Microsoft urgently needs to consolidate all the APIs that are required for provisioning services or sites. The amount of knowledge you need to have and the number APIs you need to use in order to lock down a Web service or Enterprise Services application programmatically at installation time in order to have it run under an isolated user account (with a choice of local or domain account) that has the precise rights to do what it needs to do (but nothing else) is absolutely insane.
You need to set ACLs on the file system and the registry, you need to modify the local machine's security policy, you need to create accounts and add them to local groups, you must adhere to password policies with your auto-generated passwords, you need to conbfigure identities on Enterprise Services applications and IIS application pools, you need to set ACLs on Message Queues (if you use them), and you need to write WS-Policy documents to secure your WS front. Every single of these tasks uses a different API (and writing policies has none) and most of these jobs require explicit Win32 or COM interop. I have a complete wrapper for that functionality for my app now (which took way too long to write), but that really needs to be fixed on a platform level.
Two non technical comments in a day; very rare. And two "thank you" messages, too. But this one has to be:
Thank you, President Reagan. Sir, you will have my respect forever for winning the cold war and having more than just a leading role in the fall of Berlin Wall.
Tomorrow morning, 60 years ago, the French Normandy coast saw the biggest military operation in the history of mankind.
It was the start of the liberation of Europe.
My grandfather Friedrich Vasters (my "F.") fell later the same year in France doing his duty as a motor-bike courier for the Wehrmacht in France. He and many other German soldiers had to die because Europe had to be freed from the grip of the German Nazi government. Many allied soldiers and German soldiers and members of the French resistance lost their lives on the beaches and field of northern France that day and just because of that I think this is a day to celebrate today's Europe.
Thank you, Allied Soldiers.
It's inevitable, its security improvements are absolutely necessary and it might break your code. I would strongly suggest that you install a test box with XP SP2 now if you haven't already done so. I've had some interesting surprises today.
Autonomy means that a service is alive.
Here are my sub-tenets:
- It has its very own, independent view on data. That may or may not result in fully owning its own data store (I think it should, but that's all a matter of scale and use case), but it certainly shall never share its own view on a shared store with others. The service's public interface(s) provide(s) the only way to manipulate its view on data.
- It controls its own lifetime. It can do periodical tasks, spin its own threads and should not be forced to shut down because its hosting process model thinks it's idle for the sole reason that it hasn't seen inbound traffic for a while.
- It has its own identity and carries a security responsibility. It identifies itself with a service-unique principal against other services and through of its own authorization rules it takes the responsibility upon itself that no user gains illegitimate access to backend data or services. It identifies and takes responsibility for those that invoke it, but never assumes their identity.
The PEACE tenets for SO are a composite set. Autonomy is architecturally the most far reaching of the SO tenets and it is much more about the inside and fundamental behavior of a service than about its edge.
If you are even nearly as ignorant as every other developer including myself about any administrative aspect of SQL Server 2000 beyond the default install, this tool may be for you. I just installed it and I hate the tool already for what it tells me. Good sign. (Thanks to still-blogless SQL Goddess Kimberly Tripp for the link)
Ted Neward has a crusade against DataSets going on on his blog. At this point in time, I really only ever use them inside a service and only at times when I am horribly lazy or when I code under the influence. Otherwise I just go through the rather quick and mostly painless process of mapping plain data structures (generated from schema) to and from stored procedure calls myself. More control, more interoperability, less weight. I really like when my code precisely states how my app interacts with one of the most important components: the data store.
I don't even use DataSets on ASP.NET web pages anymore. The data binding logic allows to bind against anything and if I have a public or protected property "Customer" on my page class that is a data structure, I can simply have an expression like <%# Customer.Name %> on my page and all is good. Likewise, a DataGrid happily binds against anything that is an ICollection (Array, ArrayList, ...) and the DataGridItem.DataItem property will then contain the individual element. It's just that the design-time support in VS.NET is very DataSet focused and messes things up when you click the wrong things.
DataSets are really cool for Windows Forms apps. By now I've reached a point where I simply conclude that the DataSet class should be banned from the server-side.
The TechEd Europe session search tool starts to reveal what I am up to in Amsterdam ...
