Heimore Identity 2.0

Preparing a Portal/IAM-presentation for the Heimore Identity 2.0-day on Wednesday, http://www.heimore.com/Nyheter/Arets-event-Identitet-20--Identity-Management-i-verksamheten-nu-och-i-framtiden/
© Copyright 2009, Tomas Elfving

Google has launched Go

Google has launched Go, a new programming language focusing on concurrency, simplicity, and performance.

Go is open source. It uses an expressive C/C++-similar language with pointer but no pointer arithmetic. It is type safe and memory safe. However, one of its main goals is to offer the speed and safety of a static language but with the advantages offered by modern dynamic languages. Go also offers methods for any type, closures and run-time reflection. The syntax is pretty clean and it is garbage collected. It is intended to compete with C and C++ as a systems programming language.

It features mulitcore programming by providing lightweight concurrency allowing developers to create sets of lightweight communicating processes, called "goroutines". You can run many concurrent goroutines and you don't need to worry about stack overflows. Goroutines aren't threads, they are functions running in parallel with other goroutines in the same address space. It is very easy to launch parallel functions using the goroutines. This is one of the most interesting features offered by the language. It really simplifies concurrency for systems programming.

© Copyright 2009, Tomas Elfving

A Web service layer versioning strategy using deprecated methods

Question: How to manage development, bugfixing and all type of both backward- and nonbackward compatible changes to a web service layer without suffering from escalating maintenance costs of having to manage lots of old versions?


Suggested solution: Do not allow different version of the WS interface. Never change namespace. Handle change by introducing replacement methods and mark the "old" method as deprecated. Leave the deprecated method in production for a grace period, giving all consumers sufficient time to move over to the new version. When all consumers have moved over, remove the deprecaded method altogether.

This strategy works for both WS and EJB interfaces.

See also http://java.sun.com/j2se/1.5.0/docs/guide/javadoc/deprecation/deprecation.html

© Copyright 2009, Tomas Elfving

Visio stencil with SOA-symbols

As a compliment to his excellent book "SOA Design Pattrens", Thomas Erl also offers a Visio stencil with SOA symbols. Very useful!

Download from http://www.soapatterns.com/soa_08_12_beta.zip

© Copyright 2009, Tomas Elfving

MOSS Audience Targeting & Audience Rules

To scope content in MOSS 2007 using audience targeting, You have three options:

1. Sharepoint Groups

SharePoint Groups are maybe the most obvious Target Audience mechanism. This is useful in situations where the site administrators may not have access to Active Directory, which generelly is the case in large organizations. SharePoint Groups have the nice feature of allowing self-enrollment. Self-enrollment is useful if the site administrator wants to setup a site that have different levels of information and allow the users themselves to subscribe to what components they'd like.

2. AD/Domain Groups

Active Directory domain groups are a valid Target Audience and it works also if you are using a Custom Authentication provider, You just use Custom Role provider as an audience. The advantage is that existing AD groups (e.g for internal use) can be reused in external sites. The SharePoint site administrator has less or no control over the membership in the group, but in large organizations, this is generally the way the security department wants it anyway :-)!.

3: Audience Rules

Audience Rules are very powerful and maybe the least understood. They can be setup to achieve a number of useful things. For instance , they can be setup with multiple rules to require a match to all rules or any rule. The rules can be as simple checking if the user belongs to a organization, is in a distribution list, in a security group or match a specific user profile property.

© Copyright 2009, Tomas Elfving

Consumer power on the Internet

After filing support issues to IBM for ten months to not much avail, it took IBM only a few weeks after I blogged about it to get a version out addressing the problems with the Clearcase for Visual Studio 2008 plugin that we have reported (http://blog.tomaselfving.com/2009/05/clearcase-for-visual-studio-problems.html, comments). Coincidence? Great news anyhow, only that we have already moved to VisualSVN and are happy now, maybe we look at the new Clearcase version at some later point in time.

© Copyright 2009, Tomas Elfving

ROSS for multi-stage deployment and multi-farm replication for SharePoint

When searching for an enterprise deployment solution for a large external MOSS platform, I've come across ROSS. RepliWeb Operational Synchronization for SharePoint (ROSS) claims to provide one thing that is missing in the MOSS box, namely support for multi-stage deployment and multi-farm replication.

SharePoint used as a mission-critical web platform is requiers IT to maintain rapidly growing infrastructures, content and application structures. RepliWeb’s ROSS addresses the challenges when managing content deployment and replication processes across multi-staged topologies and multiple farms. Agnostic to environment variations, ROSS is a scalable solution built for critical enterprise deployment processes including comprehensive scheduling, recovery and transactional deployment capabilities, efficient transfer engines, and much more.

The feature I am specifically interested in is the support for transactions, so that a deployment may be rolled back entiryly without messing up the environment.

