Friday, December 31, 2010

Predictions for the next decade (2011 – 20)

1. Android (and its derivatives) will be omnipresent in embedded, mobile and hand held devices.
2. In laptops/desktops, windows or some flavor of it will be preferred operating system.
3. SAAS and PAAS will prevail for small and big enterprise.
4. IAAS will thrive in enterprise data centers.
5. Fragmentation and Alternatives of Java and Enterprise Java (like Apache harmony, and Spring) will emerge stronger and official java from Oracle will loose its sheen due to lust for its monetization by Oracle.
6. Laptop, mobile and tablet will merge into one.
7. Indian IT workforce will shift from permanent job to contractual jobs like in USA.
8. 3G and 4G (BWA) will bring internet book in India over smart phone and tablets.
9. Developing countries will swept by telecom revelation like India in previous decade.
10. Gamification will engulf almost all experiences especially of social media.
11. Outsoucing will change from India focused to 2I + 1 (2 location in India and one elsewhere)
12. Apple will loose its grip on smart mobile phone market.
13. Application will be pervasive in devices and appliances like phones (mobile and fixed line), TVs, automobiles, refrigerators, disk (CD/DVD/BlueRay) players, and any computing device.

Thursday, December 30, 2010

What questions (non financial) should I ask to a Cloud provide?

1. Number of years in service?
2. Number of subscribers?
3. Number of users?
4. Min number of users per subscriber?
5. Max number of users per subscriber?
6. Average number of users per subscriber?
7. Geographic spread of subscribers?
8. Mode by which Cloud can be accessed ( Browser, hand held device – mobile phone – which one, etc)
9. Does app has offline client?
10. Browser compatibility
11. List of business processes affected
12. Severity of affect to each business process (just touch, requires change, need complete change)
13. How to integrate with existing business systems – batch/real, synchronous/asynchronous, technology/platform?
14. Do employees need training?
15. Does Cloud affect master data?
16. How to integrate with Single Sign On (SSO)?
17. Does proposed cloud will capture any sensitive information (trade secret, patent, customer data, etc)?
18. What are the bandwidth requirements of proposed Cloud?
19. Does proposed Cloud have SSL support?
20. Does Cloud provider share with you external penetration tests and internal network security audits periodically?
21. Does provider have a documented policy for "hardening" the OS under Web and other servers?
22. Does provider have a documented set of controls to separate data and security information among customer applications?
23. Does provider perform background checks on personnel with administrative access to servers and applications?
24. Does provider has documented process for security alerts from IT partners?
25. What are the procedures for business continuity and disaster recovery?
26. Does provider certify the security of scripts and integration code; documented procedures for installing security patches
27. Does provider offer application- or transaction-based intrusion- detection services?
28. Does provider has documented identity management and help desk procedures?
29. What percentage of security staff has security industry certification?
30. What is the average experience of provider's security staff in information and network security?
31. What is the provider’s operational model: a. Self Hosting b. Co-location c. Managed Hosting d. Cloud Computing?
32. Is the provider's data center N + 1 for power?
33. Provider's Data facility: 1. Tier III 2. Tier IV
34. Is the provider's data center certified SAS 70 Type II or Type 1?
35. How many data centers does the provider have?
36. Which data centers will be used to server the application?
37. Is there a DR plan if a data center becomes unavailable?
38. Does the provider use at least 3 ISPs? Who are they?
39. Can a private connection to my enterprise WAN be provided?
40. Does the provider have network redundancy? How is this achieved?
41. How is network latency mitigated?
42. Can the provider provide location specific SLA's measured by a third party benchmarking service?
43. What are the hardware and software components provided by the provider?
44. Are provider servers dedicated or shared? If shared, by what method?
45. Is infrastructure redundant? If so, how is this accomplished?
46. What is Backup and retention schedule?
47. What monitoring is done as well as the interval, and reports that are available to review?
48. Is there staff 24/7? If not, what hours is staff available?
49. What is the provider's change management, patch management and upgrade policies and procedures?
50. What are the downtime notification policies (i.e. is advance notification given? How much?)?
51. Will a staging server/staging sand box be available for testing prior to production deployment?
52. Does provider has sand box for development?
53. How is security alerts handled? What are the security policies?
54. Do you have clear Service Level Agreements (SLAs) established with the service provider?
55. What kind of System Monitoring provided by the service provider?
56. What kind of help-desk support is available?
57. What are the change management processes available from the service provider?
58. Does the service provider provide you a staging environment to test changes before they are promoted to production?
59. Will the service provider support for full data and rule customization recovery on contract termination?
60. What API’s are exposed by service provider to develop application over cloud?
61. What API’s are exposed by service provider to deploy application over cloud?
62. Does my enterprise need new licensees of app servers/database or any other applications to be deployed over cloud?
63. How much time is needed to set up a proof of concept or trial demo?
64. How can offering being customized?
65. Industry references
66. Historical records of service availability?

