DCSIMG
November 2010 - Posts - Zuker On Foundations

Zuker On Foundations

The realm of .NET (WPF, WCF and all around)

November 2010 - Posts

TechEd 2010 Eilat - Great so far

 I decided to blog alittle about my ongoing experience here in TechEd Eilat.
Yesterday, on day 1, I arrived to Eilat and immediately got the great atmosphere this conference has put out for us.

Day 1

I attended the evening key-note session and was very impressed by the operation the Microsoft has gathered and pulled it off beautifully. It wasn't hard to see that there was a great investment in this conference, and I'm simply glad.
The key-note was refreshing with good entertainment. There wasn't much that came new to me, but it was certainly nice to see how Microsoft sees the next generation in a new world of sharing and collaboration being materialized.

Day 2

I attended 2 sessions - Windows Azure Guidance Part 1 and 2. I liked these presentations very much, they met my expectations perfectly.
There wasn't any code, as much as I love to see code in sessions, that's what I expected. The presenter talked about all the key components in Windows Azure, explaining about them and how you should generally use them. That's what I was aiming for, just to get a bit more organized about things, and these sessions did just that.

Another session that I attended today was Deep Dive on Workflow Services. It was rather disappointing, don't get me wrong, the session was interesting and well built but I was expecting a more of a deep dive than what was actually there.

All in all, so far I'm having a blast. Soon there's the big party and I'm sure it would be great.

For day 3, I plan to go see the tooling presentation made by Alon Fliess, the CTO of our new company. I'm pretty sure I'll recognize everything there, but knowing Alon, this will be very professional and amusing to watch.
Another session that I plan to attend is about storage in Azure, I guess it'll be good too.

To summarize, the TechEd met my expectations in terms of content sessions and the execution of everything around it had been fabulous up until now. Microsoft - good job! thank you.

Posted Monday, November 29, 2010 6:35 PM by Amir Zuker | with no comments

תגים:,

Cost-Oriented Development

With the emerging of cloud computing, our perception of software design needs to shift and take account for the affects we need to deal with.
The signs are clear, with investments of billions of dollars by leading companies, such as Microsoft, Google, Amazon - Cloud computing is the future of the IT industry and many other specific product companies that can leverage its benefits.

If you looked into it, you must know by now – the pricing models for hosting applications in the cloud varies and you can choose from different packages to meet the requirements of your specific application.
How do you choose the right one? Well, that isn’t a simple question and it very much depends on the characteristics of your application.
Does it have enormous data behind it? Is it mostly data-centric with a lot of transactions? How busy is the front-end? How many cores would you need? Do you expect different request peaks at different times? And the list goes on..

Developing for the cloud requires good architecture if you want to leverage its true powers.
While there's a general architecture on how to program things in order to gain good practices, such as scalability, good performance and fault tolerance, this post is written specifically to present the Cost-Oriented Development and Architecture approach as a new relevant concept.
This subject no short and simple, in future posts I plan to include technical examples, best practices and design principles as well.

Why should you care?

In most companies, the hardware is purchased and deployed to support the expected traffic and requirements and the applications are developed with no unique thought to address the cost-related circumstances.
This approach should change. With cloud computing, the operating system and hardware is ready for you in an environment where you essentially pay-per-use for the resources you utilize. (May vary according to the specific pricing package you purchased)

In such world, inefficient code and resource-utilization should be your concern! This has a much more direct affect, inefficient code means less money in your pocket.
To clarify, inefficient in that sense stands for cost-inefficiency, thus the term – Cost-Oriented Development.

Cost-inefficiency can obviously stand for performance-based issues, but also simple yet unaware mistakes of resource utilization or bad practices when it comes to cloud development.
Product companies which want to be cost-optimized, need to understand the implications of the code in terms of how it can affect the hosting price.
You can see some examples in the following article - Windows Azure: Cost Architecting for Windows Azure

When developing for the cloud – there is no such thing as “cheap developers”, this can end up costing you a lot of money down the road, unless you plan to invest in code review, guidance, and perhaps seeking for consult.

So what next?

This is the main aspect my new company assists with and this is only the beginning.

