Willy-Peter Schaub's Cave of Chamomile Simplicity

VSTS RTM: The Journey, Security Intermission

Talking about licensing … when setting up the group membership of the team foundation server, I noticed a new VSTS group “Team Foundation Licensed Users”, which obviously defines users that are licensed to use the Workgroup Edition of Team Foundation Server. It seems that like the rest of us, Microsoft is anticipating licensing issues as well.

Forget easy user administration using Window groups … this licensing group accepts only user accounts, which makes me wonder when we will finally get a permission configuration utility to lift the maintenance and confusion surrounding security with a simple wizard. This remains a complex area and will therefore remain to be an area of concern in terms of production support for some time.

With the exception of this new group, the security can be configured as outlined by quick reference poster “Team System Security Mapping” on http://www.drp.co.za/default.asp?id=technologies/content_technologies_t. We prefer using a domain group VSTSAdmins which defines the users that are able to perform administrative actions on the SharePoint, Reporting and TFS Services, rather than specifying individual user accounts all over the place.

Next we will create a team project and wonder into the world of work items and modeling.

In terms of the “snail” reflected on quick reference poster “Team System” on http://www.drp.co.za/default.asp?id=technologies/content_technologies_t we will proceed to step 3 and continue “rocking” through VSTS.

See you again in step 3 …

VSTS RTM: The Journey, Part 2 - Pondering (Eco 1 & 2 Complete)

Looking at quick reference poster "Team System" on http://www.drp.co.za/default.asp?id=technologies/content_technologies_t, we have completed steps 1 & 2 of the VSTS Ecosystem or "snail" as we like to refer to the diagram.

Before we delve into the "fun" parts of VSTS and TFS, I decided to give the VSTS models some further consideration and unfortunately have to agree with one of my colleagues that the VSTS Team Architect is not a very useful package and if we decide on this, VSTS Team Developer is not of much use either. Huh? Let me first define the context of this statement, which is probably the opening of a can of worms best left untouched, as it will evolve into a licensing thread.

Context: We are located in South-Africa where the IT professional is often not specialised in one specific field, but spans a number of competencies. This means that a resource could be a programmer today, an analyst on another project and an architect tomorrow, only to revert to tester a few days later. Obviously it is rare that a resource spans all solution stakeholder roles, but the border between analysis/design and development are common. The latter is where my concerns are based on and the statement that VSTS Team Architect and VSTS Team Developer, as separate products, are probably not adding much value.

Why? Looking at the next steps of the VSTS Ecosystem ... or snail ... we notice that we have the luxury of modelling our solution ... GREAT STUFF ... and looking at VSTS packages the architect will probably use VSTS Team Architect. He then hands over the completed models to the technical team lead who, together with his team, will do some class modeling and construction of the code. Looking at the VSTS Packages these resources will most likely use VSTS Professional, especially considering the upgrade paths of MSDN.

So what is the problem? The technical lead will make the painful discovery that he has no modeling capabilities in VSTS Team Developer, other than the class modeler. He now needs to ask the architect to give him images or printouts ... so why do we not go back to the whiteboard and Visio if this is the case? In our context where the technical team lead may also be a developer and the architect, we theoretically need both editions on the same machine. We will not even delve into the fact that code profiling does not appear in VSTS Team Test, an environment where profiling of code would probably add immense value.

The answer? Buy VSTS Team Suite for all technical team members and this challenge vanishes. Unfortunately the challenge now shifts to the project sponsor who has to add zeroes to the budget to cater for the increased licensing costs of the Team Suite. Therefore this answer is probably not going to find much favour in our community ...

Bottom line ... We do not have an answer yet and will take it up with the VSTS team again. Watch this space and brace yourself for an exciting journey through the can of worms, sorry through the world of licensing.

VSTS RTM: The Journey, Part 1 - Installation

We have started the journey to VSTS RTM, by building a new single-server deployment on a VM. After loosing my external drive twice, I have managed to complete the VM on the third attempt on my laptop.

