Alik Levin's : Architecture

Architects UG: 16 Case Studies of ASP.NET Web Performance

alikl — Tue, 23 Jun 2009 22:38:44 GMT

Below is a slide deck for the talk I gave today on Architect UG. The presentation focused on 16 case studies of performance that is less than optimal. The session is focused on baking performance engineering into the development lifecycle.

Each case study has a link to the detailed walkthrough and relevant resources on how to improve performance.

Enjoy

High Level Digest On Windows Azure Services Platform

alikl — Mon, 01 Jun 2009 09:52:12 GMT

I was reading a white paper called An Introduction to Microsoft .NET Services for Developers while taking few quick notes. The notes might be beneficial to those who wants to quickly get an idea what Windows Azure is. Here is what I have captured:

Azure – Windows in the cloud, software and data stored and running in Microsoft owned data servers.
.Net Services platform consists of the following building blocks:

Windows Azure:

Hosted in MS data centers.
Allows creating deploying, scaling, managing, distributing application and services in Internet.

Business benefits - shields you from costs related to

Provisioning,
Configuring,
…and Managing physical servers and the software running on them

Windows® Azure storage services are designed to be very simple and highly scalable:

BLOB storage, queue storage, and simple table storage,
but it doesn’t provide the capabilities of a relational database (Microsoft® SQL Services does offer all these)

Microsoft® .NET Services

.NET developer-oriented services and a software development kit (SDK) for building .NET applications to run in the cloud.
Based on industry standard protocols - REST, SOAP, and WS-*

Microsoft® SQL Services

Set of data-oriented services designed to extend the capabilities SQL Server into the cloud.
Microsoft® SQL Data Services (SDS), which offers full relational database capabilities.

Live Services provides a set of user-centric services focused primarily on social applications and experiences:

Mesh Services
Identity Services
Directory Services
User-Data Storage Services
Communication and Presence Services
Search Services, and Geospatial Services
Embraces REST, Atom, and AtomPub

Domain-specific service offerings

Microsoft® SharePoint Services
Microsoft® Dynamics CRM Services

Using Windows Azure:

Register at www.azure.com
Download SDK

Microsoft Certified Architect (MCA) - Preparing Your Competency Document Video Distilled

alikl — Wed, 27 May 2009 18:56:00 GMT

Preparing Your Competency Document video goes briefly about the documents the you should submit as a candidate for Microsoft Certified Architect (MCA) program. Below are the notes I have take while watching the video.

Technical depth has least weight
MCA is technology agnostic program.
Architect needs to have technical depth in some area of his choice.
Architect needs to have the broad knowledge of the existing technologies on the market.
Architect must be able to answer the question “Are you able to invest the budget smart?”
The documents should reflect you are familiar with organization dynamics – crisis, politics, dealing with tension, etc.
Reflect on your role as a leader – what was the impact of your work? How many followed you?
Reflect on how you build your succession.
Reflect on your mentoring strategies and how many you mentored.
Reflect on your communication skills – you are tested for it during the presentation, when reading your docs, and during open question part.
Reflect on how you communicate with peers and people inside you projects.
Reflect on methodologies you used to organize the project.
Show you are able to communicate in common language – do not reinvent the toolbox to each project.
Reflect on your strategy skills– strategic decision making, strategic thinking, being able make decision, shape decision, suggest decision to leadership based on trends in industry.

Resources

Microsoft Certified Architect (MCA) - Preparing For The Review Board Interview Video Distilled

alikl — Tue, 26 May 2009 21:51:00 GMT

Review board interview is the critical part of the MCA certification program. It is discussed in the Preparing for the Review Board Interview video. Below are the notes I have taken when I watched the video.

Key to success is no different of any other interview.
Before interview you should make yourself very familiar with the documents you submitted (resume, case study, presentation, skills template, etc).
You should be well prepared for presentation.
Ensure presentation compliments the submitted materials/documents.
Practice the presentation.
Familiarize with competencies – show you mastered it.
The interview conducted by 7 people – practice and rehearse with friend, instruct them to make it hard for you, not harsh but be a tough crowd.
Ask to provide feedback.
When you asked a question you do not know the answer – say you do not know it, do not try to make up the answer, chances one of the board members knows it well and you might only make it worse.
Ask clarifying questions.
Do not ramble – time is precious.
Relax – watch the videos, should not be anything new to you.

