J.D. Meier's Blog

Software Engineering, Project Management, and Effectiveness

  • J.D. Meier's Blog

    Now on MSDN: patterns & practices Performance Testing Guidance for Web Applications

    • 9 Comments

    You can now find our patterns & practices Performance Testing Guidance for Web Applications on MSDN in HTML.  It's the same guidance we hosted on CodePlex.  CodePlex was our channel for agile release of the guidance.  Once we baked the guidance, we ported it to MSDN.

    Contents at a Glance
    Here's the

    Chapters

    Download
    You can download the patterns & practices Performance Testing Guidance for Web Applications from CodePlex.

    Guidance Explorer Scenario
    If you want to tailor the guidance for your scenario, you can download Guidance Explorer from CodePlex.  Using Guidance Explorer, you can create custom views by dragging and dropping the relevant guidance and then tailoring it as you see fit.  You can then save your view or an item to Word or HTML

  • J.D. Meier's Blog

    Using Scannable Outcomes with My Results Approach

    • 15 Comments

    Some readers asked to hear more on how I use my Scannable Outcome Lists in conjunction with My Personal Approach for Daily Results.  Here's the work flow in a nutshell ...

    Mondays
    On Mondays, I figure out my key outcomes for the week.  To do this:

    • I remind myself what I learned from last Friday's reflections.
    • I scan my calendar
    • I scan my inbox for new information
    • I scan my Scannable Outcome List for each category

    I keep my inbox completely empty, so the only items are what comes in over the weekend.  The empty inbox is particularly important for me.  I get ~150 mails directly to me each day, and I send about that, so I can't be a paper shuffler.  For my Scannable Outcome Lists, I use a flat list of posts in Outlook.  I name each post according to category: Body, Career, Mind, Project X, Project Y .. etc.

    As I scan, I use four guiding questions:

    1. What must be done? ... what should be done? ... what could be done?
    2. What customer value am I delivering? (I measure in value delivered vs. activity performed)
    3. How am I improving myself in key areas: career, mind, body, financial, relationships?
    4. What are the things that if I don't get done ... I'm screwed?  (By using the principle of contrast, I paint a picture of where I don't want to be.)

    As I scan, I also do some quick shuffling:

    I get a few outcomes from this

    • Most importantly, I have a mental picture for the week's outcomes (notice outcomes vs. activity)
    • I know my big risks for the week
    • I know my MUSTs vs. SHOULDs vs. COULDs
    • I have my list of outcomes for the day -- my Daily Outcomes.

    I have weekly iteration meetings with my team on Mondays, so this information helps me shape the outcomes with my team.

    Daily
    Each day, I construct my Daily Outcomes list.  Since I did the bulk of the work on Monday for identifying key priorities, this is a fast exercise.  In fact, it's usually 5 minutes.  It's as fast as it takes me to open a new post in Outlook, name it the current day (e.g. 02-25-07) and write the key outcomes down.  Throughout the day, I add to this.  I fish my email stream throughout the day for relevant actions and I add these to the current day's daily outcome.  If it's a longer team outcome, I list it under the relevant Scannable Outcome List.

    Fridays
    This is the day where I do more reflection.  To do this:

    • I scan my Daily Outcomes for the past week.  (This is fast because, for each day, I have a single post named by date.  For example: 02-19-07, 02-20-07, 02-21-07, 02-22-07, 02-23-07)   
    • I scan accomplishments
    • I scan my backlog

    As I scan, I ask some guiding questions:

    • If something's not getting done, then why not? ... Is there a habbit or practice I need to change for efficiency or effectiveness?
    • Do I need to change my approach for myself or the team?
    • What key lessons learned need to carry forward?

    I'll note that underlying my approach is my belief that important things should float to the top, less important should slough off, and I should be able to deal with change.  Having my Scannable Outcomes keeps me grounded in what's important vs. urgent.  This to me is the key to driving versus reacting.  If an area is slipping that I want to improve, I narrow my focus and concentrate on that.  There's few problems that withstand sustained focus.

    Well, that's the heart of the approach.  What I like most about this approach is that it's low-overhead and it works.  I've done away with over-engineered approaches, where you die the death of a 1000 paper cuts in administration.  I also like this approach because it's systematic, yet holistic and flexible.  Basically, it's designed for getting real results, in real life.

  • J.D. Meier's Blog

    Double-Loop Learning and How Agile Approaches Change the Game to Thrive in Times of Change

    • 0 Comments

    All paths lead to the same town. 

    I love it when dots finally connect, or when we have a name, or label, or vocabulary to express a concept that’s been around for a while, that people intuitively know from experience.  It makes it easier to share with others that don’t.  Here’s a bit of interesting research that might explain why agile practices can have a profound impact on creating powerful, highly effective learning organizations, and high-caliber execution machines.

    In the article, Chris Argyris: Theories of Action, Double-Loop Learning and Organizational Learning, by infed, we learn about theories-in-action vs. espoused theory, and double-loop learning vs. single-loop learning.

    Single-Loop Learning vs. Double-Loop Learning
    If learning involves the detection and correction of error, then Single-Loop learning is about finding and fixing problems within a set of governing variables.  It simply looks to operationalize the values, goals, and plans.  That’s not a game changer.  Double-Loop Learning, on the other hands, looks to question the governing variables themselves.  Here is an elaboration from the article:

    • Single-Loop Learning – According to the article, “Single-loop learning seems to be present when goals, values, frameworks and, to a significant extent, strategies are taken for granted. The emphasis is on ‘techniques and making techniques more efficient.”
    • Double-Loop Learning – According to the article, “Double-loop learning, in contrast, ‘involves questioning the role of the framing and learning systems which underlie actual goals and strategies … Double-loop learning is necessary if practitioners and organizations are to make informed decisions in rapidly changing and often uncertain contexts.”

    Theories in Use vs. Espoused Theory
    Theories-in-use are what you actually use and do in practice.  On the other hand, espoused theory is what you say you do, which may be completely different.  Here is an elaboration:

    • Theories-in-Use – According to the article, theories-in-use are “those theories that are implicit in what we do as practitioners and managers … They govern actual behavior and tend to be tacit structures. Their relation to action 'is like the relation of grammar-in-use to speech; they contain assumptions about self, others and environment - these assumptions constitute a microcosm of science in everyday life'”
    • Espoused Theory – According to the article, espoused theory is “those on which we call to speak of our actions to others … The words we use to convey what we, do or what we would like others to think we do.”

    Model I and Model II – Theories-in-Use
    Theories-in-Use can either enhance or inhibit double-loop learning.  Model I inhibits.  Model II enhances.  Here’s a summary:

    • Model I – According to the article, “It involves ‘making inferences about another person’s behaviour without checking whether they are valid and advocating one’s own views abstractly without explaining or illustrating one’s reasoning’ (Edmondson and Moingeon 1999:161).  The theories-in-use are shaped by an implicit disposition to winning (and to avoid embarrassment). The primary action strategy looks to the unilateral control of the environment and task plus the unilateral protection of self and others. As such Model I leads to often deeply entrenched defensive routines (Argyris 1990; 1993) – and these can operate at individual, group and organizational levels.”
    • Model II – According to the article, “The significant features of Model II include the ability to call upon good quality data and to make inferences. It looks to include the views and experiences of participants rather than seeking to impose a view upon the situation. Theories should be made explicit and tested, positions should be reasoned and open to exploration by others. … Found in settings and organizations that look to shared leadership. It looks to: Emphasize common goals and mutual influence.  Encourage open communication, and to publicly test assumptions and beliefs, and combine advocacy with inquiry.”

     

    Model I – Theories-in-Use

    Model II – Theories-In-Use

    The governing Values of Model I are:

    • Achieve the purpose as the actor defines it
    • Win, do not lose
    • Suppress negative feelings
    • Emphasize rationality

    Primary Strategies are:

    • Control environment and task unilaterally
    • Protect self and others unilaterally

    Usually operationalized by:

    • Un-illustrated attributions and evaluations e.g.. "You seem unmotivated"
    • Advocating courses of action which discourage inquiry e.g.. "Lets not talk about the past, that's over."
    • Treating ones' own views as obviously correct
    • Making covert attributions and evaluations
    • Face-saving moves such as leaving potentially embarrassing facts unstated

    Consequences include:

    • Defensive relationships
    • Low freedom of choice
    • Reduced production of valid information
    • Little public testing of ideas

    The governing values of Model II include:

    • Valid information
    • Free and informed choice
    • Internal commitment
    Strategies include:
    • Sharing control
    • Participation in design and implementation of action
    Operationalized by:
    • Attribution and evaluation illustrated with relatively directly observable data
    • Surfacing conflicting view
    • Encouraging public testing of evaluations

    Consequences should include:

    • Minimally defensive relationships
    • High freedom of choice
    • Increased likelihood of double-loop learning

    What’s interesting in the article is that most people "say” they use Model II, but that’s simply “espoused theory”.

  • J.D. Meier's Blog

    Now Available: Final PDF of the Microsoft Application Architecture Guide, Second Edition

    • 8 Comments

    A final PDF is now available for our patterns & practices Application Architecture Guide, second edition.  This is our platform playbook for the Microsoft application platform.

    Here are the relevant links:

    Here are some of my related posts:

  • J.D. Meier's Blog

    The Zen of Zero Mail

    • 14 Comments

    You too can have a zero mail inbox, if you choose to.  I chose to go zero mail in my inbox when I first joined Microsoft years ago, and I'm glad I did.  With a single glance, I know whether I have new mail to deal with.  I never have to scroll to see what my next actions are.   At a more basic level, an empty inbox feels good.  I thought it was just me, but others say the same. 

    Proven Over Time
    It was tough when I first joined Microsoft.  My inbox drove me.  Eventually, I learned how to drive my inbox.  I studied the masters around me.  I also studied those that failed (there's no failure, only lessons.)  I refined my approach over the years.  Since then, I've successfully taught my mentees and others how to spend less time on administration and more time on results.  Now I'm sharing with you.

    Slides
    Here's a short deck that steps you through and highlights the keys:

    Note
    Normally, I work with my mentees one-on-one and tailor the approach for their particular scenario.  It's a learning by doing approach.  While I've blogged about clearing your inbox before, this is an experiment in how effectively I can share techniques in slides.  If it works out, I'll do additional slides on focused topics.  The more I can reduce friction around sharing, the more I can share.  If you have tips or tricks for improving my slide sharing approach, send my way.

  • J.D. Meier's Blog

    Get Lean, Eliminate Waste

    • 4 Comments

    If you want to tune your software engineering, take a look at Lean.  Lean is a great discipline with a rich history and proven practices to draw from.  James has a good post on applying Lean principles to software engineering.  I think he summarizes a key concept very well:

    "You let quality drive your speed by building in quality up front and with increased speed and quality comes lower cost and easier maintenance of the product moving forward."