CTS308 Building Proseware, Inc. – a non-trivial service-oriented system (just me)
Proseware, Inc. is an online bookseller. A big one. They have warehouses all over Europe, have millions of customers, sell millions of different items and process tens of thousands of orders every day. So imagine they came around to you and asked you to build a system for them. What would you do? In this session, we explain what we would do and what we did. The Proseware Services Demo consists of 14 autonomous, collaborating services, designed with best-practice architecture principles and implemented on Windows Server 2003. Proseware leverages the power of technologies such as Enterprise Services, ASP.NET Web Services, the Microsoft Message Queue, Microsoft Web Services Enhancements 2.0 to implement a large scale, robust, secure and scalable service oriented system that shows how all these technologies can be put to work effectively and that reflects the complexity of real-life enterprise applications.
And this is going to be great fun, too:
ARC230 The Nerd, the Suit and the Fortune Teller (sharing the stage with Pat Helland and Rafal Lukawiecki)
Object Orientation promised to deliver us from all IT evil and to ensure longevity and reuse of software. With today’s business requirements changing faster than it takes to compile an application and an ever-present call for integration, even that approach does not seem to work. However, it seems that Service Oriented Architecture (SOA), Operational Service Orientation of IT departments (MOF, ITIL), Service-Based Interoperability (WS-Guidelines) and Service-Based User Interfaces (messenger, wizards) are quietly converging onto a new paradigm in IT. For the lack of a better name, we call it “Service Oriented Convergence”. Come to this session and see if this concept has any merit and value to you. Rather than endure a typical PowerPoint presentation, you will observe a discussion between: an experienced developer, an unforgiving businessman in charge of IT and a visionary technology innovator. On your behalf, they will battle out their differing points of view and leave you with useful guidance on ways to handle this very important issue that will affect your job, work and future. Oh, and we hope this session is unlikely to be boring.
There is also an updated sessions on the FABRIQ (ARC405, with Arvindra Sehmi) and even a hands-on lab where you can play with the FABRIQ yourself (ARC-IL01, led by newtelligence instructors Achim Oellers and Jörg Freiberger).
I am back home from San Diego now. About 3 more hours of jet-lag to work on. This will be a very busy two weeks until I make a little excursion to the Pakistan Developer Conference in Karachi and then have another week to do the final preparations for TechEd Europe.
One of the three realy cool talks I'll do at TechEd Europe is called "Building Proseware" and explains the the scenario, architecture, and core implementation techniques of Proseware, an industrial-strength, robust, service-oriented example application that newtelligence has designed and implemented for Microsoft over the past 2 months.
The second talk is one that I have been looking forward to for a long time: Rafal Lukawiecki and myself are going to co-present a session. And if that weren't enough: The moderator of our little on-stage banter about services is nobody else than Pat Helland.
And lastly, I'll likely sign-off on the first public version of the FABRIQ later this week (we had been waiting for WSE 2.0 to come out), which means that Arvindra Sehmi and myself can not only repeat our FABRIQ talk in Amsterdam but have shipping bits to show this time. There will even be a hands-on lab on FABRIQ led by newtelligence instructors Achim Oellers and Jörg Freiberger. The plan is to launch the bits before the show, so watch this space for "when and where".
Overall, and as much as I like meeting all my friends in the U.S. and appreciate the efforts of the TechEd team over there, I think that for the last 4 years TechEd Europe consistently has been and will be again the better of the two TechEd events from a developer perspective. In Europe, we have TechEd and IT Forum, whereby TechEd is more developer focused and IT Forum is for the operations side of the house. Hence, TechEd Europe can go and does go a lot deeper into developer topics than TechEd US.
There's a lot of work ahead so don't be surprised if the blog falls silent again until I unleash the information avalanche on Proseware and FABRIQ.
Only this week here at TechEd it became really apparent to me how many people read the things I write here. I've had dozens of "strangers" walking up to me saying "Clemens, I read your blog. Thank you for the things you write.". It's great to meet the real people behind the numbers (I get an insane amount of hits each day for what is effectively a personal opinion outlet) and it's absolutely fantastic to hear when people tell me that I am helping them to do their job better. So what I wanted to say is ... "Thank you for stopping by every once in a while and for helping me to do my job well"
|