CloudValue is a Cost-Oriented Development solution company. We provide tools & methodologies for cost optimized applications targeting the new Cloud platforms, and essentially help you to save a lot of money.
In addition to providing professional services all around, our leading product, Cloudoscope™, the first Cost-Profiler ever, will help you write cost-optimized code and provide you with the ability to review your code, statically or dynamically, to predict problematic spots, inspect actual cost-value of every request and generally help you understand exactly what you are paying for and how you can make it even better.

Enough with the teasers, read more about us – CloudValue

Posted Saturday, November 27, 2010 8:29 PM by Amir Zuker | with no comments

תגים:, , ,

TechEd Eilat 2010

I’d like to thank Michal and Microsoft for sending me to the TechEd in Eilat next week.
There are some presentations which seem cool and I’m happy to get the chance to hear them out in person.

I plan to blog about interesting sessions, so tune in if you like.

image

Posted Tuesday, November 23, 2010 2:36 PM by Amir Zuker | 1 comment(s)

תגים:,

WCF – TCP with UserNameToken without Message Security

There was a project that I assisted with the WCF communications where they needed to allow the client to specify different credentials without being dependent on the windows account.

The first thing that comes into mind is to use the UserNameToken technique to pass in the client credentials. The design instructed to use TCP as the transport and not use message security. Obviously, this technique has privacy and integrity issues where there isn’t any encryption nor signing, but that was their decision because it wasn’t an issue in the purpose of the project.

Well, this setting isn’t as trivial as you would expect.
The default form of the NetTcpBinding allows you to use UserNameToken only as part of message security and forces you to use a certificate to enable that message security.

I ended up setting them a CustomBinding which provides the scenario they needed.

Service Side

Configuring the Service Host -

Code Snippet
  1. _host = new ServiceHost(typeof(Service));
  2. _host.AddServiceEndpoint(typeof(IService), Config.ServiceBinding, Config.ServiceAddress.Uri.AbsoluteUri);
  3.  
  4. _host.Credentials.UserNameAuthentication.UserNamePasswordValidationMode = UserNamePasswordValidationMode.Custom;
  5. _host.Credentials.UserNameAuthentication.CustomUserNamePasswordValidator = new CustomUserNameTokenValidator();
  6.  
  7. _host.Open();

Custom Simple Validator (you can write any logic you need here) -

Code Snippet
  1. class CustomUserNameTokenValidator : UserNamePasswordValidator
  2. {
  3.     public override void Validate(string userName, string password)
  4.     {
  5.         Console.WriteLine("CustomUserNameTokenValidator.Validate - {0} / {1}", userName, password);
  6.  
  7.         if (string.IsNullOrEmpty(userName))
  8.         {
  9.             throw new SecurityTokenValidationException("Invalid username");
  10.         }
  11.     }
  12. }

In the service code, you can extract the caller’s identity name as follows -

Code Snippet
  1. class Service : IService
  2. {
  3.     public void Do()
  4.     {
  5.         Console.WriteLine("Service.Do() - Identity Name: {0}",
  6.             ServiceSecurityContext.Current.PrimaryIdentity.Name);
  7.     }
  8. }

Client Side

In the client side you need to use the same binding, provide the UserNameToken credentials and simply call the service -

Code Snippet
  1. ChannelFactory<IService> factory = new ChannelFactory<IService>(Config.ServiceBinding, Config.ServiceAddress);
  2. factory.Credentials.UserName.UserName = "myUser";
  3. factory.Credentials.UserName.Password = "myPassword";
  4.  
  5. IService proxy = factory.CreateChannel();
  6.  
  7. proxy.Do();
  8.  
  9. ((ICommunicationObject)proxy).Close();

Configuration

Following is the CustomBinding which enables this scenario -

Code Snippet
  1. SecurityBindingElement securityElement = SecurityBindingElement.CreateUserNameOverTransportBindingElement();
  2. ((TransportSecurityBindingElement)securityElement).AllowInsecureTransport = true;
  3.  
  4. _serviceBinding = new CustomBinding(new BindingElement[] {
  5.     securityElement,
  6.     new BinaryMessageEncodingBindingElement(),
  7.     new TcpTransportBindingElement()
  8. });

Feel free to download the source code and see that in action.

Posted Sunday, November 07, 2010 1:41 PM by Amir Zuker | 4 comment(s)

תגים:,