3.3 Physical View
Purpose
Section titled “Purpose”The Physical View describes all infrastructure that hosts and supports the solution — whether physical hardware, virtual machines, containers, serverless functions, or cloud-managed services. It addresses the concerns of infrastructure engineers, DevOps teams, platform engineers, and cloud architects.
3.3.1 Deployment Architecture Diagram
Section titled “3.3.1 Deployment Architecture Diagram”Provide a diagram showing the infrastructure that drives the solution.
[Insert deployment architecture diagram]
Guidance
Show: physical/virtual servers, containers, cloud services, storage, networks, firewalls, load balancers, Internet gateways, SaaS platforms, and any other infrastructure components. Include cloud regions, availability zones, and VPCs where applicable.
3.3.2 Hosting & Infrastructure
Section titled “3.3.2 Hosting & Infrastructure”Hosting Venues
Section titled “Hosting Venues”| Attribute | Selection | |-----------|----------| | Hosting Venue Type | Cloud / SaaS / On-Premises / Hybrid / Outsourced | | Hosting Region(s) | [e.g., UK, EU, US, Asia, Other] | | Service Model | IaaS / PaaS / SaaS / FaaS / Other | | Cloud Provider | AWS / Azure / GCP / Other / N/A | | Account / Subscription Type | [organisation-specific account type] |
Compute
Section titled “Compute”Servers (Physical / Virtual)
Section titled “Servers (Physical / Virtual)”| Instance Name | Instance Type | vCPU | Memory (GB) | Storage | Quantity | OS | |--------------|--------------|------|-------------|---------|----------|-----| | [name] | [type/size] | [n] | [n] | [n TB] | [n] | [OS version] |
Containers
Section titled “Containers”| Attribute | Detail | |-----------|--------| | Container Platform | EKS (AWS) / AKS (Azure) / GKE (GCP) / Docker / Kubernetes / Other | | Base Image(s) | [e.g., Alpine, Node, NGINX] | | Cluster Size | [number of nodes] |
Serverless
Section titled “Serverless”| Attribute | Detail | |-----------|--------| | Serverless Services | [e.g., AWS Lambda, Azure Functions] | | Function Details | [description of serverless components] |
High Performance Computing
Section titled “High Performance Computing”If the solution uses specialised compute:
| Attribute | Detail | |-----------|--------| | HPC Requirements | [e.g., GPU, FPGA, specialised compute] |
Artificial Intelligence / Machine Learning
Section titled “Artificial Intelligence / Machine Learning”If the solution includes AI or machine learning components:
| Attribute | Detail | |-----------|--------| | AI/ML Components | [training and inference infrastructure] |
Security Agents
Section titled “Security Agents”Document security software deployed on compute resources. This is captured in the Physical View because agents are infrastructure-level components, even though they serve a security function.
Document security agents deployed on compute resources:
- [ ] Anti-Malware
- [ ] Endpoint Detection and Response (EDR)
- [ ] Vulnerability Management
- [ ] Other: […]
3.3.3 Network Topology & Connectivity
Section titled “3.3.3 Network Topology & Connectivity”Connectivity Summary
Section titled “Connectivity Summary”| Question | Response | |----------|----------| | Is this an Internet-facing application? | Yes / No - [details] | | Outbound Internet connectivity required? | Yes / No - [details] | | Cloud-to-on-premises connectivity required? | Yes / No - [details] | | Wireless networking required? | Yes / No - [details] | | Third-party / co-location connectivity required? | Yes / No - [details] | | Cloud network peering required? | Yes / No - [details] |
User & Administrator Access
Section titled “User & Administrator Access”Document how users and administrators connect to the solution, including access methods, protocols, and network connectivity.
| Attribute | Selection | |-----------|----------| | User access method | Web (HTTPS) / VDI / RDP / Citrix / Mobile App / API / Other | | User locations | [e.g., UK offices, Remote (VPN), Global, End-customers (Internet)] | | Administrator access method | VDI / RDP / SSH / HTTPS / Bastion Host / Other | | VPN required | Yes / No | | Direct Connect / ExpressRoute | Yes / No |
Transport Protocols
Section titled “Transport Protocols”Documenting transport protocols helps security and network teams verify that all communication paths use appropriate encryption and authentication.
