Application Security Testing: An Integral Part of DevOps
Redmond, Wash.—It's rare to find breadth and depth in any informational forum, but I had the privilege of finding both here at the Microsoft SOA and Business Process Conference 2006 during the week of October 2, 2006. Because Microsoft combined its integration and business process management (BPM) products under one umbrella last year, its product offering now sports a more unified functionality. However, integration is a complicated thing that touches many different products. The conference showed how to plug in to certain points of different products.
If you're like me, you've been reading about products like Windows Communication Foundation (WCF) and Windows Workflow Foundation (WF) for over a year. Often, however, learning new products does not provide an understanding of each product's importance or relevance to the other products in a vendor's offering. Thus, it's often hard to determine how important a product will really be until you see it work in conjunction with other products. So the questions I hoped the conference would answer were:
- What is important in the Microsoft Service Oriented Architecture (SOA) and BPM space?
- How do I prepare my organization to take advantage of it?
This article summarizes what I learned at the conference about the new development functionality and then shares some ideas for preparing your development team to use the new products and features.
It starts with a discussion of WCF, a new unified model for distributed computing.
WCF—The Unified Model
WCF is one of those foundational Microsoft technologies. For example, SQL Server also is a foundational technology—it's used everywhere. Deep knowledge of SQL Server makes you a better BizTalk, SharePoint, and MIIS developer. WCF makes knowledge of all communication avenues more attainable—a much higher bar with older technology.
Using current MS technologies, you would develop a Web service using ASMX and a distributed application using .NET Remoting, and utilize two different host applications for them: Internet Information Services (IIS) for Web services and a Windows application for .NET Remoting. With WCF, you can host a Web service and Component Services inside the same application by adding a single configuration file setting.
With WCF, products such as BizTalk and Microsoft Identity Integration Services (MIIS) will share adapters, simplifying integration development and hosting. In fact, WCF will become the communication plumbing for BizTalk. So, what makes WCF flexible and extensible will make BizTalk flexible and extensible.
A Pragmatic SOA Doctrine
The SOA approach amounts to standardizing on technologies such as Web services and XML (among other things). Typically, adopting an SOA technology foundation has been a grass-roots effort. This must change if BPM and SOA will work together effectively. For the best adoption results, take the following middle-out approach to validate your SOA foundation:
- Pick an important project that exercises the foundation.
- Realize that reusability is something to strive for, but it generally doesn't happen. Too many things change in technology and the business environment.
- Focus on products that enable faster construction.
- Deliver iterations—don't boil the ocean.
- Remember to deliver a solution, not a particular technology.
BizTalk and WCF address all the problems an enterprise service bus (ESB) addresses, plus more. There are some ESB ideas you can apply, though, and Microsoft's forthcoming ESB Guidance documentation will help with that.
WorkFlow in Office/SharePoint
Big changes are in store for Office and SharePoint in the coming year. With the advent of Windows Workflow Foundation (WF), workflow has been embedded into the .NET Framework. Utilizing the new WF underpinnings, Office and SharePoint will sport new tools to make workflow development accessible to any Office-savvy user. For instance, business eventing can now kick off workflows created by Office users.
Microsoft's new BPM mantra is "People-ready Process." In prior years, the process was embedded in code and therefore was difficult to adjust. New BPM technologies will change this, making the process explicit/visible and easier to adjust.
The Takeaway Recommendations
I left the Microsoft SOA and Business Process Conference 2006 with the following 10 action items for my organization, which you can consider for yours as well:
- Adopt WCF as soon as possible, and revise your best practices—including hosting best practices— accordingly. For example, interface and share contracts among many endpoints, or simply offer more endpoints. Also, educate other developers on WCF's uses and benefits.
- Keep moving down the integration technology foundation path you're on currently. Although workflow and messaging will become part of the .NET Framework, BizTalk will be important for scalability and host rich adapter functionality.
- Embrace business process orientation, SOA, and BPM to help build more agile business processes. To do the technology part of this, you'll need to upgrade to SharePoint/Office 2007.
- SOA will become even more important once everyone is using WF inside of Office and Sharepoint. So, get your SOA house in order, and consider the impact of less tech-savvy individuals using your SOA.
- With more SOA use, better visibility into functioning may become important. Now that workflow is no longer hidden behind a black-box program, you may need to turn to business rules to give users the same experience they have come to expect in workflow (for example, self documenting and ease of change).
- Conduct user training to make users more aware of how what they're doing impacts the functioning of the system. Users new to workflow may do unexpected things often because they lack technical understanding.
- Determine the condition of your Active Directory. Do you have the right information to define the level of granularity you'll need to configure access?
- When you put tools in people's hands and they become more savvy with them, that often stimulates ideas for more features or even more creative tool uses. But, it provides more ways to hang themselves as well, so become familiar with the power-user tools. One day, you will need to integrate with them. Also, question and train your tech support people.
- Real-time business intelligence (BI) may become more important. If you're not using Business Activity Monitoring (BAM), you may be soon. As users build more workflow business processes, visibility will become more important, especially for the system-only components of the business process. BAM is one tool for supplying the needed visibility.
- Prepare for the radical change to Office. Begin a dialog with your support and administration staffs to establish a timeline for releasing Office to your group or company. You may be functioning in a mixed Office environment, so determine the impact of this.