    7 Key Principles in Lean
    James writes about 7 key principles in Lean:

    1. Eliminate waste.
    2. Focus on learning.
    3. Build quality in.
    4. Defer commitment.
    5. Deliver fast.
    6. Respect people.
    7. Optimize the whole.

    Example of Deferring Commitment
    I think the trick with any principles is knowing when to use them and how to apply them in context.  James gives an example of how Toyota defers commitment until the last possible moment:

    "Another key idea in Toyota's Product Development System is set-based design. If a new brake system is needed for a car, for example, three teams may design solutions to the same problem. Each team learns about the problem space and designs a potential solution. As a solution is deemed unreasonable, it is cut. At the end of a period, the surviving designs are compared and one is chosen, perhaps with some modifications based on learning from the others - a great example of deferring commitment until the last possible moment. Software decisions could also benefit from this practice to minimize the risk brought on by big up-front design."

    Examples in Software Engineering
    From a software perspective, what I've seen teams do is prototype multiple solutions to a problem and then pick the best fit.  The anti-pattern that I've seen is committing to one path too early without putting other options on the table.

    A Lean Way of Life
    How can you use Lean principles in your software development effort?  ... your organization?  ... your life?

    More Information

  • J.D. Meier's Blog

    30 Day Improvement Sprints

    • 12 Comments

    I'm using 30 day improvement sprints as a way to sharpen my skills.  I pick a focus to work on and I committ to improving it for a 30 day timebox.  Committing to 30 days of improvement in a focused area, is easier to swallow than changing for life.  However, improving an area for 30 days, is actually life changing.

    With 30 days, persistence and time are on my side.  It's a big enough time box that I can try different techniques, while building proficiency.  Using 30 days makes working through hurdles easier too.  A lot of the hurldles I hit in my first week, are gone by week 2.  Little improvements each day, add up quickly.  I look back on how many things I tried for a week and stopped thinking I hadn't made progress.  The trick was, I didn't get to week 2 to see my results.  Lesson learned!

    Related Posts

  • J.D. Meier's Blog

    10 Emotional Intelligence Articles for Improving Your Effectiveness in Work and Life

    • 2 Comments

    Emotional intelligence is one of the most important tools to add to your tool belt, whether you are a leader, a manager, a manager of managers, or an individual contributor that needs to influence without authority.

    Emotional intelligence is “the ability to identify, assess, and control the emotions of oneself, of others, and of groups.” 

    It’s powerful stuff.

    Here are 10 of my past posts from this year that will help you learn some new emotional intelligence skills that you can apply immediately:

    1. A Lighter Feeling - What if you could release negative emotions and feel lighter and ready for anything as you go about your day?  You can, if you know how, and the key is, it’s not in your head.
    2. Delayed Gratification: Make It a Better Pill to Swallow - Delayed gratification shows up time and again as one of the best ways to live a better life.  It’s how we rise above the pitfalls of instant gratification.   It’s also how we focus on doing more of what’s important.  But how can we master it?
    3. Emotional Intelligence Quotes – Emotional intelligence is often the difference that makes the difference when it comes to your success in work and life.  This is a roundup of my favorite emotional intelligence quotes from Benjamin Franklin, Buddha, Dale Carnegie, Vincent Van Gogh, and a bunch of other people you probably never heard of.
    4. Empathic Listening: The Highest Form of Listening – Stephen Covey taught us that if we want others to listen to us, we first need to listen to them.  But what’s the best way to listen?  Empathic listening.  It’s where we listen until the other person feels understood.  It sounds so simple, and it is, but where the gap comes in is knowing what to do, and actually doing what you know.
    5. How To Change Any Experience to Empower You -- What if you could change the effect any experience has on you?  What if you could change any feeling, emotion, or behavior for yourself in a matter of moments?  You can.  By changing your state.  You can change how you represent any experience, whether it’s memories of the past, your current experience, or scenarios in the future.
    6. How To Free Yourself from Negative Emotions – Negative emotions are our worst enemies.  What if you could free yourself from negative emotions?  Or, what if you could at least reduce getting stuck and wallowing in negative emotions?  You can.  But you need to know how.  In this article, Brian Tracy shares deep insight into the 4 root causes of negative emotions so we can identify and eliminate them.
    7. How To Get in Superman Mode for Unshakable Confidence - You can’t talk to yourself in a meek and meager way, and expect powerful results.  But, what if you could flip a switch and talk to yourself in a way that’s more assertive, confident, and believable?  You can. And, imagine having a more powerful voice on your side to give you an edge in everything you do, and to help lift you up whenever you need it most.
    8. How Not to Break Under Pressure - Whether it’s negative self-talk or negative beliefs, you can be your own worst enemy.  If you crack under pressure, what happens is you focus on all the wrong things and all the things that could go wrong to the point that it becomes a self-fulfilling prophecy.  In other words, you become your greatest obstacle.  What if, instead, you could thrive under pressure?  You can.
    9. Mental Toughness Defined – A very simple definition of mental toughness.
    10. Tony Robbins on the Fastest Way to Get Over Fear - Fear can hold us back.  It can hold us back in subtle and insidious ways.  Fear can also outright paralyze us from taking action.  What if we had a way to get over fear, and experience more freedom?  Tony Robbins shows us how.

    If you only have time to read one, then I recommend starting with the following:

    How To Free Yourself from Negative Emotions 

    Best wishes for 2014!

  • J.D. Meier's Blog

    Pruning or Preserving a Synapse

    • 2 Comments

    How can you keep your brown from throwing out a perfectly good behavior? Positive feedback. David Rock and Jeffrey Schwartz write about how positive feedback can preserve important synapses, in their article, "The Neuroscience of Leadership", in "strategy+business" magazine.

    Positive Feedback for Preserving a Synapse
    Rock and Schwartz write:

    "In a world with so many distractions, and with new mental maps potentially being created every second in the brain, one of the biggest challenges is being able to focus enough attention on any one idea. Leaders can make a big difference by gently reminding others about their useful insights, and thus eliciting attention that otherwise would not be paid. Behaviorists may recognize this type of reminder as "positive feedback," or a deliberate effort to reinforce behavior that already works, which, when conducted skillfully, is one aspect of behaviorism that has beneficial congnitive effect. In a brain that is constantly pruning connections while making new ones, positive feedback may play a key functional role as "a signal to do more of something." As neuroscientist Thomas B. Czerner notes, "The encouraging sounds of 'yes, good, that's it' help to mark a synapse for preservation rather than pruning."

    Key Take Aways
    I think this is similar to "you get what you measure", but in this case, you get more of what you reward.

  • J.D. Meier's Blog

    The Growth Mindset: A Key to Resilience, Motivation, and Achievement

    • 3 Comments

    Your mindset holds the key to realizing your potential.

    Your mindset is your way of thinking, and your way of thinking can limit or empower you, in any number of ways.

    In fact, according to Carol S. Dweck, author of Mindset: The New Psychology of Success, mindset is the one big idea that helps explain the following:

    • Why brains and talent don’t bring success
    • How they can stand in the way of it
    • Why praising brains and talent doesn’t foster self-esteem and accomplishment, but jeopardizes them
    • How teaching a simple idea about the brain raises grades and productivity
    • What all great CEOs, parents, teachers, athletes know

    When Dweck was a young researcher, she was obsessed with understanding how people cope with failures, and she decided to study it by watching how students grapple with heard problems.

    You’re Learning, Not Failing

    One of Dweck’s key insights was that a certain kind of mindset could turn  a failure into a gift.

    Via Mindset: The New Psychology of Success:

    “What did they know?  They knew that human qualities, such as intellectual skills could be cultivated through effort.  And that’s what they were doing – getting smarter.  Not only weren’t they discouraged by failure, they didn’t even think they were failing.  They thought they were learning.”

    Your Can Change Your IQ

    Believe it or not, a big believer in the idea that you can use education and practice to fundamentally change your intelligence is Alfred Binet, the inventor of the IQ test.

    Via Mindset: The New Psychology of Success:

    “Binet, a Frenchman working in Paris in the early twentieth century, designed this test to identify children who were not profiting from the Paris public schools, so that new educational programs could be designed to get them back on track. Without denying individual differences in children’s intellects, he believed that education and practice could bring about fundamental changes in intelligence.”

    Methods Make the Difference

    Here is a quote from one of Binet’s major books,  Modern Ideas About Children:

    "A few modern philosophers ... assert that an individual's intelligence is a fixed quantity, a quantity which cannot be increased.  We must protest  and react against this brutal pessimism ... With practice, training, and above all, method, we manage to increase our attention, our memory, our judgment and literally to become more intelligent than we were before."

    Growth Mindset vs. Fixed Mindset

    The difference that makes the difference in success and achievement is your mindset.  Specifically, a Growth Mindset is the key to unleashing and realizing your potential.

    To fully appreciate what a Growth Mindset is, let’s contrast it by first understanding what a Fixed Mindset is.

    According to Carol Dweck, a Fixed Mindset means that you fundamentally believe that intelligence and talent are fixed traits:

    “In a fixed mindset, people believe their basic qualities, like their intelligence or talent, are simply fixed traits. They spend their time documenting their intelligence or talent instead of developing them. They also believe that talent alone creates success—without effort. They’re wrong.”

    In contrast, according to Dweck, a Growth Mindset means that you fundamentally believe that you can develop your brains and talent:

    “In a growth mindset, people believe that their most basic abilities can be developed through dedication and hard work—brains and talent are just the starting point. This view creates a love of learning and a resilience that is essential for great accomplishment. Virtually all great people have had these qualities.”

    If you want to improve your motivation, set yourself up for success, and achieve more in life, then adopt and build a growth mindset.

    Here are a few articles to help you get started:

    3 Mindsets that Support You

    5 Sources of Beliefs for Personal Excellence

    6 Sources of Beliefs and Values

    Growth Mindset Over Fixed Mindset

    Training Mindset and Trusting Mindset

  • J.D. Meier's Blog

    Inspirational Quotes for 2013

    • 1 Comments

    Inspirational quotes can inspire and lift you if you let them.  After all, inspiration is “to breathe life into.”  And who doesn’t want a breath of fresh air for 2013?

    But first, let’s put a key concept front and center – because it’s paramount to success in today’s arena.

    It’s energized differentiation.

    Brands that stand out communicate excitement, dynamism, and creativity.   That’s true whether it’s your personal brand or the business you’re in.  According to John Gerzema and Ed Lebar:

    “Energy is where the action is. It reflects the consumer’s perception of motion and direction. It sustains the brand’s advantages. High-energy brands create a constant sense of interest and excitement. Consumers sense that these brands move faster, see farther, and are more experiential and more responsive to their needs.”

    It’s time to find your energized differentiation if you want to make this year – 2013 – YOUR year for impact.

    Own it.  Own 2013.  2013 is one giant timebox at your disposal -- show the world what you’ve got.

