Improve business processes with Generica Pro

Overview

Generica Pro system provides simple and intuitive way to improve business processes by tracking daily collected open issues in Generica store, within regular periodical meetings. Working with Generica Pro system will include Open Issue, Discussion Issue and Instruction Data Items (Generica forms). Data Item is an analog of TFS work item in management environment. Data Item is a generic and customizable form which can be easy and naturally integrated into the MS Word document as an unstructured text.

Process Diagram

Business Improvements

• Control and sense all issues in time.

• Meetings focusing and effectivity.

• Audit and analyze business activities.

• Data transparency and collaboration.

• Define and improve information flow.

MSDN Magazine November 2007 edition now available.

I'm really recommending for each developer to subscribe for MSDN Magazine news, it is the Microsoft Journal for Developers. For years I'm enjoying from the quality information, articles and source code of the samples. MSDN Magazine Homepage, All Articles RSS Feeds

Few recommendations from November 2007 edition

CLR Inside Out: Managing Object Lifetime In this column, Tim Fischer have set out to help developers who are consuming .NET or COM classes to better understand lifetime management, recognize situations where you can run into resource traps, and know how to solve these issues. Each C# developer should read this article to refresh the common basic knowledge on how to manage the objects inside the projects. 

Toolbox: Updated Grid Controls, Open-Source Comparison Tools, and More I'm always reading the Toolbox column; here you can find new books reviews, useful tools and components. This time I found interesting free tool for quickly compare and merge files.

New KCS web site on the air!

The beta version of KCS web site was published, special thanks to Nik Rogel, Liron Hayun and Diego. The web site includes link to this blog and desription of the Generica product.

http://www.kc-sys.com

My RSS subscription address was updated.

Hi all,

I changed my RSS subscription address to http://feeds.feedburner.com/simonchulsky you are welcome to update it at your RSS Reader software.

Requirements Management and Engineering is a quality factor of ALM.

Overview

This is a first post of series about Requirements Management and engineering practices. This post will talk about the importance of requirements management within a product development project, when the project could be for a new consumer product, a web site, a system or a software application. Also, I’ll write about the methodologies and the best practices in a different projects types and sizes allover application lifecycle management (ALM) phases.

Next posts will be written in case someone will request it, just keep your comment with the topic or suggest the new one.
 -         Popular Requirements Management Tools Review
 -         Requirements Management Best Practices
 -         Manage Requirements with Team Foundation Server (TFS)
 -         Generica solution for Requirements Management  

Introduction

First of all, let’s answer the main question, why it is so important to manage project requirements? I think the best answer for this question is to make parallel with chess game, when the win in game equals to successful project. Before the game starts, professional chess players work hard on the game strategy.
Strategy it is a general thought process used to plan a game of chess. Strategy is more concerned with distant future moves than the calculation of tactics for the next move.  The tactics in a chess game is a term used to describe a short-term sequence of moves involving threats and counter threats.
Source: Glossary of Chess Terminology by David Hayes. 

In development projects requirements management is the strategy and the tactics of the Application Lifecycle Management. Next image demonstrates the requirements management role in the software quality lever. 

 - This data from Boehm: Software Engineering Economics.
- The picture was taken from the “Maximize the business value of the software” presentation from Borland.

The common problems of requirements management and engineering

It is two main factors that define the success of the requirements engineering and management process, methodology and the tools. It is very important that the tool we are evaluating supports the organization methodology and vice versa.  Organizations spending a lot of money to evaluate and to buy the tools that promise to improve the process with build-in methodologies, features and regulation standards, but they don't analyze is the organization can adopt those changes.  
Commonly, the requirement management tools are very difficult for organization adoption and integration into the application lifecycle. From my experience with the customers in 70% of cases, the end result of most popular tools like Requisite Pro and Doors has proven unsuccessful. Let’s see the common reasons for the failure.    

