Customer feedback

It's about customer feedback.

I've been lately on a trip to some of our customer sites.  They are using one of our company products, which they have licenses on.  They are activating in the healthcare domain.

It was a fulfilling experience - discussing with various employees, to see how they're using the systems, to listen to their feedback. 

It's also an opportunity to discuss with them and learn more about their business, to understand their problems and how to incorporate new solutions into our products.

It also helped me understand just how important is to have a good, productive, honest, hands on and face to face communication at the customer site.   The feedback you receive that way is invaluable.   

No matter what you might think about you knowing the customer domain - it's a really different experience to discuss and see the customer business hands on.

Personally - I think these kind of experiences have helped me understand much better the domain, the use-cases and they also helped me figure out what our next moves - in developing our products - might be.

Agile at scale

Hello,

For a while, a few years go, when Agile was new, I thought that one of the weaknesses of Agile methodologies was that it was difficult to scale them.   You could have a team, maybe two agile teams, but then for large projects, you ran into difficulty of coordinating between teams both business wise and technically, hence the need to have an initial stage where you had to do some architecture, design and business analysis work.

But lately, with rise of agile scale frameworks such as SAFe, you can now safely say that yes, you can scale Agile.  So you can get all the benefits of using Agile (such as early customer feedback, early releases, technical adjustments) even for large projects.  I have been part of projects that scaled Agile and I can safely say that it can be done (it is viable).

But beyond using various development methodologies, being Agile or going Waterfall, the most important of all is your ability to execute.   You need to have the right technical people and you need to have the right key decision makers and you need to foster the right kind of collaboration environment and company culture in order to make it all happen. 

There is no going around that.

Have a nice weekend,
Razvan

Reporting services in the cloud

I have spent some time in the previous weeks looking at was what is the level of integration and support of some of the existing analytics suites and the cloud and more precisely at some of the existing reporting capabilities and services in the Microsoft Azure Cloud Platform.

As people know, in today’s market the software analytics and reporting tools are gaining in importance.  Especially when coupled with some of the todays big data, IoT and near real time processing solutions, the clear, concise and easy to understand reporting and dashboard organized data become more and more important.

As you might know, Microsoft has the Power BI suite which is their mainstream business analytics product.   This suite can be installed and used on premises, as well as an online service.   It has an easy to use interface (in a true Microsoft fashion, it makes it easy to do the straightforward things – I do not know yet what’s the situation about the not so straightforward things 😊), as well as support for additional reporting libraries, or, if you don’t find what you need you can build your own.  These reports are customizable, you can change the Look&Feel, color palette etc.   As an end user, you do not need to and you might not be aware about the reporting technology powering these reports.

Furthermore, you can make use of an existing Azure Cloud Platform service, which is called Power BI Embedded, which we will discuss in more detail below.

You can use the Power BI online services in two ways.   One is to have Power BI licenses for your organizational users and have them connect to the Power BI online site in order to view their customized dashboards and reports; the other is aimed towards ISVs.   As an ISV, you have the option to decouple the usage of reports from your application users/clients, so that you do not need one Power BI license for each user you’re going to support.   You can practically embed Power BI dashboards and reports into your own applications.  

In order to be able to embed the Power BI widgets, you will need dedicated Power BI processing resources which can be provisioned through Power BI service (with the Power BI Premium subscription) or by making use of Microsoft Azure Platform (by using Power BI Embedded).

With the reporting processing capability on the cloud (Azure) – you could do that to take advantage of cloud features such as high availability, elasticity and scalability - you can even keep your data on premises or on another cloud solution such as AWS.  

In that case, you will need to install and configure an on-premises application data gateway from Microsoft, which is provided free of charge, that can connect securely to Azure using the Azure Service Bus.   This Gateway will provide ways to connect to various on-premises or cloud-based data sources.  Some data sources such as MS SQL Database, SAP etc. are supported with real-time refresh while others can be configured with scheduled refreshes.