I'll comment on ROSS again later when I have made a thorough evaluation.

© Copyright 2009, Tomas Elfving

Clearcase for Visual Studio problems

I'm working with a large corp customer that have standardized on IBM Clearcase. It works great with all the Java development tools, but when starting up large scale Visual Studio development we have experienced lots of problems, especially with the Clearcase plugin for Visual Studio 2008. For instance:

- Clearcase looses files, especially when adding files to VS project locally

- Merge performs  poorly in general. In particular, merge of the VS project file is a source of major headache. Merge of CSS files reports successful, but when we're analyzing it there was lots of errors in the merged file.

- The Update view command is unreliable. Developers doing the Update view command doesn't always get all the latest files, and worse is that they get no message. They work on old files without knowing it, the developers worst nightmare!

If you have any experiences or tips, feel free to contact me or comment!

© Copyright 2009, Tomas Elfving

MOSS sp 2 now available

The MOSS sp 2 is now available for download at  http://blogs.msdn.com/sharepoint/archive/2009/04/28/announcing-service-pack-2-for-office-sharepoint-server-2007-and-windows-sharepoint-services-3-0.aspx.

Major improvements in the areas of:

1. Performance, availability and stablilty - lots of small fixes and improvements across nearly all the components. New/improved functions like a timer job that automatically rebuilds content database index to improve database performance. Another difference is when a content database is marked as read-only, the user interface will be modified so users cannot perform tasks that require writing to the database.

2. Broader browser support. Internet Explorer 8 is added into Level 1 browser support. FireFox 3.0 is added into Level 2 browser support. (Firefox 2.0 is no longer supported by Mozilla)

3. Improved Forms based authentification. Now the client application can store user credentials instead of asking for them every time.

4. Long-awaited improvements in product dokumentation

All the details of SP2 can be downloaded here: 

http://go.microsoft.com/fwlink/?LinkId=148551

© Copyright 2009, Tomas Elfving

SIEM and logging/tracking event by Heimore

Focusing on SIEM (Security Information and Event Management), traceability, log management and regulatory requirements Heimore Group is on the 13th of May arranging a full day of presentations, case studies, and meetings round these topics. The leading software vendors are coming as well as a number of leading experts in these fields.

Sign up at http://www.heimore.se/Nyheter/SIEM-och-Sparbarhetsdagen/!

  

© Copyright 2009, Tomas Elfving

Sharepoint proprietary specs out

Microsoft have released some interesting reading in the SharePoint Products and Technologies protocol documentation. It provides detailed technical specifications for Microsoft proprietary protocols (including extensions to industry-standard or other published protocols) that are implemented and used in SharePoint Products and Technologies to interoperate or communicate with Microsoft products. 

The documentation includes a set of companion overview and reference documents that supplement the technical specifications with conceptual background, overviews of inter-protocol relationships and interactions, and technical reference information.

Enjoy by downloading it at http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=5e94ad07-902c-422f-aadd-ff2bba9e540a#tm!

© Copyright 2009, Tomas Elfving

Skype staus field in Sharepoint

A company named ObjectConnect have developed a Skype integration into SharePoint.Its first version available on Codeplex now (http://skypestatusfield.codeplex.com/) featuring the Skype status field. It allows you to store the account name in the field, and it's rendered as the nice status (green / grey) picture in the list and item view. 

Also, clicking on the icon will bring you the chat window to that person if you have Skype installed locally. Nice! 

 © Copyright 2009, Tomas Elfving

An architecture of base-system-independent web services

One of the most common mistakes of SOA implementation is to leave out the common data model. Without that, the web service layer is no more than a function-mapping layer between clients and base systems. By letting the ESB manage a common data model, the web services published to clients are independent of various base system definitions of common objects, and also independent of change in theses base system definitions.

© Copyright 2009, Tomas Elfving

SharePoint 2007 Backup/Restore options and things to consider

Going through the native Sharepoint backup, I've found some limitations I'd like to shed some light on. The backup:

• does not Provide Scheduling Functionality. You must use the command line with Windows Task Scheduler for scheduled backups
  
• does not Backup any Configurations/Customizations to any files in the “12 Hive” or Web.config files. You must manually back up front end files.
• does not Backup IIS Settings/Configurations
  
• does not Backup Alternate Access Mappings (AAM)
  
• dannot Backup Directly to Tape (only to UNC)
• high restore time means low availability

If using the SQL Only Backup/restore strategy, you'll have the following issues to consider:

• it does not backup any WFE configurations or solutions
  
• it requires Admin to manually reattach content databases to the web applications after a recovery
  
• you'll need to manually backup/restore all customizations on WFE Servers (.Net Assemblies, Features, IIS Metabase, etc. – batch file can help automate this process)
  