    So, where do you get this energy?  Where do you get this source of inspiration from?  In a down economy, with more to do than you have capacity for, and changes that you can’t keep up with … where do you find your inspiration to do great things?  Look inside.  Your buttons are already there, and you just need to push them.  But sometimes you need the right words.

    Here are a few of my favorite inspiration quotes, as well as an extreme list of the best inspirational quotes I know:

    1. “Courage doesn’t always roar. Sometimes courage is the quiet voice at the end of the day saying, ‘I will try again tomorrow.’” — Mary Anne Radmacher
    2. “Life is not measured by the number of breathes we take, but by the moments that take our breath away.” — Maya Angelou
    3. “Knowing others is intelligence; knowing yourself is true wisdom. Mastering others is strength; mastering yourself is true power.” — Lao-Tzu
    4. “Let him who would move the world, first move himself.” – Socrates
    5. “Life isn’t about finding yourself. Life is about creating yourself.” — George Bernard Shaw
    6. “What lies behind us and what lies before us are tiny matters compared to what lies within us.” — Ralph Waldo Emerson
    7. “Big thinking precedes great achievement.” — Wilferd A. Peterson
    8. “Winners compare their achievements with their goals, while losers compare their achievements with those of other people.” — Nido Qubein
    9. “Success each day should be judged by the seeds sown, not the harvest reaped.” — John C. Maxwell
    10. “I want to be all used up when I die.” — George Bernard Shaw

    If you want more words that lift us, check out my inspirational quotes page for lists of inspirational quotes from the best of the best.

  • J.D. Meier's Blog

    Windows Azure Application Patterns

    • 2 Comments

    This is a quick visual tour of some whiteboard solutions and common application patterns for Windows Azure.  It’s a look at some of the most common whiteboard solutions for Web applications, Web services, and data on Windows Azure. 

    Here are the app patterns at a glance:

    • Pattern #1 - ASP.NET Forms Auth to Azure Tables
    • Pattern #2 - ASP.NET Forms Auth to SQL Azure
    • Pattern #3 - ASP.NET to AD with Claims
    • Pattern #4 - ASP.NET to AD with Claims (Federation)
    • Pattern #5 - ASP.NET to WCF on Azure
    • Pattern #6 - ASP.NET On-Site to WCF on Azure
    • Pattern #7 - ASP.NET On-Site to WCF on Azure with Claims
    • Pattern #8 - REST with AppFabric Access Control
    • Pattern #9 - ASP.NET to Azure Storage
    • Pattern #10 - ASP.NET to SQL Azure
    • Pattern #11 - ASP.NET On-Site to SQL Azure Through WCF

    Web Applications
    Here are some common Web application patterns on Windows Azure:

    Pattern #1 - ASP.NET Forms Auth to Azure Tables

    ASP.NET Forms Auth to Azure Tables

    Pattern #2 - ASP.NET Forms Auth to SQL Azure

    ASP.NET Forms Auth to SQL Azure

    Pattern #3 - ASP.NET to AD with Claims

    ASP.NET to AD with Claims

    Pattern #4 - ASP.NET to AD with Claims (Federation)

    ASP.NET to AD with Claims - Federation

    Web Services (SOAP) App Patterns on Windows Azure
    Here are common Web service app patterns on Windows Azure:

    Pattern #5 - ASP.NET to WCF on Azure

    ASP.NET to WCF on Azure

    Pattern #6 - ASP.NET On-Site to WCF on Azure

    ASP.NET On-Site to WCF on Azure

    Pattern #7 - ASP.NET On-Site to WCF on Azure with Claims

    ASP.NET On-Site to WCF on Azure with Claims

    REST App Pattern on Windows Azure
    Here is a common REST application pattern on Windows Azure:

    Pattern #8 - REST with AppFabric Access Control

    REST with AppFabric Access Control

    Data Patterns on Windows Azure
    Here are common data application patterns on Windows Azure:

    Pattern #9 - ASP.NET to Azure Storage

    ASP.NET to Azure Storage

    Pattern #10 - ASP.NET to SQL Azure

    ASP.NET to SQL Azure

    Pattern #11 - ASP.NET On-Site to SQL Azure Through WCF

    ASP.NET On-Site to SQL Azure Through WCF

    Contributors / Reviewers
    Many thanks to the following folks for contribution, collaboration, and review:

    • External contributors and reviewers: Adam Grocholski; Andy Eunson; Bill Collette; Christopher Seary; Jason Taylor; John Daniels; Juval Lowy; Kevin Lam; Long Le; Michael Smith; Michael Stiefel; Michele Leroux Bustamante; Norman Headlam; Rockford Lhotka; Rudolph Araujo; Sarang Kulkarni; Steven Nagy; Terrance Snyder; Will Clevenger
    • Microsoft contributors and reviewers:  Akshay Aggarwal; Alik Levin; Andreas Fuchsberger; Babur Butter; Bharat Shyam; Dave Brankin; Danny Cohen; Diego Dagum; Don Willits; Eugenio Pace; Gabriel Morgan; Jeff Mueller; John Steer; Julian Gonzalez; Mark Curphey; Mohit Srivastava; Pat Filoteo; Rahul Verma; Raul Rojas; Scott Densmore; Sesha Mani; Serena Yeoh; Sriram Krishnan; Stefan Schackow; Steve Marx; Stuart Kwan; Terri Schmidt; Tobin Titus; Varun Sharma; Vidya Vrat Agarwal; Vikram Bhambri; Yale Li
  • J.D. Meier's Blog

    The Agile Way

    • 8 Comments

    Change happens. One of the many things Ward Cunningham taught me years ago was that Agile isn't about fast.  It's about "responding to change."  It's the Agile way.   

    I thought it was great that rather than pretend change doesn't happen, simply embrace it.

    Simplicity was another aspect that I found compelling.  Ward had a way to keep things simple.  If something felt heavy or complicated, he would cut right through -- "What's the simplest thing we can do now?"  Rather than get overwhelmed or lost in analysis paralysis, he simply decides to take action.

    I remember thinking how sweet it is to put your burden down, and travel light.

    One burden for me was all the stuff that was yet to be done.  The other burden was all the stuff that might matter someday.  The problem is, how do you plan for what you don't know or can't expect?  You don't.  Instead, you figure out the most valuable thing now to work on, and when you come to a bridge, you cross it.  When there's no bridge, you build one.  If that becomes the next most important thing now.

    The sense of now vs. someday maybe is important.  There's something empowering about knowing that you're on the right path, and that the path you're on flows value -- to yourself, for others, or whatever matters.  Mistakes turn into lessons, and success builds momentum. Paving a path of value down a road of learning and responding beats betting on a map that no longer works or is no longer relevant.

    Speaking of relevancy, time changes what's important.  All the things we think we know, and all the things we thing we want, don't always match what we find, once we're there.  The ladder may be up against the wrong wall, or the grass isn't any greener.  In fact, sometimes there's no grass.

    The irony is, the trip is lighter when we don’t carry the burden, and the trip mean more when we know it matters.  If we don't enjoy the journey, and we don't end up with what we want, what's the point?  Life's short.  Throwing your time and energy down a path should matter.  But, how do we carve out these paths that matter?

    Stories.  Stories help you find what matters.  I remember the first time Ward asked me to tell him a story.  He wasn't looking for once upon a time.  No, he wanted to explore and test possible paths.  He wasn't interested in a laundry list of requirements.  He wanted a simple story told from the user perspective of a single, meaningful goal.  We used the whiteboard and mapped out one scenario.  Disney would have been proud.

    This one chunk of value was compelling.  The story put things in context.  The flow made sense.  Value was obvious and explicit.  More than that, it was testable.  A testable chunk of value.  We could test whether it mattered, and we could test whether it was feasible.  We could even test the risk early and reduce the gap from what we know, don't know, and need to know next.

    Having a story helped us do a dry run.  The dry run produced immediate feedback.  Feedback is a good thing, and it supports learning and responding, the Agile way.

    All this goodness in approach, painted a better picture, of a better way forward.  Rather than over-engineer up front, or over-plan for some day maybe, start flowing value now.  Rather than travel with burden and assumptions, travel lightweight and sustainable.  Rather than fear change, allow for it, and embrace it – be adaptable.  But does this approach to work, also work for life?

    I asked Ward how he did his career planning and figured out his year ahead.  He said he simply works backward from the experiences he wants.  He writes his story forward, by focusing on the experiences he wants to create.  He leads an experience-driven life.  What a simple, yet elegant, and insightful approach.  What an empowering way forward.

    The journey is the trip and the destination.  It's the way we travel and it's the end in mind.  It's the Agile way.

    This is why my latest book is Getting Results the Agile Way.

  • J.D. Meier's Blog

    2007 Post Roundup

    • 1 Comments

    I'm in the process of analyzing my blogging strategies and practices.  As part of the process, I'm doing a post roundup for this blog.  I did a 2007 post roundup for my Book Share blog and it helped me get a bird's-eye view of my post content.  Seeing my posts at a glance, helps me both rekindle the year and spot patterns for improvement.  With the benefit of 20/20 hind-sight, I then carry the lessons forward.  Here's my 2007 posts at a glance:

    January 2007

    February 2007

    March 2007

    April 2007

    May 2007

    June 2007

    August 2007

    September 2007

    October 2007 - Posts

    November 2007

    December 2007

    Technorati Profile
  • J.D. Meier's Blog

    Ten Steps for Structured Project Management

    • 1 Comments

    In the book "How to Run Successful Projects III, The Silver Bullet", Fergus O'Connell identifies ten steps to structured project management:

    1. Visualize the goal
    2. Make a list of jobs
    3. There must be one leader
    4. Assign people to jobs
    5. Manage expectations, allow a margin of error, have a fallback position
    6. Use an appropriate leadership style
    7. Know what's going on
    8. Tell people what's going on
    9. Repeat steps 1-8 until step 10
    10. The Prize

    These ten steps help make project management consistent, predictable, and repeatable.  The first five steps are about planning your project.  The last five are about implementing the plan and achieving the goal.  These steps are based on 25 years of research into why some projects fail and others succeed.

    I like to checkpoint any project I do against these steps.  I find that when a project is off track, I can quickly pinpoint it to one of the steps above and correct course.

  • J.D. Meier's Blog

    ASP.NET 2.0 Internet Security Reference Implementation

    • 8 Comments

    The ASP.NET 2.0 Internet Security Reference Implementation is a sample application complete with code and guidance.  Our purpose was to show patterns & practices security guidance in the context of an application scenario. We used Pet Shop 4 as the baseline application and tailored it for an internet facing scenario.  The application uses forms authentication with users and roles stored in SQL.