Resources

Microsoft Certified Architect (MCA) Review Board Interview Video Distilled

alikl — Mon, 25 May 2009 18:55:00 GMT

I was watching MCA Review Board Interview video as part of my preparation to the MCA program. Following are the notes I have taken while watching the video:

Review process conducted quarterly.
The board of 7 members reviews 13 candidates during a week.
3 hours per candidate
The process:
- 10 minutes for set up.
- Introductions.
- 30 minutes presentation to the board.
- Candidate shows the 7 skills throughout the presentation.
- During 30 minutes of the presentation it is candidate’s prime time, only interrupted for clarifying. Generally no interruptions.
- Show 7 competencies.
- 10 minutes for each member of the board to ask questions.
- Precision technique questions methods – expect to be cut off.
- 5 minutes break – candidate leave the room – the board discusses what they saw and what they did not.
- 10 minutes Q&A – wide open questions.
- 5 minutes for closing remarks – candidate may say thanks or add whatever he likes.
- Done
Members go through process of determining whether the candidate deserves MCA – thumbs up/down, giving each competencies “does not meet”, “meets” or “exceeds” mark.
The board shares general impressions and notes taken during 2 hours review process.
The board makes recommendations – provide feedback to the candidate where he can improve.
Final vote, thumbs up/down.
3 members must give thumbs up to achieve the MCA certification.
The candidate should expect an email after two weeks with the decision on his performance during the review.

Resources

Hollywood's Project Management System

alikl — Fri, 01 May 2009 10:51:21 GMT

What if I tell you there is a project management system that works? By "works" I mean it helps completing projects on time, on budget, on spec. No more 2% slip. Think such system does not exist? It does exist in Hollywood. Not in the movies. The system is wide spread across major film studios. In his book, Hollywood Secrets of Project Management Success, James R. Persse covers Hollywood's approach to successful project management. The main ingredients are:

Consistency. "Consistency of vision, a common agreement, reached through communications and reviews, regarding the purpose, scope, and tone of the project".
Predictability. "The system defines a present work flow that can be mapped out, planned, and followed, thereby ensuring that essential work phases are not skipped and critical milestones are not missed or ignored."
Accountability. "Slipping 10 percent over budget is a $6 million slip, so it's helpful to know who did the slipping and why. The system, build accountability into every phase of production. The production system pays very close attention to job descriptions."
Communications. "… it promotes communications – both informal, casual communications and formal binding communication. Producing, at its heart, is a communications job."
Trackability. "… the system promotes regular and deep-reaching measures of progress. This process tracking begins on day 1 and does not end until the lid of the can of the final cut is taped shut."

Hmm... seems nothing revolutionary to me. If so, then why IT projects always slip? They slip massively in all dimensions – scope, budget, time. May be because project management skills are not that valued? May be project manager (director) must be a super star for the whole project to be succesful? I cannot find another explanation to such phenomena. BTW, next time you finish watching a movie pay close attention to titles running in the end. Usually director of the movie comes before the movie star. Why is it so?

Persse cites Bill Fay, President of Production with Legendary Pictures, as he comments on the fact that IT projects often slip 100% in budget and time, - "That wouldn't fly in this business… no able producer or competent production team would ever allow project to drift so far off base."

Is you project manager a super star? Are you set to produce the next block buster?

Read Hollywood Secrets of Project Management Success to help you produce the next IT mega hit.

My related posts

- Is Your Project Going To Fail?

Understanding ASP.NET MVC Code (For Aspiring Architects) - #3

alikl — Mon, 06 Apr 2009 11:52:56 GMT

This post is a digest of the Understanding Models, Views, and Controllers (C#). It helps to quickly understand the generated code when creating ASP.NET MVC project in Visual Studio.

Resources

Understanding Models, Views, and Controllers (C#).

ASP.NET MVC Project in Visual Studio

Three folders created: Models, Views (ASPX pages sit here), Controllers
Urls are SEO friendly (/Home/About)
No direct correspondence between URL and the page.

Routing

Requests mapped to Controller's actions

ASP.NET Web Forms are content centric

ASP.NET MVC is logic centric

ASP.NET Routing maps request to action.

Routing is registered in Global.asax

Controllers

Controls user interaction (flow) with ASP.NET MVC application.
Derive from Controller class.
Exposes actions that can return ActionResult.
Any public method is action (WARNING: can be invoked freely via URL).
A controller should only contain the bare minimum of logic required to return the right view or redirect the user to another action (flow control).