Tuesday, December 28, 2010

Legal Challenges in cloud computing: Software Architect Perspective

Though Cloud gaining currency across the globe and across the industry. But if one carefully observe, he will find slow adoption of cloud in big enterprises. From a Software Architect perspective one should be aware of the legal challenges while evaluating cloud platforms for a solution.

1. Intellectual Property Rights
a. Is application and data protected under intellectual property rights?
b. If cloud provider gives access to your application, data, log etc to third party then what legal responsibility cloud provider assumes?
2. Trade Secrets
a. How secure are the trade secrets?
b. How far cloud provider can go to protect data, log, etc. in case of court summons and/or quasi legal requests/pressure?
c. How long cloud provider keeps application data and logs even after application is deleted from cloud and/or log deleted from cloud?
3. Privacy
a. What responsibility cloud provider assumes to protect Application Owner’s privacy?
b. What responsibility cloud provider assumes to protect Application users’ privacy?
c. Is there any liability coverage for privacy breach?
d. How behavioral tracking is maintained?
4. Data Centre
a. What legal responsibility does cloud provider assume in case of disaster?
b. What legal responsibility does cloud provider assume in case of hacking?
5. Jurisdiction
a. In case of any legal dispute which law apples – location of application provider, location of end user, location of cloud provider, location of server farm or any other?
b. In case of data breach who will send the notice of data breach – application provider or cloud provider?
c. How trans-border laws will be handled?
d. How do reputational risks covered?
e. How long data will be retained for legal and taxation purpose?
f. What is damage policy (say total dames are capped by amount of fee)?
g. Does the flow of data meet the regulatory requirements of each jurisdiction it flows through?
h. Does the cloud provider provides solutions for de-identifying data for transboarder data flow?
i. Where will the data and processes be stored? Can a commitment be obtained?
j. Are there multiple cloud platforms/parties involved?
k. Can the movement of data be controlled?
l. Should/can the data be encrypted?
6. Service Level Agreement
a. What are the SLA’s for cloud provider?
b. What matrices will be used to measure performance of cloud provider?
c. In case of dishonoring of SLA, what are the penalties and they will be enforced?
7. Licensing
a. Do libraries, components, services, servers, etc used in application creation, deployment, etc have cloud compatible licenses?
b. Do libraries, components, services, servers, etc used in application creation, deployment, etc licenses cover upgrade and maintenance as well?
c. How application’s license is structured for end users?
8. Physical Location of Data and processes
a. What is the location of data?
b. What is the location of processes?
c. Is any point of time, location of data and process be ascertained?
9. E-discovery
a. What are the evidentiary issues when client data is in cloud?
b. What are the SLA’s of e-discovery?
c. Who is responsible for e-discovery?
10. Termination
a. In case of contract termination, how data will be moved from cloud to in agreed upon format?
b. Who is responsible to move data?
c. If cloud provider goes out of business then how termination will be handled?
d. If application provider goes out of business then how termination will be handled – data, intellectual property.
e. Is there any lock in?
11. Change in Terms and conditions
a. How change in terms and conditions to be handled?
b. Does cloud provider change terms and condition by inserting URL?
12. Audit
a. Can application provider do audit of facilities and processes/procedures and how extensive are these audits?
b. Can application provider do audit of logs and how extensive are these audits?
13. Miscellaneous
a. What insurance cover cloud provider has?
b. In case of emergencies how data be accesses and who will be responsible?
c. Use of application provider’s name and logo for publicity by cloud provider?
d. Use of cloud provider’s name and logo for publicity by application provider?
e. How service renewal will be handled?

