New Virtual Home

Welcome to my new home, within the year I’ll be evicted from Apples MobileMe hosting and so I’m forced to relocate.

The goal of this blog continues on from where the previous finished, to post about the Microsoft technology stack, in particular the .NET platform. Most of the content falls out of my day job as a software architect for ADERANT and hopefully will be of use to the Microsoft community. The initial set of postings will be a clean up and summary of content from my current blog. WordPress looks to have a host of features that MobileMe did not and so I look forward to playing around with the new platform too.

Unexpected consequences…

Having set-up a load balanced environment as per the previous post, I then discovered some knock on effects…

By changing the SPNs for HTTP to be account rather than machine specific, the remote Powershell calls were broken – so our automated deployments were broken. By default the WinRM service connection from the client to the target server is authenticated using kerberos. The communication channel is HTTP through a separate listener process and it expects a machine SPN to be registered. In our case it was expecting HTTP/LRSRV310.lr.aderant.com to be registered against the machine account LRSRV310. Instead this SPN was mapped to our application pool identity service.workflow.lr and so we were broken.

I added in the SPN mapping to the LRSRV310 machine account and remote Powershell sessions were available again however this meant duplicate SPNs in AD which is against the rules. After a little thought and some digging it turns out there are (at least) two options available to us:
1. use an HTTPS channel rather than HTTP for the WinRM service.
2. add the client machine names to the TrustedHosts list for WinRM.

I’ve tried option 2. and it works, though I think option 1 may be a more secure approach. To get option 2. to work, from a Powershell prompt:

PS> set-item WSMAN:\localhost\Client\TrustedHosts -value “*.aderant.com”

In the command above I’m using a wildcard but you can be more specific and list individual machines that you trust. Note that you need to enable the trusted hosts setting before you set up the SPNs against the application pool identity or else you won’t be able to use the WSMAN provider.

Update…
Turns out the TrustedHosts list option is not so great. It seems that this appears to work while the kerberos ticket is valid which makes it look like everything is good. The local access to WSMAN settings is available but remote access still has kerberos issues when the ticket expires. So next we will try setting up HTTPS for WinRM.

> winrm quickconfig -transport:https

However, this requires that a certificate is installed to validate the server identity. Tomorrow we will be using the certificate server for our domain to generate a certificate however not all environments will have this. I’ll also have a look at the other authentication options and try turning off kerberos support [WSMAN:\localhost\Service\Auth].

When we sort this out, I’ll post the solution.

TechEd Follow-up

The morning after TechEd was spent on a cruiser a bike with Jeff from http://confederacyofcruisers.com/. This was an awesome way to see the city and hear about the history and unique culture that is New Orleans. It was pretty hot out there (I came from the New Zealand winter) and so I’m now hiding in an air conditioned room and following through on my promise to make the slide deck from the talk available.

The slide deck for the ASI02-INT session can be downloaded from the TechEd2010 folder at http://public.me.com/stefsewell.

It was prepared in Office 2010 and I’ve left in the slide notes just to give some additional context. Please let me know if there are any issues.

A big thank you to everyone who came along for the session, I will follow up on some of the questions asked in subsequent posts. The feedback has been mixed, on the positive side some found real value in hearing how we are tackling the same problems they face, some were interested directly in using our framework. On the less positive, it was felt the session was too biased towards ADERANT and not enough on WF, WCF and AppFabric. My goal was to show how WF, WCF and AppFabric is used as a platform to build an application framework. Looking back, the balance could have been closer towards the out of the box technologies that Microsoft is shipping and less on where we used the extensibility model. To try to redress the balance I’m going to write up the demos I didn’t show and make the source code available over the coming weeks. Please bear with me and I hope that in the end everyone will get something useful either out of the session directly or out of the follow up material. If you attended the session and there is a particular topic or problem that you would like me to cover then please let me know (stefan.sewell at aderant.com).

The samples I’ll cover will be:
• Creating and hosting a simple code based WCF service, then implementing the same functionality as a workflow service and hosting it.
• A walkthrough of the sample deployment DSL I demoed to show how to get started with the VS2010 DSL Toolkit.

Planning a TechEd session.