Views

Create folders by Controllers names.
Create sub-folders to reflect views that Controller handles.
View is ASPX page that inherits from System.Web.Mvc.ViewPage
View should contain only logic related to generating the user interface.

Models

An MVC model contains all of your application logic that is not contained in a view or a controller.

Related Materials

This post is made with PracticeThis.com plugin for Windows Live Writer

How ASP.NET MVC Works (For Aspiring Architects) - #2

alikl — Thu, 02 Apr 2009 11:05:39 GMT

This post briefly describes ASP.NET MVC request processing model. It is digested and based on Understanding the MVC Application Execution Process (MSDN)

Resources

ASP.NET MVC Execution Process

Stage	Details
Receive first request for the application	In the Global.asax file, Route objects are added to the RouteTable object. void Application_Start(object sender, EventArgs e) { RegisterRoutes(RouteTable.Routes); } public static void RegisterRoutes(RouteCollection routes) { routes.Add(new Route ( "Category/{action}/{categoryName}" , new CategoryRouteHandler() )); }
Perform routing	The UrlRoutingModule module uses the first matching Route object in the RouteTable collection to create the RouteData object, which it then uses to create a RequestContext object.
Create MVC request handler	The MvcRouteHandler object creates an instance of the MvcHandler class and passes the RequestContext instance to the handler.
Create controller	The MvcHandler object uses the RequestContext instance to identify the IControllerFactory object (typically an instance of the DefaultControllerFactory class) to create the controller instance with.
Execute controller	The MvcHandler instance calls the controller's Execute method.
Invoke action	For controllers that inherit from the ControllerBase class, the ControllerActionInvoker object that is associated with the controller determines which action method of the controller class to call, and then calls that method.
Execute result	The action method receives user input, prepares the appropriate response data, and then executes the result by returning a result type. The built-in result types that can be executed include the following: ViewResult (which renders a view and is the most-often used result type), RedirectToRouteResult, RedirectResult, ContentResult, JsonResult, FileResult, and EmptyResult.

Related Materials

This post is made with PracticeThis.com plugin for Windows Live Writer

ASP.NET MVC For Aspiring Architects - #1

alikl — Tue, 31 Mar 2009 10:37:57 GMT

Is ASP.NET MVC more than just new cool technology? What advantages it brings over ASP.NET Web Forms? When should I use ASP.NET MVC and when ASP.NET Web Forms? How do I MVC this and MVC that?

Resources

This the first post in series of posts that should help me as an architect to answer these questions. It is based on and digested from ASP.NET MVC Overview.

ASP.NET MVC Overview

The Model-View-Controller (MVC) architectural pattern separates an application into three main components: the model, the view, and the controller.

Models. Model objects are the parts of the application that implement the logic for the application's data domain.

Views. Views are the components that display the application's user interface (UI).

Controllers. Controllers are the components that handle user interaction, work with the model, and ultimately select a view to render that displays UI.

Advantages of an MVC-Based Web Application

It makes it easier to manage complexity by dividing an application into the model, the view, and the controller.
It does not use view state or server-based forms.
It uses a Front Controller pattern that processes Web application requests through a single controller.
It provides better support for test-driven development (TDD).
It works well for Web applications that are supported by large teams of developers and Web designers who need a high degree of control over the application behavior.

Advantages of a Web Forms-Based Web Application

It supports an event model that preserves state over HTTP, which benefits line-of-business Web application development.
It uses a Page Controller pattern that adds functionality to individual pages.
It uses view state or server-based forms.
It works well for small teams of Web developers and designers who want to take advantage of the large number of components available for rapid application development.
In general, it is less complex for application development, because the components (the Page class, controls, and so on) are tightly integrated and usually require less code than the MVC model.

Related Materials

This post is made with PracticeThis.com plugin for Windows Live Writer

ASP.NET Security Architecture Cheat Sheet For Very Busy Architects

alikl — Thu, 19 Mar 2009 12:20:30 GMT

You are an architect. You are sitting in your fancy office thinking about cloud computing and about the higher ground stuff. Suddenly the phone rings, it's your current project manager. "Quick! Come over here, we have a meeting with security department, they have tons of questions and I do not have a clue what they want from me! Our project must ship on time,

by erik ERXON

we cannot afford postponing it anymore. It's your show time, dude, Save me!" - ...."Ehm... OK... I am coming...". You hang up the phone, scratch your head and... take the below cheat sheet with you on your way to the meeting.

