RAM in Cambodia

Geneva Framework – Quick Intro

This new stuff will make me busy for the next 7 weeks as we will have POC for that. For you how are new to Geneva, you can download it at connect.microsoft.com including all of its tutorials and guidance around claim-based identity. In claim-based paradigm, user presents an identity to application as a set of claims. One claim could be the user ID, emails, or another The main idea is that an external identity system is configured to give your application everything it needs to know about the user with each request she makes, along with cryptographic assurance that the identity data you receive comes from a trusted source.

Let see simple scenario. Let say, you are creating a weather web services with smart client model. Diagram below shows a claims-aware weather Web service (the Relying Party application) and a smart client that wants to use that weather service. The RP exposes a policy that describes its addresses, bindings, and contracts. But the policy also includes a list of claims that the RP needs, such as user name, e-mail address, and role memberships. The policy also tells the smart client the address of the STS from which it should retrieve these claims. After retrieving this policy (1), the client now knows where to go to authenticate: the STS. The user presents credentials (2) and the smart client makes a web service request (3) to the STS, requesting the claims that the RP asked for in its policy. The job of the STS is to authenticate the user and return a security token that gives the RP all of the claims it needs. The smart client then makes its request to the weather web service as the relying party (4), and sending the security token along in the security SOAP header. The weather service as RP now receives claims with each request, and simply rejects any requests that don’t include a security token from the issuing authority that it trusts.

We already know this concept in general. But what about if you are required to reuse existing user identity, for example Windows Live passport or you have list of website users in SQL Database? Yes.. Here is where Geneva Framework can help you. You can make your custom STS that can read claims store in database (maybe in legacy system) and also directory services. Geneva is not only about SSO or Federation, but more than that because you will be able to create custom STS that match to specific requirement.

What about interoperability? Several WS-* standards are used in the previous scenario. Policy is retrieved using WS-MetadataExchange, and the policy itself is structured according to the WS-Policy specification. The STS exposes endpoints that implement the WS-Trust specification, which describes how to request and receive security tokens. Most STSs today issue tokens formatted with Security Assertion Markup Langauge (SAML). SAML is an industry-recognized XML vocabulary that can be used to represent claims in an interoperable way.

See you in other Geneva story.

Cheers – RAM 

Beginner Guide - C++ for Windows

We have long weekend due to the election day in Indonesia. I use the time to refresh my C++ skills – language, design pattern and Win32. Actually, it was requested by one folk from Vietnam to drive C++ in our MSDN community. I agreed with him as we need to balance our MSDN contents for both native and managed development. If you like C++, below is my guidance on how to improve your C++ programming skills on Windows, assuming you already good in data structure and algorithm from school. 

#1 – Be good in language

You don’t have to know all C++ language aspects to write C++ program. But to enable you write good codes, I do suggest you to master the language before learn design skills. I always consult to The C++ Complete Reference, The C++ Programming Language and C++ Primer for my language skills. Put attention to object oriented language features, generic/template and STL. I also use boost for other stuffs that is not included in standard libraries. Practice, practice and practice are the key.

#2 – Learn GoF design patterns

The well accepted basic catalog for design patterns came from Gang of Four. But most of developers have difficulties to learn GoF without real sample scenarios. I found the following website very useful for me as it has a lot of documentations and samples of GoF with C++. Click on the picture to go to the Vince Huston website. If you know other website, please help to put in the comment section.

#3 - Learn Win32

Most of feedbacks I got from community is, C++ is easy, but programming C++ in Windows is hard because of the nature Win32 API. Actually that is true. The hardest part of programming C++ on Windows is the learning Win32 and other Windows toolkits/frameworks like the platform SDK Win32, WDK, MFC, COM, WTL, and ATL that you will need in a real project. Framework selection will affect our design as we will not programming in vacuum. If you agreed with me, then the following resources will be your good friends:

- Programming Windows
- Windows System Programming
- Windows via C/C++
- Programming Windows with MFC
- Platform SDK Documentation. You can choose Vista, Windows 2008 or Windows 7 SDK.

