Tuesday, May 3, 2011

Software Architect Proverbs

If Architects spent as much time building as they do arguing (debating), wonder if there would be more usable applications?

Governance Architects: Paid "No-men".

There are no such things as bad applications, just bad architects.

An architect's ego is often bigger than their architecture.

Fixing a bad software architecture is like getting over a sunburn-- lots of peeling, head scratching, and eventually reproducing from the beginning.

Enterprise Architects preach that technology is not the solution, but they use technology every day, hour, and minute. I find that ironic.

Don't let 1 bad software bug spoil the pot.

The biggest communication gap I see with architects is their failure to communicate that the architecture can change. It can, and most likely will! It's not a matter of "IF", its a matter of "when" change occurs.

We often compare software architecture to building a house. How many houses do you know can change their infrastructure rapidly? Maybe a bad example to compare physical world to virtual world?

How many Architects want to be like The Architect in the Matrix? I do. He is THE architect.

Speaking of Matrix, seems the Oracle beat the Architect in the final chapter of the Matrix Trilogy. Technology can win.

Whens the last time an Architect said "Good Job", "Thank You", "You're right", or "damn, you are just smarter than me..."

Monday, April 18, 2011

The Essential Cloud Integration Checklist

With the current paradigm shift towards cloud computing, it’s evident many companies are optimistically investing in cloud solutions. While some corporations are starting their private cloud infrastructure, other early adopters are driving out applications by developing directly in public cloud platforms, and even more are procuring software capabilities from the litany of Software as a Service (SaaS) vendors. No matter what your level of “Cloud Maturity” is or which deployment models you choose (SaaS, PaaS, or IaaS), there are certain essential architectural considerations when designing cloud environments. This is especially true for companies sharing information from their corporate applications into the cloud and vice versa-integrating existing systems with the cloud can be a daunting task. Sharing information with the cloud seems to be a concern for many CIO’s, since they haven’t established a level of trust with their cloud yet. This article explores the more critical characteristics of integrating to and from the cloud, and how to ensure your solution is stable, scalable, and interoperable. Consider this your Essential Cloud Integration Checklist.

(1) Security

Security is by far the #1 concern of IT departments when considering venturing into the cloud. Most of IT’s concern centers around the fear of exposing private or sensitive information to non-validated users. Nobody wants to be the next company featured on CNN for losing their customer’s data to an outside intruder. However, many of these same doubters would be surprised to learn that most Cloud providers have hosting and data centers that are far more secure than their own company’s on premise center. Overcoming the risk of losing sensitive data is best accomplished through education, cloud provider research, and contractual stipulations. In other words, make sure your cloud provider follows certain standards (some of which are outlined below), ensure you have the proper service level agreements to protect your company in case the cloud has a failure, and educate any doubters to cloud’s security capabilities. Standards such as Secure Socket Layers (SSL), Security Assertion Markup Language (SAML), and for encryption, authentication, and single-sign on (SSO) should be considered for any Cloud security architecture.

Cloud is based on a best-of-breed approach, and it’s common for companies to be tied in to multiple cloud vendors for their cloud solutions. If you buy-into a multiple cloud provider approach, how do you go about managing users logging into each provider’s proprietary, distributed, and multi-technology environments? This can become even more difficult when the cloud is off premise or a public Cloud. Policy Assertion standards such as Security Assertion Markup Language (SAML) will allow your systems to integrate via a single-sign on token and share security policies across technologies. This assumes your cloud provider supports SAML, which is an important consideration. Without direct SAML support, secondary options can be custom-based session tokens through cross-reference tables.

It’s also important to ensure your cloud provider supports SSL and other encryption techniques in case any sensitive Data needs to be exchanged with the cloud. This is especially true with public clouds, where the data can be crossing a public wire as it flows to/from the cloud, and the data needs to be masked from any potential interceptor.
Access Control of software source control objects in the cloud is also important during design time or runtime-- objects, screens, and content artifacts should be protected to disallow any threats of viewing the source code, business rules, opportunity to change the configuration of an object, or running or executing the object by a disallowed user.

