IIS & ASP.NET Concepts

Concepts and interaction between IIS and ASP.NET components can be confusing at times. Relationships amongst IIS application, virtual directory, application pool, application domain are confusing at best. Having researched a bit, I attempted to model the various concepts and their inter-relationships using the following UML class diagram.

Concepts in Pink applies strictly to ASP.NET domain.
Concepts in Blue are applicable to IIS domain.

A point to note is that a VirtualDirectory (VD) can contain other VDs. If a composed/ sub VD is not configured as an Application, the VD is treated as a sub-directory of the composing/ parent Application. As such, all the resources may be shared (e.g. application, session information). If the composed/ sub VD is configured as a separate Application, the resources are not shared (even if the same ApplicationPool is in use!). The reason is that the resources are isolated based on the ApplicationDomain.

To deal with request/ session/ DB timeout, the following UML class diagram is relevant:

Cloud Computing

Differences amongst IaaS, PaaS, SaaS

	IaaS	PaaS	SaaS
Application			provided
Runtime		provided	provided
Database		provided	provided
Operating System		provided	provided
Virtualisation	provided	provided	provided
Server	provided	provided	provided
Storage	provided	provided	provided
Network	provided	provided	provided

ITABOK

“Architecture expresses the intent, what we want to do; Implementation expresses the technologies used.”

IT Architecture Body of Knowledge is summarised as follows:

The Software Architecture determines flexibility

The Infrastructure Architecture determines adaptability

The Information Architecture forms awareness

The Business Architecture helps productivity

Complex Events Processing

The main concepts for designing CEP systems are captured in the following UML class diagram:

Enterprise Architecture

Meta-model for a Organisation

1. Vision – a statement by company officials about the broad purpose of the company
2. Strategy – grouping of plans that supports achieving company goals
3. Goal – a specific objective that is measurable and achievable within the planning horizon
4. Programme – provides the rules that govern initiatives and projects
5. Project – a work effort that has defined start and end points. It consumes resources and generate values (e.g. cost reductions, revenue growth, benefits, etc.)
6. Business Function – a set of procedures or activities that delivers products, services or support control of the company
7. Capability – due to the business functions, the company is able to perform tasks, deliver services and develop products that sets itself apart from competitors
8. Business Process – a procedure or activity that uses resources input to generate a measurable output. A group of these creates a function
9. Application – a computerised system supporting automation for business processes

The inter-relationship is depicted in the following UML class diagram:

Classes in different colours denote different types of entities:

• Yellow – Strategy
• Blue – Transition
• Green – Products & services offered by the organisation
• Orange – Business processing

Useful Design Patterns for Brownfield Projects

Brownfield projects are ubiquitous these days. Greenfield on the other-hand are hard to come by.
The ways to deal with both are different. In particular, design patterns that are applicable to brownfield are:

• Adapter Pattern – adapt a component to another component using a different interface.
• Proxy Pattern – useful for controlling access to some resource, especially remote ones. Allows decoupling of the client from knowledge of connecting to the service.
• (Remote) Façade Pattern – to remove the complexity of some service by providing a simplified interface
• Data Transfer Object – useful in decoupling the views from the data access codes as well as reducing the number of remote invocations to the database layer.
• Data Access Layer – used to isolate the data access from the users’ interface.

Non Functional Requirements – Performance

Requirements, especially non-functional ones, need to be SMART:

• Specific
• Measurable
• Attainable (Achievable, Actionable, Appropriate)
• Realisable (Realistic)
• Time-bound (Timely, Traceable)

For performance requirements (should these be more correctly called performance goals?), the following aspects are most relevant:

1. Response time – how fast the system responses to requests
2. Throughput handling – how many requests the system can handle
3. Concurrency – how many threads/ users can operate simultaneously

To specify performance requirements, consider the following:

1. Expected daily load: number of invocations/ day. E.g. System is expected to receive (on average) 500 requests everyday
2. Expected peak load: max invocations / day. E.g. System is expected to hit a peak load of 1000 requests on certain days
3. (Maximum) Response Time: invocations need to respond within certain timeframe. E.g. System needs to respond to requests within 5 seconds

The last point (response time) deserves further explanation. As response time is highly dependent on the environment and tends to fluctuate, it makes more sense to specify this requirements in terms of average and/ or percentile (see this page)

One may specify the Response Time this way:

Average Response Time	3 seconds or less
95th percentile	5 seconds or less

Setting Up a Reverse Proxy (HTTP Gateway) using Apache

Problem/ Issue

I recently had the opportunity to look into the following issue:

1. the organisation, like most others, have segregated the network into at least 2 zones (DMZ and internal)
2. the DMZ hosts the web servers while the internal zone hosts the application and database servers
3. a requirement is that an application in the internal zone needs to access a web service in the public internet
4. allowing direct HTTP traffic from the internal zone to the public network is not an option

With the above constraints, a forward proxy could have been an option. However, the internal-zoned application may not be able to support a forward proxy. As such, a reverse proxy would be the solution.

Existing Solution

The existing in-place solution follows:

1. host a custom-written web service (acting as a proxy) in the DMZ to connect to the public network.
2. The application in the internal zone will connect to the DMZ-hosted web service
3. This custom-written web service will then connect to the public network

This solution works but is not ideal as:

1. any changes (especially schema changes) to the public web service will result in changes to the custom-written web service
2. any new services in the future will incur writing more custom web services to be deployed in the DMZ
3. performance is highly dependent on whether the custom-written web service was well-written or not

Forward or Reverse Proxy?

