This chapter and the next one are dedicated to different views of application development. In Chapter 10, Design Patterns, we will cover design patterns, good practices, and different solutions provided by the theorists about them. However, in this chapter, our goal is the structure of the application itself and the tools available its construction.
In this chapter, first, we'll recommend a very useful guide to help you in the selection of the model to be used, depending on the application you have to build; and we'll go on to the process itself, as recommended by Microsoft Solutions Framework and its Governance Model. Security planning and design should also be considered by creating a Threat Model, addressing security scenarios.
To adequately build the different deliverables that the application's life cycle requires, we'll use Visio and check how this tool can be the perfect complement to the application's architect team, with all types of templates to help in the process.
Then, in the area of development, testing, and deployment, we'll dig into Visual Studio Enterprise and learn how to reverse-engineer code and generate code maps and diagrams and its support for UML.
Finally, we'll cover some aspects related to the final deployment phase and the different solutions at our disposal with the current tools.
Altogether, in this chapter, we will discuss following topics:
- The election of an architecture
- The role of Visio
- The database design
- Visual Studio architecture, testing, and analysis tools
The first problem that arises when a new application is projected has much to do with the election of the model and the tools and artifacts that will better suit our needs and requirements.
Microsoft published .NET Technology Guide for Business Applications in 2013, authored by Cesar de la Torre and David Carmona (both senior program managers at Microsoft/Redmond) to provide its customers with a vision about the principles and restrictions to be considered when selecting a model for an application. You can freely download it at https://blogs.msdn.microsoft.com/microsoft_press/2013/11/13/free-ebook-net-technology-guide-for-business-applications/.
In summary, the guide offers an exhaustive tour of all the different scenarios that developers might face and details the pros and cons that you should consider before deciding which tools and technologies are adequate for your business problem.
Once this selection is made, you can dig into Application Lifetime Management (ALM). So, what's the path to follow in order to get to a happy end? Consider that even today, some facts reflected in statistics seem frightening:
- One out of six IT projects ends up having an average cost of 200% over the projected target and a schedule delay of 70% (source: Harvard Business Review: https://hbr.org/2011/09/why-your-it-project-may-be-riskier-than-you-think/ar/1)
- Economy losses just in the United States are estimated at $50-$150 billion per year due to different types of failed IT projects (source: Gallup Business Review: http://www.gallup.com/businessjournal/152429/cost-bad-management.aspx#1)
- Fewer than a third of all projects were successfully completed on time and on the budget over the past year (source: Standish Group: https://www.versionone.com/assets/img/files/CHAOSManifesto2013.pdf)
With these facts in mind, we need to explore how to properly manage a new project with some confidence and within the schedule and target that we initially foresaw.
On one hand, we count on a complete set of tools and technologies (what we understand by the development platform) that allow any developer to build applications for any type of model, platform, or technology.
This universal offer is even clearer now that it was in the Guide's publication, given the new options around the Universal Windows Platform and .NET Core (which we've already mentioned in this book and will see in more detail in the final chapter).
In addition, ASP.NET Core, and the rest of the initiatives related to Node.js, Apache Cordova, Linux support in Azure, SQL Server support in Linux, Office for Mac OS, and even the recent Visual Studio for Mac, present a vast panorama of opportunities for developers, which extends beyond Windows and its related technologies.
The next diagram was officially published by Microsoft and reviewed in detail by several evangelists, showing the continuous growth in the scope of the Microsoft Development ecosystem:
We saw in this book that .NET has kept evolving since the beginning, and now, it provides a state-of-the-art developing experience no matter what the type of application to be developed is, or whether we are coding for the server or the client:
- On the server side, you can program cloud services or on-premise services equally well, using C#, or you can use Node.js as a backend, as we saw in the previous chapter. The location of the server is also independent since everything you install and deploy on your server is also installable and deployable in Azure.
- Also, with the new ASP.NET CORE version, you can deploy your applications in two ways: using
Microsoft.AspNetCore.Server.WebListener(which is Windows-only) or withMicrosoft.AspNetCore.Server.Kestrel, which is cross-platform and can work in any host. - On the client side, you can build applications for the desktop either using Windows Forms, Windows Presentation Foundation, or even HTML5 + CSS3 + JavaScript for browser based solutions inside or outside Microsoft devices.
- The second option is now empowered by the excellent support that Visual Studio offers for applications for Apache/Cordova and/or Xamarin as mobile solutions that run anywhere.
And, of course, this is just a rough view of the large amount of possibilities now available in the platform, which keeps on growing.
Microsoft Solutions Framework is, as defined by Wikipedia:
"Microsoft Solutions Framework (MSF) is a set of principles, models, disciplines, concepts, and guidelines for delivering information technology solutions from Microsoft. MSF is not limited to developing applications only, it is also applicable to other IT projects like deployment, networking or infrastructure projects. MSF does not force the developer to use a specific methodology (Waterfall, Agile) but lets them decide what methodology to use."
So, MSF sits on top of any methodology and recommends what to do in all phases of ALM. It has been around for four versions since its creation, the fourth being the latest revision.