These security approaches become increasingly more important, since many cloud providers practice Multi-tenancy, which is the ability for providers to host multiple customers on a single resource. Examples could include your company’s assets being hosted on a shared server, database, and disk drive as your most feared competitor. The cloud provider is responsible for separation of concerns and ensuring nothing is compromised.

(2) Interoperability.
Sending information to/from the Cloud is an important consideration because the Cloud can be both an authoritative source of information and a consumer of existing on-premise enterprise information. This information can be process, data, or business centric, but is still required to integrate with the Cloud to complete a business process. Normally, this integration needs to be electronic, automated, and seamless, so, its important for the cloud to have Application Programming Interfaces (API’s) that are remotely accessible to other systems off the cloud (or on other clouds). These API’s provide the channel or method for sending information into the Cloud, pulling information out of the Cloud, pushing information out of the Cloud, or modifying information in the Cloud. The most common technique for integration is webServices that comply with the WS-standards, and specific industry standards. This will allow the organization to leverage services and comply with architecture styles such as Service Oriented Architecture (SOA) to share information across technologies and platforms.

(3) Presentation Layer:
Working with different Cloud vendors, especially SaaS vendors, means you will have to familiarize with each vendor’s proprietary User Interfaces (UI). This can be a daunting task and cause a lot of “swivel chair integration” for the end users who have to work in multiple UI’s across cloud applications. Instead of swiveling and hand-jamming information across multiple systems, the preferred approach is to create a universal look and feel application that provides the “single version of the truth”. This is best accomplished through approaches such as Composite Applications and Mash-ups that are design patterns that integrate disparate information sources into a single application screen or portal. This architecture has many benefits, such as: simplifying working environments, increasing end user efficiently, and protecting the business process from less human errors. However, this architecture design pattern is not always simple to implement, as it requires the Cloud vendor to expose information via a real-time remote API, preferably webServices. Other considerations include support for standards such as Web Services for Remote Portlets (WSRP), and Java Spec 168 (JSR 168) to embed remote content into the consuming portal screen.

(4) Federated Search:
With so much information sprinkled throughout the enterprise, it’s becoming increasingly more important for companies to provide features to catalog, index, and expose content for search in enterprise systems. The Cloud is an enterprise system and the information contained within must be searchable. How is this accomplished if the Cloud is off-premise? The simplest approach is for the Cloud vendor to index their own content and expose the searchable content via a remote webService API. This will allow companies to integrate the Cloud content with any pre-established searching software they have already standardized on and prevent end users from having to use multiple search boxes to find their information. Companies will then reap the benefit of “single box search”, as having to swivel between multiple search User Interface’s can be a frustrating experience to locating content and information. This concept is known as “Federated Search” since the content being searched can be hosted anywhere across the enterprise or the cloud, but the user doesn’t need to worry about that as the search design complexities are abstracted from them—they simply have simple search UI that allows them to find associated content.

(5) Functionality and Usability
Working with multiple Cloud vendors presents other unique challenges that include the functionality of the software, workflow capabilities, and performance management. For example, how do I maintain a low click stream across all Cloud providers when they have unique taxonomies and page wire frames? They have different click stream architectures. How do I have a Workflow process that spans across multiple Cloud providers—especially true if the Cloud providers each have their own proprietary workflow tools? There needs to be a “master workflow” state engine that can be a master process flow across systems and leveraging their individual workflow capabilities. How do I manage performance or identify bottlenecks across multiple providers? Ping-ponging packets between on-premise systems, public cloud, and private clouds can cause inefficient data flows that cause long wait times. Ultimately, the end-users will suffer from cloud systems that doesn’t account for moving data between corporate firewalls and cloud providers.

(6) Standards

Standards are important for enforcing consistency and simpler governance models. This is especially important when different technologies, approaches, and vendors are involved in a cloud system. It’s important to rely on standards such as WSRP, SAML, W-3 webServices and more to simplify the integration and management amongst your portfolio of cloud providers.

Leading Practices:

While integrating with the cloud presents itself with unique set challenges that include: off-premise hosting, federated and distributed location of cloud providers, reliance on providers for standard and technology support, cross-firewall integration, and potential performance issues, there have evolved some early leading practices.

