Book Review: Virtualization: A Manager’s Guide

Book Review: Virtualization: A Manager’s Guide by Dan Kusnetzky: Publisher- O'Reilly: ISBN- 13: 978-1449306458

First I am thankful of O’Reilly of providing me free copy of book before publication.

As title of book suggests, this book is not for techie. This thoughts is further reinforced by intended audience section of book.

Virtualization: A Manager’s Guide is pretty short and very lucid and easy read. Book covers virtualization model developed by author ( or his company) which seems to be pretty good.

The definition of virtualization given by book “Virtualization can create the artificial view that many computers are a single computing resource or that a single machine is really many individual computers” is very correct as most of the definition ignore the many computer part.

I am not going to keep this book in not bookshelf as this lacks technical rigor but certainly it is useful for someone who is not very technical but faces technical staff.

Disclaimer: I did not get paid to review this book, and I do not stand to gain anything if you buy the book. I have no relationship with the publisher or the author.

One can get more information about book and related topics from:

1. Amazon: http://www.amazon.com/Virtualization-Managers-Guide-Dan-Kusnetzky/dp/1449306454
2. Publisher -- http://oreilly.com/catalog/0636920020417
3. Review: http://smoothtommy.wordpress.com/2011/07/05/book-review-virtualization-a-managers-guide/
4. One more review: http://santoshonsoftware.blogspot.com/2011/07/book-review-virtualization-managers.html
5. Third Review: http://mohamedazar.wordpress.com/2011/06/25/virtualization-a-managers-guide/
6. Dan Kusnetzky: http://www.kusnetzky.net/

Book Review: Art of Application Performance Testing

Book Review: Art of Application Performance Testing by Ian Molyneaux : Publisher- O'Reilly: ISBN- 13: 978-0596520663

This is the first book, I have read on performance testing after long years of development.

Book is straight forward and is fast read. Book covers lot but just touches the surface. This book is good to know basic concepts of Performance Testing but as person will be reading more and practicing more this book will be of little use.

Certainly this book is just stepping stone for any aspiring Load and Performance tester.

Book does not focus on any platform or tool.

Disclaimer: I did not get paid to review this book, and I do not stand to gain anything if you buy the book. I have no relationship with the publisher or the author.

Further reading: Software Performance and Scalability: A Quantitative Approach (http://www.amazon.com/Software-Performance-Scalability-Quantitative-Engineering/dp/0470462531) and Performance Testing Guidance for Web Applications (http://www.amazon.com/Performance-Testing-Guidance-Web-Applications/dp/0735625700) are two books which might be interesting to you.

One can get more information about book and related topics from:

1. Amazon: http://www.amazon.com/Art-Application-Performance-Testing-Programmers/dp/0596520662
2. Publisher -- Oreilly http://oreilly.com/catalog/9780596520670
3. Review: http://artur.ejsmont.org/blog/content/review-the-art-of-application-performance-testing
4. Second review: http://antognini.ch/2010/01/the-art-of-application-performance-testing/
5. Third review: http://matt.eifelle.com/2009/07/14/book-review-the-art-of-application-performance-testing-help-for-programmers-and-quality-assurance/
6. Webinar by author: http://uktmf.com/index.php?q=node/553

Single Point of Failure in Enterprise Computing

With SOA as central body of thinking, lots of enterprises are adopting:

• Centralized Authentication system ( more fancy name is Single Sign On – SS0)
• Master data management – MDM
• Queuing services – generally JMS
• Enterprise Service Bus – ESB
• Integration utilizing Hub and Spoke system
• Business Process Management (BPM) Engine

If you look very carefully in all of these systems has one underlying philosophy – Centralized logic and control. These component with fault tolerant and clustered deployment get benefits of distributive computing but still hardware is still co-located.

Does this mindset bring single point of failure in enterprise computing?

My take is: YES. How to minimize this – wait for future posts.