The two models defined by MSF are as follows:
- The Team Model, which deals with the people who compound the development and management of the project, and their responsibilities and operations
- The Governance Model, previously called the Process Model, which describes the different phases to pass through when building a project, and that includes five or six phases depending on the version to be used, going from the first steps to the final implementation and deployment (and even further)
It also defines three disciplines or sets of tasks to be performed and guides to follow in relation to the project's completion. These disciplines are Project Management, Risk Management, and Readiness Management. The official Microsoft documentation on the ALM offers a clear schema of these concepts:
Let's review the most important keys of these models and how they explain and propose well-defined procedures and practices along the ALM.
The Team Model is based on a schema that defines the different roles you can assign to the development team.
Microsoft proposes a new Team Model, as opposed to the classical Hierarchical Model, in order to avoid its typical drawbacks, which summarizes in several aspects: communication overhead, misunderstanding from non-direct contacts, lack of clarity in team roles and responsibilities, detached members, and process overheads.
MSF proposes, in turn, that the Team Model be made up of a team of peers, whose members relate to each other as equals and know clearly which responsibility every member owns and which decisions are based on consensus.
The Team Model gives all members an equally important role in the final success of the project. In this way, many of the unclear responsibilities and vague definitions that are common to other Project Management solutions are suitably addressed.
In the next graphic, you can see how the authors and evangelists of the official Microsoft course on MSF organize these roles around the concept of a Team of Peers:
As you can see in the official schema, there are seven roles—all declared of having equal importance. Note, however, that for small teams, the same person might appear in more than one role.
In summary, the main responsibilities of each role are as follows:
- Product management: Be the contact with the customer, guaranteeing its satisfaction and serving as the voice of the customer for the Program management role.
The functional areas for this role are:
- Marketing/corporate communications
- Business analysis
- Product planning
- Program management: Be in charge of managing the project's constraints, and be the voice of the team with product management.
Overall, the functional areas should be:
- Project management
- Program management
- Resource management
- Process assurance
- Project quality management
- Project operations
- Architecture: The goal is to design the solution in a way as per the business goals without forgetting the project's limitations (the budget, schedule, and so on).
The functional areas of this role are mainly these two:
- Solution architecture
- Technical architecture
- Development: Generate code, agreeing with the project specifications, style indications, schedule milestones, and so on.
The functional areas in this case as follows:
- Solution development
- Technology consulting
- Testing: This is to take care of testing when all the issues are correctly addressed.
In general, four aspects of testing are considered critical (in different scenarios):
- Regression testing
- Functional testing
- Usability testing
- System testing
- User experience: This is understood as another form of testing and should improve the user experience and performance.
Here, the goals are closer to the user interaction:
- Accessibility
- Internationalization
- Technical support communications
- Training
- Usability
- User interface design
- Release operations: All operations require satisfactory installation, plus giving hints to the team with respect to future releases.
In this final phase, the functional tasks are mainly as follows:
- Accessibility
- Internationalization
- Technical support communications
- Training
- Usability
- User interface design
The way the Team Model is established, however, makes some roles incompatible. This depends on the type of responsibilities that a role owns because some of them are considered opposite in nature. The following graphic shows this situation in a table:
This is the case, for instance, with Program Management because the type of relations you carry on is, by nature, incompatible with Product Management (mainly responsible for the team). The most irreconcilable of all roles is the developer, which is—basically—incompatible with any other.
In brief, the authors of MSF define project governance as the set of tools, guides, and techniques, which provide enough oversight, process guidance, and rigor to efficiently and effectively use project resources and deliver a solution. All this happens while handling trade-off patronage decisions and balancing adherence to a set of potentially changing project constraints.
It deals with the process of building the application, and it's traditionally divided into five or six phases depending on the model to be used. In the latest version (4.0), the schema presented by the Microsoft documentation is as follows:
As you see, five phases are considered: Envision, Plan, Build, Stabilize, and Deploy. The transition from one phase to another takes place when you hit a milestone that assumes the existence of a set of deliverables approved by all members of the team.
The main goals of these steps are as follows:
- Envision: Here, the goal is to define a clear comprehension of what is required within the context of project constraints (the initially mentioned Guide could be helpful here as well). Also, the documentation states that it supposes to assemble the necessary team to envisage solutions with options and approaches that best meet the needs while optimally satisfying constraints.
- Plan: The preceding phase is sort of conceptual. This phase is about to concrete the previous ideas into tangible solutions: designing and implementing database structures in the RDBMS of choice, defining the user interfaces and their interactions with the final user, defining the proper configuration of the source code management tool (Team Foundation Server is the preferred choice for the Microsoft development environments), and so on:
- In this phase, some aspects of security should be clearly established, especially those that might imply a loss of assets, revelation of private information (non-intended disclosure), possible Denial of Service (DoS) attacks, and so on.
- Build: Most people relate this to just coding, but it goes a bit further. It should also consider good practices, style guidelines, and many other coding practices:
- You can find a dedicated page for coding conventions in C# at https://msdn.microsoft.com/en-us/library/ff926074.aspx. In addition, a comprehensive list of the naming guidelines for .NET solutions is available at https://msdn.microsoft.com/en-us/library/ms229002(v=vs.110).aspx.