• The price is the general limitation; it breaks the concept of data transparency and collaboration. The tool may the best tool in the world, but not for the $3 - 6,000 a seat price tag. The budget limits the access of consumers to the information inside the professional system.
• Complexity of the tools causes to any business analyst or project manager to stay out of the loop. The best work environment for this kind of consumers is to work directly on the document and to edit features as unstructured data with reach formatting and not on hierarchical tree of requirements. This fact breaks the chain; the next paragraph will show the effect of different not synchronized work environments. 
• Microsoft Word into the requirements management tools, but not vice versa. Commonly requirements management tools provides a good enough way to import requirements from Word Document to the hierarchical structure.  This process has side effects like conversion of Visio objects to the pictures, formatting and the other data looses. But in all of the cases there is no way to synchronize the requirements with the source document, the only way is to do this manually. As a result the information collaboration between the document workers like business analysts, consumers, etc is damaged.
• Multiplicity of professional tools at ALM is a real problem, the integration between the tools is not nature, all project information not available from the single user interface and no way to analyze and manipulate with full project information. For example, if the document management system not integrated with the requirement management tools the configuration and the changes management become to be the hard manual work.

Requirement Management tools evaluating tips

•  First of all I'm really recommend to use consulting services from the start of tools evaluating process to the methodology definition and the tool adoption, good consultant's experience will save you a lot of time and money.
• Try to sign site license contract with the software vendor, if this option not relevant for your organization the recommended price tag for seat license should be around $200 - $400.
• Check the tool integration and bidirectional synchronization of requirements within the Microsoft Word documents. Generica product is the leader in providing solution for this market.
• Try to buy one generic and customizable product for full application lifecycle management. Team Foundation Server with Visual Studio Team client from Microsoft is a good sample.
• Check the features of the product, it should contain the most important features, like traceability, data control and analyze features.
• Test product's technical characteristics like scalability, performance, security, etc.
  

Hope this post was useful and helps to choose the best product for your organization.

The best time to rewrite your products.

The most important key of any success is timing. Good manager always feels when the right time and place to initialize and run the business processes. In R&D world the timing playing critical role, because the technologies coordinal updates every few years, when the customers always seek for the best standards in performance, communications, security, integration and other characteristics in your product. It is dramatically important, for the business success, to have competitive and technological updated products.  The other important point is the development cost; new frameworks usually decrease the cost of the development, because they include new concepts, technologies and the best practices implementation.

In Q4 of 2007 we can feel the massive wave of new technologies from Microsoft which will wash all of us in 2008. Today is the best timing to take one or more R&D teams and to start planning and write prototypes for the next generation product. Let's start with few steps on how to kick off the new project.

Step 1: R&D Environment

• Chose Product Lifecycle Management (PLM) support systems and define process methodology. I'm recommending to start with TFS from Microsoft, if you don't use the other products (advise: wait for Rosario release)
• Start coding with VS Orcas 2008 Beta 2.

Step 2: Product Architecture

Today when we are talking on architecture we are talking about SOA. As a start point I'm recommending to understand and to learn the next projects:

• .NET StockTrader Sample Application from MSDN
  This application is an end-to-end sample application for .NET Enterprise Application Server technologies. It is a service-oriented application based on Windows Communication Foundation (.NET 3.0) and ASP.NET, and illustrates many of the .NET enterprise development technologies for building highly scalable, rich "enterprise-connected" applications. It is designed as a benchmark kit to illustrate alternative technologies within .NET and their relative performance.
  
  I really hope this project will be updated to .NET Framework 3.5; the strong part of this project is a .NET StockTrader Sample Application Configuration Service , its shows how to implement centralized configuration management of clustered service nodes.
• NServiceBus from Udi Dahan- The Software Simplist blog.
  NServiceBus is an open source communications framework that makes building enterprise .NET systems easier. By providing scalability critical features like publish/subscribe support, integrated long-running workflow, and deep extensibility NServiceBus provides a solid foundation for any distributed system.

Step 2: Define Server & Client environments

• Use Windows 2008 Server as your server application OS.
• Stay with Web Client only if it possible.

Step 3: Use new technologies

• WCF, WF
• Ajax
• LINQ

Hope it will push you, to start rewriting your product from scratch, because it is really the best timing to do that and to keep the old problems behind you ;) 

Artificial Intelligence Systems are coming, Welcome SILVIA!

Artificial Intelligence is my favorite topic in technologies world and it have all chances and potential to be the next revolution step in IT world. Few days ago I discovered Cognitive Code company at Engadget and decided to write this post. Cognitive Code is the developer of SILVIA (Symbolically Isolated, Linguistically Variable and Intelligence Algorithms). SILVIA platform helps derive context and meaning from user inputs, via speech, text, or other methods, so you can communicate with the platform as if it were another person.