| Protocol | Used? | Purpose | |----------|-------|---------| | HTTPS (TLS 1.2+) | Yes / No | […] | | SFTP | Yes / No | […] | | ODBC / JDBC | Yes / No | […] | | TCP (other) | Yes / No | […] | | gRPC | Yes / No | […] | | WebSocket | Yes / No | […] | | Other | Yes / No | […] |
Network Bandwidth
Section titled “Network Bandwidth”Bandwidth requirements inform infrastructure sizing and cost estimation. Underestimating can cause performance issues; overestimating wastes budget.
| Metric | Value | |--------|-------| | Peak egress bandwidth to Internet | [Mb/s] | | Peak ingress bandwidth from Internet | [Mb/s] | | Peak bandwidth between on-prem and cloud | [Mb/s] | | Traffic characteristics | [constant / burst / periodic] | | QoS requirements | [details] | | Network performance expectations | [latency, jitter, etc.] |
Internet Perimeter Protection
Section titled “Internet Perimeter Protection”| Control | Implemented | Detail | |---------|------------|--------| | DDoS Protection | Yes / No | [service used] | | Rate Limiting | Yes / No | [details] | | Source IP Restrictions | Yes / No | [IP allowlist, geo-blocking] | | Web Application Firewall (WAF) | Yes / No | [product] | | Client Verification Controls | Yes / No | [details] | | File Upload Protection | Yes / No | [malware scanning approach] |
3.3.4 Environments
Section titled “3.3.4 Environments”| Environment | Description | Count & Venue | Compute Solution | |------------|-------------|--------------|-----------------| | Development | Software development only | […] | […] | | Test / QA | Component and integration testing | […] | […] | | Staging / Pre-Production | Production-like environment for validation | […] | […] | | Production | Live service environment | […] | […] | | DR | Disaster recovery environment | […] | […] |
Connectivity Between Environments
Section titled “Connectivity Between Environments”Does the solution require connectivity between environment tiers (e.g., production to non-production)?
- [ ] Yes - [describe which components and data flows]
- [ ] No
3.3.5 End User Compute & IoT
Section titled “3.3.5 End User Compute & IoT”End User Compute
Section titled “End User Compute”Document any end-user device requirements (VDI, BYOD, mobile, desktop software):
[…]
IoT Devices
Section titled “IoT Devices”Document any IoT devices (printers, scanners, cameras, sensors, etc.):
[…]
3.3.6 Sustainability Considerations
Section titled “3.3.6 Sustainability Considerations”The Physical View is where most carbon-impact decisions are made. Document the sustainability stance for the infrastructure choices above — full detail belongs in Section 4.5, but capture the headline decisions here.
| Question | Response | |----------|----------| | Have hosting regions been chosen for low carbon intensity (e.g., regions with high renewable energy)? | Yes / No — [which regions and why] | | Are non-production environments configured to auto-shutdown out of hours? | Yes / No — [schedule] | | Has the compute family been chosen for performance-per-watt (e.g., ARM/Graviton, latest-generation)? | Yes / No — [details] | | Is auto-scaling configured to release capacity when idle? | Yes / No — [trigger thresholds] | | Is the DR strategy proportionate (cold standby vs warm vs hot) to the actual recovery objective? | [describe and rationale] |
Why this matters
Always-on production at peak-sized infrastructure 24×7 is the most common sustainability anti-pattern. Three decisions in this view dominate carbon footprint: region selection (carbon intensity varies 5-10× across cloud regions), non-production auto-shutdown (typically 60-70% saving on dev/test compute), and right-sizing (over-provisioned VMs waste energy regardless of load).
Scoring Guidance
| Score | What This Looks Like | |:-----:|---------------------| | 1 | Hosting venue identified but infrastructure not specified | | 3 | Deployment diagram complete, compute sized, networking documented, environments listed | | 5 | All of the above plus connectivity protocols specified, user/admin access methods documented, security agents listed, bandwidth and latency requirements quantified, sustainability decisions captured |
Quality Attribute Cross-References:
- 4.2 Reliability - Infrastructure design directly determines availability and recovery capability
- 4.3 Performance - Compute sizing and network design affect performance
- 4.4 Cost - Infrastructure choices are the primary cost driver
- 4.5 Sustainability - Hosting venue and compute efficiency affect environmental impact