Ariel Schapiro’s Blog

Last Wednesday I participated in a panel called “Agile: Mission Impossible?” where I presented one of Southworks’s case studies where we successfully implemented Agile methodologies (Scrum + XP mix) in scenarios out of the Agile comfort zone.

We had good feedback from the audience, as well as lots of questions from people facing similar scenarios. Let’s summarize the case study presented…

“Your mission, if you choose to accept it…”

Apart from the goal of delivering a mission critical product implemented with emerging technologies, the case study in particular that I presented had the following constraints:

1. “Distributed²“: The whole team was divided in 2: Southworks team (1 architect + 1 lead + 2 devs) and the client’s team (3-4 devs). These teams were distributed in space, separated by 360 miles. But they were also distributed in time: their working hours differed in 2+ hours.
2. “coached to coach”: Goals included the adoption of agile methodologies by client’s development teams up to the point where they must be ready to coach other teams within the client on successfully implementing agile.
3. “Agile = 0″: The client’s team had no experience in agile methodologies or tools such as TDD, pair programming, refactoring, etc.
4. “Tech = 0″: The client’s team had no experience in the models their where going to implement such as S+S or the technologies they were going to use: MVC, Ajax, WCF, Linq

The approach

After accepting that “mission” we used the product we started to build as the real-world scenario for applying a coaching roadmap that consisted of a mix of:

1. Global (team + stakeholders) methodology understanding
2. Continuous teamwork practice
3. Ownership enforcement
4. Partial team rotation to foster the knowledge transfer

The results

As part of the results of the case study, the product was delivered on time, on budget, with “over-delivery” features. The client’s team had learnt and successfully implemented agile methodologies as well as the new technologies, which they successfully started to apply to other projects in their organization.

Have you ever worked on similar scenarios? How did you solve them?

Last week I’ve been working with Puru Amradkar, Eugenio Pace and people from Microsoft’s Connected Services Framework (CSF) team, kicking off a new project that is both related with LitwareHR and CSF.

I had a great time on the design sessions with people from the CSF team like Puru Amradkar, Bala Balabaskaran, Balamurugan Kuthanoor and Arun Chandrasekhar. Their collaboration on the project was really valuable.

Image 1: From left to right: me, Puru Amradkar and Eugenio Pace.

LitwareHR is a software as a Service (SaaS) reference implementation application published last February by Microsoft’s Architecture Strategy Team. As a single-instance and multi-tenant application, it covers SaaS typical aspects as the tenant provisioning, multi-tenant security, presentation configuration, datamodel configuration and business processes configuration.

So what about CSF? It helps telecommunications operators to integrate content services with their internal networks and business systems. In a SaaS hoster context, it could help with integrating their billing and order handling systems with SaaS applications developed by SaaS ISV’s.

Image 2: CSF Communication Architecture.

Some CSF Links

• MCSF website:
•  http://www.microsoft.com/serviceproviders/solutions/connectedservicesframework.mspx
• Overview demo:
•  http://www.microsoft.com/serviceproviders/flashfiles/csf/shell-csf.html
• Overview doc:
•  http://download.microsoft.com/download/7/7/5/775cb839-a749-49a7-b735-edaf05ca1501/Final_CSF%20Brochure_2.10.pdf
• Webinar on Connected Services Sandbox:
•  https://www123.livemeeting.com/cc/microsoft/view?id=FC9MQ6-5
• Connected Services Sandbox: http://www.networkmashups.com/

Some weeks ago, we published a screencast on Datacenter Provisioning, the process of installing in a SaaS provider datacenter, the structure needed in order to support LitwareHR’s application.

Once this is completed, tenants will be able to start trying the application. First of all, they will have to create a tenant account at LitwareHR so they can use the application.
The process that takes care of allocating the resources that tenant will use is called "Tenant Provisioning". The screencast shows the "behind the scenes" actions of this service:

Watch the screencast here and tell us what you think here.

Since we got feedback from the LitwareHR community about trying the SaaS reference application on Windows XP, last week we announced the release of a HowTo to get LitwareHR working under Windows XP.

This time we are releasing a Windows XP specific installer for LitwareHR that automates that document’s steps.

Once the installer finishes copying the required files you will see another version of LitwareHR readme file with some specific setup instructions for Windows XP environments.

As we discussed last week, Litware HR was designed to run on Windows Server 2003 because it provides real-world datacenter features, such as the ability to run multiple websites at the same time. Since Windows XP’s IIS 5.1 doesn’t allow that, we use different virtual directories instead:

What about LitwareHR for Windows Vista? Check this explanation and the related discussion at Codeplex.

Links:

• Get LitwareHR installer for Windows XP from here.
• More LitwareHR news: http://www.codeplex.com/LitwareHR/Wiki/View.aspx?title=News&referringTitle=Home
• Send us feedback through the discussions boards and Issue Tracker.

Enjoy

Last week, we provided a HowTo for users wanting to try Litware HR in Windows XP. We also explained that Litware HR was designed to run in Windows Server 2003 because it provides features that a real world production datacenter needs, such as the ability to run multiple websites at the same time.