While the hardware problems and the slowness of VMs required nerves of steel, the installation went seamless. (PS: Has anyone got any positive experience with powerless USB external drives on laptops, if yes, which make, model, ... I am on the verge of jumping up and down on my external unit.)

The only quirk I picked up is that in order to follow the product installation notes on a Server 2003 R2 system, you need to download and install the Sharepoint Services 2.0 as per instructions, not using the manage server utility ... else you will not notice the required "Server Farm" option.

We are now busy retesting the product using our VSTS Developer Readiness Program and I will post chapters of our journey and findings as and when it seems appropriate. Enjoy the journey through the VSTS ecosystem ... apart from the licensing and security credentials synchronisation issues, we are 101% hyped up about this product and what it can potentially offer solutions teams of today and especially tomorrow.

VSTS rocks ... see you in part 2.

WinFX, VSTS Workshops ... is there an interest in the SA community?

We, saArchitect (Gauteng), are negotiating CTEC facilities to host a 2 day WinFX workshop, during which we want to explore WCF, WWF and WPF, possibly also Vista. If you are interested in such an event could you please add a comment to this post  answering the following questions:

1. Are you interested in a hands-on workshop to explore WinFX?
2. If yes, what topics should be covered? Please list in order of priority.
3. Would you prefer 2 weekdays or a Sat-Sun weekend workshop?
   
   Additionally ...
4. Would you be interested in a 2-day hands-on VSTS introduction workshop?

Once we have enough interest, we will start the planning of the workshop and start hosting them ASAP.

TechEd 2006 (South-Africa) - Community Survey (Anonymous Comments Enabled)

Annonymous comments are now enabled for post http://dotnet.org.za/willy/archive/2006/03/14/50802.aspx.

Sorry for any inconvenience caused.

Software Factories ... a simplified view from within a world of debates

On Wednesday, Thursday and Friday, depending on our regional location, we attended the Strategic Architects Forum presented by Beat and Ingo … two good speakers with a strong and ‘controversial’ message. I was really drawn into some discussions after the event and was taken aback by some of the comments raised by some of the attendees and realized how futile they can be when people are not open to new ideas... ? I will not use Beat’s restaurant or aerospace facility examples, because while these are entertaining they have resulted in the heated and in my humble opinion completely unnecessary debates (PS: We do believe in healthy debates.)

To set the scene, I would like to define an initial glossary to define my understanding of the various information technology lingo terms that will be countered herein. I have gotten myself into a lot of trouble by stating that information technology is confusing the rest of the industry with three-lettered-acronyms (TLAs), fancy terminology and often repacking existing technology with a new terminology … frustrating even the more experienced who waste valuable research time, only to realize that there is a new pajama, but same content. Those that have experienced the OLE versus COM versus ActiveX eras and associated confusion, will understand my personal frustration and dissatisfaction with the “re-pajama’fication” concept.

I will attempt to address some of the typical comments which are being raised which concern me ... begin quote:"

• Component based solutions are far better than software factories.

• Software factories are “pie-in-the-sky” concepts.

• Solutions are all about business, not technology. Our success lies in delivering business solutions not technology.

• Code generators add no value to the overall solution.

… end quote.

An information technology system can be seen as a set of artifacts that as one … Borg assimilation here we go … achieves some specific outcome, such as proving a technological concept, addressing a business need or controlling a device of some sort … there are too many examples to even try and list a few. While we know of two types of systems, namely the commercially off the shelve packages (also known as COTS in the IT world) and the custom information system, we will focus on the latter which involves the paying client, the user of the system and the developers of the system.

I will not bore everyone with the information system life cycle, other than mentioning that we are supposed to analyse and document the actual business problem we are trying to solve, describe how the system will be built and how it is broken into smaller, more manageable pieces, and decide which technology we will use to develop the solution. When we break the system into smaller pieces we can break them into classes, modules, libraries, frameworks or as architects like to say, into “artifacts”. But wait, we just broke the system into a number of different pieces such as classes and frameworks … well, it is all about how granular we want to go and “what we happen to call what”. The important thing to note is that we are all in agreement at this point … COM developers typically talk about components, while others will happily refer to the same as libraries or modules.