NO SQL = Not Only SQL

No SQL

Non Functional Requirements of Integration Projects (EAI and B2B)

• No Data loss in any case. Data should be recoverable in integration layer.
• Recovery should be automatic in majority of the cases in case of integration layer failure.
• Replay of messages must be possible in all case of failure.
• End systems to be integrated, should be decoupled in time, space and semantic.
• Contingency path/scenarios (if deployment fails or integration is need to be rolled back after successful run in production after a while) must be defined and rehearsed.
• There must be clear separation between Integration and Services.
• Underlying integration service failure (like audit, logging, notification, error handling, etc) must not affect integration as well as enterprise services.
• Audit, error notification, error repository should be deployed on separate servers/infrastructure from business services and integration.

Forecast, Foresight and RoI

Whenever technical person take a business proposition to business owners in any typical business, the first question asked is “What is RoI?”
Is this question correct? Before reaching to answer let us consider few scenarios.

Scenario 1: Foo Inc has its HRMS developed in house. With growth in number of employees and globalization of business, current HRMS is not able to keep pace and requires frequent tweaks and hacks to do the job. This is leading to broken HRMS and potential disruption of services and day by day increasing cost while maintain the system. The proposals to change current HRMS by some contemporary HRMS – Self hosted or SaaS are in wild.

Scenario 2: Bar Corp is in groceries retail business and has stores across countries. Its PoS (Point of sales) system is working great and designed and developed in late eighties. The programming languge used is Basic C. Even today (2011), system is working fine for current needs. Bar Corp management has foresight for market in China, which has entirely different legal system, language requirements. Should Bar shift to contemporary technology?

Scenario 3: We are in 1990. QUX LLC is in investment banking. Its computer systems are rock solid and rely heavily on Mainframe. New technology and paradigm are emerging. Java on UNIX and distributive technology is seen as next game changer. Internet is seen as bright star on horizon. Should QUX LLC start evaluating Internet, Java and UNIX?


In the three scenarios built above will ROI justify the investment? In case of Foo Inc ROI certainly a justification but apart from ROI addition decision criteria comes into picture: Should employee data be on cloud or internal? In case of Bar Corp, lot of speculation and unpredictability comes into picture. Certainly RoI is the decision criteria here. For QUX LLC do I have to argue?

The picture is very clear, when ever forecasting is involved, ROI argument hold good but for foresight ROI is the criteria.

Book Review: Seven Languages in Seven Weeks: A Pragmatic Guide to Learning Programming Languages

Seven Languages in Seven Weeks: A Pragmatic Guide to Learning Programming Languages by Bruce A. Tate: Pragmatic Bookshelf: ISBN- 13: 978-1934356593

Why I read this book! Because book’s title is interesting. Book covers language spanning from object orientated, prototype, and functional and since ancient time of modern programming. Certainly book does not teach you 7 languages but gives you flavor of each. After tasting you can decide which one is suitable for your dinner.

Very nicely book cover seven languages though there will be conflicting views on selection of languages. Book introduces philosophies of these languages ( Prolog, Io, Ruby, Scala, Haskell, Erlang, and Clojure), basic syntax and main constructs. Book very carefully avoids unnecessary details like how to install, IDE, etc which can be found online very easily.

The last chapter “Wrap-up” serves you cocktail with distinct hint for each.

Certainly I am looking for more of these type of books covering various components of software – Operating system, IDE, etc.


Seven Languages in Seven Weeks will certainly be on my bookshelf for quick reference.


Disclaimer: I did not get paid to review this book, and I do not stand to gain anything if you buy the book. I have no relationship with the publisher or the author.

Further reading: One can get more information about book and related topics from:

One can get more information about book and related topics from:

1. Amazon: http://www.amazon.com/Seven-Languages-Weeks-Programming-Programmers/dp/193435659X
2. Review: http://slightlymore.co.uk/7-languages-in-7-weeks/
3. Dr Dobb Review: http://drdobbs.com/blogs/tools/228700160
4. One more review: http://iprug.org/book-review-seven-languages-in-seven-weeks
5. The bulky review: http://javaheap.wordpress.com/2011/03/13/review-7-languages-in-7-weeks
6. One more: http://blog.founddrama.net/2011/05/on-seven-languages-in-seven-weeks/
7. The second last: http://fiveholiday55.blogspot.com/2011/05/my-review-of-seven-languages-seven.html
8. The last review: http://www.nofluffjuststuff.com/blog/matt_stine/2010/05/first_thoughts_on_seven_languages_in_seven_weeks_

Security threats posed by public cloud computing

Criminal Use of Cloud Computing: The ease of the registration process for services opens up services to abuse by spammers, malicious code authors, and other criminal elements.
Solution: Strengthen verification process of the registration.