    Home Page/Download

    3 Parts
    The reference implementation contains 3 parts:

    1. VS 2005 Solution and Code 
    2. Reference Implemenation Document
    3. Scenario and Solution Document 

    The purpose of each part is as follows:

    1. VS 2005 Solution and Code - includes the Visual Studio 2005 solution, the reference implementation doc, and the scenario and solution doc.
    2. Reference Implemenation Document (ASP.NET 2.0 Internet Security Reference Implementation.doc) - is the reference implementation walkthrough document containing implementation details and key decisions we made along the way.  Use this document as a fast entry point into the relevant decisions and code.
    3. Scenario and Solution Document (Scenario and Solution - Forms Auth to SQL, Roles in SQL.doc) - is the more general scenario and solution document containing key decisions that apply to all applications in this scenario.

    Key Engineering Decisions Addressed
    We grouped the key problems into the following buckets:

    • Authentication
    • Authorization
    • Input and Data Validation
    • Data Access
    • Exception Management
    • Sensitive Data
    • Auditing and Logging

    These are actionable, potential high risk categories.  These buckets represent some of the more important security decisions you need to make that can have substantial impact on your design.  Using these buckets made it easier to both review the key security decisions and to present the decisions for fast consumption.

    Getting Started

    1. Download and install the ASP.NET 2.0 Internet Security Reference Implementation.
    2. Use ASP.NET 2.0 Internet Security Reference Implementation.doc to identify the code you want to explore
    3. Open the solution, Internet Security Reference Implementation.sln, and look into the details of the implementation
    4. If you're interested in testing SSL, then follow the instructions in  SSL Instructions.doc.

     

  • J.D. Meier's Blog

    Mapping Out the Microsoft Application Platform at a Glance

    • 12 Comments

    “People only see what they are prepared to see.” - Ralph Waldo Emerson

    At the beginning of the year, I like to take a quick survey of the Microsoft application platform.  It helps me figure out where to put my bets and where to explore.  It’s a “see the forest, from the trees” exercise.

    And oh, what a forest it is.  The beauty is it covers a wide spectrum and supports so many scenarios.  The challenge is finding your way around.  To find my way around, I map out the platform and I think in terms of application types:

    • Web applications
    • Mobile applications
    • Rich Internet Applications (RIA)
    • Rich Clients
    • Web Services

    By thinking about deployment targets such as cloud or desktop or browser or phone, etc. it makes it very easy to get in the ballpark in terms of context and technologies very quickly.  From there, I can worry about things like presentation or data access stacks or language platforms (native, .NET, or scripting.)   It’s also a quick way to explore relevant quality attributes (security, performance, reliability) or evaluate architectural styles.  In other words, it’s a way to hack through information overload and cut to the chase.

    Microsoft Application Platform at a Glance
    This is my draft map of the platform.   It’s a strawman that I use to walk the platform, find clusters of technologies, figure out what’s changed, and evaluate the latest story.  It’s easier for me to have conversations about the platform with customers or product teams when I start with a shared frame.  The hard part is putting the initial map together.  The easy part is improving it through feedback.  If something is missing, it’s easy to add.  If something is wrong, it’s easy to fix.

    As simple as the map looks, it compacts a lot of information.  I stuck the code names in where I could find them.   Enjoy …

    Category Items
    Application Infrastructure
    ALM (Application Life-Cycle Management)
    App Frameworks / Extensions
    Cloud
    Collaboration / Integration / Workflow
    Data Access
    Database Server
    Development Tools
    Games
    Identity
    Languages

     

    Mobile
    Modeling
    OBA (Office Business Applications)
    Parallel
    Rich Client
    Rich Internet Applications (RIA)
    Services
    Web
    Web Server
    Windows Server

    Where To Find Out More
    I’m a fan of teaching people to fish, as well as giving some starter fish.  Aside from people, events, and social media, the three best ways I know to figure out what’s happening on the platform are Wikipedia, Channel9, and the MSDN Dev Centers.  I started you out with some pages below …

    Wikipedia

    Channel9 Training Centers

    MSDN Dev Centers

  • J.D. Meier's Blog

    People I've Worked with On Past Projects

    • 1 Comments

    One lesson I've learned time and again is that it's about the people.  You can be on a lousy project with great people and still have a great time.  The reverse is not always true.  Of course, the ideal world is a great project with great people.  I've been lucky enough to have enjoyed several adventures with great people while trying to change the world.

    As part of mid-year review, I'm taking a stroll down memory lane.  To do so, I created a snapshot of people I've worked with while writing books in patterns & practices over the years. Looking into the past always gives me insight into the future.   I use it to find personal success patterns.  It also helps me get a new vantage point for project analysis.

    The first thing I learned by looking at the list of people I've worked with is how the right project can really grow your network.   The other thing is how you can also predict a project's success largely by who's involved.   The thing that really stands out for me is that the most successful projects were ones that created an intersection of the right problems, with the right people, with the right passions and strengths.  That's what dream teams and compelling missions are made of.  A simple test of whether you have the right team is whether you want to run towards or away from the problem.

    Here's the snapshot I used for my analysis ...

    Application Architecture Guide 2.0

    • Home Page: http://www.codeplex.com/AppArchGuide
    • Forewords: S. Somasegar, Scott Guthrie
    • Authors: J.D. Meier , Alex Homer, David Hill, Jason Taylor , Prashant Bansode , Lonnie Wall, Rob Boucher Jr, Akshay Bogawat
    • Test Team - Rohit Sharma, Praveen Rangarajan, Kashinath TR, Vijaya Jankiraman
    • Edit Team - Dennis Rea
    • External Contributors/Reviewers - Adwait Ullal; Andy Eunson; Brian Sletten; Christian Weyer; David Guimbellot; David Ing; David Weller; Derek Greer; Eduardo Jezierski; Evan Hoff; Gajapathi Kannan; Jeremy D. Miller; John Kordyback; Keith Pleas; Kent Corley; Mark Baker; Paul Ballard; Peter Oehlert; Norman Headlam; Ryan Plant; Sam Gentile; Sidney G Pinney; Ted Neward; Udi Dahan
    • Microsoft Contributors / Reviewers - Ade Miller; Amit Chopra; Anna Liu; Anoop Gupta; Bob Brumfield; Brad Abrams; Brian Cawelti; Bhushan Nene; Burley Kawasaki; Carl Perry; Chris Keyser; Chris Tavares; Clint Edmonson; Dan Reagan; Denny Dayton; Diego Dagum; Dmitri Martynov; Dmitri Ossipov; Don Smith; Dragos Manolescu; Elisa Flasko; Eric Fleck; Erwin van der Valk; Faisal Mohamood; Francis Cheung; Gary Lewis; Glenn Block; Gregory Leake; Ian Ellison-Taylor; Ilia Fortunov; J.R. Arredondo; Javed Sikander; John deVadoss; Joseph Hofstader; Koby Avital; Loke Uei Tan; Luke Nyswonger; Manish Prabhu; Meghan Perez; Mehran Nikoo; Michael Puleio; Mike Francis; Mike Walker; Mubarak Elamin; Nick Malik; Nobuyuki Akama; Ofer Ashkenazi; Pablo Castro; Pat Helland; Phil Haack; Rabi Satter; Reed Robison; Rob Tiffany; Ryno Rijnsburger; Scott Hanselman; Seema Ramchandani; Serena Yeoh; Simon Calvert; Srinath Vasireddy; Tom Hollander; Wojtek Kozaczynski

    Improving Web Services Security

    • Home Page: http://www.codeplex.com/WCFSecurityGuide
    • Forewords: Nicholas Allen, Rockford Lhotka
    • Authors: J.D. Meier, Carlos Farre, Jason Taylor, Prashant Bansode, Steve Gregersen, Madhu Sundararajan, Rob Boucher
    • External Contributors/Reviewers: Andy Eunson; Anil John; Anu Rajendra; Brandon Bohling; Chaitanya Bijwe; Daniel Root; David P. Romig, Sr.; Dennis Rea; Kevin Lam; Michele Bustamante; Parameswaran Vaideeswaran; Rockford Lotka; Rudolph Araujo; Santosh Bejugam
    • Microsoft Contributors / Reviewers: Alik Levin; Brandon Blazer; Brent Schmaltz; Curt Smith ; Dmitri Ossipov; Don Smith; Jan Alexander; Jason Hogg; Jason Pang; John Steer; Marc Goodner; Mark Fussell; Martin Gudgin; Martin Petersen-Frey; Mike de Libero; Mohammad Al-Sabt; Nobuyuki Akama; Ralph Squillace; Richard Lewis; Rick Saling; Rohit Sharma; Scott Mason; Sidd Shenoy; Sidney Higa; Stuart Kwan; Suwat Chitphakdibodin; T.R. Vishwanath; Todd Kutzke; Todd West; Vijay Gajjala; Vittorio Bertocci; Wenlong Dong; Yann Christensen; Yavor Georgiev

    Team Development with Visual Studio Team Foundation Server

    • Home Page: http://msdn.microsoft.com/en-us/library/bb668991.aspx
    • Forewords: Jeff Beehler, Rob Caron, Brian Harry
    • Authors: J.D. Meier, Jason Taylor, Prashant Bansode, Alex Mackman, Kevin Jones
    • External Contributors/Reviewers.  David P. Romig, Sr; Dennis Rea; Eugene Zakhareyev; Leon Langleyben; Martin Woodward; Michael Rummier; Miguel Mendoza ; Mike Fourie; Quang Tran; Sarit Tamir; Tushar More; Vaughn Hughes
    • Microsoft Contributors / Reviewers.  Aaron Hallberg; Ahmed Salijee; Ajay Sudan; Ajoy Krishnamoorthy; Alan Ridlehoover; Alik Levin; Ameya Bhatawdekar; Bijan Javidi; Bill Essary; Brett Keown; Brian Harry; Brian Moore; Brian Keller; Buck Hodges; Burt Harris; Conor Morrison; David Caufield; David Lemphers; Doug Neumann; Edward Jezierski; Eric Blanchet; Eric Charran; Graham Barry; Gregg Boer; Grigori Melnik; Janet Williams Hepler; Jeff Beehler; Jose Parra; Julie MacAller; Ken Perilman; Lenny Fenster; Marc Kuperstein; Mario Rodriguez; Matthew Mitrik; Michael Puleio; Nobuyuki Akama; Paul Goring; Pete Coupland; Peter Provost; Granville (Randy) Miller; Richard Berg; Rob Caron; Robert Horvick; Rohit Sharma; Ryley Taketa; Sajee Mathew; Siddharth Bhatia; Tom Hollander; Tom Marsh; Venky Veeraraghavan