• Use a Service Oriented approach for integrating to and from the cloud
• Attach contracts to each service for management, monitoring, and governance
• Leverage standards wherever possible
• Limit the number of network hops when possible
• Integrate through webServices or remote API’s
• Rely on native cloud provider Workflow tools, and implement cross-technology workflow when processes cross technologies
• Strive for consistent look and feel, click stream, and overall usability through webServices and standards

Monday, March 28, 2011

IT Isn't Dead. 100% Guaranteed Approach to Keep your CEO Happy

If there is one constant with IT, it is the guarantee of change. Whether its new regulations, corporate leadership, changing business models, regulation and legislation, upcoming technologies, customer demands, changing marketplaces and global conditions, or company re-organization, there are many pressures on today’s modern IT department to always adapt to these latest changes to keep the business functioning and properly positioned. With the added pressure of the recent economic downturns, IT is being asked to deliver the same or more solutions, with less capital funding. The risks to companies following such an approach are glaringly obvious—do they sacrifice quality for agility? Do they comply with regulations sooner rather than later? Do they change their systems based on market conditions? All these aspects combined, can easily cause heartburn to today’s CEO’s. So, how do you keep your CEO (and CIO) happy and more importantly keep them employed? By following an application modernization strategy and approach, your IT department will remain ahead of the always changing curve, with a low risk profile, and be fully prepared for future-proofing your IT solutions.

Adoption of the internet has caused frenzied investment in new business ideas creating rapid advancement in technology, services, and standards. This is driving wide spread adoption of web-based technologies resulting in existing technology becoming outdated and software lifecycles becoming shorter. This leads to constant fluctuation in IT trends, many of which must be adopted to remain competitive with your organization’s business goals and to respond to the changes aforementioned. What are the IT trends of today that will dictate a company’s success? Do they require every IT department’s attention? Do they add value to the organization? Listed below are IT trends that every company should be considering in order to keep their company strategically aligned for high value gains:

• Cloud Computing: The ability to take commoditized assets off premise and follow a consumption cost model.
• System Consolidation: virtualizing and combining hardware, sun setting redundant systems, standardize on vendors.
• Enterprise Re-usability: Re-use and integrate existing assets, create single information sources, and sunset redundant systems.
• Mobile Solutions: Access business relevant information through mobile devices and perform business process remotely
• Portfolio Management: Manage and maintain corporate assets just like your stock portfolio; buy/sell in the marketplace through effective metrics.
• Technology Lifecycle Management: Manage vendor relationships, standards. Sunset technologies before workforce or vendor support become scarce or costly
• Off-shore management: manage cost-effective off-shore teams for effective and quality-driven results.
• Agile Methodologies: Follow an incremental approach that has rapid, value-driven milestones
• Technology Selection: Embrace open standards and technologies that are mature and sustainable.

There are many drivers to adopting such leading edge IT initiatives, some of which include the following: vendor drops support of products or technologies, modern skilled workforce and lack of legacy skilled professionals, new software programming languages, competitive pressures, and more. These all lead to following constant modernization and rationalization process that continuously re-evaluates the technologies, products, and corporate assets. By following a modernization strategy, that includes identifying application profiles for each corporate IT asset, will allow organizations to measure, monitor, and target their future IT portfolio. Having a continuous rationalization process through source selection techniques, will benefit companies looking for not only continuous improvement, but continuous optimization. This includes defining a prioritization framework so that each initiative can be ranked and selected based on the value it brings to the organization. Once such levels of maturity are achieved, organizations reap the ultimate benefit—re-allocating funding from maintenance-type initiatives to innovation-type initiatives. Re-focus IT from managing the day-to-day operations, to helping the business solve real business problems. This is often accomplished through a centralized, integrated, flexible framework that has been through the rigor of business case justification, performance and risk management, and strategy drivers.

Studies have shown that world-class companies have reaped the benefit of such initiatives: firms with world-class performance management outperform their peers by 240% (The Hacket Group), 404% ROI for customers leveraging SaaS delivery models (IDC), and 150% ROI for Grid customers (Mainstay Partners). These are figures to keep your CEO happy and are accomplishable by following a structured approach that stresses standardization, rapid value, vendor management, and commoditization of tactical and non-strategic functions.

