Wednesday 31 January 2018

Looking for a cheap quick UI testing and monitoring Tool - end test and Ghost Inspector Review

Problem:  My client is looking for a simple tool to monitor a website is up and running and can run a small set of UI tests and asserts to verify it is working as expected.

Initial Hypothesis:  There are a lot of monitoring sites like uptime that meet this requirement, but I reviewed Ghost Inspector and endtest.  I am not looking to do full CI as I would look at Selenium WebDriver for an enterprise solution for UI testing.

Resolution:  Trial endtest and Ghost inspector on my O365 subscription to validate it monitors and alerts, can perform advanced logins and it can validate custom pages after JavaScript injection.  Price and feature wise both tools are pretty similar.

Ghost Inspector Initial Thoughts
Easy to use and there is a recording function for Chrome.  This review has put me off Ghost Inspector to some degree but definitely an excellent product to evaluate.
Bad review for Ghost Inspector but it does assume enterprise level UI testing more suited to tooling like Selenium.

endtest Initial Thoughts
Easy to use, setup testing in a matter of minutes, recorded actions and assertions.  The trial is limited as I could not check the scheduling mechanism, but end test looks like the ideal tool for my requirement.  Would need to go for the pro licence at $79 per month.  A simpler smaller option would be more attractive but let's see what the client thinks.

Other Tools for UI Testing:
Selenium
Selenium IDE is an excellent tool for UI testing and UI automation testing.  Here is a post on Selenium I did a few years back.

qTest Explorer
This is a Manual recording and documentation tool that records browser and desktop interaction.  It's straightforward to use and great for Manual UI testing.  It is not for automation or re-running test but great if the project requires manual testing and proof.


Tuesday 23 January 2018

Basic Branching Strategy for TFS and GIT



  • The main difference between standard TFS branching strategy is that you branch more often for shorter time periods and check in small code change units into the "Development" branch.
  • Delete the black line once the feature is complete and checked back into the Development branch.  Can easily start a new functional local GIT branch to amend the next feature.
Note: Easy to also grab a GIT local branch from the Main branch (inline with you production code base), make changes and then when checked back in they hot-fix goes into both the Main and Development code branches.

Choosing the branching strategy is normally: Release, patch or feature driven.

Visual Studio 2019, Commit code to GIT repository

Friday 19 January 2018

Interviewing Developers, Leads and Consultants for Projects

Overview:  I look for 3 key areas: are you 1) hardworking, 2) smart & 3) do I like you.  The technical part of the interview helps me see if you are hardworking.

Budget is always a big issue, you don't want to waste your time or the employees.  Upfront, both parties need to know they are in the right space.  Also, pay, you need good quality and you don't want people shifting as most companies don't raise properly after recruiting.
Timeline, it takes time to find the right person.  And it takes time, they have notice periods, need to be to onboard/train the person, start early, for a contractor you'll need 1-2 months and for permanent it generally will take 5-6 months.
Clear Job And Expectations is key, it will help scan/find suitable candidates.  Be sure to cover KSA (Knowledge, Skills, and abilities).
Listen don't sell, I see interviewers including me selling if I like the candidate, rather listen than talk a lot.

Skills:
Depending on the project will dictate the skills and experience I look for.  This post lists the skills I generally look for when hiring dev and leads for SharePoint based projects.  Firstly, I compile a list of skills for the project and ensure each developer role covers multiple areas/expertise types.  My general list is shown below.

Skill needed:
  • Azure or AWS
  • SharePoint/O365/MS Teams
  • CSOM/REST
  • PHA
  • TFS / GIT
  • .NET/C# 
  • WCF / Web API/ Open API / Swagger
  • SQL Server/T-SQL
  • Evening/Enterprise Service Bus
  • Entity Framework/Code First
  • HTML/CSS
  • JQuery, JavaScript
  • ALM, DevOps, CI/CD
  • Angular JS, KnockOut React VueJS, Other JScript Libraries
  • O365
  • Networking
  • Federation/OAuth/Security
  • Agile/Scrum
I keep a scorecard and Notes that I fill in for each candidate.  If they score too low in the technical section, I don't start the Personal section, and until I think they are a good candidate then I start the problem solving which I find to be the best indicator of if a guy is going to work out.  Looking back at a lot of developers and leads hired, the 2 critical sections are problem-solving and admits limitations (the guys that don't know when to say "I don't know" are generally a problem if hired). 

Candidate Template:  John Doe

Technical:
Notes
John
SharePoint
Branding, knows SP limits excellent,
8 missed JS injection
SSO/Federation/Security
SAML, ADFS, passive clainms and SSL
9
PHA
Types, S2S vs ACS, Certs, MVC app pkg
8.5
JavaScript/TypeScript/AngularJS/SPFx
Namespaces, versions ng,
9.5
Search
Trimming, CEWS, components, DisplayTemplates, KQL
10
BI
SSRS, Power BI, SSAS, rdl, understand no depth in knowledge
7
                  

Personal:
Notes
John        
Eager

9
Smart
Super adjusted
                              
8
Like

8
Hardworking

9
Admits limitations
                                                               

10




Problem Solving:       
Notes    
Abhishek
Logical

7
SharePoint Problem Solving
                                                               

9
                                   

Smart, nice guy, super knowledgeable.  Admitted he does not know BI at all and then actually gave a solid explanation of BI on SP. 
Technical: 9
Personal: 9

Problem Solving: 8

Example qus when trying to identify a candidates strengths:
QU: Difference/compare Web Services vs WCF vs Web API
ANS:
Web Services is the oldest, .asmx extension are ASP.NET Microsoft's web services.  HTTP protocol only and uses SOAP (XML).  Microsoft proprietary.
WCF was the next release and ends with the extension .svc.  Supports the following protocols: HTTP, HTTPS, TCP, Named Pipes, MSMQ.  WCF uses SOAP (XML)Complex to configure but offers flexibility.  Add REST support using webHttpBindings and then can use XML, JSON and ATOM data format.  IIS needs config change to support PUT and .. verbs.
WebAPI is part of MVC template wasn't originally.  Simple to setup and supports REST.  Lightweight and easy to setup.  Easy to consume.  HTTP protocol only. Supports XML and JSOM data format.

CSS Basic Qus (as I am rubbish, thanks to Jeff H):
QU: How can we add/implemented CSS to our pages (3 approaches)
ANS: Inline css, in the head section of the page or call/reference an external CSS file
QU: Explain Z-Index
ANS: Stack order
QU: Browser engines used
ANS:  IE uses Trident or now called HTMLEdge, Chrome & Opera use Blink; Safari uses webKit; Firefox/Mozilla uses Gecko.
QU: Explain block object positioning between: Absolute, relative and fixed. 
QU: Diff class selector vs and id selector
QU: Explain Display: None vs Display: Hidden

Template used for a Delivery Lead:

Technical:

Notes

Kam Score

Delivery/CI/CD/ITIL

 

 

SSO/Federation/Security

 

 

Programming C#

 

 

Front end/JS/HTML

 

 

Cloud/Azure/API’s

 

 

BI/APIM/SQL

 

 


Personal:

Notes

Kam Score       

Eager

 

 

Smart

 

 

Like

 

 

Hardworking

 

 

Leadership

 

 

Admits limitations
                                                               

 

 


Problem Solving:       

Notes    

Kam Score

Logical

Problem Solving
                                                               

 

 

Thursday 18 January 2018

TLS Issue - The underlying connection was closed

Problem:  I have a console using CSOM that stopped working when the TLS settings were updated firm-wide.  The communication is between the console and a SharePoint farm, using CSOM, and now it no longer works.  The event log generates the following error message on the client machine: A fatal error occurred while creating an SSL client credential. The internal error state is 10013.

Initial Hypothesis: The outbound HTTPS traffic is the issue as the error is telling me that the mistake was creating the SSL client credential.  The console runs on a web server, and the TLS restriction change has caused the issue.  This issue is that the console running can't create an SSL client credential.  The TLS change was made to the console VM and not the SharePoint farm.  Here is the PS script to validate TLS versions written by Vadims Podans.


The post below helped me query the windows web servers to check the TLS settings using PowerShell.  I believe the outbound is controlled by the inbound TLS settings.

Resolution:  Change the console to use a know TLS version e.g., TLS1.2 as shown below:
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

Alternatively, revert the TLS setting in the registry. Apparently, this means your server is more susceptible to attack.

Alternatively, specify all the portocols you support from the calling client side application ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls | SecurityProtocolType.Ssl3;

Read this section if you are still having issues.
Factors that Influence Settings:
My CSOM console sits on a VM that hosts IIS, so there are three components to ensure connectivity excluding networking:
1.> SharePoint Server needs to support the TLS version
2.> VM hosting my console's outbound SSL is also set by IIS local TLS settings, so if I want to speak on TLS to the SharePoint server, I also need to have SSL enabled (or registry hacked) on TLS1.2 on the IIS VM hosting my console.
3.> My Console needs to support TLS 1.2 or all versions so it can negotiate for itself.  Regedit to check TLS setting is shown below:
More Info:
https://www.sysadmins.lv/blog-en/test-web-server-ssltls-protocol-support-with-powershell.aspx

Also look at this post to enforce TLS1.2

HKEY_LOCAL_MACHINE\SOFTWARE\\Microsoft\.NETFramework\\v4.0.30319

   SchUseStrongCrypto = (DWORD): 00000001
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\\.NETFramework\\v4.0.30319
       SchUseStrongCrypto = (DWORD): 00000001


Sunday 17 December 2017

Office 365 Technical Governance Thoughts


Hierarchy of Governance of IT
  • Business Governance
  • IT Governance
  • SharePoint Governance
The items to look at for a security breach apply at all 3 governance levels and planing to deal with a Security Breach must cover:

  • Legal Compliance
  • Litigation & Insurance
  • Security
  • Business continuity and Disaster recovery
  • PR
There are a lot of technical pieces involved in Governance of SharePoint such as authentication, security, O365 labels, Microsoft Information Protection (O365 labels) and Azure Information Protection (AIP/AIP Labels), CAS, IRM, .....  there are third party products like skysync, Semantec,.... and a lot of SharePoint Governance is part of other products that also cover SharePoint.



Tuesday 21 November 2017

Power BI online integrate into SharePoint on-prem. extranet Architecture

Power BI Embedded Online Licencing as of 22 Nov 2017:
Basically, there are 2 parts to licencing PowerBI online.
1.> You licence per the number of pages you render per hour.  You need to have the Power BI Embedded licences on infrastructure to serve up a certain number of requests per hour. So work out your peak number of page request per hour and licence for the appropriate plan.  The table below shows the Power BI Embedded plan you'll need to subscribe to:

PlanVirtual CPUsRAM (GB)Max Request per hour
A113300
A225600
A34101200
A48252400
A516504800
A6321009600
Note:  I believe the plan's can be scaled up or down instantly without display and pausing a service stops the Power BI embedded costs.  If you run over the Max requests per hour I believe the Power BI PaaS will still serve up page/reports but you will get an extra bill for the additional reports.

2.> You'll also need to purchase at least 1 Power BI Pro licence, that is used for: administration, content publishing, and development..
3.> As of time of writing (Nov 2017) the Microsoft Power BI Gateway does not offer High Availability (HA), but I'm sure it is coming soon.
4.>  A single account is used to connect to each source and RLS security has to be applied at the source (SQL SSAS), user table mapping is required.



Also see:
http://blog.sharepointsite.co.uk/2017/10/power-bi-on-prem-extranet-information.html
https://docs.microsoft.com/en-us/power-bi/developer/embedded-row-level-security


Saturday 18 November 2017

TDD, BDD, DSL...

TDD - Test Driven Development is usual associated with Unit Tests.  

  1. Write tests before creating any application code.
  2. Write code
  3. Run code with tests to verify it works
  4. Repeat to add more functionality to your code

BDD - Behaviour-driven Development is an Agile development process that encourages collaboration between team members.   BDD combines TDD with ideas from domain-driven design (DDD) and object-oriented analysis and design to deliver software.   Get you requirements into User Stories, and develop Acceptance Criteria (I like Gherkin).  This ensure the "The Three Amigos" product owner/business, analysts, testers and programmers are on the same page (note these roles in Agile are often all performed by 1 person).

Domain Specific Language (DSL) - Language used to help communicate a systems behavior or share information such as User Stories and Gherkin,  DSL is very similar to a General Purpose Language such as Use Cases.