I do believe that native development will still have its own place. But that is your own choice to become full managed code developer or combine it with native C++ knowledge. In our beloved MSDN community, I planned to balance it.

Cheers – RAM

.NET RIA Services with Offline Scenario?

I am working to help some of physicists who run KucingFisika, to design their future multimedia e-learning site with Silverlight. After looking around for design practices, I found that Microsoft .NET RIA Services is good as our base line. This is now available and you can download from here and later explore it like I do. In this post, I would like to encourage you to see that we can add additional scenarios, making RIA Services really applicable in low bandwidth condition like us in Asia – adding offline feature. From marketing point of view:

Microsoft .NET RIA Services simplifies the traditional n-tier application pattern by bringing together the ASP.NET and Silverlight platforms. RIA Services provides a pattern to write application logic that runs on the mid-tier and controls access to data for queries, changes and custom operations. It also provides end-to-end support for common tasks such as data validation, authentication and roles by integrating with Silverlight components on the client and ASP.NET on the mid-tier.

From technical point of view (you can read more from its PDF documentation). It is a framework that provides patterns for writing LOB application logic and validation (by design). LOB applications use data that needs to flow across tiers. It may be created and used through basic CRUD operations or it may be accessed through domain-specific custom operations in encapsulated form such as an approval operation. In an internet application, there is a trust boundary between the client and the mid-tier server. Hence, it is important to have a stylized way to express what resources are available to the client tier and what operations are permitted. In addition to defining the resources and operations, a developer needs to validate the data as it is created or updated. The validation needs to run on the presentation tier for giving immediate feedback to the user and on the mid-tier for ensuring that the rules defined for the application are enforced. Thus, there may be common validation across the tiers as well as tier-specific validations that need to be integrated with the resources and operations.

Lets look at the anatomy of a common Web application compared to RIA. With a RIA, most of the presentation logic moves to the client to improve the UX and to make effective use of local state. The result is additional work for the developer: defining a full-fledged services layer, new types and contracts to share etc. and continually evolving them as the app evolves on either end. A RIA isn't just a client app, but an "Internet" app that includes a server component. This is where RIA Service guidance will give you values – end-to-end pattern for this additional work. But remember, there is no perfect design/pattern, we can always improve it based on our requirements.

The first part of RIA Services pattern is to write a DomainService class. This represents your application domain, your application logic, or business logic, a set of operations – CRUD based or custom domain-specific, DAL specific, authorization and validation. A DomainService is optimized to be stateless - to respond to query requests and to change set processing requests.

The second part of the pattern is what we generate - the client-side data model - in a DomainContext class. This class represents the view of what the client can see. It contains lists of objects, one for each type exposed to the client, and it contains a set of load methods that roughly correspond to the queries exposed on the service. These load methods can be used to load objects into the corresponding lists. The individual objects and lists track changes and raise change notifications. The DomainContext can extract all the changes, create a change set and submit it to the service for processing and committing. A DomainContext is optimized for taking advantage of the stateful environment and to be a well-behaved citizen in a binding-centric presentation technology such as Silverlight or WPF.

Nikhil Kothari describe .NET RIA Services vision as RAD for RIA, which is I totally agreed and have the same sense.But there is one requirement here in Asia that we must consider – low bandwidth condition. This will rise new scenario - offline-enabled RIA application, means that we need to add local storage scenario for the DomainContext. The design challenges of all the offline-enabled applications are:

How to isolate client data layer

What is actually the data layer in RIA? It that the API that server exposes to AJAX? Gears provides a good vision on Server Data Layer and Local Data Layer, controlled by a Data Switch. Gears propose JavaScript DB API with SQLite to enable local data storage. It is a good project to start with SQL Compact Edition, however, but an ActiveXObject should be created for SQL Compact Edition/SQL Express/ESENT. Anyone interested here?