Then comes the next step of building the solution and this is where I personally believe that the information technology world has a lot to learn from the other industries. I often hear “oh, this is a simple system … we will write it in two months”. 6 months later the developers are still in the process of shipping the product. Why … “oh, we had a technical challenge” … obviously. Try and sell a car to a buyer, sending him away on the delivery date, saying “oh, we had a technical challenge … please come back later”. Guess what, the buyer will never, ever return and probably drive past the salesperson the same day, with a better car purchased at another vendor.

So what should we learn from other industries? Whenever a task becomes repetitive they develop robots, capable of completing a monotonous and repetitive task quickly and efficiently. Special tools are developed for specialized tasks and configuration dictates how easy a product can be deployed, adapted and used. In the information technology world we have code generators replacing the robots, reusable classes/components/libraries/frameworks replacing the specialized tools and best practice documentation guiding the developer through the complex world of technology versus business requirements.

I often wonder how a developer getting all excited about the My namespace in .NET, can argue against frameworks … they are basically the same concept, namely to package and make available generic functionality for reuse and to avoid the continuous reinvention and ongoing copy-paste development.

Then we have the concept of business solution versus technology solution. Well, I am opening up myself once again by stating that “any” solution consists of both, living in harmony in successful projects and an in disarray in solutions that ship late or never. The most important holistic delivery of any information system is to solve a business need and make the business more productive and competitive. To realize this solution, however, we require technology and the foundation of any successful business solution is a stable and solid technology solution. We cannot see these two tenants as separate worlds, but instead should see them as complementary. I therefore distinguish between two types of software factories, which combined may be refered to as a software industry ... one factory produces the business artifacts, while the other is focused on the techinal artifacts.

But where does the software factory fit in? Well, in my “humble opinion” software factories are therefore a concept which creates the building around all of the above, it is a process of sharing, re-use, constant learning and the evolution from code-then-model, to a model-then-code-and-configure world. In the words of YAH, they are the solution ecosystem of the future. A software factory must not be compared with components, code generators, frameworks and specialized tools, but instead be seen as a concept of configurable development environments, containing pre-packaged and re-usable artifacts such as patterns, frameworks, best practise documentation and automation tools. The most important ingredient in a software factory is the concept of communication and sharing. An organization consisting of teams who all go their own way, develop their own frameworks and tools, and more often than not compete against each other within the same organization, is not an ecosystem that will benefit from software factories.

So do I believe software factories are the answer? Personally I believe none of the terminology we discussed herein are the answer in isolation, however, used effectively all or some can create a potent antidote to the late solution deliveries, the common excuses we always hear when a 1-2 month project has not “shipped” months later, the late nights trying to solve a technical problem which a gazillion technocrats have solved before and allow all of us to go home “on time”, “feeling good” and enjoying an early dinner with family.

I may be missing the point, but in my opinion we are once again agreeing, but arguing as we are using different terminology for the same concept

TechEd 2006 (South-Africa) - Community Survey

We are would like to hear “your” comments and requirements for the upcoming TechEd 2006 (South-Africa) event, so that we can negotiate with Microsoft South-Africa to include content relevant for the South-African community. Your feedback to this survey will be kept confidential by the saArchitect leads and only the summary of all feedback will be released to Microsoft. Note that this post has been configured to require moderation, allowing us to extract and delete your comments without making them “visible” to the public domain. We require your name and contact details if you have not logged onto dotnet.org.za and are therefore completing the comments anonymously.

We thank you for your time and input. We are hoping that we can ensure that the South-African community is appropriately represented at the next TechEd and that the content caters for all community members.

Optionally include a list of local speakers you would like to see at TechEd, as well as sessions you would find valuable.

Introduction to Windows Communication Foundation (Indigo) - Part 2 Updated for CTP Feb

Welcome YAH!

Finally YAH/Marinheiro is finally blogging. Visit him on http://dotnet.org.za/yah/ and enjoy an interestoing look at 64-but computing to start off with.