Personally, I'm a little skeptical about SILVIA abilities, because from my point of view, today machine can successfully learn and become as integral part of limited digital environments only. I think that machine can't associate the speech or text about smells with real operation, because it has no sensors which can react to this sense. In other words Machine will be able to understand human inputs, via speech or text only when it will have quality enough sensors for four human basic senses. The second very important aspect of machine learning is the ability to execute operations into the intellectual environment, for the sample why the dog evolution level is lower then the human one, if it has all four necessary senses? The answer is simple the building of dog body not allows it to execute complex operation that human can. So the body structure of creature is the second and very important variable. The resolution is the follow, the ability to derive context and meaning from user inputs, via speech and text may be real only when the robot will hold the sensors and the body close to human one ore better, but today's computer technologies is to far from this.

So, when AI systems can real work today? The answer is the digital environments with limited number of operations when humans interacting one each others. The best sample for this kind of environment is a Stock Market and specific the derivatives trading. Stock Market have very limited number of operation like buy, sell etc. and the human interact one each other by executing those commands only. Machine can easily learn the patterns and to associate commands in those kinds of digital environments and I think the next punch in stock markets will come from Artificial Intelligence System.

In last paragraph I want to introduce my experience in Machine Learning and Artificial Intelligence technologies. Last 4 years I hold in my mind some unique theory of Machine Learning implementation, few years ago I started to implement it, and run a startup company named AIMech (Artificial Intelligence Mechanisms) but it was freeze year ago, because my commitment and responsibility to KCS, the startup company I work at present and because the resources missing to implement and to commercialize it. But I absolutely sure, that the next my long run project will be the implementation of AIMech machine learning engine.

6 Simple steps to secure your Web Application

How to pass security tests for customers like Banks?

One of KCS customers is a big commercial bank. When bank valuating your product or any other one, IT Security issues taking the first priority. I think, only the customers from defense industry prioritizing the Security issues so high. This post will describe the interesting parts of the process I passed and the technological tips for anybody who preparing to come over the same process.

Usually banks and other enterprise customers use outsourcing services to test product security risks. Commonly Security tests include interviews, simulation of attacks and penetration tests on follow tiers

• Computers
• Communication
• Installations
• Applications to pinpoint vulnerabilities

So let's start with few steps to secure your Web Application.

Step - 1 - Daily Programming rules

• Always validate user input it is necessary to isolate your system from attacks like SQL Injection, XSS, Buffer overflow, etc.
• Don't store any passwords and user names on disk or in memory in plain text.
• Don't keep any secured information in your code; it can be easy stolen by reverse engineering.
• Do not write any business information to server file system, only to the database.
• Don't hold security sensitive information in IIS Session or cache.
• Do not use ActiveX controls, if it possible.

Step 2 - Web Server Session Management

• Set your IIS session time out to 30 minutes
• Add "Sign Out" button on each web page. When user will click on this button IIS Session will be closed.
• Close IIS session on web browser close event.
• Close IIS Session when user navigates to other web site by handling Page Upload event is it possible.

Step 3 - IIS & Web Site configuration

• Uncheck anonymous access checkbox on your web site. This recommendation relevant for enterprise software and not for public web sites.
• Use .NET DPAPI library to encrypt Connection String to database, it is very important; don't write an encryption key in code, to defense your system from Reverse Engineering. Store the key into the Registry.

Step 4 - Web Browser Settings

• Disable browser automatic Caching and History functionality. This allows to unauthorized user search business content in Temp directory on client PC. Do it by using HTTP Meta tags:
  <META HTTP-Equiv = "Expires" Content = "now"<
  <META HTTP-Equiv = "Pragma" Content = "no-cache">
• Disable automatic AutoComplete browser functionality. Do it using HTTP Meta tags:
  <FORM AUTOCOMPLETE = "off">

Step 5 - Authentication

• Use strong authentication on any connection between system modules.
• Use only Windows Authentication when you establishing connection to the database server.

Step 6 - Networking Protocols

• Use SSL V3 protocol for Client Server communication.
• If Web Application calls to methods in Web Service, use WSE 3.0 to secure the SOAP protocol.

So good luck! And keep free to ask me how to implement any step in this short manual.

Micro Content Management and MS Office - Step 1

First Post!

Hi All,

It took me a lot of time to start posting, but I decided that this is very important step, which provides win-win situation for you and me. I hope this blog will be interesting to all Hi-Tech\ Enterprise sectors.

 This blog will contain interesting technological issues, MS Office issues, commercial and marketing content with my analysis and opinion.

So, Good Luck for this blog, when the luck will be measured by your feedbacks and visits to this blog.