For the last 18 months, I’ve had the privilege of contributing to the Microsoft TAP programs for Visual Studio 2010 & .NET 4 and AppFabric (previously code named as Dublin). These TAP programs are coming to a close with Visual Studio 2010 and .NET 4 now shipping, and AppFabric shipping in H1 2010.

As part of the TAP engagement, I’ll be in New Orleans in June to present an interactive session discussing Windows Workflow Foundation 4, Windows Communication Foundation 4 and AppFabric ( in particular the ‘Dublin’ components). The goal of this blog is to capture the thought process that goes into preparing for the session and to provide a detailed reference for the attendees. I hope that the usefulness of the content extends beyond this primary audience and the .NET community as a whole can find something of interest.

The first, and possibly most difficult, question is what shall I talk about? What do I think people will find interesting? The real challenge is condensing 12 months of hands-on experience into a single hour of relevant and approachable material. I’ve attended a number of TechEd conferences in the past, in Europe and New Zealand so I have an idea of the sessions that I found interesting so I’ll start there. I’ll post a link to this blog in the session description so that you can tell me what you like to see covered, just email me: stefan.sewell at aderant.com.

Right now I have the following high level breakdown for the talk:

1. Setting the Context

The basics, I work for ADERANT as a software architect. ADERANT is an Independent Software Vendor (ISV) producing enterprise solutions for the legal and professional services market. At the very core of the software is the ability to track the work completed and expenses incurred for a project (aka matter), this is billed out to the client the work was performed for. From this grossly simplified view of the world, we then can add in client management, resource planning, budgeting, time capture, expense management, eBilling, profitability projection and much more. We basically provide software to run a law firm and some of the worlds largest law firms are running on ADERANT Expert. In a subsequent post I’ll expand on the challenges we face writing software for global companies.

2. Overview of our Software and Approach

Having covered off what we do, I’ll next talk about how we do it from a 10,000 ft view. ADERANT Expert is a suite of products built on the Microsoft stack. It’s origins go back over 30 years but in the last 10 years we’ve undertaken a major architectural overhaul moving from a client-server architecture predominantly written in unmanaged C++ to a service architecture built on the .NET 4.0 platform. The current version of the software, Expert Golden Gate, is written on .NET 3.5 and shortly we’ll be releasing an enhanced .NET 4 based version.

In moving from .NET 3.5 to .NET 4, we made several refinements to our architecture based on two factors: firstly lessons learned from the field and secondly new features shipping in .NET 4 which allowed us to replace infrastructure that we had written in-house with out of the box functionality from Microsoft. We are a products company selling to the legal market, we don’t want to have to develop the infrastructure to support our products, we want that from our chosen platform. I’ll compare our NET 3.5 approach with our NET 4.0 approach highlighting the changes we made and why.

1. Examples

The next section is a drill down into some examples of how we use .NET 4 and AppFabric. First example will be our task concept, which is a human-based workflow activity. This is a non-trivial example that will show:
• Using our DesignStudio add-in for VS2010 which allows firms to create their own custom workflow processes. These processes can include human tasks such as data entry and approval.
• How a process is published as a workflow service and hosted in IIS under AppFabric management.
• The flow of services call made as part of a tasks’ lifecycle, this will include a discussion on correlation of service calls to workflow instances.

Having demonstrated a running workflow instance, we can then have a look at the tracking data captured by AppFabric and review it through the dashboard.

A second worked example I’d like to cover is deployment. An SOA brings with it a significant complexity around deployment and management of services. AppFabric goes some way to address this by providing a centralized monitoring store for WF and WCF events as well as providing a Powershell administration API. At ADERANT we gone a step further and created a deployment runtime and declarative deployment model. The runtime uses the AppFabric powershell API to provide a ClickOnce-style deployment mechanism for servers, including automated deployment into an application farm. At this point I can discuss the horizontal scale out options that AppFabric provides for Workflow Services.

With two significant examples there will be plenty of potential for discussion as this is billed as an interactive session.

1. Futures and Wrap Up

By now I should have covered what we are leveraging in .NET 4 and AppFabric today, and there are a couple of futures to mention that we are interested in, most notably Azure & AppFabric.

So there we have my initial plan, let me know what you think…