WCF/Indigo Configuration Poster --- Feb CTP'tonised

WCF/Indigo - the journey to the Feb CTP - Part 2

WCF/Indigo - strolling into the world of February CTP (Part 2)

In the first post, Part 1 (http://dotnet.org.za/willy/archive/2006/03/01/50594.aspx), it became apparent that the 71 pages of code breaking changes promised no easy migrations of existing code. While the saArchitect demo went reasonably well, the migration of the Indigo companion solution I developed for our book in the Indigo Beta-1 days and migrated from CTP to CTP proved to be challenging and a strain on the nerves, time and confidence in the code base stability of WinFX.

saArchitect Demo Solution

“.NET Enterprise Solution …. Interoperability for the Connoisseur” book companion solution at a glance:

Looking back at the two migration events, the code breaking changes where practically all in the area of configuration in our scenarios, including renaming of attributes and changes in attribute meaning.

My question of the day is: “Why does Microsoft not ship a migration utility, seeing that most changes are related to the configuration files”? Such a utility would allow them to continue the relentless renaming and consolidations of the configuration, while not impacting the early adopters of the technology negatively.

Migration steps needed for the companion solution:

• Before you do anything ensure that the path variables are setup correctly … else you will struggle to find utilities such as ComSvcConfig. With my complete reinstall of WinFX, none of the path statements were updated.

• Again the proxy code generated by January CTP failed to compile, due to namespace and class changes. Delete all proxy code to avoid long lasting migraines.

• SvcConfigEditor fails to load most January CTP based configuration files, complaining about numerous unknown attributes. It would be an idea for the utility to load the valid configuration and invalid configuration sections, highlighting the latter for attention … it would be easier than having to manually edit XML files, until SvcConfigEditor finally loads the file.

• Update the configuration files, taking note of subtle yet huge impact changes. In terms of the demo we “only” had to make the following changes:

  • See Part 1 of this post for type= to name= changes.

  • See Part 1 of this post for the drop of assembly names in the configuration.

  • MaxMessageSize was renamed to MaxReceiveMessageSize. See “Removed message size quota on sending” in “Breaking Changes between Jan CTP and Feb CTP” change document by MS.

  • DefaultProtectionLevelAttribute was removed. MS documented the correct code to be:
    [ServiceContract(ProtectionLevel=”Sign”)]
    public interface IService
    {
      [OperationContract(ProtectionLevel=”EncryptAndSign”)]
      void op1(string value);
      [OperationContract]
      void op2(string value);
    }
    Unfortunately this cost me another few headaches, until I realized that the code should be:
    [ServiceContract(ProtectionLevel=
                     System.Net.Security.ProtectionLevel.Sign)]
    public interface IService
    {
      [OperationContract(ProtectionLevel=
                     System.Net.Security.ProtectionLevel.EncryptAndSign)]
      void op1(string value);
      [OperationContract]
      void op2(string value);
    }

• While all code ported eventually, I left the X509 based code (subtraction system service) until last, because I just knew that it would not be easy. The correct configuration was difficult to figure out in the “Breaking Changes between Jan CTP and Feb CTP” change document and therefore I resorted to creating the configuration files with the security parts from scratch using the SvcConfigEditor tool - which has improved dramatically.
  Configuration extract from January CTP:
  </behavior>
    <behavior name="ClientCertificateBehavior">
      <clientCredentials>
        <serviceCertificate
            findValue="CalculatorServices"
            storeLocation="LocalMachine"
            storeName="My"
            x509FindType="FindBySubjectName" />
        <clientCertificate
            findValue="CalculatorServer"
            storeLocation="LocalMachine"
            storeName="My"
            x509FindType="FindBySubjectName" />
      </clientCredentials>
  </behavior>
  
  Configuration extract after revamp:
  <behavior name="ClientCertificateBehavior">
      <clientCredentials>
        <clientCertificate
            findValue="CalculatorServer"
            storeLocation="LocalMachine"
            storeName="My"
            x509FindType="FindBySubjectName" />
        <serviceCertificate>
          <authentication
            certificateValidationMode=
                  "PeerOrChainTrust" />
          <defaultCertificate
            findValue="CalculatorServices"
            storeLocation="LocalMachine"
            storeName="My"
            x509FindType="FindBySubjectName" />
        </serviceCertificate>
      </clientCredentials>
  </behavior>

• Rebuild the proxy code and configuration files. Update the client code to use the new proxy and configuration metadata.

