This chapter and the next one are dedicated to different views of application development. In Chapter 10, Design Patterns, we will cover design patterns, good practices, and different solutions provided by the theorists about them. However, in this chapter, our goal is the structure of the application itself and the tools available its construction.
In this chapter, first, we'll recommend a very useful guide to help you in the selection of the model to be used, depending on the application you have to build; and we'll go on to the process itself, as recommended by Microsoft Solutions Framework and its Governance Model. Security planning and design should also be considered by creating a Threat Model, addressing security scenarios.
To adequately build the different deliverables that the application's life cycle requires, we'll use Visio and check how this tool can be the perfect complement to the application's architect team, with all types of templates to help in the process.
Then, in the area of development, testing, and deployment, we'll dig into Visual Studio Enterprise and learn how to reverse-engineer code and generate code maps and diagrams and its support for UML.
Finally, we'll cover some aspects related to the final deployment phase and the different solutions at our disposal with the current tools.
Altogether, in this chapter, we will discuss following topics:
The first problem that arises when a new application is projected has much to do with the election of the model and the tools and artifacts that will better suit our needs and requirements.
Microsoft published .NET Technology Guide for Business Applications in 2013, authored by Cesar de la Torre and David Carmona (both senior program managers at Microsoft/Redmond) to provide its customers with a vision about the principles and restrictions to be considered when selecting a model for an application. You can freely download it at https://blogs.msdn.microsoft.com/microsoft_press/2013/11/13/free-ebook-net-technology-guide-for-business-applications/.
In summary, the guide offers an exhaustive tour of all the different scenarios that developers might face and details the pros and cons that you should consider before deciding which tools and technologies are adequate for your business problem.
Once this selection is made, you can dig into Application Lifetime Management (ALM). So, what's the path to follow in order to get to a happy end? Consider that even today, some facts reflected in statistics seem frightening:
With these facts in mind, we need to explore how to properly manage a new project with some confidence and within the schedule and target that we initially foresaw.
On one hand, we count on a complete set of tools and technologies (what we understand by the development platform) that allow any developer to build applications for any type of model, platform, or technology.
This universal offer is even clearer now that it was in the Guide's publication, given the new options around the Universal Windows Platform and .NET Core (which we've already mentioned in this book and will see in more detail in the final chapter).
In addition, ASP.NET Core, and the rest of the initiatives related to Node.js, Apache Cordova, Linux support in Azure, SQL Server support in Linux, Office for Mac OS, and even the recent Visual Studio for Mac, present a vast panorama of opportunities for developers, which extends beyond Windows and its related technologies.
The next diagram was officially published by Microsoft and reviewed in detail by several evangelists, showing the continuous growth in the scope of the Microsoft Development ecosystem:
We saw in this book that .NET has kept evolving since the beginning, and now, it provides a state-of-the-art developing experience no matter what the type of application to be developed is, or whether we are coding for the server or the client:
Microsoft.AspNetCore.Server.WebListener
(which is Windows-only) or with Microsoft.AspNetCore.Server.Kestrel
, which is cross-platform and can work in any host.And, of course, this is just a rough view of the large amount of possibilities now available in the platform, which keeps on growing.
Microsoft Solutions Framework is, as defined by Wikipedia:
"Microsoft Solutions Framework (MSF) is a set of principles, models, disciplines, concepts, and guidelines for delivering information technology solutions from Microsoft. MSF is not limited to developing applications only, it is also applicable to other IT projects like deployment, networking or infrastructure projects. MSF does not force the developer to use a specific methodology (Waterfall, Agile) but lets them decide what methodology to use."
So, MSF sits on top of any methodology and recommends what to do in all phases of ALM. It has been around for four versions since its creation, the fourth being the latest revision.
The two models defined by MSF are as follows:
It also defines three disciplines or sets of tasks to be performed and guides to follow in relation to the project's completion. These disciplines are Project Management, Risk Management, and Readiness Management. The official Microsoft documentation on the ALM offers a clear schema of these concepts:
Let's review the most important keys of these models and how they explain and propose well-defined procedures and practices along the ALM.
The Team Model is based on a schema that defines the different roles you can assign to the development team.
Microsoft proposes a new Team Model, as opposed to the classical Hierarchical Model, in order to avoid its typical drawbacks, which summarizes in several aspects: communication overhead, misunderstanding from non-direct contacts, lack of clarity in team roles and responsibilities, detached members, and process overheads.
MSF proposes, in turn, that the Team Model be made up of a team of peers, whose members relate to each other as equals and know clearly which responsibility every member owns and which decisions are based on consensus.
The Team Model gives all members an equally important role in the final success of the project. In this way, many of the unclear responsibilities and vague definitions that are common to other Project Management solutions are suitably addressed.