Offline strategy – what features need offline scenario

This is the harder part for me, as closely related to our application scenarios. Let say, I want to design Physics e-learning application that contains RIA/Silverlight based simulation, Farseer Physics Engine for example. Some numerical calculation should be done at client side and its results should be store locally in order to feed parameters for responsive and dynamic GUI animation. You might think that you would always want to use the local store since it is faster. However, there are many practical reasons why you may want or need to access the data on server instead. For instance:

- Data may be so transient in nature that it makes no sense to cache it. I will use Project Velocity for cache anyway.
- Some Simulation's data makes sense only while online.
- The App may choose to store only the most frequently accessed data.
- Numerical computational and/or disk space requirements make it unfeasible to recreate the feature offline.

Typically, the optimal solution is to use the local store as much as possible, since it's usually faster than a remote connection. However, the more work an application does locally, the more code you need to write to implement the feature locally and to synchronize the corresponding data. There is a cost/benefit tradeoff to consider, and some features may not be worthwhile to support locally.

In fact, .NET RIA Service provide ready to extend set of capability that I like. But, a lot of work should be done to make it work like I want. That is my problem though :).

Application Modality

What is modality – feature to switch from online to offline states or vice versa. Modal applications usually indicated through some change in the user interface. The user is made aware of the state and participates in switching states in some manner. Modeless applications attempt to transition seamlessly between online and offline states, without significant UI changes. The user does not need to participate in switching states, which the application does automatically.

In a modal application, when the application is online it communicates with the server. When it's offline, it uses the local store. Data must be synchronized when the app switches between modes. The advantage of making a modal application is that it's “relatively simple” to implement and therefore a reasonable way to bootstrap the application to function offline. But some disadvantages are: The user must decide and remember to switch modes. Since the local store is not always up-to-date, it can't be used to improve the application's responsiveness when connected to the server.

Data Synchronization

What is the sync strategy for this kind of application? No matter which connection and modality strategy we use, the data in the local database will get out of sync with the server data. For example, local data and server data get out of sync when:

- The user makes changes while offline
- Data is shared and can be changed by external parties
- Data comes from an external source

There are many approaches to synchronization and none are perfect for all situations. We have Microsoft Sync Framework and Astroria Offline as candidates for reusable framework here (where I am still arguing). The most important thing for engineer to decide is manual or background synchronization. In manual sync user decides when to synchronize. It can be implemented simply by uploading all the old local data to the server, and then downloading a fresh copy from the server before going offline. In background sync, the application continuously synchronizes the data between the local data store and the server. This can be implemented by pinging the server every once in a while or better yet, letting the server push or stream data to the client. With Silverlight supports on WCF, this should be easy to implement.

Well, the next step for me is to gather our detail requirements and see how current frameworks can help. I am still hacking the MSF, Astoria Offline, RIA Services, and Velocity. For sure, I will share with you if I found interesting things.

Have nice weekend without insomnia!.

Cheers – RAM

Project Velocity – Answer to Memcached?

Regarding my previous post about Memcached, Zeddy pointed me to Project Velocity. This is exactly what I am looking for!. A highly scalable in-memory, distributed cache cluster in farm deployment, high availability and of course, concurrency ready and x64 support!. Applications can store any serializable CLR object without worrying about where the object gets stored. Scalability can be achieved by simply adding more cache servers on demand. “Velocity” also allows for copies of data to be stored across the cluster, thus protecting data against failures. “Velocity” can be configured to run as a service accessed over the network or can be run embedded with the distributed application.

Key Features 

"Velocity" consists of a cluster of servers that communicate with each other to form a single, unified application cache system. A client application can communicate with one or more of the servers in the cluster to perform cache operations such as Get, Put, or Remove. Multiple client applications can work with the same cached objects that use any of the servers in the cache cluster. The primary components of the physical model consist of the cache server, the cache host Windows service, the cache cluster, the PowerShell-based cache administration tool, and the cluster configuration storage location. The following diagram shows how all these elements relate.

