Saturday 25 April 2015

DevOps Tooling

DevOps Tooling Notes

DevOps Tooling is broken down into the following areas, note the tools often overlap in function.  The list is not exhaustive but these are the more common tools I have come across.
  1. Version Control: TFS, Git, SVN, ...
  2. Bug Tracking: ServiceNow, Jira, ZenDesk
  3. Continuous Testing: Selenium, Jasmin or Mocha or Unit.js (JavaScript testing), NUnit, Web Tests (Visual Studio), SpecFlow
  4. Continuous Integration (CI)TeamCity, Jenkins, Azure DevOps (bigger) 
  5. Configuration Management and Deployment:  Puppet, Chef, ANSIBLE, SALT  (all installed on Linux, obviously work on Windows environments)
  6. Containers: Docker, Kubernetes, Microsoft Containers. I think the Azure AKS is pretty much containers for Azure now.
  7. Other:  PowerShell, VMWare, HyperV
RESTful API Tooling
  1. Swagger - awesome.  Swagger is a set of tools that help document, build and test your API  (Your API conforms to the OpenAPI specification or Swagger specification).  Great way to get a contract for users of the API early on.  Updated 2019/11/25Link to Swagger post
  2. Swagger UI, Swagger Integrator,...
  3. Apiary - UI to create an API and publish with mocks.  I prefer Swagger or on simple projects APIM.
  4. API Management (APIM) - flexible Azure service for bring together multiple API securely.  Same as MuleSoft.  Can import OpenAPI's v2 or v3 to create a hosted API.  Can mock and built in test tool.
  5. RAML is an alternative to Swagger and Apiary (never used)
  6. Blueprint - API documentation tool.  Pretty simple and nice results.
  7. Postman - send http requests to the API.  Postman is a REST client useful to check your API.  This is my main tool for testing, exploring REST based API's.  
  8. SoapUI - if working with SOAP/XML.
  9. Slate - API documentation - I always use OAS/OpenAPI/Swagger.
  10. Fiddler - I'm old school and still love Fiddler and it's capabilities.  Fiddler is a great HTTP debugger.  
  11. BURP - an HTTP debugger to review traffic.  I've used BURP for security testing and it is great for API debugging.  
  12. Charles is another HTTP debugger (never used).
  13. cURL - Cmd line to test API's using HTTP, separate exe to run on Windows, Windows 10 has cURL built in.
  14. Visual Studio
  15. Wireshark - Over the years I have needed packet sniffing to fix issues and always go to Wireshark, I used the tool in the 90's but it had a different name.  Extremely useful for issues relating to firewalls, especially when an environment reacts differently to another working DTAP environment.
  16. Tcpdump is another packet sniffer
Testing:
http://www.incyclesoftware.com/2014/02/executing-selenium-ui-tests-release-management/

More Info:
http://blog.sharepointsite.co.uk/2014/02/devops-and-sharepoint.html
http://www.networkworld.com/article/2172097/virtualization/puppet-vs--chef-vs--ansible-vs--salt.html
http://blog.sharepointsite.co.uk/2013/11/iac-presentation-for-sharepoint.html


Posted by Paul Beck at 12:33 0 comments
Labels: , , , , , , , , , , ,

Sunday 19 April 2015

PhoneGap and SharePoint

For Mobile Start HTML5 Mobile web App, then PhoneGap (wrapper to interact with devices),
Xamarin, recompiles to each platform, lastly write for each native platform thin iOS/objective C for Apple. PhoneGap and Xamarin are comparable with respect to performance and have trade-offs based on code reuse, developer skill set, and integration into standard developer tool sets

Idea: Start by building HTML5 sites with a responsive design then leverage these HTML5, CSS and JS assets hooking into SharePoint and extend with device capabilities using Hybrid framework (PhoneGap)

FeatureHTML5PhoneGap
Web view Yes Yes
Audio/Video files YesYes
Location YesYes
Local storage YesYes
CameraNoYes
AccelerometerNoYes






Yes
Notifications (local, alert, push)
No		Yes
Compass NoYes
Native UINoNo
Access to full API/SDK No No

Also see:
https://xamarin.com/
Posted by Paul Beck at 10:45 0 comments
Labels:

Saturday 11 April 2015

Empty Developer Dashboard in SP2013

Problem: No data is showing up on the developer dashboard in SharePoint 2013.

Initial Hypothesis:  My initial thoughts where around the SSL cert issue on the VM or potentially Fiddler causing the dev dashboard to be empty.  after looking at the ULS a good developer could see the Usage and Health Data Collection Service Application was not working.

http://www.wictorwilen.se/sharepoint-2013-developer-dashboard-shows-no-data-issue

Resolution: Once the Usage SSA was configured, the dashboard started working.
Posted by Paul Beck at 12:17 0 comments
Labels: ,

Thursday 19 March 2015

Identity Providers for SharePoint

Overview:  I have worked with and evaluated a couple of Services and Federation Server products.  Here is an old pot of setting up claims, at the bottom I have some thoughts on different services/server products.
Background: SAML and WS-Federation protocols are standard Single Sign-On protocols, the following version exist:
  • SAML 1.0, SAML 1.1, SAML 2.0
  • WS-Federation
Security Assertion Markup Language (SAML) is an XML-based protocol for exchanging authentication and authorization data between security domains.
SAML enables web-based authentication scenarios including cross-domain single sign-on (SSO).  SAML is a token representing a principal that normally represents a user but can represent an app.
  
Other terms to understand:
  • Identity provider (IdP) think ADFS/Azure ACS,
  • Service provider (SP) is the SAML consumer in our context this is SharePoint but this can be an MVC app.
  • Realm
OOTB SP2010 and SP2013 support SAML1.1 not SAML2.0, you can write custom code or use a Federation Server like ADFS to convert the SAML2.0 so it will work with SP.
Identity Provider (IdP) Products:
  1. Microsoft ADFS
  2. Ping Federate
  3. ThinkTexture Identity Server
  4. CA-SiteMinder
  5. IBM Tivoli (CAM)
  6. Oracle Access Manager
  7. ComponentSpace
  8. Shibboleth
  9. RSA Federated Identity Manager
  10. Entrust GetAccess
 IdP Services:
  1. Azure Active Directory
  2. LiveId
  3. Google
  4. Facebook
  5. LinkedIn
  6. Yahoo
This list is in no way exhaustive, pls post if you feel I am missing any providers.
Posted by Paul Beck at 23:17 1 comments
Labels: , , ,

Friday 13 March 2015

Capturing NFRs for SharePoint

Problem: Gathering Non Functional Requirements (NFRs) are always a tricky situation in IT projects.  This is because it is always difficult to estimate how the system will be used before you build it.  I often get business users stating extreme NFRs in the attempt to negotiate or show how world class they are (I generally think the opposite when hearing unreasonable NFR's). 

An example is a CIO at a fairly small NGO telling me the on-prem. SP 2010 infrastructure needs to be up all the time so an SLA of 99.99999.  This equates to 3.2 seconds downtime a year.  In reality, higher SLA's start to cost a lot of money.  SP2013 and SQL 2012 introduce Always On Availability Groups (AOAG) which helps improve SLA uptime but this costs in licensing infrastructure and management.  I need redundancy and the ability to deal with performance issues, so the smallest possible farm consists to 6 server, 2 for each layer in SP namely: WFE, App and SQL.

Here is an old post of SP2010 SLA's but still relevant today.

The key is gather you NFR's and ensure all your usage/applications on the production farm meet expected behaviours.  I have a checklist below.  Going thru the Microsoft's SP Boundaries, Limits and Thresholds document shall help highlight any issues.

The high level items I cover include the following topics:
  • Availability
  • Capacity
  • Compatibility (Browser, device, mobile)
  • Concurrency
  • Performance
  • Disaster Recovery (RTO, RPO)
  • Scalability
  • Search
  • Security
  • SLA

Capacity Example

Item
Day 1
Year 1
Year 3
Year 5
Site Collections
10
100
250
400
Database Size in GB
> than 1GB
490 GB
1220 GB
1960 GB
Search Index Size in GB
> than 1GB
120 GB
310 GB
490 GB
No of Content Databases
1
1
4
8
No of Search Items
10,000
10 Million
25 Million
40 Million
No of Index Partitions
1
1
3
4


Item
Day 1
Year 1
Year 2
Year 3
Number of Users
1,000
50,000
80,000
130,000

*Also calculate peak and average concurrency numbers

Average concurrency, for 20,000 users, the assumption is that 10% (2,000) users will be actively using the solution at the same time, and that 1% of the total user base (200) users will be actively making requests.  For for performance testing you are looking to handle 200 users without delays and a page response time of under 5 seconds.  Based on the simple guideline I've always used from Microsoft.

 Peak concurrency depends on your situation for example the NFL playoffs game schedule in the when announced is not the simple 4 times the average concurrency tha would be suitable for most internal business applications.  Although this example may be considered a load spike rather than a peak concurrency.  

It also worth doing a usage distribution pattern for your users experience, so 80% may be light users, login, read 10 pages in your site and perform a single search with 1 minute gaps between interactions (wait times).  the remaining 20% perform a login, upload a 100kb document, view 10 pages and perform 2 searches.

 RPO & RTO:
RPO - Max amount of lost data (in time)
RTO - Max time lost (rebuild farm and get the latest backups restored) to make the system operational again.   

SQL Server Sizing:
Option 1: work out the rows and bytes for storage and multiple by the number of rows and then add the tables together to get the size.
Option 2: Assume 100 bytes for each row, count the number of rows and get the storage requirements.

 More Info:
https://technet.microsoft.com/en-us/library/ff758647.aspx

Posted by Paul Beck at 22:57 0 comments
Labels: , , ,

Monday 2 February 2015

Encrypting Content databases

Overview: TDE is Transparent Data Encryption, where you can encrypt your "data a rest", this encrypts the SQL mdf and ldf files.  Few enterprises require TDE for content database but if your customer has specific enterprise security requirements (Encryption at Rest for High Confidential data) or compliance requirements such as SOX, HIPAA, or Payment Card Industry Data Security Standard (PCI DSS) TDE may be an easy win.
Notes:
  • TDE is only available from SQL 2008, 2012 and 2014 Server Enterprise Edition.
  • SP Blobs are stored outside of mdf so they are not encrypted by TDE.
  • Only Content databases can be encrypted (not verified).
  • Search indexes are obviously not encrypted by TDE.
  • Encrypting the Connections to SQL or IPsec is needed to encrypt data between SP and SQL, not covered by TDE).  Nor are any call to web services or data in transit, use SSL.
  • TempDB is encrypted even if only 1 db is using TDE.
  • Applies to SP2013 On-prem. farms only.
  • I believe O365 uses BitLocker.
  • Vormetric and also offer encryption at Rest on SQL and other databases.

More Info:
Storage and SQL Server capacity planning and configuration (SharePoint Server 2013)
http://www.slideshare.net/michaeltnoel/transparent-data-encryption-for-sharepoint-content-databases
http://www.vormetric.com/search-results?query=SharePoint
http://web.townsendsecurity.com/bid/64783/4-Ways-to-Encrypt-Data-in-Microsoft-SQL-Server


Posted by Paul Beck at 19:11 0 comments
Labels: , ,

Sunday 25 January 2015

Auditing in SharePoint 2013

Overview: SharePoint provides excellent logging capabilities, to retrieve the auditing logs Site Settings > Site Collection Administration > Audit log reports.
Notes:
  • By default auditing is enabled in SharePoint.  PB: I think this statement if false, all the farms I review are not logging information in the audit logs.
  • Auditing is done at a Site Collection level.
  • Audit logs are kept for 30 days by default and can be change via the UI in the site collection and the clean up is controlled by CA.
  • Audit logs are stored within the content database, so watch the size of auditing logs.  They can take up considerable space in the content database so don't just audit everything and keep the logs endlessly.
  • Permissions changes, check-in/check-out, search queries, edits, document views (not SPO), ... can be audited.
  • Various reports can be downloaded into excel for slice and dice such as the Security settings audit log report.
  • Each logged event roughly takes up 2k. Calculating content database storage reqs:

Audit logs can be shipped to a central storage area and removed from the Content Database, this is ensential for large CDB's that require full auditing and performance is suffering.  AvePoint and Metalogix offer tools as part of their products that perform the audit log storage & removal from the CDB.  Also see Varonis.

 References:
https://support.office.microsoft.com/en-us/article/View-audit-log-reports-b37c5869-1b47-4a82-a30d-ea20070fe527?CorrelationId=9139de6c-b33b-45c1-9cc2-d3958a88eab3&ui=en-US&rs=en-001&ad=US
http://sureshpydi.blogspot.co.uk/2013/05/audit-log-reports-in-sharepoint-2013.html
http://sharepoint-works.blogspot.co.uk/2013/07/audit-logging-in-sharepoint-2013.html
Centralised Auditing Product:
LepideAuditor Suite – SharePoint
http://www.lepide.com/sharepoint-audit/
LogBinder SP
https://www.ultimatewindowssecurity.com/sharepoint/logbindersp/Default.aspx
Posted by Paul Beck at 10:28 1 comments
Labels: ,
Subscribe to: Posts (Atom)