In this case, your environment would be the following.   Power BI Service with a Power BI pro license in order to house the reports that are being developed.   Power BI Desktop that will be used for report development, and which will be used to deploy the reports in the Power BI service.   Dedicated capacity provisioned on the Azure Cloud Platform (Power BI Embedded) in order to be able to process the reports.  And Power BI Gateway (installed on-premises) if needed that will be able to retrieve the data if the data sources are on-premises or located in another cloud environment such as AWS.  And of course, your cloud based web app that is embedding the Power BI reports, which could virtually reside anywhere.

Client/Server SSL certificate authentication (using self signed certificates)

Let's discuss today about how you can configure a JBoss application server to accept secure connections only from clients who possess the associated client certificates.   We're going to generate and use self signed certificates (a generated EV SSL certificate from a trusted certificate provider will cost up to $300 per year).

The steps to configure a secure client server connection, where the server only accepts connections from clients who possess an associated client certificate to the server one.  This approach is useful where you have front office applications exposed over the internet, and you want only certain users to be able to connect to them.

The process is the following (in short):  

1. generate the certificate authority, 
2. generate the server certificate based on the generated CA and keys, 
3. generate the client certificate based on the generated CA and keys, 
4. then configure the app server and the browser with server and client certificates respectively (after applying required certificate formats transformations)

A  Certificate generation

1 Download and install Openssl

2 Generate a CA (certificate authority) - use the same pass for all certificates created

2.1 openssl req -out ca.pem -new -x509

-generates CA file "ca.pem" and CA key "privkey.pem"

3 Generate server certificate/key pair

3.1 openssl genrsa -out server.key 1024

3.2 openssl req -key server.key -new -out server.req

3.3 openssl x509 -req -in server.req -CA CA.pem -CAkey privkey.pem -CAserial file.srl -out server.pem

-contents of "file.srl" is a two digit number.  eg. "00" (i.e. on linux run echo “00” >> file.srl)

4 Generate client certificate/key pair

4.1 Either choose to encrypt the key(a) or not(b)

        a. Encrypt the client key with a passphrase

            openssl genrsa -des3 -out client.key 1024

        b. Don't encrypt the client key  - I only tested this option

            openssl genrsa -out client.key 1024

4.2 openssl req -key client.key -new -out client.req

4.3 openssl x509 -req -in client.req -CA CA.pem -CAkey privkey.pem -CAserial file.srl -out client.pem

-contents of "file.srl" is a two digit number.  eg. "00"

B  Client configuration

5 Convert client certificates from pem to pfx

5.1 cat client.pem ca.pem >> clientcertchain.pem

5.2 openssl pkcs12 -export -in clientcertchain.pem -out clientcertchain.pfx

5.3 openssl pkcs12 -export -in ca.pem -out ca.pfx

6 Import client certificates into browser

6.1 Chrome browser: type in chrome://settings/advanced.   Search for SSL, click on manage certificates.  Navigate to “Trusted Root Certificate Authorities”, import certificate ca.pfx.

6.2 Chrome browser: type in chrome://settings/advanced.   Search for SSL, click on manage certificates.  Navigate to “Personal”, import certificate clientcertchain.pfx.

C  Server configuration

7 Convert server certificates from pem to pfx

7.1 openssl pkcs12 -export -out server.pkcs12 -CAfile ca.pem -chain -noiter -in server.pem -inkey server.key

7.2 openssl pkcs12 -export -out ca.pkcs12 -noiter -in ca.pem -inkey privkey.pem

8 Copy certificates

8.1 Copy them to the JBoss configuration folder

9 Convert server certificates to JKS format for JBoss usage - copy them on the JBoss server - keytool is a java command

9.1 keytool -importkeystore -srckeystore ca.pkcs12 -srcstoretype pkcs12 -srcalias 1 -destkeystore ca_keystore.jks -deststoretype jks -deststorepass xxxxx -destalias ca_server_jboss

-make sure the src alias match by running the command keytool -v -list -storetype pkcs12 -keystore ca.pkcs12

-destination store password needs to be set as well - this should be identical with the certificate store password due to a JBoss implemenation limitation