Monday, December 20, 2010

Sunday, December 19, 2010

A Small Step for Service Governance

While talking about SOA Governance, one visualizes big fat software and tools which costs millions of dollars and a platoon of support staff to “govern” SOA Governance platform.
In my experience, I noticed that small baby steps always more helpful and governance should be embedded in architecture and design. Instead of SOA Governance, I like it to be service governance first.
Recently, talking to one of my counterpart at my client place, I encountered a classic case of mis governance in services space. Once service is created and deployed, its contract ( wsdl in case of web service) is freely available across enterprise which makes unknowns its customer (sic) without any controlling authority. This uncontrolled distribution and usage of contract leads to nightmares and fights when service performance decreases or new version of service need to be releases and older version to be retired.

How to avoid such dogfight!

Simply create a registry (not UDDI) of service and make sure that this registry contains the information that who is calling whom and authentication has to pass through this registry. I understand this suggestion violets purist form of SOA but in this world nothing is perfect.

Saturday, December 18, 2010

Convention over Configuration

Now a days every software using or claiming to use convention over configuration.

Is anybody paying any attention on negatives of this paradigm?

1. To utilize a piece of software which is based on Convention over Configuration paradigm, one requires deep familiarity of software.
2. Refactoring becoming difficult and specifically if at any point of time, need arise to change convention, developers have night mares.
3. Bloated code is very normal because of binding the logic with convention. This pain can be reduced if conventions are made configurable.
4. This paradigm makes software very restrictive in view of “ only one way” of doing the things.

Few of the well known examples of softwares using Convention over Configuration paradigm are:
1. Java Bean
2. XDocLet
3. EJB
4. Spring
5. Hibernate
6. Grails
7. Ruby on Rails
8. Apache Camel
9. Struts
10. Maven
11. Apache Wicket

Reference:
1. http://softwareengineering.vazexqi.com/files/pattern.html
2. http://msdn.microsoft.com/en-us/magazine/dd419655.aspx
3. http://elegantcode.com/2009/11/28/convention-over-configuration/
4. http://en.wikipedia.org/wiki/Convention_over_configuration
5. http://marekblotny.blogspot.com/2009/04/convention-over-configuration.html
6. http://codebetter.com/jeremymiller/2009/01/24/convention-over-configuration-in-msdn-magazine/
7. http://www.javalobby.org/java/forums/t65305.html
8. http://www.sonatype.com/books/mvnref-book/reference/installation-sect-conventionConfiguration.html
9. http://weblogs.asp.net/sfeldman/archive/2009/07/20/convention-over-configuration.aspx

Thursday, December 16, 2010

Light Weight

It has become now fashionable to call any software component, application, library, platform, product, and any other piece of code as light weight. Now every piece of software claim itself as light weight. Just like “Life Time Warranty”.
In reality what does light weight means??

In my point of view term “light weight” is comparative. A piece of software is light weight or not in comparison to its contemporary competitors.
I have listed few of the criteria to tag some piece of software as light weight:

1. Deployment memory foot prints.
2. Runtime memory foot prints.
3. Run time consumption of other resources other than memory.
4. Dependency on other libraries.
5. Need of containers (!)