In the next graphic, you can see how the authors and evangelists of the official Microsoft course on MSF organize these roles around the concept of a Team of Peers:
As you can see in the official schema, there are seven roles—all declared of having equal importance. Note, however, that for small teams, the same person might appear in more than one role.
In summary, the main responsibilities of each role are as follows:
The functional areas for this role are:
Overall, the functional areas should be:
The functional areas of this role are mainly these two:
The functional areas in this case as follows:
In general, four aspects of testing are considered critical (in different scenarios):
Here, the goals are closer to the user interaction:
In this final phase, the functional tasks are mainly as follows:
The way the Team Model is established, however, makes some roles incompatible. This depends on the type of responsibilities that a role owns because some of them are considered opposite in nature. The following graphic shows this situation in a table:
This is the case, for instance, with Program Management because the type of relations you carry on is, by nature, incompatible with Product Management (mainly responsible for the team). The most irreconcilable of all roles is the developer, which is—basically—incompatible with any other.
In brief, the authors of MSF define project governance as the set of tools, guides, and techniques, which provide enough oversight, process guidance, and rigor to efficiently and effectively use project resources and deliver a solution. All this happens while handling trade-off patronage decisions and balancing adherence to a set of potentially changing project constraints.
It deals with the process of building the application, and it's traditionally divided into five or six phases depending on the model to be used. In the latest version (4.0), the schema presented by the Microsoft documentation is as follows:
As you see, five phases are considered: Envision, Plan, Build, Stabilize, and Deploy. The transition from one phase to another takes place when you hit a milestone that assumes the existence of a set of deliverables approved by all members of the team.
The main goals of these steps are as follows:
Just to deal with the deployment phase, Microsoft later created the Microsoft Operations Framework proposal, which covers every aspect of deployment, especially for applications with a certain volume and complexity (rising up to an entire operating system).
These complex cases are themselves treated as another project, with all its phases and considerations. In subsequent versions of MOF, the entire coverage for any IT operation is considered, together with all scenarios that we mentioned earlier: on-premises, in the cloud, mixed, and so on.
You can access the complete documentation about this subject on its dedicated website at https://msdn.microsoft.com/en-us/library/cc506049.aspx.
The Risk Model explains how to deal with security along all the previous phases and how to take security into consideration from the very beginning of the application's life cycle. Some theoreticians prefer to include it in the process model itself, as we saw in the diagram at the beginning of this chapter.
We are going to cover security in more depth in Chapter 11, Security, (based on the OAuth 2.0 standard), so it is not the goal to discuss these techniques in depth here, but I would like to review the principles on which the Risk Model is based.
The MSF Risk Management discipline makes a distinction between risks and issues (or problems that already exist or known problems). Thus, it defines a type of risk management that proactively identifies, analyzes, and addresses risks in order to improve the probability of success.
The strategy is to anticipate rather than react to problems, so the team should prepare for problem resolutions before problems occur in order to be able to react proactively and directly to the root causes, not only to symptoms.
The official documentation schematizes risk management in the following graphic:
As you can see, the first step is identifying and stating a given risk. It follows an analysis and prioritization of the problem to be resolved, which goes along with a mitigation plan and schedule.
The MSF documentation also establishes a classification of the risks according to this table, which lists the possible sources in four types of risks:
The suggested procedure to evaluate risks is to publish a maintainable and accessible list in which every risk is evaluated using two factors: impact and probability, the first one being a pre-established value that the team estimates (let's say from 1 to 100, 100 being the worst possible case).
The second factor (the probability) is generally measured using the mathematical concept linked to this measurement (that is, a value between 0 and 1, 0 being the impossible and 1 being absolute certainty).
Later, both factors are multiplied and ordered as descending, so the most dangerous risks appear at the top, and the team can figure out their priority when they decide to take actions about it.
Different tasks can be assigned to risk management in order to better cope with potential problems once these problems are detected and sorted:
With all these considerations, the team will collect and design a set of possible activities related to the Risk Model. Once that is done, the MSF documentation divides the proposed actions into two main areas, which they catalog as proactive and reactive.
The proactive approach means mitigation, that is, taking actions ahead of time in order to prevent a risk from occurring altogether, or—if the risk is inevitable—to reduce its impact to a level that can be considered acceptable.
In the other case, we have to manage actions to reduce real problems (the risk became real), so it's imperative to analyze possible problems in advance and—let's face it—place ourselves in the worst case, imagining all feasible solutions. The team should also define a trigger, something that—if it happens—should start the contingency plan.
Observe that these triggers (the same as the risks linked to them) not only have to do with code, but also with many other factors. The MSF documentation cites a few: a team member's resignation, the number of bugs exceeding the acceptable limit, or a milestone completed with a significant delay; these are just some common cases.
In summary, the MSF assesses these rules, stating that Risk Management should be:
3.145.179.225