9.2 keytool -importkeystore -srckeystore server.pkcs12 -srcstoretype pkcs12 -srcalias 1 -destkeystore server_keystore.jks -deststoretype jks -deststorepass xxxxx -destalias server_jboss

-make sure the src alias match by running the command keytool -v -list -storetype pkcs12 -keystore server.pkcs12

-destination store password needs to be set as well - this should be identical with the certificate store password due to a JBoss implemenation limitation

10 JBoss configuration

10.1 Adjust the SSL connector with the bolded info

<ssl name="20150914" password=“xxxxx” certificate-key-file="../standalone/configuration/server_keystore.jks" protocol="TLSv1.1,TLSv1.2" verify-client="true" ca-certificate-file="../standalone/configuration/ca_keystore.jks" ca-certificate-password=“xxxxx”/>

D Connection check

11 Point the browser to the SSL JBoss port and check connection.   At this point any other browser that does not have the client certificates should not be able to connect.

JBoss clustering in the cloud

This is a short post on some JBoss clustering options when working with cloud platforms.  There are also other possibilities such as using tunnels but I will cover that in a later post.   I am also not going to write right now about other considerations such as security, reliability etc.

I am currently a Solution Architect and I work on designing Cloud Services solutions.  We're making use of Microsoft Azure Cloud Platform to deliver our services to clients.

I am going to outline a few thoughts regarding JBoss clustering in the cloud.

As you might be aware, usually cloud infrastructures do not allow for IP multicasts.  Usually a cluster configuration needs to account for this and choose alternate protocol stacks to work around this limitation.  

Usually this means dropping UDP, relying on TCP and either configuring the nodes IPs in the cluster configuration files or relying on TCPGOSSIP to emulate the multicast for you.   The TCP alternative is less scalable since more network traffic is involved between the JBoss nodes as opposed to UDP.

I will focus on two ways of handling the clustering: TCP + TCPPING and TCP + TCPGOSSIP.

TCP + TCPPING
This configuration usually involves manually configuring JBoss nodes within the cluster configuration.   While it is simpler to setup, it has the drawback that one needs to adjust the configuration if the cluster needs to scale dynamically - for instance if you need to adjust the number of cluster members based on the current system load (automatic provisioning of cloud resources).

<subsystem xmlns="urn:jboss:domain:jgroups:1.1" default-stack="tcpping">
    <stack name="tcpping">
        <transport type="TCP" socket-binding="jgroups-tcp"/>
        <protocol type="TCPPING">
            <property name="initial_hosts">1.1.1.1[7600],1.1.1.2[7600]</property>
            <property name="num_initial_members">2</property>
            <property name="port_range">0</property>
            <property name="timeout">2000</property>
        </protocol>
        <!-- ... -->
    </stack>
</subsystem>

TCP + TCPGOSSIP
If you go the TCPGOSSIP route, then the server or servers hosting the TCPGOSSIP instances need access to all the JBoss nodes.  The good news is that you can configure more than one TCPGossip instance so you are covered from the availability standpoint.  All traffic between the JBoss nodes is routed through the TCPGOSSIP instances.

<subsystem xmlns="urn:jboss:domain:jgroups:1.1" default-stack="tcpgossip">
    <stack name="tcpgossip">
        <transport type="TCP" socket-binding="jgroups-tcp"/>
        <protocol type="TCPGOSSIP">
            <!-- GossipRouters -->
            <property name="initial_hosts">1.1.1.1[12001],1.1.1.2[12001]</property>
            <property name="num_initial_members">2</property>
            <property name="timeout">3000</property>
        </protocol>
        <!-- ... -->
    </stack>
</subsystem>


Enjoy :)

Cloud computing basics

 

Definition

 

National Institute of Standards and Technology (NIST). According to NIST:

“Cloud computing is a model for enabling convenient, on-demand network access to a shared

pool of configurable computing resources (e.g., networks, servers, storage, applications, and

services) that can be rapidly provisioned and released with minimal management effort or

service provider interaction.”

It demonstrates five essential characteristics, three services models and four deployment

models of cloud.