    Performance Testing Guidance

    • Home Page: http://msdn.microsoft.com/en-us/library/bb924375.aspx
    • Forewords: Alberto Savoia, Rico Mariani
    • Authors: J.D. Meier, Microsoft, Senior Program Manager, patterns & practices
      Carlos Farre, Microsoft, Software Design Engineer Test, patterns & practices
      Prashant Bansode, Infosys Technologies Ltd
      Scott Barber, PerfTestPlus Inc, Chief Technologist
      Dennis Rea, Wadeware LLC
    • Microsoft Contributors and Reviewers: Alan Ridlehoover; Clint Huffman; Edmund Wong; Ken Perilman; Larry Brader; Mark Tomlinson; Paul Williams; Pete Coupland; Rico Mariani
    • External Contributors and Reviewers: Alberto Savoia; Ben Simo; Cem Kaner; Chris Loosley; Corey Goldberg; Dawn Haynes; Derek Mead; Karen N. Johnson; Mike Bonar; Pradeep Soundararajan; Richard Leeke; Roland Stens; Ross Collard; Steven Woody

    Security Engineering

    • Home Page: http://msdn.microsoft.com/en-us/library/ms998382.aspx
    • Authors: J.D. Meier, Alex Mackman, Blaine Wastell, Prashant Bansode, Jason Taylor, and Rudolph Araujo.
    • Test Team: Larry Brader, Microsoft Corporation; Nadupalli Venkata Surya Sateesh, Sivanthapatham Shanmugasundaram, Infosys Technologies Ltd.
    • Edit Team: Nelly Delgado, Microsoft Corporation
    • Release Management: Sanjeev Garg, Microsoft Corporation
    • External Contributors and Reviewers: Anil John, Johns Hopkins University – Applied Physics Laboratory; Frank Heidt; Keith Brown Pluralsight LLC; Mark Curphey, Foundstone Professional Services
    • Microsoft Services and PSS Contributors and Reviewers: Adam Semel, Denny Dayton, Gregor Noriskin, Kate Baroni, Tom Christian, Wade Mascia
      Microsoft Product Group: Charlie Kaufman, Don Willits, Mike Downen, Rick Samona
      Microsoft IT Contributors and Reviewers: Akshay Aggarwal, Irfan Chaudhry, Shawn Veney, Talhah Mir
    • MSDN Contributors and Reviewers: Kent Sharkey
    • Microsoft EEG: Corey Ladas, James Waletzky 

    Improving .NET Application Performance and Scalability

    • Home Page: http://msdn.microsoft.com/en-us/library/ms998530.aspx
    • Forewords: S. Somasegar, Rico Mariani, Brandon Bohling, Connie U. Smith, Scott Barber
    • Authors: J.D. Meier, Srinath Vasireddy, Ashish Babbar, Alex Mackman
    • Special thanks to key contributors: Anandha Murukan; Andy Eunson; Balan Jayaraman, Infosys Technologies Ltd; Christopher Brumme (CLR and COM interop); Connie U. Smith, Ph.D.; Curtis Krumel (SQL Server); David G. Brown (SQL Server); Denny Dayton; Don Willits ("Uber man"); Edward Jezierski; Ilia Fortunov; Jim O'Brien, Content Master Ltd; John Allen (ASP.NET); Matt Odhner (ACT); Prabhaker Potharaju (SQL Server); Rico Mariani (Performance Modeling, CLR, Code Review, Measuring); Ray Escamilla (Tuning); Scott Barber (Performance Modeling and Testing); Sharon Bjeletich (SQL Server)
    • Special thanks to key reviewers: Adam Nathan (Interop); Brad Abrams; Brandon Bohling, Intel Corporation; Carlos Farre, Solutions IQ; Chuck Delouis, Veritas Software (SQL Server); Cosmin Radu (Interop); Eddie Lau (ACE); Eric Morris (ACE); Erik Olsen (ASP.NET); Gerardo Bermudez (CLR, Performance Modeling); Gregor Noriskin; Ken Perilman; Jan Gray; John Hopkins (ACE); Joshua Lee; K.M. Lee (ACE TEAM); Mark Fussell (XML); Matt Tavis (Remoting); Nico Jansen (ACE Team); Pablo Castro (ADO.NET and SQL); Patrick Dussud (CLR); Riyaz Pishori (Enterprise Services); Richard Turner (Enterprise Services); Sonja Keserovic (Interop); Thomas Marquardt (ASP.NET); Tim Walton; Tom McDonald; Wade Mascia (ASP.NET threading, Web services, and Enterprise Services); Yasser Shohoud (Web services)
    • External Reviewers: Ajay Mungara, Intel Corporation; Bill Draven, Intel Corporation; Emil Lerch, Intel Corporation; Carlos Santos (Managed Code); Chris Mullins, Kiefer Consulting; Christopher Bowen, Monster.com; Chuck Cooper; Dan Sullivan; Dave Levine, Rockwell Software; Daniel Cazzulino, Lagash Systems SA; Diego Gonzalez, Lagash Systems SA (XML); Franco Ceruti; Fredrik Normen "N2", Barium AB (extensive review); Grant Fritchey; Greg Buskirk; Greg Kiefer, Kiefer Consulting; Ingo Rammer, IngoRammer.com; James Duff, Vertigo Software; Jason Masterman, Barracuda .NET (Remoting); Jeff Fiegel, Acres Gaming; Jeff Sukow, Rockwell Software; John Lam; John Vliet, Intel Corporation; Juval Lowy (COM interop); Kelly Summerlin, TetraData; Mats Lanner, Open Text Corporation; Matt Davey; Matthew Brealey; Mitch Denny, Monash.NET; Morten Abrahamsen (Performance and Transactions); Nick Wienholt, dotnetperformance.com; Norm Smith (Data Access and Performance Modeling); Pascal Tellier, prairieFyre Software Inc.; Paul Ballard, Rochester Consulting Partnership, Inc.; Per Larsen (Managed Code Performance); Scott Allen (Design Guidelines); Philippe Harry Leopold Frederix (Belgium); Scott Stanfield, Vertigo Software; Ted Pattison, Barracuda .NET (COM Interop); Thiru Thangarathinam; Tim Weaver, Monster.com; Vivek Chauhan (NIIT); Thiru Thangarathinam; Wat Hughes, Creative Data (SQL Server)
    • Microsoft Consulting Services and Product Support Services (PSS): Dan Grady; David Madrian; Eddie Clodfelter; Hugh Wade; Jackie Richards; Jacquelyn Schmidt; Jaime Rodriguez; James Dosch; Jeff Pflum; Jim Scurlock; Julian Gonzalez (Web services); Kenny Jones; Linnea Bennett; Matt Neerincx; Michael Parkes; Michael Royster; Michael Stuart; Nam Su Kang; Neil Leslie; Nobuyuki Akama; Pat Altimore; Paul Fallon; Scott Slater; Tom Sears; Tony Bray
    • Microsoft Product Group: Alexei Vopilov (Web services); Amrish Kumar; Arvindra Sehmi; Bill Evans; Brian Spanton; Keith Ballinger (WSE); Scot Gellock (Web services); Brian Grunkemeyer (CLR); Chris Eck; David Fields (NT); David Guimbellot; David Mortenson (CLR); Dax Hawkins; Dhananjay Mahajan (Enterprise Services); Dino Chiesa; Dmitry Robsman; Doug Rothaus (ADO.NET); Eddie Liu; Elena Kharitidi (Web services); Fabio Yeon; Harris Syed (Enterprise Services); Jason Zander; Jeffrey Cooperstein; Jim Radigan; Joe Long (Web services vs. ES vs. Remoting); Joshua Allen; Larry Buerk; Lubor Kollar (SQL Server); Maoni Stephens; Michael Coulson; Michael Fanning; Michael Murray (FxCop); Omri Gazitt; Patrick Ng (FX DEV); Peter Carlin (SQL Server); Rebecca Dias (WSE); Rick Vicik; Robin Maffeo (CLR Thread pool); Vance Morrison; Walter Stiers; Yann Christensen
    • patterns & practices members: Jason Hogg (ADO.NET and XML); Naveen Yajaman; Sandy Khaund; Scott Densmore; Tom Hollander; Wojtek Kozaczynski
      Thanks to our test team: (Infosys Technologies Ltd): Austin Ajit Samuel Angel; Dhanyah T.S.K; Lakshmi; Prashant Bansode; Ramesh Revenipati; Ramprasad Gopalakrishnan; Ramprasad Ramamurthy; Terrence J. Cyril
      Thanks to our editors for helping to ensure a quality experience for the reader: Sharon Smith; Tina Burden McGrayne, Entirenet; Susan Filkins, Entirenet; Tyson Nevil, Entirenet
    • product manager: Ron Jacobs
    • Finally, thanks to: Alex Lowe; Chris Sells; Jay Nanduri; Nitin Agrawal; Pat Filoteo; Patrick Conlan (SQL Server); Rajasi Saha; Sanjeev Garg (Satyam Computer Services); Todd Kutzke