But what about running Litware HR on Windows Vista? Well, at first it will not work because LitwareHR uses ADAM and is not yet compatible with that Windows version.

What are the options then? Litware HR uses a shielded Authentication service that interacts with ADAM repository. This architecture approach of having a component reused across all the modules makes that by changing this component it affects the authentication behavior in every piece of the application:

So for Windows Vista, you might use another authentication store, such as Active Directory or SQL. That change should be easy and inexpensive:

• re-implementing Shp.Runtime.Services.AuthenticationLogic class
• changing the logic of the identity store setup scripts.

Check this discussion to get more implementation details and updated information.

See you at the Litware HR community website!

Imagine that you are a SaaS provider and you want to use LitwareHR. The first thing that you will do is to install in your datacenter, the structure needed in order to support LitwareHR’s application.

This is basically what we call "Datacenter Provisioning": the architecture setup needed to support LitwareHR’s application by creating the databases in SQL server, users and roles structures in ADAM and websites in IIS.

After this Datacenter Provisioning is done, each tenant will be able to perform a "Tenant Provisioning" which will add tenant information in those repositories.

This screencast shows what the Datacenter Provisioning does in order to build the structure that will support the SaaS application.

Get the screencast here. Visit http://www.codeplex.com/litwareHR for more information.

Update: the screencast was uploaded to Channel9: http://channel9.msdn.com/Showpost.aspx?postid=290919

Introduction

For the last months I´ve been working on a Project called SaaSyLongTail that consists on a sample application which highlights the key architecture principles of SaaS (software as a service) applications. In this context, one of the key pieces of the application we are building is the one who takes care of setting up the environment needed for a tenant to use the SaaS application. That is the tenant provisioning and in this post I will explain the main steps of it at SaaSyLongTail:

· Data Provisioning

· Web Server Provisioning

· Authentication Store Provisioning

· Authorization Store Provisioning

Data Provisioning

Tenant is added to the tenant Table at the provider database all along with other tables that are filled with default provisioning data.

Tenant Provisioning can be used in cases where the tenant only wants to try the application (“try before you buy”) so we think is important for the tenant to start trying the application without worrying to configure it if he doesn´t want to. We make this by inserting default tenant UI preferences, workflow rules, etc. which can be later changed by the tenant from his back office.

Web Server Provisioning

Each tenant web application (in this case “contoso” and “fabrikam”) has its own virtual directory inside of the SaaS provider Web Site (in this case “peoplewareHR” website) in the IIS. Inside of each tenant´s virtual directory there are 3 other application virtual directories: Back Office, Front Office and Services web applications. The “Services” virtual directory at the SaaS provider level provides tenant provisioning services:

All this virtual separation allows for example one tenant services to fall without harming the rest of the tenants.

The structure is purely virtual: one tenants Back Office physical path is the same as another tenant´s Back Office physical location. This way tenants configuration and data live only inside of the database and no physical changes are needed for the application in the case of tenant provisioning or deprovisioning.

Hierarchical structure: Contoso Front Office configuration extends Contoso main configuration which extends peoplewareHR configuration. This way each application only takes care about his own domain configuration.

Web Provisioning could also be distributed having the application services running in a different server than the UI (Front Office and Back Office in this case) in the case that the IT infrastructure requires so.

Authentication Store Provisioning

We use Active Directory Application Mode (ADAM) as the authentication store with one application partition for the SaaS provider (“peoplewareHR”), which stores one organizational unit (OU) for each tenant:

This structure lets each tenant to manage its own users and giving tenant-independency at the authentication level.

One detail we cannot let go is that we use a unique value for the userPrincipalName attribute of tenant’s users with a mask like “[user name]@[tenant alias]”. This is done in order to keep users principal names unique so that the roles provider can have unique references to users:

Regarding authorization, the tenant provisioning only takes care about creating the new OU for the tenant, with the default users.

What about if there are two tenants named Contoso that want to use peoplewareHR services? You can’t have two OU=Contoso in the ADAM, as well as two running virtual directories named the same (that goes for the IIS part…). We opted to keep the tenant alias as key in the ADAM and in the IIS as well just like two companies can’t have the same URL for their websites or two persons the same email address. Following the example, the second tenant named Contoso should choose a different alias like “contoso_corp”. But just as you enter your full name in an email registration the tenant should enter its own too: this is a not unique field and this is the information that will be visible in the Front Office and Back Office so that the alias remains only for identification purposes.

Authorization Store Provisioning

We use SqlRoleProvider using the tenant for the applicationId in the authorization store. This way we accomplish the scenario where two different tenants have same user names or roles:

Conclusion

In the context of SaaSyLongTail reference application, the Tenant Provisioning has a lot of work to do. This work requires the Data model, Web and Application servers, Authentication and Authorization providers to support a way of performing multitenancy in an efficient way. For each of these system components the important thing is to find the most efficient and simple configuration in order to match the SaaS application requirements.