Rosario Video - Generate TestCases from ActivityDiagram
Played today with CommunityClips from Microsoft Office Labs...
I made a video from some work [in progress] with Rosario Team Architect and Team Test.
Actually, it was just meant to be for internal use only, but why not share it... [I'm so 2.0 
]
These posts have some more additional information:
and these on Rob Kuijt's blog:
and this one: TMap Testing Use Cases
It wasn't that easy as I thought it would be to make these kind of video's. Anyway I have to practice more on that skill, still not that bad for the first time. Feel free to give any kind of comment.
In Soapbox it looks the same.
I have to do something about the quality. somebody any tips?
UPDATE: Added the WMV for better viewing...
How Do I: Model Class Libraries using the Architecture Edition Power Tools?
Another video on MSDN about Team Architect from Richard Hundhausen... this time the video covers the Architecture Edition Power Toys.
three comments on the video:
- Hurray we get support for class libraries [00:00:34]. I'm not a big fan of having class libraries on the application diagram. when you make a serious project, you get a lot of shapes which don't add any value to the diagram [see image, also testprojects will show up in the diagram] and class libraries don't belong at application level [see Bill Gibson's post about this, TN_1105- Why Class Libraries are not shown on an Application Diagram]
- Synchronize back and forward with the solutions, just as every DSL should do... [00:01:04]. I disagree, not every DSL should do this, in most situations you really don't want this. When the differences in abstractions between the two languages is very low, it's an option in other situations I won't recommend synchronization.
- The rest of the demo: I really like... but, due to comment #1 I'm not using the powertoys.
DSI, OSLO and Models in the Lifecycle. Get Prepared..!
OSLO vs DSI vNext.
There is lot of buzz around Oslo and it looks like all the ideas around this concept are completely new. But when you take a look at the vision behind Oslo it's not that new, it's acutely the next step to maturity of Microsoft's Dynamic Systems Imitative [DSI] from a few years ago.
What is OSLO?
From http://www.microsoft.com/soa/products/oslo.aspx...
Making a new class of model-driven and service-enabled applications mainstream.
Deliver a world class and mainstream modeling platform that helps the roles of IT collaborate and enables better integration between IT and the business. The modeling platform enables higher level descriptions, so called declarative descriptions, of the application.
Ron Jacobs talks about Oslo in this video...
[always interesting to listen to Ron Jacobs but from minute 14 it gets interesting]
Key points of Oslo are:
- Models (Making models a mainstream part)
- Services (Extending services from the client to the cloud -- S+S).
- Integration (Limit the boundaries between Business and IT and within IT departments)
An important part of the vision is that the models exist in the whole lifecycle. So, they not only exist during analyses and design.
Another idea is that all the different models are connected. So, all the different viewpoints [operations, security, application, environment, etc] stay in sync. enable integration. "Enable ALM by Automation" [I talked about this in some previous posts]
Beside this application lifecycle management support with models, there is a focus on S+S application types. Products launched with this concept in mind are also counted under the Oslo umbrella and should also support this modeling vision. For example Biztalk Services [ a must visit link Biztalk Labs ] and the Internet Service Bus.
Some Oslo links:
What is DSI?
DSI is a vision from around 2003, ages ago... 
Microsoft has established the Dynamic Systems Initiative (DSI) to build software solutions that facilitate the movement to the Dynamic stage. DSI describes a vision where IT systems become self-aware and self-managing. From a core technology perspective, DSI is about building software that enables knowledge of an IT system to be created, modified, transferred, and operated on throughout the life cycle of that system. These core principles—knowledge, models, and life cycle—are the keys in addressing the complexity and manageability challenges that IT organizations face today.
Key points of DSI are:
- Knowledge,
building software that enables knowledge of an IT system to be created, modified, transferred, and operated on throughout the life cycle of that system. - Models,
System Definition Model (SDM) provides a common language, or meta-model, that is used to create models that capture the organizational knowledge relevant to entire distributed systems. - Life cycle
Business, Development and Operations by providing integration between the various tools used and activities performed within each of these capabilities.