• no need to backup Search database (as it can’t be synchronized with Search Index)
  
• backup/restore of SSP separately via SharePoint native backup/restore
  

© Copyright 2009, Tomas Elfving

First (?) Computer "Bug", 1945

© Copyright 2009, Tomas Elfving

Version management of web services

You basically have 2 choices: Either use separate URI's or use the "target namespace# for version numbering. Target namespace can also be used for multilanguage support.
Using the tagret namespace way together with a proxy or ESB, you can reduce client dependence on URI's. Say you have:

/Customer
/Customer/v1
/Customer/v2
/Customer/vX

/Customer always gives the client the latest version. The ESB acts here to sort out what WS is the latest version and supplies that WS to the client. Clients call /Customer for services they know is backwardcompatible.

/Customer/vX is for non-backwardcompatible services where the client needs to be sure exactly what version of the service he gets.

The "target namespace" solution follows the Amazon’s recommendation form publication of services (http://docs.amazonwebservices.com/AWSEcommerceService/2005-03-23/ApiReference/ServiceVersioningArticle.html)

© Copyright 2009, Tomas Elfving

What capabilities can a proxy in a SOA service layer handle?

When implementing a SOA web service layer, a number of issues keeps reappearing in service after service. They should, in other words, be taken care of in a separate service proxy layer on top of the services. The proxy layer could be implemented as a custom developed layer or with an ESB (Enterprise Service Bus).

Contrary to the more classical enterprise application integration (EAI) approach of a monolithic stack in a hub and spoke architecture, the foundation of an enterprise service bus is built of base functions broken up into their constituent parts, with distributed deployment where needed, working in harmony as necessary. An ESB does not implement a service-oriented architecture (SOA) but provides the features with which one may be implemented. The ESB tries to remove the coupling between the service called and the transport medium.

The following capabilities a proxy/ESB can handle:

- Invocation - Support for synchronous and asynchronous transport protocols, service mapping (locating and binding)
- Ruoting - Addressability, static/deterministic routing, content-based routing, rules-based routing, policy-based routing
- Mediation and integration - Adapters, protocol transformation, service mapping
- Messaging - Message processing, message transformation and message enhancement
- Process Choreography - Implementation of complex business processes(think twice before getting into that as it ties you heavily to the ESB product)
- Service Orchestration - Coordination of multiple implementation services exposed as a single, aggregate service
- Quality of Service - Security (encryption and signing), reliable delivery, transaction management, SLA controls
- Management - Monitoring, audit, logging, metering, admin console, BAM
- Thread management - i.e limit number of concurrent calls to a base system

© Copyright 2009, Tomas Elfving

Sharepoint memory leaks, anyone?

The SPDisposeCheck tool will help improve the quality of your SharePoint assemblies. It will inspect your SharePoint assemblies and check that you are correctly disposing of certain SharePoint objects (IDisposable objects which includes SPSite and SPWeb). The tool is based upon the guidance published in this MSDN article, Best Practices: Using Disposable Windows SharePoint Services Objects

This tool is not supported by Microsoft and is recommended to be used on Developer workstations and not on production SharePoint Server installations.

© Copyright 2009, Tomas Elfving

FAST Search for SharePoint available in beta 2nd half of 2009

Microsoft have released a roadmap for the FAST search engine aquired by the norwegian search specialists some time ago. The new search server that will add the high-end search capabilities of FAST ESP into Microsoft Office SharePoint Portal Server, will be available as a part of the next release of MOSS.
For customers who are interested in the product, Microsoft also announced ESP for SharePoint, a special offering that allows customers to purchase high-end search capabilities today, with a defined licensing path to FAST Search for SharePoint when it becomes available.
The full name is "FAST Search for Internet Business". It will extend FAST ESP and provide a flexible platform for building engaging, search-driven Web site experiences. The product will be available in beta in the second half of this year and will feature new capabilities for content integration and interaction management, helping enable more complete and interactive search experiences.

© Copyright 2009, Tomas Elfving

What is a Claim?

See also previous post on Claims-based authentification in next SharePoint

So, what is this claim and claims-based model that generates so much fuzz?

The claims-based model has three components:
1. the relying party, which needs the claim in order to decide what it is going to do
2. the identity provider, which provides the claim
3. the user, who decides what if any information he wants to provide.

Claims can contain static information such as birth date or credit card info, relationship-based information such as group membership or derived claims that make general assertions such as the user is over 21 years of age. There are also metaclaims about how information was verified, such as in-person registration, or how it was issued.

Claims can be used in three ways:
1. to securely transmit the requesting user’s identity across machines
2. provide application-specific concepts, such as roles, so applications can augment claims about the user and allow applications to reason about those claims in the context of authorization decisions
3. interoperate with multiple authentication providers in a consistent manner.

© Copyright 2009, Tomas Elfving