    Improving Web Application Security: Threats and Countermeasures

    • Home Page: http://msdn.microsoft.com/en-us/library/ms994921.aspx
    • Forewords: Mark Curphey, Erik Olson, Joel Scambrary, Michael Howard
    • Authors: J.D. Meier, Alex Mackman, Srinath Vasireddy, Michael Dunner, Ray Escamilla, Anandha Murukan
    • External Reviewers–Mark Curphey, Open Web Application Security Project and Watchfire; Andy Eunson (extensive review); Anil John (code access security and hosting scenarios); Paul Hudson and Stuart Bonell, Attenda Ltd. (extensive review of the Securing series); Scott Stanfield and James Walters, Vertigo Software; Lloyd Andrew Hubbard; Matthew Levine; Lakshmi Narasimhan Vyasarajan, Satyam Computer Services; Nick Smith, Senior Security Architect, American Airlines (extensive review of the Securing series); Ron Nelson; Senthil Rajan Alaguvel, Infosys Technologies Limited; Roger Abell, Engineering Technical Services, Arizona State University; and Doug Thews.
    • Microsoft Product Group–Michael Howard (Threat Modeling, Code Review, and Deployment Review); Matt Lyons (demystifying code access security); Caesar Samsi; Erik Olson (extensive validation and recommendations on ASP.NET); Andres De Vivanco (securing SQL Server); Riyaz Pishori (Enterprise Services); Alan Shi; Carlos Garcia Jurado Suarez; Raja Krishnaswamy, CLR Development Lead; Christopher Brown; Dennis Angeline; Ivan Medvedev (code access security); Jeffrey Cooperstein (Threat Modeling); Frank Swiderski; Manish Prabhu (.NET Remoting); Michael Edwards, MSDE; Pranish Kumar, (VC++ PM); Richard Waymire (SQL Security); Sebastian Lange; Greg Singleton; Thomas Deml (IIS Lead PM); Wade Hilmo (IIS); Steven Pratschner; Willis Johnson (SQL Server); and Girish Chander (SQL Server).
    • Microsoft Consulting Services and Product Support Services (PSS): Ilia Fortunov (Senior Architect) for providing continuous and diligent feedback; Aaron Margosis (extensive review, script injection, and SQL Injection); Jacquelyn Schmidt; Kenny Jones; Wade Mascia (Web Services and Enterprise services); Aaron Barth; Jackie Richards; Aaron Turner; Andy Erlandson (Director of PSS Security); Jayaprakasam Siddian Thirunavukkarasu (SQL Server security); Jeremy Bostron; Jerry Bryant; Mike Leuzinger; Robert Hensing (reviewing the Securing series); Gene Ferioli; David Lawler; Jon Wall (threat modeling); Martin Born; Michael Thomassy; Michael Royster; Phil McMillan; and Steven Ramirez.
    • Special Thanks To: Joel Scambray; Rich Benack; Alisson Sol; Tavi Siochi (IT Audit); Don Willits (raising the quality bar); Jay Nanduri (Microsoft.com) for reviewing and sharing real world experience; Devendra Tiwari and Peter Dampier, for extensive review and sharing best IT practices; Denny Dayton; Carlos Lyons; Eric Rachner; Justin Clarke; Shawn Welch (IT Audit); Rick DeJarnette; Kent Sharkey (Hosting scenarios); Andy Oakley; Lucas Lavarello; Vijay Rajagopalan (Dev Lead MS Operations); Gordon Ritchie, Content Master Ltd; Chase Carpenter (Threat Modeling); Matt Powell (for Web Services security); Joel Yoker; Juhan Lee [MSN Operations]; Lori Woehler; Mike Sherrill; Mike Kass; Nilesh Bhide; Rebecca Hulse; Rob Oikawa (Architect); Scott Greene; Shawn Nandi; Steve Riley; Mark Mortimore; Matt Priestley; and David Ross.
    • Editors: Sharon Smith; Kathleen Hartman (S&T OnSite); Tina Burden (Entirenet); Cindy Riskin (S&T OnSite); and Pat Collins (Entirenet) for helping to ensure a quality experience for the reader.
    • patterns & practices team members: Naveen Yajaman; Philip Teale; Scott Densmore; Ron Jacobs; Jason Hogg; Per Vonge Nielsen; Andrew Mason; Edward Jezierski; Michael Kropp; Sandy Khaund; Shaun Hayes; Mohammad Al–Sabt; Edward Lafferty; Ken Perilman; and Sanjeev Garg (Satyam Computer Services).

    Building Secure ASP.NET Applications

    • Home Page: http://msdn.microsoft.com/en-us/library/aa302415.aspx
    • Authors: J.D. Meier, Alex Mackman, Michael Dunner, and Srinath Vasireddy
    • Contributors and reviewers: Manish Prabhu, Jesus Ruiz-Scougall, Jonathan Hawkins and Doug Purdy, Keith Ballinger, Yann Christensen and Alexei Vopilov, Laura Barsan, Greg Fee, Greg Singleton, Sebastian Lange, Tarik Soulami, Erik Olson, Caesar Samsi, Riyaz Pishori, Shannon Pahl, Ron Jacobs, Dave McPherson, Christopher Brown, John Banes, Joel Scambray, Girish Chander, William Zentmayer, Shantanu Sarkar, Carl Nolan, Samuel Melendez, Jacquelyn Schmidt, Steve Busby, Len Cardinal, Monica DeZulueta, Paula Paul, Ed Draper, Sean Finnegan, David Alberto, Kenny Jones, Doug Orange, Alexey Yeltsov, Martin Kohlleppel, Joel Yoker, Jay Nanduri, Ilia Fortunov, Aaron Margosis (MCS), Venkat Chilakala, John Allen, Jeremy Bostron, Martin Petersen-Frey, Karl Westerholm, Jayaprakasam Siddian Thirunavukkarasu, Wade Mascia, Ryan Kivett, Sarath Mallavarapu, Jerry Bryant, Peter Kyte, Philip Teale, Ram Sunkara, Shaun Hayes, Eric Schmidt, Michael Howard, Rich Benack, Carlos Lyons, Ted Kehl, Peter Dampier, Mike Sherrill, Devendra Tiwari, Tavi Siochi, Per Vonge Nielsen, Andrew Mason, Edward Jezierski, Sandy Khaund, Edward Lafferty, Peter M. Clift, John Munyon, Chris Sfanos, Mohammad Al-Sabt, Anandha Murukan (Satyam), Keith Brown (DevelopMentor), Andy Eunson, John Langley (KANA Software), Kurt Dillard, Christof Sprenger, J.K.Meadows, David Alberto, Bernard Chen (Sapient)
  • J.D. Meier's Blog

    Architecture Linkage, Business Linkage, and Alignment Linkage

    • 2 Comments

    Your company's foundation for execution will make or break your survival in the market for the long haul.  How can you incrementally build and shape the foundation, while executing projects?  How do you connect and align IT with your business vision, while shaping your foundation for execution?

    You can use three linking mechanisms to build and shape your company's foundation.

    In the book, Enterprise Architecture as Strategy: Creating a Foundation for Business Execution, Jeanne W. Ross, Peter Weill, and David C. Robertson write about three linking mechanisms that help you build and shape the company's foundation.

    Why You Need Good Linking Mechanisms

    Linking mechanisms are the key to building and shaping your company’s foundation for execution.  You can incrementally shape the foundation as you drive projects.   You can also inform your company’s foundation as you learn from your projects.  Ross, Weill, and Robertson write:

    “Good linking mechanisms ensure that projects incrementally build the company's foundation and that the design of the company's foundation (it's operating model and enterprise architecture) is informed by projects.”

    3 Linking Mechanisms that Build and Shape the Company's Foundation

    According to Ross, Weill, and Robertson, the three linking mechanisms are:

    1. Architecture Linkage
    2. Business Linkage
    3. Alignment Linkage

    Architecture Linkage

    Architecture linkage connects projects to IT governance choices about architecture. Ross, Weill, and Robertson write:

    “Architecture linkage establishes and updates standards, reviews projects for compliance, and approves exceptions.  Architecture linkage connects the IT governance decisions about architecture with project design decisions.  For example, a company working to increase integration may have a mechanism for insisting that a supply chain project -- rather than focus narrowly on its own data needs -- restructure an inventory database so that it facilitates anticipated future uses of the inventory data.  Companies may fulfill architecture linkage with one mechanism, such as an architecture review board.  More commonly, firms employ multiple mechanisms, ranging from architect training programs to architecture exception processes.”

    Business Linkage

    Business linkage links projects to business goals.  Ross, Weill, and Robertson write:

    “Similarly, business linkage ensure that business goals are translated effectively into project goals.  Business linkage coordinates projects, connects them to larger transformation efforts, and focuses projects on attacking specific problems in the best possible way.  For example, a key linking mechanism for companies pursuing companywide standardized processes is the use of process owners with primary responsibility for designing and updated processes.  Business linkage also includes incentive programs to guide behavior as new projects demand new ways of thinking.”

    Alignment Linkage

    Alignment linkage connects business and IT relationships.  Ross, Weill, and Robertson write:

    “Alignment linkage mechanisms ensure ongoing communication and negotiation between IT and business concerns.  Business-IT relationship managers or business unit CIOs are typically a critical linkage for translating back and forth between business goals and IT constraints.  Other mechanisms in this category include a project management office, training and certification of project managers, and metrics for assessing projects.”

    Linking Becomes an Organizational Habit

    It’s a maturity thin.   The more you practice the linking mechanisms, the more it becomes an organizational habit.  Ross, Weill, and Robertson write:

    “Earlier we noted that a company's management practices evolve through the stages of architectural maturity.  Many of these evolving practices are linking mechanisms.  As they are implemented and improved, they contribute to increasing sophistication of the IT engagement model.  Over time, linking mechanisms can become increasingly embedded in IT governance and project management processes so that linking becomes an organizational habit.”

    You Might Also Like

  • J.D. Meier's Blog

    Windows Azure Code Samples Collection

    • 0 Comments

    image

    The Microsoft Windows Azure Code Samples Collection is a roundup and map of Windows Azure code samples from  various sources including the MSDN library, Code Gallery, CodePlex, and Microsoft Support.

    You can add to the Windows Azure code examples collection by sharing in the comments or emailing me atFeedbackAndThoughts at live.com.

    Common Categories for Windows Azure Code Samples
    The Windows Azure Code Samples Collection is organized using the following categories:

    image

    Windows Azure Code Samples Map

    Category

    Items

    Sample Apps

    DPE

    Windows Azure Training Kit

    Architecture and Design

    Code Gallery

    DPE

    patterns & practices

    Claims / Identity

    patterns & practices

    Windows Azure Training Kit

    Configuration

    Data Access and Storage

    MSDN Magazine

    Windows Azure Training Kit

    Deployment

    patterns & practices

    General

    Windows Azure Training Kit

    Logging and Instrumentation

    Migration

    patterns & practices

    Service Bus

    All-in-One Code Framework

    MSDN Magazine

    Service Management API

    · Windows Azure Service Management CmdLets from http://code.msdn.microsoft.com/azurecmdlets

    SQL Azure

    Code Gallery

    Microsoft Support

    WCF

    Code Gallery

    All-in-One Code Framework

    Windows Azure Storage

    Code Gallery

    All-in-One Code Framework

    Windows Azure UE Team Code Samples
    The Windows Azure UE team now has an organized collection of code samples available at:


    My Related Posts

  • J.D. Meier's Blog

    Patterns and Practices for Distributed Teams

    • 4 Comments

    This post is a summary of my lessons learned from leading distributed teams.  I've managed distributed project teams since 2001, spanning the UK, Argentina, India, and other parts of the world.  While I preferred having everybody together on site around a whiteboard to simplify and improve communication,  flexibility with distributed teams gave me access to the right talent, wherever it may be.

    Key Challenges
    These are some of the most common challenges I faced:

    • Trust
    • Time zone differences
    • Sharing state
    • Changes in direction that have a ripple effect
    • Communication overhead
    • Keeping everybody on the same page
    • Sharing knowledge across the team
    • Partitioning work for enough autonomy but to keep checks and balances
    • Lack of a whiteboard

    Distance didn’t matter as much as differences in time zones.  If the time zone differences were too much, it meant  a lot more information, knowledge and state had to be packaged up and handed over.  However, when you leverage time zone differences, the experience can feel like you carry the baton forward, or, it’s like “The Elves and the Shoemaker,” where you make progress around the clock.