Some DSI links:
What do have OSLO and DSI in common?
Models in the Lifecycle..!
The Products... [DSI]
Visual Studio 2005 Team Edition for Architects was the first product with designers/ models. The VSTA designers [application diagram, logical datacenter diagram, deployment diagram] where the first implementation of DSL's [Domain Specific Languages] with SDM as language.
The Dynamic Systems Initiative (DSI) is a commitment from Microsoft and its partners to help IT teams capture and use knowledge to design more manageable systems and automate ongoing operations, resulting in reduced costs and more time to proactively focus on what is most important to the organization. The System Definition Model (SDM) is a key technology component of the DSI product roadmap that provides a common language, or meta-model, that is used to create models that capture the organizational knowledge relevant to entire distributed systems.
Quote from System Definition Model Overview White Paper.
SMS and MOM are the other products which supported SDM. SDM later evolved to SML [SML Insight blog].
The model-based management functionality in Windows Server 2008 is based on Microsoft's System Definition Model (SDM) version3, which provided the basis for the Service Modeling Language (SML) proposal and submission to the World-Wide Web Consortium SML Working Group.
SCCM2007 SCOM2007 and Windows Server 2008 are also based on SML.
And there are a lot more products with models in it now days, all of them stand alone. During the past Orcas TAP program I worked on some ideas to connect those models.
The products... [Oslo]
Visual Studio "10" is one of the products that's going to support the Oslo vision [see image from Ron Jacobs video].
What can we see in the recent released Rosario April CTP about this? Not much... although, we can see a shift in focus in the architecture edition [more models] and we can see an investments in the modeling tools [designer bus]. We have to wait for other releases to get more implementation details... a visit to Biztalk Labs is interesting to get some ideas around the "Cloud"Services [Identity Services, Connectivity Services and The BizTalk Labs SDK].
Prepare for Oslo.
Not much news around "Oslo"products, but this doesn't have to mean that we have to sit down and wait. The mind-switch, the internal culture are more challenging then the adoption of new development products.
First, developers, operational managers, the business and everybody else involved in software development must starting work together, for example developers and testers [Collaboration between Test and Dev.: Rob Kuijt talks about this, Collaboration between dev. security manager and architects: Creating Secure Services, with Visual Studio Team Architect and the Web Service Software Factory and operational manager]. Seems like an open-door but more challenging then it looks like, because it's mostly the internal culture how people collaborate. This collaboration should first be supported by processes, within Oslo its going to be supported by models.
Second, start working with models there are already a bunch of models available. The mind-switch it takes is big. Architects can start working with Team Architect, developers with the Web Service Software Factory Modeling Edition and other, analysts with CTP 12 UML diagrams, operational managers with SCOM etc etc etc... get experiences. Give some control away to the models...
Third, start take a look at Software + Services / SaaS. Take services from The Cloud go look what you need. For example SLA's are interesting and what kind of capabilities do you need from those cloud services? [ Software plus Services [S+S] vs Software as a Services [SaaS] The Battle ]
Anyway, its an interesting time...
ALM Definitions
Always interesting what the different organizations say about a topic.
The coordination of development life-cycle activities, including requirements, modeling, development, build, and testing, through:
- enforcement of processes that span these activities;
- management of relationships between development artifacts used or produced by these activities; and
- reporting on progress of the development effort as a whole.
Source: The Changing Face of Application Life-cycle Management - Forrester August 2006
Application lifecycle management (ALM) regards the process of delivering software as a continuously repeating cycle of inter-related steps: definition, design, development, testing, deployment and management. Each of these steps needs to be carefully monitored and controlled.
Source: Wikipedia, the free encyclopedia
Application Lifecycle Management (ALM) aligns the three capabilities of the organization: Business, Development and Operations by providing integration between the various tools used and activities performed within each of these capabilities.
Aligning these three capabilities results in applications that meet business demands and that are better manageable.
The Three pillars of ALM
- Traceability
- Process automation
- Reporting and analytics
Manual processes can be more efficient and effective through tool integration
Source: Application Lifecycle Management and Visual Studio Team System WorkShop [no link]
and don't forget Borland...
Borland believes every CIO and IT organization deserve the infrastructure that empowers them to advance their software delivery process by making it measurable, predictable and improvable, just like any other critical business process. And, we fight for the rights of our customers who are passionate about driving the next generation of software productivity on their terms.
Source: Open Application Lifecycle Management (ALM) Vision
What can we learn from these definitions?
A wide variety in scope. ITIL is focused on the operational side of ALM, the Wiki and Forrester descriptions are more focused on the Software Development Lifecycle [SDLC] and Microsoft takes a bigger scope with business, development and operations, although the tooling and the assessment are focused on SDLC. Borland is also talking about a wider scope, when you look at the RUP like model. But the main pro is their focus on "many processes and many tools" so it should fit more then one environment.
Beside this difference in scope, everybody agrees on terms like: measurable, predictable, traceable, manageable, monitored etc etc... smells like "in control" ;-)
Anyway, I use this image when I define ALM and for sure it's about "in control" but it's even more about communication..! the people, helping them to communicate in a seamless manner.
Finally the GAX/GAT February 2008 Final Release
GAX/GAT February 2008 Final Release
The Guidance Automation Extensions (GAX) expands the capabilities of Visual Studio by allowing architects and developers to run guidance packages, such as those included in Software Factories, which automate key development tasks from within the Visual Studio environment.
The Guidance Automation Toolkit (GAT) is a guidance package which allows architects to author rich, integrated user experiences for reusable assets including Software Factories, frameworks, and patterns. The resulting Guidance Packages, composed of templates, wizards and recipes, help developers build solutions in a way consistent with the architecture guidance. In order to use the Guidance Automation Toolkit, you must first install the Guidance Automation Extensions.
New In This Release
The February 2008 Release of the Guidance Automation Extensions and Guidance Automation Toolkit has the following improvements to the earlier release, the July 2007 Community Technology Preview:
− Support for Visual Studio 2005 and/or Visual Studio 2008. This version of GAX will run on either version of Visual Studio. If you don’t have GAX installed, you can install GAX to support Visual Studio 2005 or Visual Studio 2008 or both. The installer will automatically determine which versions of Visual Studio you have installed.
Amazon Services, the Service Model
Trigger by Steve Clayton post about "Amazon - Where Do You Want To Go Tomorrow?"
A while ago I made a demo with Amazon Web Services, just to show what the limitations are when using models or how models can help to make better designs. Anyway I used the Web Service Software Factory Modeling Edition and Visual Studio Team Architect capabilities to generate the service models and service agents.
This is the application diagram where we have the existing Amazon services with two endpoints, the AWSECommerceService and the MechanicalTurk, and a Windows Client application which consumes them. For this demo I used the conform endpoint to WSDL functionality, but you can also use the Add Existing Service feature.
It looks pretty simple
The next thing I did during the demo is generating the service models and look... this is what you get, allot of shapes. A nice detail is the line between AWSECommerceService and the MechanicalTurk to the same messagecontract. the model generation functionality looks if there are contracts who are used by both services and connects them. [it's the HelpResponse message]
More detail
Anyway, I assume everybody agrees this is a useless model and the service agent model even looks more terrible. A real spaghetti model, where nobody can work with.
So, I totally agree with Juval Lowy's guidelines for services.
4. Avoid contracts with one member.
5. Strive to have three to five members per service contract.
6. Do not have more than twenty members per service contract. Twelve is probably the practical limit.
I say proven practice..!
Engineering World: A unique congress with Microsoft, Oracle and IBM
Saturday I joined a congress organized by Sogeti Netherlands and here most important partners "Microsoft, Oracle and IBM".
It happens not that often that they join the same congress.
Although, it was the first sunny day within weeks and it was on a Saturday, there where about 130 till 150 people attending the congress.
The program was great with Scott Ambler and the Playlogic Game Factory as keynote speakers and during the day topics like:
- Modernizing of Enterprise Applications
- Business Intelligence out of the box
- Java en Concurrency
- Second Life Scripting Language
- EGL, new kid on the block?
- Uniface, the 4GL language
- Secured Application Development
- MS Visual Studio Team System 2008, ALM and Model Driven
Really had a good day, visited all the non-Microsoft presentations and gave session number 8 [Deck download [4.15 MB]].
Creating Secure Services, with Visual Studio Team Architect and the Web Service Software Factory Modeling Edition
Making secure is hard from a technology point of view. As Juval Lowy is saying in this MSDN article:
Security is by far the most intricate area of the Windows® Communication Foundation (WCF). In every WCF operation call on the service side, security is governed by the service contract, the operation contract, the fault contract (if present), the service behavior, the operation behavior, the host configuration, and the method configuration and its code. Each of these items may have as many as a dozen or more security-related properties...
And it's hard from a process point of view, also known as SD3+C. [The New Threat Modeling Process]
You must get executive support [not always that easy], you must create awareness, you must tackle the "not now we must make functionality" problem and some more.
Additional information can be found in these links.
- How Do They Do It? A Look Inside the Security Development Lifecycle at Microsoft
- The Trustworthy Computing Security Development Lifecycle
The The Security Development Lifecycle BLOG is a great place to start reading on this topic.
How to use Team Architect to make your SD3+C process more in control and help developers to build better, quicker secure services.
When you work with Team Architect you are already collecting innumerous information which can be used for threat modeling,
You've got the Logical Datacenter Diagram whit information about zones "Trust Boundaries" and servers which are in those zones. For example the Logical Datacenter Diagram below, We've got an internal legacy system with a broker in front which lives in a secure zone together with an some servers and internal clients, this zone exposes functionality through a DMZ to external clients and consumes information from an external creditcardserver. [forgive me the naming of the servers ;-)]
Probably / hopefully you are making this diagram together with the ITPro.
With the application diagram you start by defining the application design... [image]
...and map the applications to the Logical Datacenter with the Deployment Diagram [image], to do some deployment validation.
I Attended a LiveMeeting a while ago about quality tools and VSTS and one of the slides was this one, where the presenter [Adam Gallant] talked about infrastructure and deployment modeling as a quality tool. I completely agree with him.
anyway, the deployment diagram...
And now it gets interesting..!
We have a view of all or systems / applications and the zones they live in [Deployment Diagram, actually is should be called a Logical Deployement Diagram ;-]. It should be nice when we could model / configure at this level, in this deployment diagram, additional security information.
For example, we've got Internet connections, Intranet connections and Business-To-Business connections in this solution, just as Juval describes in his MSDN article. This isn't possible in Team Architect but, what we can do is create our own "security model"... just on other view point, where you can define security specific settings with the security manager.
So, what I did, I created a DSL with the zones, applications, connections and for each connection/ endpoint you can configure specific security settings.
When you add this model to your solution it takes all the necessary information out-of the Team Architect diagrams and creates the shapes. [still one challenge: layout... it doesn't organize the shapes. So you have to drag around the shapes to get a meaningful model]
This is how the security model looks like [image below, still needs allot of tuning].
It has all the applications, endpoints, connections and the zones. From this point the architect together with the security guy can start defining the specific security settings. By default every line is red and set to "No Security". When defining the type "Intranet - Internet - etc" of the connection the endpoints gets security specific properties like certificate store, certificate name, Impersonate and so on... and in the details window there is the ability to set at operation level detailed information, for example if one operation needs impersonation and another doesn't...
Note: this model is far from finished, actually it's just an implementation of a brainwave, to give it a try if it would work this way and to get some discussion going on about modeling viewpoints/ quality attributes.
Anyway, only the model isn't that interesting.
It gets more useful when the Web Service Software Factory ,attached to the application diagram, take notice of the security model and use it during code generation.
For the implementation I used Juval's "Declarative Security Framework" and tweaked the Service Factory T4 templates a little bit. Using the Framework is a little bit overdone, because we already have an easier way "raise the abstraction level" for security.
Another thing I'm working on, is [and you can see it in the solution explorer] the generation of an Thread and Analysis Model File [TAM].
This file is used by the Thread and Analyses Tool and helps people identify threads with in your solution. There is enough information in all the models to give threat modeling a jump start by providing this file... and not only helping the creation of secure service from a technology point of view but also from a process kind of view.
A nice way to embed Secure Development Lifecycle [SDL / SD3+C] into the Application Lifecycle [ALM]
Still a lot of work to do [I think most of my posts end with this sentence] but a nice start for discussion...
Reduce Project Risk: Get knowledge of the environment where the system operates.
One of the most “technical” challenging phase of a project is the transition of code from the development environment through the integration and test environments into production with Installer Packages.
Within most companies developers are responsible for the creation of Installer Packages. The MSI’s are created on development workstations, which have local admin rights and most often some exotic settings and applications. For sure, completely different than the production environment. With all the risks and extra work during deployment and testing.
In a more ideal situation, packages are automatically generated during the build process. A much better situation, but also harder to accomplish. The process is completely automated and can be reproduced. But still it doesn’t reflect the production environment, which still result in project risks.
When development doesn’t know and can’t test against real production environment settings we get some challenging risks.
For example how should we test non-functional requirements like: availability, scalability, capacity and performance? and how should development write installation instructions and operations guides (deployment, backup, recovery, weekly tasks) and probably there will be some problems with security and the configuration of security settings when deploying to production.
So, a better way should be when development knows the production environment details.
Operations can describe every detail about the environment, but, you also can use Team Architect’s Logical Datacenter Designer [LDD].
Logical Datacenter Designer is used to create models that describe the policies and logical structure of a datacenter, including servers, firewalls, communication paths, security constraints, and other configuration requirements that affect the deployment of application systems into a datacenter.
The Logical Datacenter Designer is a design tool..! so don't tease operations with Visual Studio, you will get the most strange reactions when you do that. You better could use the IIS Settings Import Wizard and ask for the credentials.
Anyway, finally you will end with a more "in control" deployment process.
Development knows the production environment, so they can design and build there applications with the real settings in mind. With this extra knowledge Design For Operations and Design For Deployment are much more realistic. Development can give operational management the right information how the solution need to be managed and monitored which will result in lower project risks..!
Some extra things we can do to automate this, "Enable ALM by Automation":
- Generate installer packages from the Logical Datacenter Designer, System Designer and Application Designer. We've got all the information we need! [see DSL 4 WiX]
- Generate MOM packages and manageability models [see Design for Operations on Codeplex and this post]
- Create WorkItems in TFS.
- Create Threat Models with the "Import Deployment Report" feature from the Microsoft Threat Analysis and Modeling Tool and create WorkItems from there.
- ...
some additional information:
- MSDN Virtual Lab: Architecting Connected Systems: Logical Data Center
- MSDN Virtual Lab: Architecting Connected Systems: System Designer
- Kevin Sangwell Blog: Bridging the Gap between Development and Production [very good information about this topic]
- Gearing Up for Modeling, Microsoft Style, April 01-2006
Rosario Team Architect Exposed, Getting Information Out Off the Designers.
I'm not fully up and running with the Rosario CTP, but found yesterday evening some time to dig into the internals of Team Architect. [Reflector rules]
Getting information out off the designers.
It is pretty hard to iterate through the various applications and endpoints within the VS2005 and VS2008 designers . You must load the .ad file with an XML reader and query it. Rosario makes this allot easier, it exposes methods to do this.
This is the Application Designer ToolAdapter Interface with the getApplications, getEndpoints, etc methods:
The new way to iterate the applications and endpoints. Much better than overly long XML queries:
Inside the "Rosario" Service Factory there are some helper classes to get the ISoaService
Update: removed the formatted code and added screenshots.