Application Security Meeting

From my experience application security meetings are usually hard to manage since the participants do not share common language. Security guys come from infrastructure background and developers usually ... just hate security. There is a communication gap that results in antagonism prolonging the problem instead of solving it. There is the need for common language that everyone understands. The cheat sheet below helped me many times to establish the common ground for fruitful discussion. It is based on JD Meier's epic works:

Have fun.

The Cheat Sheet

Architecture and Design Issues for Web Applications

Building Secure Assemblies

The main threats are:

Unauthorized access or privilege elevation, or both
Code injection
Information disclosure
Tampering

Building Secure ASP.NET Pages and Controls

The main threats are:

Code injection
Session hijacking
Identity spoofing
Parameter manipulation
Network eavesdropping
Information disclosure

Building Secure Serviced Components

The main threats are:

Network eavesdropping
Unauthorized access
Unconstrained delegation
Disclosure of configuration data
Repudiation

Building Secure Web Services

The main threats are:

Unauthorized access
Parameter manipulation
Network eavesdropping
Disclosure of configuration data
Message replay

Building Secure Remoted Components

The main threats are:

Unauthorized access
Network eavesdropping
Parameter manipulation
Serialization

Building Secure Data Access

The main threats are:

SQL injection
Disclosure of configuration data
Disclosure of sensitive application data
Disclosure of database schema and connection details
Unauthorized access
Network eavesdropping

Complimentary questionnaire

Identify threats

Identify vulnerabilities

Common Vulnerabilities

Authentication

· How could an attacker spoof identity?

· How could an attacker gain access to the credential store?

· How could an attacker mount a dictionary attack? How are your user's credentials stored and what password policies are enforced?

· How can an attacker modify, intercept, or bypass your user's credential reset mechanism?

· Are user names and passwords sent in clear text over an unprotected channel? Is any ad hoc cryptography used for sensitive information?

· Are credentials stored? If they are stored, how are they stored and protected?

· Do you enforce strong passwords? What other password policies are enforced?

· How are credentials verified?

· How is the authenticated user identified after the initial logon?

· Passing authentication credentials or authentication cookies over unencrypted network links, which can lead to credential capture or session hijacking

· Using weak password and account policies, which can lead to unauthorized access

· Mixing personalization with authentication

Authorization

· How could an attacker influence authorization checks to gain access to privileged operations?

· How could an attacker elevate privileges?

· What access controls are used at the entry points of the application?

· Does your application use roles? If it uses roles, are they sufficiently granular for access control and auditing purposes?

· Does your authorization code fail securely and grant access only upon successful confirmation of credentials?

· Do you restrict access to system resources?

· Do you restrict database access?

· How is authorization enforced at the database?

· Using over-privileged roles and accounts

· Failing to provide sufficient role granularity

· Failing to restrict system resources to particular application identities

Input and Data Validation

· How could an attacker inject SQL commands?

· How could an attacker perform a cross-site scripting attack?

· How could an attacker bypass input validation?

· How could an attacker send invalid input to influence security logic on the server?

· How could an attacker send malformed input to crash the application?

· Is all input data validated?

· Do you validate for length, range, format, and type?

· Do you rely on client-side validation?

· Could an attacker inject commands or malicious data into the application?

· Do you trust data you write out to Web pages, or do you need to HTML-encode it to help prevent cross-site scripting attacks?

· Do you validate input before using it in SQL statements to help prevent SQL injection?

· Is data validated at the recipient entry point as it is passed between separate trust boundaries?

· Can you trust data in the database?

· Do you accept input file names, URLs, or user names? Have you addressed canonicalization issues?

· Relying exclusively on client-side validation

· Using a deny approach instead of allow for filtering input

· Writing data you did not validate out to Web pages

· Using input you did not validate to generate SQL queries

· Using insecure data access coding techniques, which can increase the threat posed by SQL injection

· Using input file names, URLs, or user names for security decisions

Configuration Management

· How could an attacker gain access to administration functionality?

· How could an attacker gain access to your application's configuration data?

· How do you protect remote administration interfaces?

· Do you protect configuration stores?

· Do you encrypt sensitive configuration data?

· Do you separate administrator privileges?

· Do you use least privileged process and service accounts?

· Storing configuration secrets, such as connection strings and service account credentials, in clear text

· Failing to protect the configuration management aspects of your application, including administration interfaces

· Using over-privileged process accounts and service accounts

Sensitive Data

· Where and how does your application store sensitive data?