- This phase also includes a willingness to learn new coding techniques and implement requirements in the best possible manner. It's interesting to note that MSF recommends that this phase should never exceed 33% percent of the total time assigned to the project.
- Stabilize: The model emphasizes that this is not just about getting rid of bugs. Sometimes the problem lies in the usage of the application's UI, the time required to access certain data after a request, or taking care that no collateral effects appear linked to a given process:
- Moreover, the user's perspective is very important as well, and certain techniques come in handy, such as unit tests, or behavior-driven tests, which simulate use cases from the beginning to the end.
- Of course, security is another important aspect here. Behavior-driven tests should include all the security aspects evaluated and addressed if the Threat model has been properly designed.
- Deploy: This is about integrating the solution successfully into production and transferring the rest of the management to the support teams designated for that purpose. It's the final phase, but many times, its ending just connects with the beginning of the second version (or update, or release, you name it…).
Tip
Just to deal with the deployment phase, Microsoft later created the Microsoft Operations Framework proposal, which covers every aspect of deployment, especially for applications with a certain volume and complexity (rising up to an entire operating system).
These complex cases are themselves treated as another project, with all its phases and considerations. In subsequent versions of MOF, the entire coverage for any IT operation is considered, together with all scenarios that we mentioned earlier: on-premises, in the cloud, mixed, and so on.
You can access the complete documentation about this subject on its dedicated website at https://msdn.microsoft.com/en-us/library/cc506049.aspx.
The Risk Model explains how to deal with security along all the previous phases and how to take security into consideration from the very beginning of the application's life cycle. Some theoreticians prefer to include it in the process model itself, as we saw in the diagram at the beginning of this chapter.
We are going to cover security in more depth in Chapter 11, Security, (based on the OAuth 2.0 standard), so it is not the goal to discuss these techniques in depth here, but I would like to review the principles on which the Risk Model is based.
The MSF Risk Management discipline makes a distinction between risks and issues (or problems that already exist or known problems). Thus, it defines a type of risk management that proactively identifies, analyzes, and addresses risks in order to improve the probability of success.
The strategy is to anticipate rather than react to problems, so the team should prepare for problem resolutions before problems occur in order to be able to react proactively and directly to the root causes, not only to symptoms.
The official documentation schematizes risk management in the following graphic:
As you can see, the first step is identifying and stating a given risk. It follows an analysis and prioritization of the problem to be resolved, which goes along with a mitigation plan and schedule.
The MSF documentation also establishes a classification of the risks according to this table, which lists the possible sources in four types of risks:
The suggested procedure to evaluate risks is to publish a maintainable and accessible list in which every risk is evaluated using two factors: impact and probability, the first one being a pre-established value that the team estimates (let's say from 1 to 100, 100 being the worst possible case).
The second factor (the probability) is generally measured using the mathematical concept linked to this measurement (that is, a value between 0 and 1, 0 being the impossible and 1 being absolute certainty).
Later, both factors are multiplied and ordered as descending, so the most dangerous risks appear at the top, and the team can figure out their priority when they decide to take actions about it.
Different tasks can be assigned to risk management in order to better cope with potential problems once these problems are detected and sorted:
- Research: This is the process of finding more information about the risk before taking any action
- Acceptance: This means that it would be acceptable to live with the consequences if the risk occurs
- Avoidance: If we change the project's scope, would the risk be avoided as well?
- Transfer: In some cases, it's possible to transfer the risk to other projects, teams, organizations, or individuals
- Mitigation: What can the team do to reduce any of the two factors mentioned earlier (probability or impact)?
- Contingency plan: The team should evaluate whether a planned strategy would help in case of the risk becoming real
With all these considerations, the team will collect and design a set of possible activities related to the Risk Model. Once that is done, the MSF documentation divides the proposed actions into two main areas, which they catalog as proactive and reactive.
The proactive approach means mitigation, that is, taking actions ahead of time in order to prevent a risk from occurring altogether, or—if the risk is inevitable—to reduce its impact to a level that can be considered acceptable.
In the other case, we have to manage actions to reduce real problems (the risk became real), so it's imperative to analyze possible problems in advance and—let's face it—place ourselves in the worst case, imagining all feasible solutions. The team should also define a trigger, something that—if it happens—should start the contingency plan.
Observe that these triggers (the same as the risks linked to them) not only have to do with code, but also with many other factors. The MSF documentation cites a few: a team member's resignation, the number of bugs exceeding the acceptable limit, or a milestone completed with a significant delay; these are just some common cases.
In summary, the MSF assesses these rules, stating that Risk Management should be:
- Comprehensive: It should address all of the elements in a project (not just technology elements, but people and process as well)
- Systematic: It should incorporate a reproducible process for project risk management
- Continuous: It should occur along the entire project life cycle, not just in the first two phases
- Proactive: It should seek to avoid or minify the impact of risk occurrences
- Flexible: It should be adaptable to a wide range of risk analysis methodologies
- Future-oriented: It should be committed to individual- and enterprise-level learning and be supported by a Knowledge Base that serves for future endeavors later on