    Success Patterns for Distributed Teams
    The following success patterns helped improve distributed team effectiveness:

    • Forming, storming, norming and performing.   The forming, storming, norming and performing lens helps remind everybody to expect that things smooth out over time.  It’s a simple maturity model for explaining how a team gels.
    • Proxy / On Point.  One of the most helpful patterns for cross-site communication is to have somebody act as the proxy or person on point to funnel key communication.  This is especially important when their are major time zone differences.  The additional patterns, such as the show and tell, and the Monday iterations and daily stand-ups, keep this from being a single point of failure.  Instead, it’s a focal point with some accountability when key information needs to be shared across time zones.
    • Rhythm of results.  Daily, Weekly, and Monthly Results.   While the team might ship every two weeks, thinking in terms of daily, weekly, and monthly results helps set the right mindset.  It creates a bias for action, and it helps get the kinks out of execution.
    • Monday Vision, Daily Outcomes, and Friday Reflection.   This is a simple, high-level pattern to drive results each week.   The approach is to identify 3 key outcomes for the week, as well as 3 key outcomes each day, and to use Friday for learning and reflecting. 
    • Stories.  By focusing on stories, it makes it easy for everybody on the team to think in terms of end-to-end stories over, features or discipline-focused activities.  It’s a great way to balance the customer, technical and business perspectives, as well as help the team converge around common goals.
    • Monday Iteration plans.  Doing iteration plans on Mondays helps set the goals for the week, as well as include everybody’s input.  We keep these to 30 minutes or less.  The outcome is the prioritized set of stories for the week.
    • Daily stand-ups.    Everybody calls in and we go around the team asking 3 questions: 1) what did you get done? 2) what are you getting done today? and 3) where do you need help?  We keep these to 10 minutes or less.  It sets the pace and prevents getting side-tracked.
    • Invoke a teammate.  One goal up front is to make it easy for everybody on the team to reach whoever they need in an ad-hoc way.  Everybody identifies their preferred email, phone number, Skype account, and instant message information, as well as their main working hours.
    • Show and Tell.  I use weekly show and tells as a forcing function.  It gives people on the team a chance to show off their work.  More importantly it’s a simple way to dog food results as well as use the team as a sounding board.  It’s one thing to build something, it’s another to show it to other people and get honest feedback.
    • Wiki Knowledge Bases (KBs.)   Using Wikis helps simplify sharing information.  It keeps people from over-engineering and it’s easy to keep updated.
    • Experience Step-Throughs.   These are simply short slide decks that mock up the experience.  Each deck walks through one story or scenario visually.  We test the experience with customers, and then we walk through as a team, from a technical perspective.  We do this for high-risk stories.   See Experience-Driven Development and Experience Step-Throughs.
    • Distributed pairing.   I’ve found the fastest way to hand over information is to pair people up.  Pairing can also help people get unblocked or keep pace.  It’s not always obvious who pairs up well, so we test different combinations to find what works best for people.  Sometimes it helps to compliment skills.  For example, one person might be great technically, while another might be great with customer experience.
    • Mentoring and buddies.   Helping new people on the team ramp up is a priority.  I’ve found the most effective way is to have people pair on things together.  For metaphors, we call it either “co-pilot” or a “student-driver” model.
    • Email Triage.  As simple as it sounds, it’s been helpful to include “triage” in the title of some emails.  This tells the team that this email thread may be a drill-down or discussion on a topic.  It’s also a quick way for anybody on the team to ask for help, since they may not know who on the team has the answer.
    • One mail.   This is a simple burn down list.  Whenever we’re pushing for a key milestone, it’s helpful to summarize the open work that everybody can see and comment on in a shared way.  To do so, we simply send out an email that lists the current open work to the team and everybody chimes in.  It helps everybody see a tangible finish line.
    • Team project site.   It’s important that the team has one place to look for all the shared information.  The most important information here is the schedule, the deliverables, status, and any key information related to either the deliverables or the project.
    • Lessons Learned.   I’m a fan of sharing lessons learned on the team.  To bootstrap these, we usually just start an email thread and dump our lessons learned.  We then port the lessons into the Wiki for easy reference.  We list the lessons as one-liners in the form of “do’s” and “don’ts".”  It’s a tickler list that provides a backdrop for richer conversations, dialogues, and discussions.
    • Checklists.  Checklists for common tasks have been the best and simplest way to share information across the team.   They help reduce mistakes and carry lessons forward.
    • Best Practices Repository.   We store our best practices for each project in a project-level repository.  At the end of the project, we port the best practices to a shared repository across projects.  This way each project is focused on “best practices,” and these are very specific and detailed.  The all up best practices are more generalized to be useful across projects, and as a starting point for new projects.
    • Reduce friction in the process.   This is a shared goal on the team to get the kinks out of any sticking points in any of the processes.  We try to innovate in the process to save cost or time or improve effectiveness.  This helps us avoid death by a 1000 paper cuts.
    • Video nuggets.   We’ve found that sharing short-videos can help share knowledge on the team very quickly.  These are throw-away videos, but they help capture a snapshot whenever somebody does research in a particular area.

    No single pattern is a silver bullet.  Instead, it’s the composition of these patterns and practices that help improve distributed team communication and overall effectiveness.

    Tools of the Trade
    The following are some common tools of the trade:

    • Email.  This is helpful for sharing technical details, state, and general asynchronous communication.
    • Conference calls.  This is important for Monday iterations, daily stand-ups, Show and Tells, and any other team meetings.
    • Microsoft Shared view.  This is helpful for distributed pairing as well as Show and Tells, so that everybody can see a shared desktop.
    • Slides.  Slideware is a great way to share visuals and consolidate key information or to demo ideas and concepts.
    • Mind Maps.   Mind maps are a great way to pair and map out what the team knows about a given topic.  We’ve also found them useful for creating Work Breakdown Structures, as a team.  This way everybody gets to see the big picture  as a simple map.
    • Instant Messenger.  This is especially helpful for simply knowing when people on the team are around and for ad-hoc synch ups.
    • Skype.   This has gradually replaced setting up conference calls.  In fact, we’ve started having better luck with Skype than conference calls in terms of clarity in some cases.
    • Groove.  This has been our simplest way to share files instead of email.  There are some tricks to learn, but we’ve successfully shared projects of with thousands of files and hundreds of MBs.

    What about you?  … What have been your best lessons learned when it comes to distributed teamwork?

  • J.D. Meier's Blog

    Security Code Examples Project

    • 2 Comments

    I'm working with the infamous Frank Heidt, George Gal and Jonathan Bailey to create a suite of modular, task-based security code examples.  They happen to be experts at finding mistakes in code.  Part of making good code is knowing what bad code looks like and more importantly what makes it bad, or what the trade-offs are.  I've also pulled in Prashant Bansode from my core security team to help push the envelope on making the examples consumable.  Prashant doesn't hold back when it comes to critical analysis and that's what we like about him.

    For this exercise, I'm time-boxing the effort to see what value we produce within the time-box.  We carved out a set of candidate code examples by identifying common mistakes in key buckets, including input/data validation, authentication, authorization, auditing and logging, exception management and a few others.  We then prioritized the list and do daily drops of code.  The outcome should be some useful examples and an approach for others to contribute examples.

    Sharing a chunk of code is easy.  We quickly learned that sharing insights with the code is not.  Exposing the thinking behind the code is the real value.  We want to make that repeatable.  I think the key is a schema with test cases.

    Here's our emerging schema and test cases ....

    Code Example Schema (Short Form)

    • Title
    • Summary
    • Applies To
    • Objectives
    • Solution Example
    • Problem Example
    • Test Case
    • Expected Results
    • More Information
    • Additional Resources

    For more information on the schema and test cases, see Code Example Schema for Sharing Code Insights.

    Today we had a deeply insightful review with Tom Hollander, Jason Taylor, and Paul Saitta.  Jason and Paul are on site while we're solving another class of problems for customers.  They each brought a lot to the table and collectively I think we have a much better understanding of what makes a good, reusable piece of code. 

    We made an important decision to optimize around "show me the code" and then explain it, versus a lot of build up and then the code.  Our emerging schema has its limits and does not take the place of a How To or guidelines or a larger resuable block of code, but it will definitely help as we try to share more modular code examples that demonstrate proven practices.

  • J.D. Meier's Blog

    Getting Results the Agile Way - The Book on Getting Results

    • 11 Comments

    GettingResults2

    “Are you getting results? …”

    Over Christmas break, I committed to finishing the writing for a book that I expect to change a lot of people's lives.  It's my first non-technical book.  The working title is, Getting Results the Agile Way.  It's all about getting results in work and life.  It's the playbook I wish somebody had given me long ago for finding work/life balance, managing time, playing to my strengths, and making the most of what I've got.

    Why Getting Results
    The world is a tough place.  Between layoffs, the economy, and simply the unknown, a lot of people are having a really tough time in their lives.  There are constantly new challenges at a pace that's tough to keep up.  Worse, I don't think you learn a lot of these skills in school or on the job, except through the school of hard knocks.

    This is my playbook for you.  For more than 10 years at Microsoft I've tested and evaluated ways to get results.  I've had to find things that not only work for me, but that could work for the people I mentor inside and outside the company, as well as for large teams around the world.  I'm a big believer that everybody can get great results if they have the right know-how.

    What Sorts of Problems Does It Tackle
    The book is a system and a playbook for some of these common challenges:

    • How to find work / life balance
    • How to shift from tasks and activities to meaningful results and outcomes
    • How to use stories and scenario-driven results to carve out value in your life
    • How to overwhelm your challenges with fierce results
    • How to defeat perfectionism
    • How to avoid analysis paralysis and take action a simple story at a time
    • How to find your flow state for more engaging work
    • How to find your passion and purpose
    • How to play to your strengths for more energy and better results
    • How to conquer fear and avoid learned helplessness
    • How to motivate yourself in ways that make you feel you can move mountains
    • How to focus on what really counts
    • How to prioritize more effectively
    • How to create more value for yourself and others
    • How to spend more time on what you want, and less time on what you don’t

    It helps with a lot of things because mostly it gets you spending the right time, on the right things, with the right energy, the right way.  This is the key to your best results.

    My Story
    When I first joined Microsoft, it was sink or swim.  I saw a lot of people fail.  Among the chaos, I also saw many people thrive.  I wanted to know their secrets.  I started with people on my team, but the next thing you know I was studying success patterns around the company.  If somebody was known for getting results, I hunted them down and studied their ways.

    I learned so many simple things that actually worked.  For example, instead of managing time, the real key is managing your energy.  I'd rather have four power hours, than a week of just going through the motions.  The secret of work life balance is setting up your own artificial boundaries, whether it's "dinner on the table at 5:30" or "no work on the weekends."  Finding your passion can be as simple as connecting to your values.  For example, I use metaphors to make my project an epic adventure and I have the team create the movie poster of what great results will look like.  How's that for wanting to show up and give your best every day knowing you're working on blockbuster results?

    What is Agile Results?
    You'll hear me talk about Agile Results quite a bit.  It's the name I gave the system  that serves as the foundation for the Getting Results guide.  Agile is all about responding to change.  It's agility in action.  It's all about making progress while the world changes under your feet.

    My Agile Results system borrows the best principles, patterns, and practices across a variety of disciplines from sports, positive psychology, personal productivity, Agile development, Scrum, project management, time management, leadership skills, and strengths-based development.  It's more than a mash up -- I've tested and honed the system to work for individuals and teams while refining it over years of deliberate practice.  To me, great results for the team, always starts with unleashing an individual’s best.  Having fun is contagious and getting results spreads like a wild fire.