· When and where is sensitive data passed across a network?

· How could an attacker view sensitive data?

· How could an attacker manipulate sensitive data?

· Do you store secrets in persistent stores?

· How do you store sensitive data?

· Do you store secrets in memory?

· Do you pass sensitive data over the network?

· Do you log sensitive data?

· Storing secrets when you do not need to store them

· Storing secrets in code

· Storing secrets in clear text

· Passing sensitive data in clear text over networks

Session Management

· Do you use a custom encryption algorithm, and do you trust the algorithm?

· How could an attacker hijack a session?

· How could an attacker view or manipulate another user's session state?

· How are session cookies generated?

· How are session identifiers exchanged?

· How is session state protected as it crosses the network?

· How is session state protected to prevent session hijacking?

· How is the session state store protected?

· Do you restrict session lifetime?

· How does the application authenticate with the session store?

· Are credentials passed over the network and are they maintained by the application? If they are, how are they protected?

· Passing session identifiers over unencrypted channels

· Prolonged session lifetime

· Insecure session state stores

· Session identifiers in query strings

Cryptography

· What would it take for an attacker to crack your encryption?

· How could an attacker obtain access to encryption keys?

· Which cryptographic standards are you using? What, if any, are the known attacks on these standards?

· Are you creating your own cryptography?

· How does your deployment topology potentially impact your choice of encryption methods?

· What algorithms and cryptographic techniques are used?

· Do you use custom encryption algorithms?

· Why do you use particular algorithms?

· How long are encryption keys, and how are they protected?

· How often are keys recycled?

· How are encryption keys distributed?

· Using custom cryptography

· Using the wrong algorithm or a key size that is too small

· Failing to protect encryption keys

· Using the same key for a prolonged period of time

Parameter Manipulation

· How could an attacker manipulate parameters to influence security logic on the server?

· How could an attacker manipulate sensitive parameter data?

· Do you validate all input parameters?

· Do you validate all parameters in form fields, view state, cookie data, and HTTP headers?

· Do you pass sensitive data in parameters?

· Does the application detect tampered parameters?

· Failing to validate all input parameters. This makes your application susceptible to denial of service attacks and code injection attacks, including SQL injection and XSS.

· Including sensitive data in unencrypted cookies. Cookie data can be changed at the client or it can be captured and changed as it is passed over the network.

· Including sensitive data in query strings and form fields. Query strings and form fields are easily changed on the client.

· Trusting HTTP header information. This information is easily changed on the client.

Exception Management

· How could an attacker crash the application?

· How could an attacker gain useful exception details?

· How does the application handle error conditions?

· Are exceptions ever allowed to propagate back to the client?

· What type of data is included in exception messages?

· Do you reveal too much information to the client?

· Where do you log exception details? Are the log files secure?

· Failing to validate all input parameters

· Revealing too much information to the client

Auditing and Logging

· How could an attacker cover his or her tracks?

· How can you prove that an attacker (or legitimate user) performed specific actions?

· Have you identified key activities to audit?

· Does your application audit activity across all layers and servers?

· How are log files protected?

· Failing to audit failed logons

· Failing to protect audit files

· Failing to audit across application layers and servers

Related Materials

This post is made with PracticeThis.com plugin for Windows Live Writer

Distributed Architecture Drawbacks Revealed By Netmon(Bonus - TDS Parser Goes Public)

alikl — Fri, 13 Mar 2009 12:02:49 GMT

Distributed architecture can mercilessly backfire at you. In my case flexible architecture, elegant design patterns, and smart code led to abuse of the flexibility, resulting in very poor performance. Free Microsoft Network Monitor (Netmon) helped to identify the root cause of the

by striatic

performance hit. It showed that over-distributed-ness can cost you in terms of performance.

Customer Case Study

The customer complained about poor response times in his web application. The application's architecture was similar to the Web Application Archetype. Notice Services Agent box that connects your application to downstream services? Our assumption was that the services agents are too chatty causing the performance hit. Netmon only made it clear.

Analysis

We took captures on the application server where the Server Agents are to identify what other downstream servers are accessed. In no time we get very clear picture - the application server was accessing other three downstream resources:

There are two well known ports - 443 and 1433 - so we could safely assume there is communication over SSL/HTTPS and SQL Server. The other one - 1414 - turned out to be MQ.

Next step was to identify which one of the conversations is causing us troubles the most - either by chatty communication or by just long running transaction.

Looking at Time Delta column for HTTPS stateless communications we found nothing exciting regarding the latency:

For MQ communications we used magic ContainsBin(FrameData, 0,"StringToFindGoesHere") to identify XML messages going back and forth over MQ transport. For example, to find the beginning of the XML message we used the following filter:

Similar technique was used to correlate request and response XML messages.

To identify SQL communication we used shiny new TDS parser available for free download on Codeplex - SQL Parser in Latest CodePlex Package. I particularly like this one, it shows SQL Server communication without using SQL Server Profiler:

Conclusion

Lessons learned:

Distributed Architecture can mercilessly backfire at you by its distributed-ness. Use Distributed architecture to solve problems vs introducing new ones.
Elegant and flexible design can be abused resulting in poor performance. Review code to avoid the abuse.
Low level network monitoring tools such as Netmon can quickly reveal over-distributed-ness. Use it! It is free.

Related Materials

This post is made with PracticeThis.com plugin for Windows Live Writer

Why My ASP.NET Application's Performance Is Less Than Optimal?

alikl — Fri, 06 Mar 2009 11:01:39 GMT

From my recent engagements I collected few performance anti-patterns that make ASP.NET web application to perform the way that is less than optimal. Many related to architecture and design.
Below is the list of the anti-patterns and related materials on how to identify, analyze, and fix it.
Have fun - if you feel like sharing your own experiences - that would rock my world!

by striatic

Why My ASP.NET Application Slow?

Improper HTML Rendering
- ASP.NET Performance Sin - Serving Images Dynamically (Or Another Reason To Love Fiddler)
- Improve Web Application Performance By Reducing Number Of Http Requests - Fiddler To The Rescue
Large data volumes sent over the wire
- Identify ASP.NET, Web Services, And WCF Performance Issues By Examining IIS Logs
Complex algorithms, casting, serialization costs
- Best ASP.NET Performance Winner For Data Binding - Hands Up To Response.Write ()
Chatty database access
- Performance Sin - Chatty Database Access And Loops (Plus Another Free Performance Tool)
Session overuse – blows your RAM causing working process recycles

Identifying Memory Leak With Process Explorer And Windbg

Long running operations – locking on worker threads (threadpool)
Synchronous communications w/downstream resources (web services, databases)
- Improve ASP.NET 2.0 Performance With PageAsyncTask - Multithreading For The Masses
Locking files (notice the low CPU in the picture below - this is where the application is locked with teh following excetion)
- Exception message: The process cannot access the file 'c:\inetpub\wwwroot\webapp\my.log' because it is being used by another process.

Serialization
- Best ASP.NET Performance Winner For Data Binding - Hands Up To Response.Write ()
Dynamic compilation
- ASP.NET Performance: Dynamically Loaded Assemblies Cause Application Recycles (Problem and Solution)
ViewState
- How To Keep ASP.NET ViewState On The Server – Revised
- Improve ASP.NET Performance By Disabling ViewState And Setting Session As ReadOnly
Chatty resources access
- Performance Sin - Chatty Database Access And Loops (Plus Another Free Performance Tool)

This post is made with PracticeThis.com plugin for Windows Live Writer

Silverlight - Browser Cache And Performance Optimization

alikl — Fri, 27 Feb 2009 12:23:28 GMT

I was recently involved in the discussion about how Silverlight application is handled by the browser regarding browser cache. After quick research I have found two great articles by Dino Esposito that contain good explanation of the topic and also offers more caching solutions for improving the performance of pages that host Silverlight application

by emdot

Managing Dynamic Content Delivery In Silverlight, Part 1 – January 2009

"The XAP package that you get from the Web server has no special meaning to the browser. The browser, therefore, will cache it as it caches anything else it gets from a Web server, adhering to the request cache policies determined by the cache-control and "expires" HTTP header in the request or similar meta tags in the host HTML page.

A XAP package contains a manifest and one or more assemblies. One of the assemblies contains the entry point of the application; other assemblies are just referenced assemblies. The XAML for the user interface is stored in the resources of the entry point assembly. A XAP package is created by the Visual Studio 2008 extension for Silverlight 2 when you create and build the project."

Managing Dynamic Content Delivery In Silverlight, Part 2 – February 2009

"Caching the XAP package doesn't mean caching individual resources such as DLLs, XAML animations, or multimedia content. In the current implementation, resources are extracted from the XAP package every time they are used."

Related Materials

This post is made with PracticeThis.com plugin for Windows Live Writer

Solution Architect Competencies - Part I

alikl — Mon, 23 Feb 2009 19:57:47 GMT

Now that I know what Solutions Architecture Foundations are and what the Solution Architect And Enterprise Architect Do it's time to learn what competencies the Solution Architect must possess in order to build solid solution architectures. I found it in Solution Architect Competencies that includes (but not limited to) these:

Leadership (covered here)
Communication (covered here)
Organizational dynamics (covered here)
Strategy
Process and tactics
Technology breadth
Technology depth

by aloshbennett

In this post I am mixing the content from the resources on MSDN with my own take on each competency expressed by links to my original posts on www.PracticeThis.com.

Leadership

From Lesson 3: Leadership:

Leaders and Managers: Leadership is managing yourself and leading others. Managers do and leaders guide, even when they don't have power. A solutions architect must not advocate or tolerate “Technology for technology’s sake.” Technical leadership means getting all team members to align their actions with the needs of the project.

Leadership Models:

Situational Leadership – advocates adaptive leadership based on the situation at hand.
Servant Leadership – This leadership approach is one of stewardship.
Thought Leadership – this leadership approach is one of education.

Ask thought-provoking questions that result in actionable technological patterns or solutions.
- What’s The Powerful Skill Of All? Is It Asking The Right Questions?
Actively mentor others.
Provide thought leadership by enabling others to see things from a different and better perspective.
Influence decision makers.
Champion structure, process, best practices, and standards.
Promote the capture and reuse of intellectual capital.
Effectively build individual partnerships and organizational networks.
- Emotional Intelligence - Core Skills
- Emotional Intelligence - Higher Order Skills

Communication

From Lesson 1: Listening and Communication:

What’s important is that you remain open to surprise: Recognize that other people have information or opinions that will be different than your own, but will enhance the value of your outcomes.

Self Awareness: Recognize your own style or type and how it can affect your listening style, assumptions, and ability to achieve empathy.
Be Aware of Others: Each person has a different personality. This leads to differences in how each of us best understands and communicates.
Ask Open-Ended Questions: Questions like: "Tell me about...?" "What do you do when…?” and "What do you think about...?" get people talking.
Make Connections: Coordinate efforts with work partners to get their help in understanding.
Make Time to Listen: Make certain that your conversations are dialogues, not monologues
Set the pace: In meetings, encourage team members to "check in" by repeating in their own words, summarize, and clarify.
Close the Loop: Follow up your meetings with written notes to the audience.

Effective listener and astute observer.
Communicate effectively and persuasively to different audiences.
Effectively mediate and manage conflict
- How To Resolve Conflict Calmly
- Emotional Intelligence - Core Skills
Document designs and specifications that follow company practices.
Communicate needs as well as deployment and operations standards to infrastructure architects
Effectively facilitate meetings
- Avoid Meetings At Any Cost, Or At Least Get Most Of It
Possess good presentation skills
- TechEd 2007 Barcelona - Web Application Security Session Sum Up

Organizational dynamics

Understand organizational structures, relationships, and influencers
- Consultant Arrives To Base Camp
Adeptly maneuver through politically charged organizational situations
- Consultant Besieges Wèi To Rescue Zhào
- Consultant Deceive The Heavens To Cross The Ocean. And Wins.
Effectively build organizational partnerships and networks
- Become The Next Great Mind - Now
- Consultant "Kills" With A Borrowed Knife
Build relationships with other architects and project stakeholders
- http://www.iasahome.org
Possess an awareness of the internal legal organization and ensure that legal guidelines are met.
- Regulatory Compliance Demystified: An Introduction to Compliance for Developers
Exhibit comfort with conflict and thrive in situations that require negotiation and compromise

Got resources of your own? Please share!

Related Materials

This post is made with PracticeThis.com plugin for Windows Live Writer

Solutions Architecture Foundations Hub

alikl — Thu, 19 Feb 2009 00:27:07 GMT

Now I know how the Solution Architect looks like and what he does (and what he does not do) - What Do Solution Architect And Enterprise Architect Do?

Next thing for me to have some clear picture about how the solution architecture looks or better off - what the solution architecture foundations are.

by Esparta

The Solution Foundations - Topics and Resources

Partially based on Foundations of Solutions Architecture:

Related Materials

This post is made with PracticeThis.com plugin for Windows Live Writer