Take this scenario: Client –> Proxy –> Server

	Forward Proxy	Reverse Proxy
Supportability	requires web client to be configured (unless proxy is in transparent mode)	transparent to web client
Client’s target end-point	Server	Proxy
Apache’s directive	ProxyRequests	ProxyPass
TLS/ SSL	Transparent (pass-through)	Terminates the connection to Server
Uses cases	Content filtering NAT Outgoing TCP connection from a corporate network Anonymity	Load balancing (TCP multiplexing) SSL acceleration (SSL multiplexing) Caching/ compression Content switching Firewall to applications SSO/ authentication Incoming TCP connection from the internet CDN

 

Proposed Solution

A more elegant solution is to create a web service gateway otherwise known as a reverse proxy:

1. this can be a generic solution as a common gateway for all web services
2. requests/ responses will not be manipulated but may be logged as necessary
3. no development work is required; only configuration of the Apache server

I will be using Apache Web Server to serve as the reverse proxy.

• We need to load mod_proxy & mod_proxy_http.
• Both mod_proxy_connect & mod_ssl are required if SSL is required.
• As I use virtual hosting, I’ve also included mod_vhost_alias.

httpd.conf

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-vhosts.conf
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>

I run the proxy on port 8888 and mapping is as follows:

• http://myproxy:8888/url_parturl_part always maps to https://webservice.end.pt/url_part
  
  
  
• The request will then timeout in 30 seconds
  
  
  
• in order to log the time taken for the proxied request, you need to add %D to the log parameter to capture the time in milliseconds

httpd-vhosts.conf

NameVirtualHost *:8888
<VirtualHost *:8888>
DocumentRoot "../htdocs"
ServerName myproxy
ErrorLog "logs/proxy-error.log"
CustomLog "logs/proxy-access.log" combinedio
<Directory />
Options None
AllowOverride None
</Directory>
<IfModule ssl_module>
SSLProxyEngine on
</IfModule>
<IfModule proxy_module>
ProxyRequests Off
ProxyPassMatch  ^/(.*)$  https  ://webservice.end.pt/$1timeout=30 keepalive=On
</IfModule>
</VirtualHost>

SharePoint - create an issue tracking list

I am trying to create an issue tracking list which takes a number of input criteria to determine the criticality of the reported issue.

Sites to refer to: http://www.nothingbutsharepoint.com/ and http://blog.pathtosharepoint.com/

The general criteria are:

1. Time Tolerance - how long can user tolerate the issue/ downtime
2. Functional Impact - which aspect of the business is impacted
3. No. of Affected Users - how many users are affected
4. Availability of Alternatives/ Workarounds
5. User Type/ Category - who/ which group of users are affected

Based on the above input, some scoring is assigned and criticality is finally determined.

I created the following Choice columns in the list with the fields preceded with a (x) to number the choices.

• Tolerance:  (x2)
  1. half day (5),
  2. 1 day (3),
  3. more than 1 day (1)
• Impact:  (x5)
  1. Others (0),
  2. Sales (5),
  3. Financial (5),
  4. Reputation (8),
  5. SSO/ Email/ Network (8)
• Affects:  (x5)
  1. Individual (1),
  2. Business Unit (3),
  3. Department (5),
  4. Site (8),
  5. Enterprise (13)
• Workard:  (x2)
  1. Yes (1),
  2. No (3)
• User:  (x3)
  1. CEO (21),
  2. VPs (13),
  3. Customer (8),
  4. Agent (5),
  5. Staff (3),
  6. Govt (2),
  7. Partners (1)

The Scores are then mapped to the following table:

• 90 - Critical
• 80 - High
• 50 - Medium
• 1 - Low
• 0 - None

An additional column is created to calculate the score based on this formula:

choose(right(left([Tolerance],2),1),5,3,1)*2+
choose(right(left([Impact],2),1),0,5,5,8,8)*5+
choose(right(left([Affects],2),1),1,3,5,8,13)*5+
if([Workard] = "Yes",1,3)*2+
choose(right(left([User],2),1),21,13,8,5,3,2,1)*3

A final column is created to display the criticality value:

if([score] > 90,"Critical",
if([score] > 80,"High",
if([score] > 50,"Medium",
if([score] > 1,"Low","None"))))

HTML-scraping

Ever had a need to process pages from a website that does not support any form of structural system integration like Web Service, RSS, REST, etc.
The only information available is ill-formed HTML; not even XHTML!?I have always been using HTML Agility for the .NET platform to perform such HTML screen-scraping.
Recently, found a number of Java equivalent toolkit to do the same:

• TagSoup
• JSoup
• HTML Parser
• HTML Cleaner
• NekoHTML

Found this site that collects various toolkits for this purpose here.

Software Architecture Quality Attributes

The quality attributes (*-ities) can be categoried according to the following (from SEI):

• Design-time
  • Modifiability
  • Maintainability
  • Reusability
  • Portability
  • Testability
• Run-time
  • Performance-predictability
  • Security
  • Reliability
  • Availability
  • Scalability
  • Interoperability
  • Through-put
  • Capacity
• Operational
  • Usability
  • Supportability
  • Configurability
  • Sustainability
  • Buildability