Insecure Application Programming Interfaces: Cloud computing services management and interaction interfaces have very coarse authorization which opens up security hole.
Solution: More granular authorization and multifactor authentication process.

Malevolent Insiders: The threat posed by a malevolent insider is not unique to cloud computing. However, the threat is inflated by the convergence of IT services and customers under a single cloud environment, economic scale and a lack of visibility into the hiring standards and practices of cloud employees.
Solution: Enforce strict supply chain management security and comprehensive background check of cloud employees. Also setting up legal framework to tackle such malicious scenarios.

Shared Technology Vulnerabilities: Cloud computing delivers services by sharing infrastructure. This opens up the entire system to security breaches.
Solution: Defense-in-depth strategy that includes computer, storage, and network security enforcement and monitoring


Data Loss/Leakage: The enhanced risk of destruction or loss of data, whether accidental or intentional, due to increased number of actors and interactions.
Solution: Encrypt data in transit and implement strong data backup and retention strategies. Granular authorization strategy.


Service Disruption: Due to large number of customers on cloud, service disruption or reduced QoS may enhance impact to manifold.
Solution: In-depth replication of infrastructure across location.

Account, Service, and Traffic Hijacking: Account, service, and traffic hijacking, such as phishing, fraud, and exploitation of software vulnerabilities, pose risks to any computer system. With cloud these risks increases due to large number of interactions and actors.
Solution: use strong authentication techniques and unauthorized activity monitoring. Granular Authorization.

Unknown Risk Profile: Due to outsourcing nature of public clouds risk of losing track of the security ramifications of cloud deployments are very true. Security by obscurity may be low effort, but it can result in unknown exposures.
Solution: Maintain detailed information about who is sharing the cloud infrastructure, as well as network intrusion logs, redirection attempts, and other security logs. Deeper engagement with cloud computing provider.

Reference:

1. https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf
2. http://www.ists.dartmouth.edu/docs/HannaCloudComputingv2.pdf
3. http://www.privatecloud.com/2011/03/16/5-overlooked-threats-to-cloud-computing
4. http://en.wikipedia.org/wiki/Cloud_computing_security
5. http://www.networkworld.com/news/2008/070208-cloud.html

Characteristics of a Good API

• Easy to learn
• Easy to use, even without documentation
• Hard to misuse
• Easy to read and maintain code that uses it
• Sufficiently powerful to satisfy requirements
• Easy to extend
• Appropriate to audience

Benefits of API Driven Design

• Saves development time in medium to long term
• Reduces errors and debugging time.
• Facilitates modular design.
• Provides a consistent development platform.

Why a Good API is difficult to Design

• Forces designer to anticipate future usage of code.
• Requirements are incomplete (may never be complete).
• Requires abstraction.
• Requires modularization of functional as well as non functional requirements
• Requires in-depth skills in programming and design.
• Loads initial investment in terms of money, time and intellect.

Software without API Design

• +ves

• Fast and easy to implement in small projects
• Can serve as a starting point for API design. Agile!
• No need to consider how code interfaces with other softwares.
• Relaxed resource requirement in terms of intellect
• Immediate results

• -ves

• Code has a limited (as opposed to general) functionality.
• Code might not be reusable.
• Code is evolution will be difficult so the functionality.

SaaS Integration Challenges

1. Security

• Authentication

• Data Encryption

2. Volume of data transfer

• Continual Basis (Real time)
• Traffic Bust
• Batch Mode

3. Error and Exception Handling
4. Contingency
5. Data Migration
6. Turnaround Time
7. Cost proposition
8. Support Organization