Wednesday, December 15, 2010

Operations in a Service Interface v 2.0

I have listed the operations a service should exposes in my earlier post. I have revised the list. The latest is:

Monday, December 13, 2010

BPMS Types

While doing assessment for one of my client for BPMS platform/tool set, I divided the BPMS system on the basis of three main features.
1. Human Centric
2. Integration Centric
3. Document Centric

Certainly some of the BPMS platforms/toolsets belong to more than one category but majority of them focuses one aspect or another. This focus is at large determined by vendors’ historical association with that aspect of product.

Sunday, December 12, 2010

P2P in Business

With the rise of Cloud (SaaS, PaaS and IaaS) centralization of business application is taking place which certainly offers its own benefits but also introduces single point of failure and too much control by very few entities. Centralization also asks for non interrupted connectivity which may not be feasible in lot of scenarios.

At the same time increasing interdependency of workers and businesses requires networked individuals and resources. In few of such scenarios networks get created on adhoc basis for short duration of project.
To solve these opposing requirements, P2P networks can be of great help. P2P does not require very centralized systems and divide the data ownership and infrastructure needs among participants.
Keeping this paradigm, I looked into various products and platforms and surprised to find that lot of small and big enterprises are using P2P technology and platforms in their business applications. One Further investigation revealed that the biggest share is cornered by BitTorrent.

1. Aggregator Juice (http://juicereceiver.sourceforge.net/index.php) uses BitTorrent
2. Video Player Miro (http://www.getmiro.com) uses BitTorrent
3. Music Retailer DGM Live (http://www.dgmlive.com) distributes using BitTorrent
4. Music Retailer Sub Pop (http://www.subpop.com) uses BitTorrent for distribution
5. Canadian Broadcasting Corporation (http://www.cbc.ca), Norwegian Broadcasting Corporation (http://www.nrk.no) and VPRO (http://www.vpro.nl) have often distributed their content using BitTorrent.
6. The Amazon Simple Storage Service (S3) is equipped with built-in BitTorrent support.
7. Blizzard Entertainment (http://us.blizzard.com/en-us/) uses BitTorrent (using a proprietary client "Blizzard Downloader") to distribute most content for StarCraft II and World of Warcraft, including the games.
8. Entropia Universe (http://www.entropiauniverse.com/) distributes files through BitTorrent
9. Facebook (http://facebook.com) and Twitter (http://twitter.com) use BitTorrent to distribute updates to servers.
10. CRM Ajatus (http://www.ajatus.info) is built on top of CouchDb
11. Bug Traking system SimpleDefects(http://syncwith.us/) is built using Distributed database Prophet
12. Avvenu (http://www.avvenu.com/) is a Personal File Sharing, Mobile Sharing platform. It is acquird by Nokia.
13. Dekoh (http://dekoh.com) facilitates Personal File Sharing with Web Integration platform
14. ShareDirect (http://www.laplink.com/business_solutions/sharedirect.html) is data synchronization tool by LapLink
15. Pando (http://www.pando.com) by Pando is Publishing, Media Streaming, and file sharing solution
16. StreamerP2P (http://www.streamerp2p.com) is a Broadcasting solution over internet
17. Syncura (http://www.syncura.com) has few products for document sharing and collaboration
18. Digital Media Delivery framework by Velocix (http://www.velocix.com) uses P2P paradigm
19. The Digital Media Exchange (DMX - http://cyber.law.harvard.edu/media/projects/dmx) operated by Harvard Law School
20. Social VPN (http://socialvpn.wordpress.com) is a P2P based VPN platform

Some of the Peer to Peer Initiatives:

1. JXTA (https://jxta.dev.java.net) is P2P Networking initiative by Java
2. P2P-Next (http://www.p2p-next.org) is open source initiative which primarily focuses on digital media.
3. Secure P2P Framework (SePP - http://sourceforge.net/projects/securep2p) focuses on security aspects of P2P. It is developed in java.
4. GNUnet (https://gnunet.org) is one more P2P Framework which focuses on security.
5. AntHill (http://www.cs.unibo.it/projects/anthill) is based on Complex Adaptive System paradigm.
6. MsgConnect (http://www.eldos.com/msgconnect) is proprietary P2P framework offered by Eldos.
7. Brunet (http://boykin.acis.ufl.edu/wiki/index.php/Brunet) is P2P library written in C#

Some of the P2P frameworks for developing business applications:


• Apache CouchDb (http://couchdb.apache.org) is a RESTful object database
• DBE (http://swallow.sourceforge.net) is a Java based P2P container for service oriented architecture
• Prophet (http://syncwith.us) is a P2P-replicated database
• Friend to Friend (F2F - http://ulno.net/f2f) is a Java framework for building P2P business applications using the SIP protocol
• Telepathy Tubes (http://telepathy.freedesktop.org/wiki/Tubes) is a framework to channel application information over instant messaging networks
• BitTottent (http://www.bittorrent.com) is one of the most popular P2P framework to develop enterprise grade applications.

Friday, December 3, 2010

Lean - Software Development

Lean has gained tremendous currency in manufacturing industry. Even in service industry Lean has significant influence. But in software development Lean is still in infancy due to two dominant reasons:

1. High level of manual intervention: Can you imagine coding done by robots at present state of technological sophistication. I understand up to a large extent code is automatically generated but still crucial part is requires human ingenuity.

2. Software engineering is still not a science or engineering but art or at the best craft. There is tremendous debate is going around in industry but still craftsman and artist are winning.

Software development is like Research and Development work where new materials and processes are being invented to fulfill newer needs in better way. Nevertheless, pioneers like to convert art and craft into science and engineering and bring automation into main stream to achieve consistency in quality and reducing the cost of development.
Therefore keeping the spirit of engineering, Lean can be applied in software development. The basic principles of Lean in software development can be transformed.

1. Add Nothing But Value (Eliminate Waste): Think of Agile methodologies in software development. Scrum and User stories are few of the efforts in this direction.

2. Center On The Resources Who Add Value: Since Software Development is labour intensive, value humans and then non human resources like software, hardware and processes.

3. Flow Value From Demand (Decide as late as possible): Work only for those features which are essential for customer now not in future. Think of Just in Time paradigm.

4. Optimize Across Organization: Do ever hear of SOA?

5. Optimize Across Organizations: I hope, you know about Cloud Computing?

6. See the whole: Do not make code as Spaghetti. Follow the principle of Code depth first and the breadth in moderation.

In line with seven wastes of manufacturing, software development also has its own wastes:

1. Overproduction  Extra Features: User stories, Scrums

2. Inventory  Huge amount of investment in work in progress. Think of water fall model. Details of Stories for current iteration

3. Over Processing  Paralysis by Analysis. Follow Test Driven Development, Daily build, write enough code to just pass unit tests. Extra Steps: Co-location, better communication

4. Motion  Finding Information: Figuring out what to do, where to go, and how to do.

5. Defects  Defects Not Caught by Tests: Test driven development. Catch defects in early of SDLC.

6. Waiting  Requirement gatherers are waiting for customers, designers are waiting for requirements, Coders waiting for design, testers waiting for code, and finally customer is waiting for product. Release often and early

7. Transportation Handoffs: Close interaction among developers, designers, testers and certainly with customer. Source code branch merging, email maze.


Reference:
1. http://en.wikipedia.org/wiki/Lean_software_development
2. http://www.leansoftwareinstitute.com/art_ilsd.php
3. Applying Lean to Software Development, an Excerpt from The Art of Software Development by Sara Peyton
4. http://leansoftwareengineering.com/
5. http://poppendieck.blogspot.com/2003/04/lean-software-development.html
6. http://en.wikipedia.org/wiki/Muda_%28Japanese_term%29
7. http://www.leaninnovations.ca/seven_types.html

Thursday, December 2, 2010

Myths of Agile

1. Agile is just Scrum or Extreme Programming
Truth: Agile is not a single methodology. It is a collection of Best Practices.