Five characteristics that define cloud computing

 

1. On-demand self-service. This means provisioning or de-provisioning computing

resources as needed in an automated fashion without human intervention.

2. Ubiquitous network access. This means that computing facilities can be accessed from

anywhere over the network using any sort of thin or thick clients

3. Resource pooling. This means that computing resources are pooled to meet the demand

of the consumers so that resources (physical or virtual) can be dynamically assigned,

reassigned or de-allocated as per the requirement.

4. Rapid elasticity. Cloud computing provides an illusion of infinite computing resources to

the users. In cloud models, resources can be elastically provisioned or released according

to demand.

5. Measured service. This means that consumers only pay for the computing resources

they have used.

Three main service models of cloud computing

 

1. Infrastructure as a service (IaaS). It is the delivery of computing infrastructure as a

service. SoftLayer cloud and Amazon EC2 are some examples of IaaS.

Here’s how NIST defines IaaS:

“The capability provided to the consumer is to provision

processing, storage, networks and other fundamental computing resources where the

consumer is able to deploy and run arbitrary software, which can include operating systems

and applications. The consumer does not manage or control the underlying cloud

infrastructure but has control over operating systems, storage and deployed applications; and

possibly limited control of select networking components (e.g., host firewalls).”

“Infrastructure as a service is the ability to programmatically create, manage and consume

infrastructure elements which include images, storage volumes, network and compute

resources.”

“Infrastructure as a service means that you are obtaining cloud infrastructure (i.e. servers,

storage and networking) in an on-demand, elastic fashion and in a pay-as-you-go model.”

“Infrastructure as a service is providing raw materials (compute, storage, network) to users

on-demand so that they can execute their workloads in a flexible, scalable environment

without the overhead of obtaining and operating physical gear.”

2. Platform as a service (PaaS). Providers deliver not only infrastructure but also

middleware (databases, messaging engines and so on) and solution stacks for application

build, development and deployment (dev-ops).

(NIST) definition of PaaS: The capability provided to the consumer is to deploy

onto the cloud infrastructure consumer-created or acquired applications created using

programming languages, libraries, services, and tools supported by the provider. The

consumer does not manage or control the underlying cloud infrastructure including network,

servers, operating systems, or storage, but has control over the deployed applications and

possibly configuration settings for the application-hosting environment.

PaaS provides the developers with the appropriate flavors of operating systems, databases, middleware, software tools and managed services, usually in a multitenant environment. The biggest added value of PaaS is that developers are completely abstracted from the lower-level details of the environment, so they can fully focus on what there are really good at (rapid development and deployment) and not worry about things like scalability, security and more that are fully managed by PaaS.

3. Software as a service (SaaS). Applications hosted by a provider on a cloud infrastructure

are accessed from thin or thick clients over the network or a program interface (for

example, web services).

  

Cloud deployment models

 

1. Public cloud. This is where computing resources provided by a cloud provider are used by

different organizations through public Internet on a pay as you go (PAYG) model. Cloud

providers ensure some sort of separation for resources used by different organizations. This

is known as multitenancy.

2. Private cloud. This is where cloud infrastructure is solely owned by an organization and

maintained either by this organization or a third party and can be located on site or off-site.

Computing resources are behind the corporate firewall.

3. Community cloud. Here, cloud infrastructure is owned and shared by multiple organizations

with a shared concern.

4. Hybrid cloud. It is the combination of any type of cloud model mentioned above connected

by standardized or proprietary technology.

The pros of cloud computing

 

“Cloud computing has a lot of benefits but it also comes with some downsides,”

1. Cloud computing allows you to focus more on your business and not on managing data centers

2. You can develop new applications faster

3. Leveraging your cloud provider’s API can help you automate many of your operational tasks

4. Cloud computing is scalable

Assuming your application is architected appropriately, as the load on your application grows you can scale horizontally by provisioning new servers. If you need to increase the size of your servers to support loads that cannot scale horizontally, you can provision larger servers to support the increased demands.