We will post the revised companion solution on the companion CD.

In summary, the migration thermometer read as follows:

Download of CTP: Very painful
Migration from Jan to Feb CTP: Challenging
Documentation and Intellisense: Inconsistent and confusing
Stability of WinFX Codebase: High churn of configuration
Stability and performance of WinCF: Promising

This concludes my migration of the saA demo and the book 2 companion solution - until March CTP emerges - hopefully with less configuration churn!

VSTS/IDE Productivity Features - Code Analysis

Visual Studio 2005 comes with an armada of productivity features. This is an extract from the IDE/Debugger productivity demonstration I created for the developer readiness program, exploring and illustrating some of the “many” features all developers should be aware of.

Part 2 - a look at the code analysis and code coverage features.

Code Analysis

FXCop … in a new disguise … and fully integrated with the IDE allows us to mnanually or automatically analyse our static code for compliance with best practices and violations in terms of performance and security.

The analysis of the static code analysis results and the numerous options are alpine ranges on their own and we recommend that you stick to the basics to start off with.

• Right click on the demo DebugClassLibrary project and select “Run Code Analysis”.
  

• The code base will be analysed according to best practices. Any issues reported as errors or warnings as shown:
  

• Double click on each item in the Error List window and action where appropriate.

• Alternatively you can configure that the project is automatically subjected to a code analysis after a build, as shown:
  

• It is that simple

Code Coverage

Often developers claim they have tested all of their code … but have they and have they also done negative testing, which executes all of the error handling and exception management code? Too often I have had to debug a “fully functional” with imploded not in the business code, but in the error handling code, which was never tested.

Let’s look at the minimal effort involved …

• Select Test, Edit Test Run Configurations and then the relevant test run, i.e. localtestrun.testrunconfig in our case.
  

• Select DebugClassLibrary and optionally others as artifacts to instrument.
  

• Add the following code to the DebugClassLibrary class.
  public void NotCheckingThisCode ( )
  {
      Console.WriteLine ("The Black Hole");
  }

• Execute the test once again.

• Select the “Show Code Coverage Results” window.
  

• Analyse the code coverage, whereby covered and uncovered code is shown in two different colour schemes. Note that NotCheckingThisCode() is not covered by the unit test.
  

Part 3 will explore probably the most powerful toolbox, apart from the debugger, “profiling”. See you next time.

Alert: www.drp.co.za and www.bbd.co.za sites are down due to power blackout

I will need a bucket of Chamomile tea tomorrow. After we have just recovered the www.drp.co.za and made available the value add materials again, such as quick reference posters, our office disappeared from the public domain due to a power blackout which has lasted more than twelve hours already.

I am now going to catch some sleep and hope that when I get up for my morning cycle, that the ping www.drp.co.za statement will be a happy one in the morning.

Once again I apologize to the community for disappearing off the internet … it is not intentional and we hope that power will be restored soon.

TLAs, FLAs and the phone - three top items on my most hated list

Serious preamble note: These general thought posts are supposed to be of the humorous type and should therefore not be taken literally ... just want to make sure.

I have yet to comprehend why information technology people thrive on using TLA’s and lately FLA’s … in English this would translate to three lettered acronyms and since three is no longer enough, the four lettered acronyms.

I am often reading documentation or listening to technocrats having an entire conversation, which not even the smartest and most analytical aliens understand. What is wrong with saying “I will see you” … is it necessary to write “C U”. While these acronyms are often casual and funny, the use of TDD (test driven development), FAST (Framework for the Application of Systems Thinking) drives me sheer insane, because while I “at times” manage to follow these discussions, the business sponsors and end users are often left in outer orbit, shaking their heads i sheer dispair ... why?

