Wednesday, September 18, 2013

On Consulting

Consulting is a core skill of an IT architect. Your behavior and the behavior of your teammates have a direct relationship to the client's faith in your ability to deliver results.

Here are a few guidelines on how to provide value right away on engagements:
  • Fill the gaps - Be proactive. Find the most urgent task that's not being addressed and get it done.
  • Don’t sit around - Don't wait to be told what to do. When your assigned tasks are done, fill the gaps.
  • Be an emissary - You're always on stage representing your organization; being watched closely. So be kind and respectful. Listen. Guard your language. Dress like the client. No personal business.
  • Insist your teammates do the same – Coach your teammates to follow these simple guidelines. Change horses quickly if they cannot.

Lesson Learned: Provide value to engagements right away and do so respectfully.

Tuesday, August 20, 2013

No Plumbing (Don't Build Your Own)

Experienced IT architects don't reinvent the wheel. They devote the project's energy on the unique requirements of the solution they are constructing, and let proven products carry the rest of the load.

Consider this a corollary of Use Proven Products.

When you have a talented team, there are times when you’re tempted to re-invent a key component of your solution. For example, your brightest programmer may:
  • Design a new custom file format more logical than XML, JSON, etc.
  • Design a new secure protocol that doesn’t have the complexity of using SSL, SSH, etc.
  • Design a new object-relational solution that’s more efficient than … you get the idea
And the chances are, your programmer has a great idea. However, you were not tasked with re-inventing base technologies (what I call, plumbing). Almost always, the better approach is don't do it, don't build your own. Live with an existing proven product that works well and move on.
Why? You have to manage the project's energy. You just can't afford to expend significant amounts of energy on function that already exists and works well. And of course, you can't afford the additional risk.
For me, I like to build my solutions on top of great existing technologies (great plumbing). That way they have the best chance to survive the long term since they inherit the improvements of their components. I've leveraged these improvements for some fantastic service releases over the years. This best practice is a major project success factor – use it.
Lesson Learned: To minimize risk and accelerate delivery, use standard plumbing for your solution (don't build your own). Focus the project's energy on end-user functionality.

Friday, August 16, 2013

Use Proven Products

Experienced IT architects construct their solutions with proven products.

Why? As the IT architect, you are 100% responsible for the technical success of the solution. If the solution doesn't work, it's your fault - not the users, not the project managers, not the programmers, just you. Pack your things; you're done.

This is why your mentor said "NO" to your idea of using the newest and hottest technology. IT architects just can't go with an unknown quantity as a key component of their solution. The consequences of failure are just too great; causing great harm to many. Here are some guidelines on how to apply this best practice:

1. Construct your solution with proven products:

  • Make sure each product serves a well-known product space (i.e. a relational database)
  • Play products to their core strengths - don't use them in strange ways
  • Look for products with healthy development activity - new versions on the way
  • Look for products with strong support communities
  • Look for products with great documentation
  • Avoid new products - v1.0's are deadly
  • Avoid products dying on the vine (i.e. ownership changes, deprecation, etc.)

2. If no proven product exists to fill the role you carved-out for it:

  • Rework your solution - try to simplify it
  • Don't build your own, rework your solution - no platypuses!
  • When forced to consider an unproven product, don't buy or commit to it - prototype it quickly with your best and brightest, put it under realistic operational scenarios, then decide if you can live with it

Lesson Learned: To minimize risk and accelerate delivery, construct solutions using current, well-known, and proven products with strong support communities.

BTW: I think platypuses are way cool. Not to be confused with the clumsy metaphor above.

Wednesday, July 31, 2013

Git WinRM Automatic Deployment

The Challenge - Give development teams the ability to deploy their applications simply and in real-time without giving them administrative access to the destination Windows and Linux servers.

The Solution - A professional Git based deployment system; like that you find on GitHub, Heroku, and other leading cloud services. This solution goes a step further by providing the ability to deploy to Windows servers using Windows domain authentication and WinRM.

The Benefits - Lightning fast, easy to use, secure, reliable, and accurate; no opportunities for accidental installation errors; and with perfect history, easy to snap-back to previous deployments.

How It Works

  1. User checks-out the desired deployment branch of their local repository
    (dev for development enviro, test for test enviro, etc.)
  2. User copies the deployment files to their local repository
  3. User enters a descriptive message regarding this deployment and commits their changes
  4. User pushes their changes to the remote repository
  5. Git hook in the remote repository examines branch being updated and determines the destination server
  6. Git hook issues windows remote command to execute installation script on the destination server
    (issues SSH remote command for Linux servers)
  7. Installation script on the destination server retrieves the latest deployment files from the remote repository using Git
  8. Installation script installs the files
  9. Installation script emails the results which include the user’s identity and commit message

Technologies and their Roles

  • Git - Deployment engine, file transport, and version control
  • Cygwin - Deployment hub, SSH server, and Linux / Windows authentication integration
  • WinRM - Secure shell services for Windows
  • OpenSSH - Secure shell services for Linux
  • Python - Installation scripts that are easy to read / maintain / extend

Architecture Notes

  • Made extraordinary effort to keep setup simple as possible with minimal customization - focus on leveraging core strengths of existing proven products
  • One shared repository per application, with separate branches for each environment
  • Developer workstations use a default install of Git
  • Developer workstations access remote repository on Deployment Server using SSH keys for a special deployment user - password is never shared
  • Deployment server uses default Cygwin install with the OpenSSH server and Git packages
  • Deployment server setup to run OpenSSH server as the special deployment user
    (see Cygwin reference below)
  • Deployment server configured to disallow shell access / constrain developers to Git commands only
    (see Pro Git reference below)
  • Deployment server’s remote repository includes simple post-update hook
    (see sample included with the IIS Web Deployer script)
  • Special deployment user is given administrator authority on destination server
  • Destination servers use the OS’s built-in remote services technology, using their defaults
  • Destination servers use a default install of Git
  • Destination servers require installation script for the application being deployed
    (see IIS Web Deployer script)


Updates since original posting:
2013.11.06 - Corrected reference for Cygwin OpenSSH setup and added backup copy
2013.10.31 - Improved post-update Git hook example to show IP of the deployer
2013.08.22 - Improved interaction with Git remote repository