Black Friday example – online shops, 100x the load vs the rest of the year - does it make sense from the business perspective to buy all that hardware to accommodate this only for two days a year?

5. Financially, cloud computing makes a lot of sense

Renting your infrastructure can make good financial sense. The pay as you go (PAYG) model is especially attractive to the limited cash flow of small and startup businesses.

6. Cloud computing allows you to expand your global presence

The downside of cloud computing

 

1. Performance on shared infrastructure can be inconsistent

2. People believe that cloud infrastructure is not secure

3. Cloud computing may not be the right fit for all workloads

4. Some workloads have very specific performance and security requirements.

Top 7 most common uses of cloud computing

 

1. Infrastructure as a service (IaaS) and platform as a service (PaaS)

2. Private cloud and hybrid cloud

3. Test and development

4. Big data analytics

5. File storage

6. Disaster recovery

7. Backup

Considerations for moving to cloud

 

When it comes to deciding what to move to cloud first, a very important consideration is the

workloads. Not all workloads are created equal.

Migration to cloud: It is all about workloads

The main characteristics that a workload must exhibit to be a good candidate for cloud

computing are:

1. Fluctuating demand: When a workload has a stable and predictable demand, having

dedicated and properly sized infrastructure for that workload is probably more efficient

than paying hourly charges for VMs in a public cloud or building and using a private and

automated cloud.

2. Standard: Efficiencies in cloud computing are achieved thanks to virtualization and

automation. Automation is only cost-effective if there is a limited set of features (in SaaS

solutions) or pieces of software (in IaaS in PaaS solutions) available in the catalog.

3. Independent: If a workload requires heavy communications with other systems, migration

of that workload alone to a public cloud environment might affect performance negatively

because of issues with latency and bandwidth between the data center and the public

cloud environment. Although bandwidth can always be increased, latency is more difficult

to reduce below a minimum threshold unless your 1’s and 0’s can travel faster than light (!).

4. Non-critical: Workloads with very high demanding requirements (for example, availability,

response time, recovery time objective, recovery point objective and security) might not be

ready to be hosted in public clouds yet. Service levels offered by public clouds do not

usually meet the requirements of critical workloads.

Migrating applications to cloud isn’t so simple

Cloud is a technology that is already part of most IT environments today, which means that

migrating a distributed environment or application to a cloud environment isn’t like turning it

off and moving it to cloud.

What should we consider when analyzing a workload? I would say the following

1. Standardization—the application must be deployed in a standard way using standard

images since this reduces the effort for development.

2. Hardcoded dependencies—the application must avoid having hardcoded configurations,

since this may inhibit or complicate cloud adoption as it will require specific

reconfigurations or prerequisites.

3. Maintainability—the application must be deployed in a way that is easy to maintain. Fixes

or patches at the OS and application levels must be deployed without requiring manual

intervention.

4. Manageability—the application must be easy to manage from an operation and

administrative point of view.

5. Scalability, flexibility.  Are our products scalable enough to be able to take advantage of cloud  resources (IaaS) on demand?  furthermore, could they reuse some of the platform services existing in the cloud (databases, messaging systems etc)?  even more, is there a vision in place where from a business and technical perspective additional reusable software services could be envisioned (analysis methods etc)?

5 key success factors for cloud implementation

 

1. A new due diligence process will be required; you ought to be prepared to invest more

time and effort to finding the ideal partner.

2. Expect to pay more attention to security, as it is a primary concern for many stakeholders.

3. The study found many pushing the limits on, or altering the dynamics of their current

provider’s relations. Keep expectations high, but don’t expect to reach a steady state with limited change. You will need to cultivate a different type of relationship where you lean on your vendor for strategic guidance, business case development, workload prioritization and more.

4. Plan to spend more time helping the business adjust to the new technology. Cloud

services require a different governance approach, and procurement and contracting

processes often need to be altered requiring greater business leader engagement.

5. Thinking ahead about an integration plan is critical. Because the cloud is made for a

“best of breed” approach, you should plan for a more diverse vendor base and a hybrid IT

environment.