2. Agile methods are not suitable for large projects
Truth: Agile is not a fixed notion but is a collection of best practices. Use whatever suites in the given conditions. Use judicious use of Depth First and Breadth then.

3. Agile means no documentation
Truth: Working software is more valued than documentation but documentation is required for green horns, partners, customers and lots of others. Teams separated by time, space and discipline require documentation to pass understanding.

4. Agile means no upfront design
Truth: Any software system requires infrastructure. So always think of depth with breadth. Agile values ability to change over plan.

5. Agile is undisciplined
Agile requires disciple of high standard. Each member is responsible of her acts and deliverables.

6. Agile Development is not planned one.
Agile believes in rolling wave planning not in static plan.

7. Agile is not suitable for product development
Agile is for software development not for the product conceptualization. Keep proper check and balances on depth vs breadth of code.

8. Agile is not suitable for fixed bid projects
Lot of service companies are using it for fixed bid project. Agile requires transparency from service provider and customer.

References:
1. http://blog.versionone.com/blog/the-agile-development-blog/0/0/five-myths-of-agile-development-myth-5-agile-development-is-just-another-fad
2. http://www.authorstream.com/Presentation/vickydhiman-67414-common-myths-agile-myth-main-science-technology-ppt-powerpoint/
3. http://www.theappgap.com/exploring-ten-myths-about-agile-development.html
4. http://www.wiziq.com/tutorial/7418-Common-Myths-about-Agile
5. http://www.versionone.com/pdf/AgileMyths_BetterSoftware.pdf
6. http://agileworld.blogspot.com/2008/04/agile-myths.html
7. http://www.projectez.com/Files/special%20report%20-%20myths%20of%20Agile.pdf
8. http://stackoverflow.com/questions/1871110/agile-myths-and-misconceptions
9. http://www.drdobbs.com/architecture-and-design/206501655;jsessionid=BQPXX0LZG1ASLQE1GHPCKH4ATMY32JVN

Wednesday, December 1, 2010

Book Review: I. M. Wright's Hard Code

Book Review: I. M. Wright's Hard Code by Eric Brechner: Publisher- Microsoft Press: ISBN- 13: 978-0735624351


I.M Wright’s Hard Code is authored by Eric Brechner, veteran a Microsoft. Though book is published in 2007 but still holds its value in software project management. Book is filled with nuggets of wisdom for any person who is involved in Software project management or influence corporate IT culture.

Author is very straight forward and blunt in delivery of his opinion and belief which makes him distinct in crowd.

Book is collection of short essays which are organized in ten chapters. Book covers almost all aspects of software developments and primarily targets project managers and higher ups in management chain.

Certainly this book will stay in my bookshelf. I highly recommend this book.

Disclaimer: I did not get paid to review this book, and I do not stand to gain anything if you buy the book. I have no relationship with the publisher or the author.

Further reading: Complementary books to I.M Wright’s Hard Code are Getting Results from Software Development Teams by Dr. Lawrence J. Peters (http://www.amazon.com/Getting-Results-Software-Development-Teams/dp/0735623465), Solid Code by Donis Marshall & John Brono (http://www.amazon.com/Solid-Code-Donis-Marshall/dp/0735625921), Code Complete: A Practical Handbook of Software Construction by Steve McConnell (http://www.amazon.com/Code-Complete-Practical-Handbook-Construction/dp/0735619670)

One can get more information about book and related topics from:

1. Amazon: http://www.amazon.com/Wrights-Hard-Code-Best-Practices/dp/0735624356
2. Author’s Blog: http://blogs.msdn.com/b/eric_brechner/
3. Review: http://mvark.blogspot.com/2008/11/book-review-i-m-wrights-hard-code.html