The system is optimised to run in virtual environments, preferably availing of a Software-as-a-Service (SaaS) offering, to minimize any availability issues.

Timetable Viewer is not classified as a Mission Critical system, therefore a High Availability configuration is desirable and a Continuous Availability is only optional. The Client tier, Server tier and Cache tier can eventually be configured to run in a distributed environment, for example availing of a Load Balancer for continuous availability. The Database tier can also be configured to run with automatic failover for continuous availability.

Configuring Timetable Viewer for high availability is recommended to obtain a high benefit / cost ratio in relation to Recovery Point Objective (RPO) and Recovery Time Objective (RTO). While Continuous Availability may sound more robust than High Availability, it often entails higher costs, increased maintenance, and greater risk of misconfiguration. When weighed against its non-mission-critical aspects, the trade-offs may not justify its implementation.

Recovery Time Objectives (RTO)

By availing of a consolidated Disaster Recovery (DR) solutions avaialable for virtual environments, it is possibile to optimise the service level for High Availability and minimise the duration of time within which the business process must be restored after a disaster in order to avoid unacceptable consequences associated with a break in continuity. Examples of such solution are the implementaion of full virtual snapshots and automated backup and restore services. Such strategy is generarly capable of obtaining an exceptional RTO below the hour, especially when availaing of native Cloud solutions.

Recovery Point Objectives (RPO)

RPO (Recovery Point Objective) designates the amount of data that may be lost or need re-entry during service downtime. Since the application functions solely as a viewer for timetable data, the RPO becomes largely irrelevant. All timetable and user data is accessed in read-only mode by the application, shifting the responsibility for maintaining an acceptable RPO to the backend and internal systems that store, maintain, and provide the core data.

To further optimize RPO, Timetable Viewer can adopt advanced strategies such as distributed replication, synchronization, and data caching. These measures ensure High Availability services even in the event of disruptions to backend or internal data systems.

Integration HP

The world is increasingly interconnected today, driven by the Internet of Things (IoT). Timetable Viewer leverages Open Source solutions to maximize integration, efficiency, and transparency. Additionally, it promotes Open Data principles to facilitate information sharing to a certain extent.

The micro services are built on highly efficient and atomic Application Programming Interfaces (APIs), operating on JSON-RPC 2.0 and REST protocols via HTTP requests. This architecture ensures robust communication and scalability, supporting seamless interactions between components while adhering to modern standards for web services.

Auditing & Monitoring

Timetable Viewer can provide auditing and monitoring across different tools: Logging, Tracing, Analytics. The information collected can then be used for monitoring, collecting analytical information, addressing issues, resolving conflicts and to ensure that all the user and system actions are thoroughly recorded and stored properly so that it’s easy to trace and identify the exact sequence of events that happened in the system.

Logging HP

All system events are automatically logged depending on the selected threshold: INFO, DEBUG, ERROR, FATAL. The logs are stored on text-based files to optimise performance and resiliancy also in the event of failing tiers such as database and caching. While all log thresholds are enabled in the development and testing enviornments, the live system collects only ERROR and FATAL logs.

Tracing HP

Some user activities can be automatically traced and recorded in the Database providing a full spectrum view of the system utilization. Below is an example of possible information:

  • Date and Time
  • User identifier (anonymised)
  • User privilege
  • IP address
  • Geo-location (anonymised)
  • User-Agent
  • API request

Analytics

The system can integrate with several analytical tools to automatically compile a wide range information about the interaction and utilisation of the system. The following third-party and open source tools are highly recommended and they fully integrate with Timetable Viewer:

  • GoAccess HP: designed to be a fast log analyzer to view Server tier statistics.
  • Matomo LP: a cookie-less alternative to Google Analytics that protects data and users' privacy.

Configurability HP

Timetable Viewer is a versatile White-Label product, offering full configurability and customization options, ideal for deployment as a SaaS solution. Its front-end interface seamlessly adapts to any style guide through SCSS compilation, ensuring cohesive branding and user experience. System settings are easily adjusted using JSON configuration, allowing administrators to tailor the application to specific requirements and preferences. This flexibility not only enhances usability but also supports efficient integration into diverse operational environments.

Security HP

The system includes several mandatory security features: SSL/TLS, SSH, SSO, Encryption At-Rest, Data Anonymization and advanced CSF Firewall for login, intrusion and flood detection at the server level. Additional security measures (i.e. protection against DDoS attacks) can be adopted at the infrastructure level, especially when availing of a Cloud or SaaS deployment.

Privacy / GDPR HP

Timetable Viewer respects the personal privacy rights and it does not, as a rule, collect personal information of any kind unless provided by the user:

  • Technical data: technical information is stored and processed in the Timetable Viewer servers, including randomly generated tokens and other material that is technically necessary. Additional technical information is limited to the minimum required to operate the services.

  • Inputs: all user inputs are anonymised to ensure the privacy of user activity is maintained.

  • Cookies: the system uses only Essential Cookies that are strictly necessary to provide the services. Cookies must be enabled for the services to function.

  • Analytics: no analytical information based on personal data is collected, processed or stored.

  • Location: Timetable Viewer does not access, store, track or share your precise location. Any location information used is anonymized and calculated solely at the continent, country, and city levels.

Extendibility HP

The system is based on modules and features that can be easily enabled or disabled simply through configuration. Modularity allows the system to be extended minimizing the risk of compromising any of the existing features.

Timetable Viewer can be used out of the box and has the distinct advantage to be distributed under the Open Source AGPL-3.0 Licence. This allows anybody to inspect, review and assess the source code, as well as to change, fix and distribute it following the licence agreement.