Large models may become fragile and sensitive to corruption unless the integrity of the model is protected. The investment in the developed models made by development organizations will in many cases be substantial, vastly exceeding the investment in the development tools. This investment must be protected and it is therefore extremely important that the integrity of the model is protected and guaranteed.
There are several cases of model integrity, like:
-Referential integrity: Any item that is used (i.e. referred to) may not be deleted
-Meta model integrity: The model must adhere to its meta model
-CM integrity: Released Items may not be changed.
-Security: Access to Items must obey security restrictions
-Configuration and View integrity: All views generated out of all model information
-Authenticity: The server can guarantee that all information accessed through the server is authentic.
These cases of integrity cannot be met by file-based model stores, e.g. file based Configuration Management systems, or file servers. The approach to use external model checkers to detect that the model stored in the files have become corrupt is an approach that does not scale to system-of-systems and enterprise use, and cannot detect common cases of missing data. Instead, the mechanisms must assure that the essential integrity properties are met at all times, and that large consistent model can be built from smaller consistent models.
The way that SystemWeaver assures integrity is by using dedicated model servers with exclusive access to the model database (“model firewalls”). The servers assure that none of the integrity cases ever become violated: