J.D. Meier's Blog

Software Engineering, Project Management, and Effectiveness

October, 2008

  • J.D. Meier's Blog

    New Release: Distributed Agile Development at Microsoft patterns & practices


    Distributed Agile Development at Microsoft patterns & practices (PDF) is now available.

    Distributed development is a fact of life for many teams. Unfortunately most agile methodologies or approaches assume that the team is located in a single team room. Until recently there has been little guidance about how to apply these approaches with a geographically dispersed team.   Microsoft’s patterns & practices group has been following an agile, distributed development approach for the past five years. During this time teams within the group have experimented extensively with different approaches to best address the challenges of distributed agile development. This paper outlines the challenges faced by geographically distributed agile teams and details some proven practices to address these issues and build successful distributed teams.

    Contents at a Glance

    • Introduction
    • Why Colocate?
    • The Reality of Distributed Teams
    • Distributed Teams at patterns & practices
    • Challenges
    • Proven Practices
    • Focus on Communication
    • Plan to Travel
    • Team Distribution
    • Focus on Coaching the Team
    • Distribution of Work
    • Build the Team Over Time
    • Provide the Right Tools
    • Conclusions
    • Acknowledgements
    • About the Author

    Key Links

  • J.D. Meier's Blog

    New Release: patterns & practices Acceptance Test Engineering Guide (BETA1)


    patterns & practices Acceptance Test Engineering (Beta 1) is now available.

    Key Scenarios

    Here’s the key scenarios the guide addresses:

    • How to Plan for Acceptance Testing
    • What Kinds of Acceptance Tests to Run
    • How to Create and Run Acceptance Tests
    • Defining What “Done” Means
    • How to Justify Your Approach

    How The Guide is Organized
    The guide is organized in 3 parts:

    • PART I – THINKING MODELS: an overview of acceptance testing and explains several models that are useful in conceptual thinking about acceptance testing.
    • PART II – THUMBNAILS: a thumbnail is a short overview of a practice that explains what it is, when you may want to use it, the risks that it mitigates, and an overview of how to perform the practice.
    • PART III – SAMPLES: a collection of sample artifacts generated by applying different practices in a fictional real-world situation for Global Bank.

    Key Links

  • J.D. Meier's Blog

    New Release: Unity Application Block


    Unity Application Block 1.2 is now available.

    What's New

    • Added an interception mechanism (extension) and integration of the Policy Injection Application Block with the Unity Application Block.
    • Added two instance interceptors (TransparentProxyInterceptor, InterfaceInterceptor) and one type interceptor (VirtualMethodInterceptor).
    • Improved support for generics.
    • Added support for arrays.
    • Registered names are now available as an ObjectBuilder policy so that you can do a ResolveAll from within the strategy chain. The container automatically registers itself with itself.
    • Added PerThreadLifeTimeManager.
    • Bug fixes.
    • Performance improvements.

    Key Features
    The Unity Application Block (Unity) is a lightweight, extensible dependency injection container. It facilitates building loosely coupled applications and provides developers with the following advantages:

    • Simplified object creation, especially for hierarchical object structures and dependencies
    • Abstraction of requirements; this allows developers to specify dependencies at run time or in configuration and simplify management of crosscutting concerns
    • Increased flexibility by deferring component configuration to the container
    • Service location capability; this allows clients to store or cache the container
    • Instance and type interception (via an extension introduced in this release)

    Key Links

  • J.D. Meier's Blog

    New Release: Enterprise Library 4.1


    Enterprise Library 4.1 is now available.

    What's New?

    • Unity interception mechanism and integration of the Policy Injection Application Block with the Unity Application Block
    • Added support for generics in the Unity Application Block
      Added support for arrays in the Unity Application Block
    • Performance improvements
    • Usability improvements to the configuration tool
    • Visual Studio 2008 Service Pack 1 support
    • Bug fixes

    Key Features

    What Is Enterprise Library?
    Enterprise Library is a collection of reusable software components (application blocks) designed to assist software developers with common enterprise development challenges (such as logging, validation, caching, exception handling, and many others). Application blocks are a type of guidance encapsulating Microsoft recommended development practices; they are provided as source code, tests plus documentation that can be used "as is," extended, or modified by developers to use on complex, enterprise-level line-of-business development projects.

    Key Links

  • J.D. Meier's Blog

    3 Great Results for Today


    What are 3 great results for today?  That's the question I ask to bootstrap my day.  As simple as it sounds, I find it's the most effective way to cut through the fog each day.  There's a lot of things I can do and there's lots of activities I'll be doing, but what are 3 great outcomes for today.  That's it.

    This is an example of my 3 great results for this past Monday:

    1. Ship Beta 1 of App Arch
    2. Beta 1 Post for App Arch
    3. Draft of Designing Your Architecture

    Great is relative.

    Why 3 things?  It forces me to prioritize among a sea of potential results.  Also, I can remember 3 things without writing them down, so throughout my day, I know what I'm working towards.   I can say it in the hall.

    If you manage endless to do lists and work on a bunch of stuff but don't actually get anything done, try focusing on 3 great results each day.  It works.

  • J.D. Meier's Blog

    New Release: patterns & practices App Arch Guide 2.0 Beta 1


    Today we released our patterns & practices App Arch Guide 2.0 Beta 1.  This is our guide to help solution architects and developers make the most of the Microsoft platform.  It's a distillation of many lessons learned.  It’s principle-based and pattern-oriented to provide a durable, evolvable backdrop for application architecture.  It's a collaborative effort among product team members, field, industry experts, MVPs, and customers.  Keep in mind it’s Beta so there’s still moving parts and we’re processing quite a bit of feedback across the guide.  Now’s the time to bang on it.

    5 Parts

    • Part I, “Fundamentals”
    • Part II, “Design”
    • Part III, “Layers”
    • Part IV, “Quality Attributes”
    • Part V, “Archetypes – Design and Patterns”


    • Chapter 1 - Fundamentals of Application Architecture
    • Chapter 2 - .NET Platform Overview
    • Chapter 3 - Application Archetypes
    • Chapter 4 - Deployment Patterns
    • Chapter 5 - Arch Styles
    • Chapter 6 - Quality Attributes
    • Chapter 7 - Layers and Tiers
    • Chapter 8 - Designing Your Architecture
    • Chapter 9 - Architecture and Design Guidelines
    • Chapter 10 - Designing Services
    • Chapter 11 - Communication Guidelines 
    • Chapter 12 - Presentation Layer Guidelines
    • Chapter 13 - Business Layer Guidelines
    • Chapter 14 - Data Access Layer Guidelines
    • Chapter 15 - Service Layer Guidelines
    • Chapter 16 - Performance Engineering
    • Chapter 17 - Security Engineering
    • Chapter 18 - Mobile Application
    • Chapter 19 - Office Business Application (OBA)
    • Chapter 20 - Rich Client Application
    • Chapter 21 - Rich Internet Application (RIA)
    • Chapter 22 - Service Archetype
    • Chapter 23 - SharePoint LOB Application
    • Chapter 24 - Web Application

    Key Scenarios
    The guide helps you address the following scenarios:

    • Choose the right architecture for your application.
    • Choose the right technologies
    • Make more effective choices for key engineering decisions.
    • Map appropriate strategies and patterns.
    • Map relevant patterns & practices solution assets.

    Key Features

    • Canonical app frame - describes at a meta-level, the tiers and layers that an architect should consider. Each tier/layer is described in terms of its focus, function, capabilities, common design patterns and technologies.
    • App Types.  Canonical application archetypes to illustrate common application types.  Each archetype is described in terms of the target scenarios, technologies, patterns and infrastructure it contains. Each archetype will be mapped to the canonical app frame. They are illustrative of common app types and not comprehensive or definitive.
    • Arch Frame - a common set of categories for hot spots for key engineering decisions.
    • Quality Attributes - a set of qualities/abilities that shape your application architecture: performance, security, scalability, manageability, deployment, communication, etc.
    • Principles, patterns and practices - Using the frames as backdrops, the guide overlays relevant principles, patterns, and practices.
    • Technologies and capabilities - a description/overview of the Microsoft custom app dev platform and the main technologies and capabilities within it.

    Conceptual Framework
    At a high level, the guide is based on the following conceptual framework for application architecture:


    Reference Application Architecture
    We used the following reference application architecture as a backdrop for explaining how to design effective layers and components:


    Key Links

    Core Dev Team

    • J.D. Meier , Alex Homer, David Hill, Jason Taylor, Prashant Bansode , Lonnie Wall, Rob Boucher, Akshay Bogawat
    Contributors / Reviewers
    • Test team: Rohit Sharma, Praveen Rangarajan
    • Edit team: Dennis Rea.
    • External Contributors/Reviewers. Adwait Ullal; Andy Eunson; Christian Weyer; David Guimbellot; David Weller; Derek Greer; Eduardo Jezierski; Evan Hoff; Gajapathi Kannan; Jeremy D. Miller; Kent Corley; Mark Baker; Paul Ballard; Norman Headlam; Ryan Plant; Sam Gentile; Udi Dahan
    • Microsoft Contributors / Reviewers. Ade Miller; Anoop Gupta; Bob Brumfield; Brad Abrams; Brian Cawelti; Bhushan Nene; Burley Kawasaki; Carl Perry; Chris Keyser; Chris Tavares; Clint Edmonson; David Hill; Denny Dayton; Diego Dagum; Dmitri Martynov; Dmitri Ossipov; Don Smith; Dragos Manolescu; Elisa Flasko; Eric Fleck; Erwin van der Valk; Faisal Mohamood; Francis Cheung; Gary Lewis; Glenn Block; Gregory Leake; Ilia Fortunov; J.R. Arredondo; John deVadoss; Joseph Hofstader; Koby Avital; Loke Uei Tan; Mehran Nikoo; Michael Puleio; Mike Walker; Mubarak Elamin; Nick Malik; Nobuyuki Akama; Ofer Ashkenazi; Pablo Castro; Pat Helland; Phil Haack; Reed Robison; Rob Tiffany; Ryno Rijnsburger; Scott Hanselman; Serena Yeoh; Srinath Vasireddy; Tom Hollander; Wojtek Kozaczynski

    My Related Posts

  • patterns & practices App Arch Guide 2.0 Project
  • App Arch Guide 2.0 Overview Slides
  • Abstract for Application Architecture Guide 2.0
  • App Arch Meta-Frame
  • App Types
  • Architecture Frame
  • App Arch Guidelines
  • Layers and Components
  • Key Software Trends
  • Cheat Sheet: patterns & practices Catalog at a Glance Posted to CodePlex
  • Cheat Sheet: patterns & practices Pattern Catalog Posted to CodePlex
  • J.D. Meier's Blog

    Cheat Sheet: patterns & practices Pattern Catalog Posted to CodePlex


    As part of our patterns & practices Application Architecture Guide 2.0 project, we've been hunting and gathering our patterns from across our patterns & practices catalog.  Here's an initial draft of our patterns & practices Patterns Catalog at a Glance:

    Pattern Catalog
    To collect the patterns, we first identified the key projects that focused on patterns:

    Next, we organized the patterns and summarized in tables.  You can browse the tables below to see which patterns are associated with which project.

    Composite Application Guidance for WPF

    Category Patterns
    Composite User Interface Patterns Adapter; Command; Composite and Composite View;
    Modularity Event Aggregator; Facade; Separated Interface and Plug In; Service Locator
    Testability Inversion of Control; Dependency Injection; Separated Presentation; Supervising Controller; Presentation Model

    Data Patterns

    Category Patterns
    Data Movement Patterns Data Replication; Master-Master Replication; Master-Slave Replication; Master-Master Row-Level Synchronization; Master-Slave Snapshot Replication; Capture Transaction Details; Master-Slave Transactional Incremental Replication; Master-Slave Cascading Replication
    Pattlets Maintain Data Copies; Application-Managed Data Copies; Extract-Transform-Load (ETL); Topologies for Data Copies

     Enterprise Solution Patterns

    Category Patterns
    Deployment Patterns Deployment Plan ; Layered Application; Three-Layered Services Application; Tiered Distribution; Three-Tiered Distribution
    Distributed Systems Broker; Data Transfer Object; Singleton
    Performance and Reliability Server Clustering; Load-Balanced Cluster; Failover Cluster
    Services Patterns Service Interface; Service Gateway
    Web Presentation Patterns Model-View-Controller; Page Controller; Front Controller; Intercepting Filter; Page Cache; Observer
    Pattlets Abstract Factory; Adapter; Application Controller; Application Server; Assembler; Bound Data Control; Bridge; Command(s); Decorator; Façade; Four-Tiered Distribution; Gateway; Layer Supertype; Layers; Mapper; Mediator; MonoState; Observer; Naming Service; Page Data Caching; Page Fragment Caching; Presentation-Abstraction-Controller; Remote Façade; Server Farm; Special Case; Strategy; Table Data Gateway; Table Module; Template Method

    Integration Patterns

    Category Patterns
    Integration Layer Entity Aggregation; Process Integration; Portal Integration.
    System Connections Data Integration; Function Integration; Service-Oriented Integration; Presentation Integration
    Additional Integration Patterns Pipes and Filters; Gateway

    Web Services Security Patterns

    Category Patterns
    Authentication Brokered Authentication; Brokered Authentication: Kerberos; Brokered Authentication: X509 PKI; Brokered Authentication: STS; Direct Authentication
    Authorization Protocol Transition with Constrained Delegation; Trusted Subsystem
    Exception Management Exception Shielding
    Message Encryption Data Confidentiality
    Message Replay Detection Message Replay Detection
    Message Signing Data Origin Authentication
    Message Validation Message Validator
    Deployment Perimeter Service Router

    Pattern Summaries
    The following pattern summaries are brief descriptions of each pattern, along with a link to the relevant MSDN pages.

    Composite Application Guidance for WPF


    • Service Locator. Create a service locator that contains references to the services and that encapsulates the logic to locate them. In your classes, use the service locator to obtain service instances.


    • Dependency Injection. Do not instantiate the dependencies explicitly in your class. Instead, declaratively express dependencies in your class definition. Use a Builder object to obtain valid instances of your object's dependencies and pass them to your object during the object's creation and/or initialization.
    • Inversion of Control. Delegate the function of selecting a concrete implementation type for the classes' dependencies to an external component or source.
    • Presentation Model. Separate the responsibilities for the visual display and the user interface state and behavior into different classes named, respectively, the view and the presentation model. The view class manages the controls on the user interface and the presentation model class acts as a façade on the model with UI-specific state and behavior, by encapsulating the access to the model and providing a public interface that is easy to consume from the view (for example, using data binding).
    • Separated Presentation. Separate the presentation logic from the business logic into different artifacts. The Separated Presentation pattern can be implemented in multiple ways such as Supervising Controller or Presentation Model, etc.
    • Supervising Controller. Separate the responsibilities for the visual display and the event handling behavior into different classes named, respectively, the view and the presenter. The view class manages the controls on the user interface and forwards user events to a presenter class. The presenter contains the logic to respond to the events, update the model (business logic and data of the application) and, in turn, manipulate the state of the view.

    Data Movement Patterns

    • Data Replication.  Build on the data movement building block as described in Move Copy of Data by adding refinements that are appropriate to replication.
    • Master-Master Replication. Copy data from the source to the target and detect and resolve any update conflicts that have occurred since the last replication (due to changes to the same data on the source and target). The solution consists of a two replication links between the source and the target in opposite directions. Both replication links transmit the same replication set in both directions). Such a pair of replication links is referred to as related links in the more detailed patterns.
    • Master-Slave Replication. Copy data from the source to the target without regard to updates that may have occurred to the replication set at the target since the last replication.
    • Master-Master Row-Level Synchronization. Create a pair of related replication links between the source and target. Additionally, create a synchronization controller to manage the synchronization and connect the links. This solution describes the function of one of these replication links. The other replication link behaves the same way, but in the opposite direction. To synchronize more than two copies of the replication set, create the appropriate replication link pair for each additional copy.
    • Master-Slave Snapshot Replication. Make a copy of the source replication set at a specific time (this is known as a snapshot), replicate it to the target, and overwrite the target data. In this way, any changes that may have occurred to the target replication set are replaced by the new source replication set.
    • Capture Transaction Details. Create additional database objects, such as triggers and (shadow) tables, and to record changes of all tables belonging to the replication set.
    • Master-Slave Transactional Incremental Replication. Acquire the information about committed transactions from the source and to replay the transactions in the correct sequence when they are written to the target.
    • Master-Slave Cascading Replication. Increase the number of replication links between the source and target by adding one or more intermediary targets between the original source and the end target databases. These intermediaries are data stores that take a replication set from the source, and thus act as a target in a first replication link. Then they act as sources to move the data to the next replication link and so on until they reach the cascade end targets (CETs).

    Enterprise Solution Patterns

    Deployment Patterns

    • Deployment Plan. Create a deployment plan that describes which tier each of the application's components will be deployed to. While assigning components to tiers, if it’s found that a tier is not a good match for a component, determine the cost and benefits of modifying the component to better work with the infrastructure, or modifying the infrastructure to better suit the component.
    • Layered Application. Separate the components of your solution into layers. The components in each layer should be cohesive and at roughly the same level of abstraction. Each layer should be loosely coupled to the layers underneath.
    • Three-Layered Services Application. Base your layered architecture on three layers: presentation, business, and data. This pattern presents an overview of the responsibilities of each layer and the components that compose each layer.
    • Tiered Distribution. Structure your servers and client computers into a set of physical tiers and distribute your application components appropriately to specific tiers.
    • Three-Tiered Distribution. Structure your application around three physical tiers: client, application, and database.

    Distributed Systems

    • Broker. Use the Broker pattern to hide the implementation details of remote service invocation by encapsulating them into a layer other than the business component itself.
    • Data Transfer Object. Create a data transfer object (DTO) that holds all data that is required for the remote call. Modify the remote method signature to accept the DTO as the single parameter and to return a single DTO parameter to the client. After the calling application receives the DTO and stores it as a local object, the application can make a series of individual procedure calls to the DTO without incurring the overhead of remote calls.
    • Singleton. Singleton provides a global, single instance by making the class create a single instance of itself, allowing other objects to access this instance through a globally accessible class method that returns a reference to the instance. Additionally declaring the class constructor as private so that no other object can create a new instance.

    Performance and Reliability

    • Server Clustering. Design your application infrastructure so that your servers appear to users and applications as virtual unified computing resources. One means by which to achieve this virtualization is by using a server cluster. A server cluster is the combination of two or more servers that are interconnected to appear as one, thus creating a virtual resource that enhances availability, scalability, or both.
    • Load-Balanced Cluster. Install your service or application onto multiple servers that are configured to share the workload. This type of configuration is a load-balanced cluster. Load balancing scales the performance of server-based programs, such as a Web server, by distributing client requests across multiple servers. Load balancing technologies, commonly referred to as load balancers, receive incoming requests and redirect them to a specific host if necessary. The load-balanced hosts concurrently respond to different client requests, even multiple requests from the same client.
    • Failover Cluster. Install your application or service on multiple servers that are configured to take over for one another when a failure occurs. The process of one server taking over for a failed server is commonly known as failover. A failover cluster is a set of servers that are configured so that if one server becomes unavailable, another server automatically takes over for the failed server and continues processing. Each server in the cluster has at least one other server in the cluster identified as its standby server.

    Services Patterns

    • Service Interface. Design your application as a collection of software services, each with a service interface through which consumers of the application may interact with the service.
    • Service Gateway. Encapsulate the code that implements the consumer portion of the contract into its own Service Gateway component. Service gateways play a similar role when accessing services as data access components do for access to the application's database. They act as proxies to other services, encapsulating the details of connecting to the source and performing any necessary translation.

    Web Presentation Patterns

    • Model-View-Controller. The Model-View-Controller (MVC) pattern separates the modeling of the domain, the presentation, and the actions based on user input into three separate classes. The model manages the behavior and data of the application domain, responds to requests for information about its state (usually from the view), and responds to instructions to change state (usually from the controller). The view manages the display of information. The controller interprets the mouse and keyboard inputs from the user, informing the model and/or the view to change as appropriate.
    • Page Controller. Use the Page Controller pattern to accept input from the page request, invoke the requested actions on the model, and determine the correct view to use for the resulting page. Separate the dispatching logic from any view-related code. Where appropriate, create a common base class for all page controllers to avoid code duplication and increase consistency and testability.
    • Front Controller. Front Controller solves the decentralization problem present in Page Controller by channeling all requests through a single controller. The controller itself is usually implemented in two parts: a handler and a hierarchy of commands. The handler receives the HTTP Post or Get request from the Web server and retrieves relevant parameters from the request. The handler uses the parameters from the request first to choose the correct command and then to transfers control to the command for processing. The commands themselves are also part of the controller. The commands represent the specific actions as described in the Command pattern.
    • Intercepting Filter. Create a chain of composable filters to implement common pre-processing and post-processing tasks during a Web page request.
    • Page Cache. Use a page cache for dynamic Web pages that are accessed frequently, but change less often.
    • Observer. Use the Observer pattern to maintain a list of interested dependents (observers) in a separate object (the subject). Have all individual observers implement a common Observer interface to eliminate direct dependencies between the subject and the dependent objects.

    Integration Patterns

    Integration Layer   

    • Entity Aggregation. Introduce an Entity Aggregation layer that provides a logical representation of the entities at an enterprise level with physical connections that support the access and that update to their respective instances in back-end repositories.
    • Process Integration. Define a business process model that describes the individual steps that make up the complex business function. Create a separate process manager component that can interpret multiple concurrent instances of this model and that can interact with the existing applications to perform the individual steps of the process.
    • Portal Integration. Create a portal application that displays the information retrieved from multiple applications in a unified user interface. The user can then perform the required tasks based on the information displayed in this portal.

    Integration Topologies   

    • Message Broker. Extend the integration solution by using Message Broker. A message broker is a physical component that handles the communication between applications. Instead of communicating with each other, applications communicate only with the message broker. An application sends a message to the message broker, providing the logical name of the receivers. The message broker looks up applications registered under the logical name and then passes the message to them.
    • Message Bus. Connect all applications through a logical component known as a message bus. A message bus specializes in transporting messages between applications. A message bus contains three key elements, set of agreed-upon message schemas, set of common command messages, and shared infrastructure for sending bus messages to recipients.
    • Publish / Subscribe. Extend the communication infrastructure by creating topics or by dynamically inspecting message content. Enable listening applications to subscribe to specific messages. Create a mechanism that sends messages to all interested subscribers.

    System Connections   

    • Data Integration. Integrate applications at the logical data layer by allowing the data in one application (the source) to be accessed by other applications (the target).
    • Function Integration. Integrate applications at the business logic layer by allowing the business function in one application (the source) to be accessed by other applications (the target).
    • Service-Oriented Integration. To integrate applications at the business logic layer, enable systems to consume and provide XML-based Web services. Use Web Services Description Language (WSDL) contracts to describe the interfaces to these systems. Ensure interoperability by making your implementation compliant with the Web Services family of specifications.
    • Presentation Integration. Access the application's functionality through the user interface by simulating a user's input and by reading data from the screen display.

    Web Service Services Security Patterns


    • Brokered Authentication. The Web service validates the credentials presented by the client, without the need for a direct relationship between the two parties. An authentication broker that both parties trust independently issues a security token to the client. The client can then present credentials, including the security token, to the Web service.
    • Brokered Authentication: Kerberos. Use the Kerberos protocol to broker authentication between clients and Web services.
    • Brokered Authentication: X509 PKI.  Use brokered authentication with X.509 certificates issued by a certificate authority (CA) in a public key infrastructure (PKI) to verify the credentials presented by the requesting application.
    • Brokered Authentication: STS.  Use brokered authentication with a security token issued by a Security Token Service (STS). The STS is trusted by both the client and the Web service to provide interoperable security tokens.
    • Direct Authentication. The Web service acts as an authentication service to validate credentials from the client. The credentials, which include proof-of-possession that is based on shared secrets, are verified against an identity store.


    • Protocol Transition with Constrained Delegation.  Use the Kerberos protocol extensions in Windows Server. The extensions require the user ID but not the password. You still need to establish trust between the client application and the Web service; however, the application is not required to store or send passwords.
    • Trusted Subsystem.  The Web service acts as a trusted subsystem to access additional resources. It uses its own credentials instead of the user's credentials to access the resource.

    Exception Management   

    • Exception Shielding.  Sanitize unsafe exceptions by replacing them with exceptions that are safe by design. Return only those exceptions to the client that have been sanitized or exceptions that are safe by design. Exceptions that are safe by design do not contain sensitive information in the exception message, and they do not contain a detailed stack trace, either of which might reveal sensitive information about the Web service's inner workings.

    Message Encryption   

    • Data Confidentiality.  Use encryption to protect sensitive data that is contained in a message. Unencrypted data, which is known as plaintext, is converted to encrypted data, which is known as cipher-text. Data is encrypted with an algorithm and a cryptographic key. Cipher-text is then converted back to plaintext at its destination.

    Message Replay Detection   

    • Message Replay Detection.  Cache an identifier for incoming messages, and use message replay detection to identify and reject messages that match an entry in the replay detection cache.

    Message Signing   

    • Data Origin Authentication.  Use data origin authentication, which enables the recipient to verify that messages have not been tampered with in transit (data integrity) and that they originate from the expected sender (authenticity).

    Message Validation   

    • Message Validator.  The message validation logic enforces a well-defined policy that specifies which parts of a request message are required for the service to successfully process it. It validates the XML message payloads against an XML schema (XSD) to ensure that they are well-formed and consistent with what the service expects to process. The validation logic also measures the messages against certain criteria by examining the message size, the message content, and the character sets that are used. Any message that does not meet the criteria is rejected.


    • Perimeter Service Router.  Design a Web service intermediary that acts as a perimeter service router. The perimeter service router provides an external interface on the perimeter network for internal Web services. It accepts messages from external applications and routes them to the appropriate Web service on the private network.

    My Related Posts

  • patterns & practices App Arch Guide 2.0 Project
  • App Arch Guide 2.0 Overview Slides
  • Abstract for Application Architecture Guide 2.0
  • App Arch Meta-Frame
  • App Types
  • Architecture Frame
  • App Arch Guidelines
  • Layers and Components
  • Key Software Trends
  • Cheat Sheet: patterns & practices Catalog at a Glance Posted to CodePlex
  • J.D. Meier's Blog

    Effectiveness Post Roundup


    At Microsoft, I regularly mentor some fellow softies.   It can be tough to navigate the waters, find your strengths, figure out worklife balance, and deal with the stresses of the job, all while making things happen.  I help my mentees learn  the most effective ways for getting results in a tough, competitive environment.  It's challenging.  It's rewarding.  I've had several great mentors throughout my life at Microsoft, so mentoring is a way that I give back, sharing my lessons learned and helping others grow.  While my 1:1 sessions are the most effective, I try to share key practices more broadly in posts.  Here's a roundup of my various posts for improving effectiveness at work and life.  I organized them by meaningful buckets and provided an A-Z list at the end.  Enjoy.

    Learn how to find your path and get more from your career.  Work with the right people on the right things making the right impact.  These posts focus on career and worklife balance:

    Communication is among the most important skills for getting results in work and life.  Empathic listening is the most important communication skills.  Improve the quality of your communication, and improve the quality of your life.  These posts focus on communication skills:

    Don't be a slave to your mail.  With the right approach, you can spend less time in your inbox and enjoy an empty inbox on a regular basis.  These posts focus on email management:

    Intellectual Horsepower
    Thinking is asking and answering questions.  Learn ways to improve your thinking through question-driven techniques and changing perspectives:

    Leadership is influence.  Amplify your results by improving your sphere of influence.  Leadership starts with self-leadership.  These posts focus on leadership skills: 

    Learning is a life-long process.  Adopt practices that help you grow.  These posts focus on improving your learning:

    Motivation is your energy or desire to make something happen.  It's also the energy or desire for others to make something happen.  Learn how to improve your own passion for results as well as how to influence and motivate those around you.  These posts focus on motivation:

    Personal Development
    Personal excellence is a path, not a destination.  In life you're either climbing or sliding.  One key is to find ways to climb faster than you slide.  Another key is balancing your multiple demands and growing in your mind, body, career, emotions, financial, relationships and fun.  These posts focus on personal development: 

    Personal Productivity
    Make stuff happen.  Drive or be driven.  With the right approaches, you can carve out time for what's important and prioritize more effectively.  This is the key to getting results.  These posts focus on personal productivity:

    Project Management
    If you need to get something done, make it a project.   Whether it's a small-scale, personal project or a large, team-based project, there's patterns and practices you can use to be more successful.  These posts focus on project management:

    Effective teamwork is a key skill in today's workplace.  Learn how to get more done with your colleagues.  These posts focus on improving your teamwork:

    Time Management
    You can't add more hours to the day, but you can spend your time more effectively.  You can also add more power hours to your day.  These posts focus on time management:

    Questions are a powerful way to shape your thinking and mindset.  Ask better questions and get better answers.  These posts focus on asking and answering better questions:

    Here's the posts organized in a flat A - Z list for easy scanning:

    Sources of Insight
    If that's not enough for you, check out my project blog: Sources of Insight.  Sources of Insight is a browsable KB of insights and actions for work and life.  It's where I share my lessons learned from books, heroes and quotes.  You can read more about the mission and vision in the About page.

  • J.D. Meier's Blog

    Scenario and Feature Frame


    A Scenario and Feature Frame is a matrix that shows incremental value and dependencies.  It's a simple way to show management your baseline release, your nice to have scenarios, and your vNext planning.  It's also a great way for your development team to see how their effort fits into the big picture, as well as recognize any dangerous cross-dependencies.

    I summarized how to create a Scenario and Feature Frame on ShapingSoftware.com.  Enjoy.

  • J.D. Meier's Blog

    Cheat Sheet: patterns & practices Catalog at a Glance Posted to CodePlex


    As part of our patterns & practices Application Architecture Guide 2.0 project, we've been hunting and gathering our patterns & practices solution assets.  Here's our initial draft of our catalog at a glance:

    You can use it to get a quick sense of the types and range of solution assets from blocks to guides.

    Architecture Meta-Frame 
    We used our Architecture Meta-Frame (AMF) as a lens to help slice and dice the catalog:


    Here's some examples to illustrate:

    • App Types - Factories such as Web Client Software Factory and Web Services Software Factory map to the application types.  You can think of them as product-line engineering.
    • Quality Attributes - Various guides address quality attributes such as security, performance and manageability. 
    • Architecture Frame - Enterprise Library assets such as the Validation block and the Logging block map to the Architecture Frame.  The Architecture Frame represents hot spots and common cross-cutting concerns when building line of business applications.

    The frame is easily extensible.  For example, if we include our Engineering Practices Frame, we can group our process, activity, and artifact related guidance.

    Catalog at a Glance
    Here's a quick list of key patterns & practices solution assets at a glance:

    Product Line Solution Assets
    Enterprise Library
  • Enterprise Library
  • Caching Application Block
  • Cryptography Application Block
  • Data Access Application Block
  • Exception Handling Application Block
  • Logging Application Block
  • Policy Injection Application Block
  • Security Application Block
  • Unity Application Block
  • Validation Application Block
  • Composite Application Guidance for WPF
  • Individual Blocks
  • Composite Application Guidance for WPF
  • Smart Client – Composite UI Application Block
  • Unity Application Block
  • Archived Blocks
  • Asynchronous Invocation Application Block
  • Aggregation Application Block for .NET
  • Smart Client Offline Application Block
  • Updater Application Block – Version 2.0
  • User Interface Application Block for .NET
  • User Interface Process (UIP) Application Block – Version 2.0
  • Web Service Façade for Legacy Applications
  • Factories
  • Mobile Client Software Factory
  • Smart Client Software Factory
  • Web Client Software Factory
  • Web Service Software Factory
  • Guides
  • Application Architecture for .NET: Designing Applications and Services
  • Application Interoperability: Microsoft .NET and J2EE
  • Authentication in ASP.NET: .NET Security Guidance
  • Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication
  • Caching Architecture Guide for .NET Framework Applications
  • Deploying .NET Framework-based Applications
  • Describing the Enterprise Architectural Space
  • Design and Implementation Guidelines for Web Clients
  • Designing Application-Managed Authorization
  • Designing Data Tier Components and Passing Data Through Tiers
  • Guidelines for Application Integration
  • Improving .NET Application Performance and Scalability
  • Improving Web Application Security: Threats and Countermeasures
  • Microsoft .NET /COM Migration and Interoperability
  • Microsoft ESB Guidance for BizTalk Server 2006 R2
  • Monitoring in .NET Distributed Application Design
  • Performance Testing Guidance for Web Applications
  • Production Debugging for .NET Framework Applications
  • Security Engineering Explained
  • Smart Client Architecture and Design Guide
  • Team Development with Visual Studio .NET and Visual SourceSafe
  • Team Development with Visual Studio Team Foundation Server
  • Testing .NET Application Blocks - Version 1.0
  • Threat Modeling Web Applications
  • Upgrading Visual Basic 6.0 Applications to Visual Basic .NET and Visual Basic 2005
  • Archived Guides
  • .NET Data Access Architecture Guide
  • Exception Management Architecture Guide
  • Testing Software Patterns
  • Patterns
  • Data Patterns
  • Enterprise Solution Patterns Using Microsoft .NET
  • Integration Patterns
  • Web Service Security Guidance: Scenarios, Patterns, and Implementation Guidance for Web Services Enhancements (WSE) 3.0
  • Reference Implementations
  • Global Bank Scenario
  • WS-I Basic Security Profile 1.0 Reference Implementation: Final Release for .NET Framework 2.0
  • Archived Reference Implementations
  • Applied Integration Baseline Reference Implementation

  • Application Types
    Guidance assets listed by application type.

    Category Solution Assets
  • Mobile Client Software Factory
  • Rich Client
  • Composite Application Guidance for WPF
  • Smart Client Architecture and Design Guide
  • Smart Client Software Factory
  • Service
  • Improving Web Services Security: Scenarios and Implementation Guidance for WCF
  • Web Service Security Guidance: Scenarios, Patterns, and Implementation Guidance for Web Services Enhancements (WSE) 3.0
  • Web Service Software Factory
  • Web Client
  • Design and Implementation Guidelines for Web Clients
  • Improving .NET Application Performance and Scalability
  • Improving Web Application Security: Threats and Countermeasures
  • Web Client Software Factory

  • Quality Attributes
    Guidance assets listed by quality attributes.
    Category Solution Assets
  • Enterprise Solution Patterns Using Microsoft .NET
  • Guidelines for Application Integration
  • Integration Patterns
  • Interoperability
  • Application Interoperability: Microsoft .NET and J2EE
  • Enterprise Solution Patterns Using Microsoft .NET
  • Microsoft .NET /COM Migration and Interoperability
  • Flexibility
  • Policy Injection Application Block
  • Unity Application Block
  • Manageability
  • Deploying .NET Framework-based Applications
  • Enterprise Solution Patterns Using Microsoft .NET
  • Monitoring in .NET Distributed Application Design
  • Production Debugging for .NET Framework Applications
  • Performance
  • Improving .NET Application Performance and Scalability
  • Performance Testing Guidance for Web Applications
  • Scalability
  • Improving .NET Application Performance and Scalability
  • Security
  • Designing Application-Managed Authorization
  • Improving Web Application Security: Threats and Countermeasures
  • Improving Web Services Security: Scenarios and Implementation Guidance for WCF
  • Security Engineering Explained
  • Security Guidance for .NET Framework 2.0
  • Threat Modeling Web Applications
  • Web Service Security Guidance: Scenarios, Patterns, and Implementation Guidance for Web Services Enhancements (WSE) 3.0

  • Engineering Practices
    Guidance assets organized by engineering practices.
    Category Solution Assets
  • Deploying .NET Framework-based Applications
  • Enterprise Solution Patterns Using Microsoft .NET
  • Monitoring in .NET Distributed Application Design
  • Production Debugging for .NET Framework Applications
  • Performance Engineering
  • Performance Testing Guidance for Web Applications
  • Security Engineering
  • Security Engineering Explained
  • Threat Modeling Web Applications
  • Team Development
  • Team Development with Visual Studio Team Foundation Server
  • Testing
  • Performance Testing Guidance for Web Applications
  •  My Related Posts

  • patterns & practices App Arch Guide 2.0 Project
  • App Arch Guide 2.0 Overview Slides
  • Abstract for Application Architecture Guide 2.0
  • App Arch Meta-Frame
  • App Types
  • Architecture Frame
  • App Arch Guidelines
  • Layers and Components
  • Key Software Trends
  • J.D. Meier's Blog

    App Arch How Tos Posted to CodePlex


    As part of our patterns & practices App Arch Guide 2.0 project, we'll be creating step-by-step How Tos.  The How Tos help turn some of the concepts into action.  They are particularly helpful for some areas where there's friction or complexity.  Here's our initial batch of draft How Tos on CodePlex:

    They're still works in progress, but this way you can start to bang on them and give feedback.

    My Related Posts

  • patterns & practices App Arch Guide 2.0 Project
  • App Arch Guide 2.0 Overview Slides
  • Abstract for Application Architecture Guide 2.0
  • App Arch Meta-Frame
  • App Types
  • Architecture Frame
  • App Arch Guidelines
  • Layers and Components
  • Key Software Trends

  • Page 1 of 1 (11 items)