    Agile Results in a Nutshell
    Here is the Agile Results system at a glance:

    • The Rule of 3 – You can apply the Rule of 3 to work and life to avoid overwhelming yourself while carving out  value, a day at a time, a story at a time.  See The Rule of 3.
    • Monday Vision, Daily Outcomes, and Friday Reflection – This is a simple weekly pattern for results.  On Mondays figure out your 3 compelling results for the week.  Each day, figure out your 3 best results for the day.  On Fridays, identify 3 things going well, and 3 things to improve.  See Monday Vision, Daily Outcomes, and Friday Reflection.
    • Hot Spots -  This is your heat map.  Hot Spots are a simple lens to look at your life as a portfolio you invest in: mind, body, emotions, career, financial, relationships, and fun.  It’s under-investing or over-investing in these areas that can get in the way of great results.  See Hot Spots.

    How to Get Started
    Getting started is really easy.  If you write down 3 results you want for today, you're doing Agile Results.  Is there more to it? … Sure, but take it at your own pace.  Here’s a one-page guide for getting started with Agile Results.

    How To Follow Along for the Ride
    You can read Getting Results for free online in HTML.  I’ll continue to shape the guide over the next several weeks based on feedback.  I’ll also be making March a focus on getting results so if you’ve been looking for a jumpstart for your life, this is a great month to make it happen.   I’ll be sharing nuggets for getting results at my effectiveness blog, Sources of Insight.

    If you're not getting the results you want in your life, you just need the skills.  Use my guide to stuff your bag of tricks with some new tools that will change your game and help you unleash your best.

  • J.D. Meier's Blog

    How To Use ASP.NET Forms Auth with SQL Server on Windows Azure

    • 2 Comments

    This post is a quick step through of creating a Windows Azure cloud project that authenticates using ASP.NET Forms Authentication with SQL Server as the user store.

    The core steps are very much the same as my previous post How To Use ASP.NET Forms Auth with Azure Tables.   The key difference is step 7 and step 8, which specify the connection to SQL Server.

    Summary of Steps
    Here are the steps at a glance:

    • Step 1. Create a New Cloud Service Project.
    • Step 2. Add a Login Page.
    • Step 3. Create a Way for New Users to Register
    • Step 4. Configure ASP.NET to use Forms Authentication
    • Step 5. Configure ASP.NET to restrict Anonymous Users
    • Step 6. Set up the SQL Membership Database
    • Step 7. Add the SQL Connection String
    • Step 8. Configure ASP.NET to Use the SQL Membership Provider
    • Step 9. Add Test Code to Page_Load to Show the Forms Authentication Details
    • Step 10. test registering a new user and logging in to the application

    Here we go …

    Step 1. Create a New Cloud Service Project.
    In this step, you create a new cloud service project in Visual Studio:

    1. Start Visual Studio, from the menu select  “File” then click “New’ and then click ‘Project”
    2. In the “New Project’ dialog box, expand ‘Visual C#’ (or Visual Basic, if you are using it) in the ‘Project Types’ section, and select “Cloud Service”.
    3. In the ‘Templates’ section choose “Windows Azure Cloud Service” template, set the location, Name it as FormsAuthSample and click the “Ok” button.
    4. In the “New Cloud Service Project” dialog box, select “ASP.NET Web Role”, and click the “>” button to add it to the solution.  Then click the “Ok” button.  This will create a sample cloud Web Application, which is ready to be hosted in the cloud with all required configuration files etc.
    5. Run and verify that it works fine.

    Step 2. Add a Login Page.
    Use Solution Explorer to add a new Web form named Login.aspx to the WebRole1 site.

    Step 3.  Create a Way for New Users to Register
    Add the following two lines into the Login.aspx <form> tag

        <asp:Login runat="server" />
        <asp:CreateUserWizard runat="server"></asp:CreateUserWizard>

    It should resemble the following:

        <form id="form1" runat="server">
        <div>
        <asp:Login runat="server" />
        <asp:CreateUserWizard runat="server"></asp:CreateUserWizard>
        </div>
        </form>

    Step 4. Configure ASP.NET to use Forms Authentication
    In Web.config, add the following line insde the <system.web> tag:
            <authentication mode="Forms" />

    Step 5. Configure ASP.NET to restrict Anonymous Users
    In Web.config, add the following line inside the <system.web> tag:

          <authorization>
            <deny users="?" />
            <allow users="*" />
          </authorization>

    Note – The preceding configuration allows only authenticated users to access the application. The "?" indicates unauthenticated users and the "*" indicates all users. By denying unauthenticated users, any requests made by unauthenticated users are redirected to the login page. The loginUrl attribute of the <forms> element determines the name of the login page. The default setting of this attribute is Login.aspx.

    Step 6. Set up the SQL Membership Database
    In this step, you configure the SQL data store for membership.  This is accomplished through the use of the aspnet_regsql.exe utility.  Details on aspnet_regsql.exe can be found at: http://msdn.microsoft.com/en-us/library/ms229862(VS.80).aspx

    Step 7. Add the SQL Connection String
    In Web.config, add the connection string to the connectionStrings tag using the <add> tag as follows:

      <connectionStrings>
        <add name="MyLocalSQLServer" connectionString="Initial Catalog=aspnetdb;Data Source=MyServerName;Integrated Security=SSPI"/>
      </connectionStrings>

    Step 8. Configure ASP.NET to Use the SQL Membership Provider
    In this step, you configure the Web application to use the SQL Membership Provider.

    In Web.config, add the following lines inside the <system.web> tag:

        <membership defaultProvider="MySqlMembershipProvider" >
          <providers>
            <clear/>
            <add name="MySqlMembershipProvider"
                 connectionStringName="MyLocalSQLServer"
                 applicationName="MyAppName"
                 type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
          </providers>
        </membership>

    Step 9. Add Test Code to Page_Load to Show the Forms Authentication Details
    Add a using statement to Default.aspx.cs in your WebRole1 project to add a reference to  System.Web.Security.
    Add the following code to Page Load of Default.aspx.cs in WebRole1:
    protected void Page_Load(object sender, EventArgs e)

        Response.Write("Hello, " + Server.HtmlEncode(User.Identity.Name) + "<br />");
    }

    Step 10. test registering a new user and logging in to the application

    1. Run the project by using the F5 key (this runs the project in Debug mode.)
    2. Create a new user.  On your first visit, you need to create a new user (e.g. “bob”.)  Note that the password rules by default are alphanumeric plus one non- alphanumeric (for example, "password!")
    3. Login to the application.  Sign in with your new username and password pair.

    The Web application should return something along the following lines:

    Hello, waldo

    Share your feedback or results in the comments.  We’re path paving along with you.

    My Related Posts

  • J.D. Meier's Blog

    New Release: patterns & practices WCF Security Guide

    • 9 Comments

    Today we released our patterns & practices Improving Web Service security: Scenarios and Implementation Guidance for WCF on MSDN.  Using end-to-end application scenarios, this guide shows you how to design and implement authentication and authorization in WCF. You'll learn how to improve the security of your WCF services through prescriptive guidance including guidelines, a Q&A, practices at a glance, and step-by-step how to articles. The guide is the result of a collaborative effort between patterns & practices, WCF team members, and industry experts.

    Key Scenarios
    Here's the key scenarios:

    • A development team that wants to adopt WCF.
    • A software architect or developer looking to get the most out of WCF, with regard to designing their application security.
    • Interested parties investigating the use of WCF but don’t know how well it would work for their deployment scenarios and constraints.
    • Individuals tasked with learning WCF security.
    • Authentication, authorization, and communication design for your services
    • Solution patterns for common distributed application scenarios using WCF
    • Principles, patterns, and practices for improving key security aspects in services

    Contents at a Glance

    • Part I: Security Fundamentals for Web Services
    • Part II: Fundamentals of WCF Security
    • Part III: Intranet Application Scenarios
    • Part IV: Internet Application Scenarios

    Chapters

    • Foreword by Nicholas Allen
    • Foreword by Rockford Lhotka
    • Chapter 1: Security Fundamentals for Web Services
    • Chapter 2: Threats and Countermeasures for Web Services
    • Chapter 3: Security Design Guidelines for Web Services
    • Chapter 4: WCF Security Fundamentals
    • Chapter 5: Authentication, Authorization, and Identities in WCF
    • Chapter 6: Impersonation and Delegation in WCF
    • Chapter 7: Message and Transport Security
    • Chapter 8: Bindings
    • Chapter 9: Intranet - Web to Remote WCF Using Transport Security (Original Caller, TCP)
    • Chapter 10: Intranet - Web to Remote WCF Using Transport Security (Trusted Subsystem, HTTP)
    • Chapter 11: Intranet - Web to Remote WCF Using Transport Security (Trusted Subsystem, TCP)
    • Chapter 12: Intranet - Windows Forms to Remote WCF Using Transport Security (Original Caller, TCP)
    • Chapter 13: Internet - WCF and ASMX Client to Remote WCF Using Transport Security (Trusted Subsystem, HTTP)
    • Chapter 14: Internet - Web to Remote WCF Using Transport Security (Trusted Subsystem, TCP)
    • Chapter 15: Internet – Windows Forms Client to Remote WCF Using Message Security (Original Caller, HTTP)

    Our Team

    • J.D. Meier
    • Carlos Farre
    • Jason Taylor
    • Prashant Bansode
    • Steve Gregersen
    • Madhu Sundararajan
    • Rob Boucher

    Contributors / Reviewers

    • External Contributors / Reviewers: Andy Eunson; Anil John; Anu Rajendra; Brandon Bohling; Chaitanya Bijwe; Daniel Root; David P. Romig, Sr.; Dennis Rea; Kevin Lam; Michele Leroux Bustamante; Parameswaran Vaideeswaran; Rockford Lhotka; Rudolph Araujo; Santosh Bejugam
    • Microsoft Contributors / Reviewers: Alik Levin; Brandon Blazer; Brent Schmaltz; Curt Smith; David Bradley; Dmitri Ossipov; Jan Alexander; Jason Hogg; Jason Pang; John Steer; Marc Goodner; Mark Fussell; Martin Gudgin; Martin Petersen-Frey; Mike de Libero; Mohammad Al-Sabt; Nobuyuki Akama; Ralph Squillace; Richard Lewis; Rick Saling; Rohit Sharma; Scott Mason; Sidd Shenoy; Sidney Higa; Stuart Kwan; Suwat Chitphakdibodin; T.R. Vishwanath; Todd Kutzke; Todd West; Vijay Gajjala; Vittorio Bertocci; Wenlong Dong; Yann Christensen; Yavor Georgiev
Page 4 of 46 (1,140 items) «23456»