Friday, March 25, 2011

Mobile Computing Primer for IT Developers

With over 5 billion mobile users worldwide, it’s clear that mobile applications are the cornerstone of our daily lives. Applications range from productivity tools to entertainment and games, and the usage of day-to-day applications is continually evolving with the influence of technology and cultural shifts. For example, certain technological achievements have enabled us to do more with our phones each year. Recent technological achievements include: greater mobile data bandwidth, Cloud Computing, feature-rich Smartphone devices, and adoption of ever improving industry standards. These technology enablers have provided the platform for mobile cultural shifts that include: use of social networks through mobile devices, increased use of text messaging, and more use of mobile cameras in unique ways (streaming video, barcode scanner).

Even though 93% of Americans have a mobile phone, there are still many unique challenges that exist when developing mobile applications, especially when designing for the expectations of today’s consumer. Today’s user is unlike the computer user of yesterday--multitasking is a way of life, typing is preferred over handwriting, staying connected is essential, zero tolerance for device delays, and the lines between consumer and creator are blurring. There are some interesting constraints in mobile computing that haven’t presented themselves in User Interface development for a long time, going back to the advent of the common desktop monitor when UI developers had to pay attention to screen size, memory usage, and limited disk space. Mobile computing constraints include: maintaining awareness of a limited screen size, allocating and releasing memory for devices with limited memory (for the time being, until mobile devices are equipped with larger memory capacity), security concerns with mobility, accessibility, and potential to lose a phone easily; and accounting for precision of the user (i.e. fat fingers punching small keys). These limitations can also be coupled with the realization that even more challenges exist when you factor in the number of device platforms, programming languages, adoption of the tablet device with unique parameters, wireless carrier contracts and exclusivities, incompatible radio frequencies across devices, and demand for backwards compatibility. Conclusion: developing mobile applications is not necessarily as easy as it looks.

The good news is that there are a plethora of tools, frameworks, and platforms to help us develop applications and streamline some of the more tactical aspects of development that often requires a lot of plumbing. Most development environments are cloud-based so that users don’t need to stand up the infrastructure in-house to develop applications. Most platforms have a standard development kit (SDK), emulator tools, and configurable attributes so that development and unit testing can be accomplished without even owning a mobile device or having a certain carrier’s plan. Coupled this with some of the more mature integration and interoperability tools available on the market, including Oracle ADF, Rho Mobile, and Oracle Mobile Framework to allow cross-platform and enterprise system integration. These provide framework building blocks that include: launching and displaying applications, displaying controls, responding to user actions, accessing the Internet, managing user preferences, playing sounds and videos, and much more.

There are some leading practices to mobile development. These can range from providing end users immediate feedback to their action (such as highlighting the item they selected), making applications forgiving to account for fat fingers, and to always follow the KISS philosophy (Keep it Simple Stupid). The economics of developing an application are very compelling, since a developer is on average entitled to a 70% fund of what is sold in the platforms application store, free promotion in the application store and community, and the low barriers to entry for getting started.

With nearly 70% of the Fortune 500 having budgeted plans to launch mobile solutions for their enterprise, it only makes sense for today’s IT developer to spend time learning and adjusting to the nuances of architecting, designing, and building mobile applications.

Thursday, September 16, 2010

An Example of Agile Methodology, with a bit of a struggle

We are in the process of re-designing our website launch. The site will be based on Wordpress CMS, new content, new functionality, some revised branding, and new layouts. It's been a long time coming. I've been trying to think of an approach to launch the website iteratively so that its not contingent on a Big Bang launch and dependent on everything being done to launch. Unfortunately, I keep circling back to thinking that a partial launch of the site would diminsh our brand due to limiting the user experience. Therefore, I am currently aimng to launch with most of the requirements we've laid out for this project and not launch iteratively. Granted, some requirements can be de-prioritized for a future release, but the baseline site ("product") needs to be all (most all) or nothing for now. Now, this can all be bundled into a "Release", and requirements ("User Stories") tackled in a Sprint like fashion, but ultimately the struggle was in producing a finished product within a Sprint...that I didn't feel comfortable with, as we only have 5-7 seconds to grab a User's attention on your site, and a site that isn't 100% ready would lose the user pretty quickly. So, a bit of a struggle on applying Agile principles to a Released product in this situation.