This brings me to my last on the list of my most hated items, the analogue phone. I am a humanoid that likes to focus on my work, or finish dinner with my family, or conclude a discussion with a colleague, without saying “push it on the stack and pause - I need to answer my intrusive phone”. Why is it that if one does not stop and drop everything when someone decides to make your time their time, right this minute, by phoning you and expecting you to answer the annoyingly ringing device?

The latest suggestion by a colleague was “to create a talkable sms proxy of me out of frustration of not being able to talk to me via analogue means” - I did not take this comment the wrong way, nor did I give it any second thought - because I was too busy focusing on my UNISA assignment and simply could not afford to park my thoughts and switch to analogues means.

If I was supposed to be a slave to analogue devices, I would have been born with a cellular device embedded in my brain, an interrupt that stopped all non-life-threatening activities and automatically answered the phone. Talk about Borg assimilation.

As this is fortunately not the case, please do not be upset or frustrated if I do not “immediately” drop everything I am doing and pick up the ringing device. Instead SMS (not another TLA) or mail me - I promise to switch to analogue if I am not busy - unless off course you SMS an acronym such as PCM ASAP - I simply to not have the energy or a suitable real-time decryption device in my brain.

TechDays 2006 Johannesburg

I had the pleasure of attending the TechDays 2006 event in Johannesburg, which was attended by a complete different audience that we are used to and gave me the chance to absorb the top gems of Windows Server 2003 R2. If you are interested in other topics (SQL Server 2005, Vista, etc.) covered in today’s session then monitor Garret’s and Ernst’s blogs on http://dotnet.org.za/besserg and http://dotnet.org.za/ernstm respectively.

General Information:

• Apparently - I need to confirm this - future server products will only ship in 64-bit.

• The release schedule for operating systems is a mayor release, followed by an update release, restarting with a major release in ~2 year cycles. The upgrades are mainly aimed at the software insurance benefit program.

• Windows 2003 R2 is an update release and requires no re-installation.

Summary of what I really liked about R2:

• Security Enhancements

  • Active Directory Application Mode (ADAM) integration

  • UNIX identity management and interoperability bridging, with bi-directional password synchronization

  • Active Directory Federation Services (ADFS) which extends the security beyond the forest boundary and provides a single-signon environment for all environments that support the WS-Federation standard.

• Branch Office Enhancements

  • Server ‘failback’ without the need for clustering

  • Distributed File System re-vamp, with support for failover and delta based replication. Awesome performance improvements and bandwidth savings.

  • Print Management Console … back to the future, we can once again monitor and administrate all printers in one console.

  • Windows Remote Management implements the WS-Management standard.

• Storage Enhancements

  • Granular storage management, i.e. control and reporting of usage and quotas on a folder level. It is now possible to report on and analyse storage utilization, before upgrading the storage over and over, only to cater for all the music and video files.

• Web Enhancements

  • 64-bit and .NET Framework 2.0

  • Windows Sharepoint Services (WSS) have been enhanced and are introducing no less than 30 out-of-the-box scenario templates.

  • IIS 6 delivering improved security, more virtual space for 32-bit applications on X64, twice the connection support and 1.0, 1.1 and 2.0 coexistence.

• Virtualisation

  • Ideal environment for research, early adoption evaluation, provisioning phase (test and deployment) and even production - nudge, nudge, hint, hint aimed at Astra.

  • Ask MOM to monitor virtual servers and shutdown those that exceed predefined thresholds - we can then move it to another Virtual Server host with more iron.

  • X64 support

  • PXE boot support - perform a network installation

  • Each software license allows you to run, at any one time, one instance of the server software in a physical environment and up to four instances of the server software on virtual OS environments on a particular server.

  • Improved performance - visually noticeable.

  • Unix is now supported (this should ring excitement for our Astra lab administrator)

Microsoft’s vision is “a simple, self-hosting, self diagnosing and admin-free server environment”. Coming from the NT3.1 Alpha-days and Windows for Workgroup days, I for one am noticing that the vision is turning to reality.

Thanks to Evan Erwee and Carlos Magalhaes for an informative day.

There is a lot more - such as visiting http://www.itprosa.com - however, I need to complete a UNISA assignment and then download some sleep to reboot in analyst and developer mode for tomorrow.