- Caches any serializable CLR object and provides access through simple cache APIs.
- Supports enterprise scale: tens to hundreds of computers – with unified cache view from clients
- Configurable to run as a service accessed over the network or run embedded with the application.
- Supports common cache configurations.
- Supports dynamic scaling by adding new nodes.
- Configurable number of backup copies to provide high availability.
- Automatic load balancing.
- Integration with administration and monitoring tools such as ETW, System Center, etc.
- Provides tight integration with ASP.NET to be able to cache ASP.NET session data
- Follows the cache-aside architecture (also known as Explicit Caching) for V1.
- Support for multiple client languages (for example, PHP, C#, C++, etc.).

Key Scenarios : Social Networking Site and Enterprise LOB

Not only for social networking scenarios, Velocity was designed to support enterprise application.

High Availability Model

The logical model of the cache cluster consists of named caches, regions, and cached objects. In the diagram, named caches span all the cache hosts in the cluster, but regions are limited to just one cache host in the cluster. The high availability feature supports continuous availability of your cached data by storing copies of cached data on separate cache hosts, as illustrated in the next diagram.

With high availability enabled on a multi-server cluster, your application can still retrieve its cached data if a cache server fails. A copy of each cached object or region is maintained on a separate cache host. The cache cluster manages maintenance of these copies and supplies them to your application if the primary copies are not available. No code changes are required to make your cache-enabled applications highly available.

All "Velocity" cache hosts use TCP/IP to communicate with each other and support the cache cluster. To function correctly, each cache server needs firewall exceptions to be configured for the cache host service. Three separate ports are used: the cluster port, the arbitration port, and the cache port.

Client Types

In order to store data in the cache on a cache cluster, the System.Data.Caching.CacheFactory.GetCache(System.String) method is used to return a Cache object for you to work with in application code. Once instantiated, this Cache object is referred to as the cache client.

There are two types of cache clients: routing and simple. Each cache client also has the option to store cached data locally, which is named local cache. These cache client options are specified in the application configuration settings.

Deployment Models

Velocity” can be deployed as a service or embedded within the application. In cache service, client applications access the Velocity cache through client APIs (TCP/IP or pipes), just like Memcached.  In embedded mode, application (like ASP.NET) provides host for Velocity. The distributed cache runs as part of the application (or container) and the memory for the cache is shared with that of the application.

Microsoft project code named "Velocity" offers many options for specifying and storing the configuration details that are used by the cache cluster and the client application. Cache-based applications have the option of specifying configuration information programmatically or by using an application configuration file. There are three options available for storing cluster configuration settings: in XML, in a SQL Server Compact data file, or in a SQL Server 2005 or 2008.

Performance Test

Below is the test result for Velocity. The application consisted of simulating lots of users on many distributed client computers. Each user thread performs operations like Get, Put, and Remove on a 20K payload. It is a plot of  throughput as the load gradually increased and also as new servers were added. The throughput increases as the load increases until it reaches saturation and stabilizes. At this point, if we add more servers, load balancing kicks in and the throughput increases again and the response time goes down.

How to Start

For now, just install the Velocity in your machine and explore the sample codes. You can also refer to the following sources. Part of it is already referenced in this post.

- Download Velocity CTP 2 and Sample Codes 
- Microsoft Project Code Named “Velocity”
- Microsoft Project Code Named "Velocity" Team Blog
- Velocity MSDN Documentation

I will show you more about Velocity in my next post.

Cheers – RAM

Qt 4.5 with Visual Studio 2008 (VC++ Express)

Qt is a cross platform GUI toolkit from Nokia. Its SDK is available under an LPGL license, it means we can use it free of charge to develop proprietary, commercial, closed-source software (thanks to Nokia).  However, the current LPGL release leaves some gaps in using Qt from within Visual Studio 2008. This is somewhat understandable given that Visual Studio integration was a commercial-only offering and Nokia has Qt Creator (and not Visual Studio).  My problem with Qt Creator is it uses MingGW (gcc) compiler which is nowhere near as good as VC++ 2008.  Also for Visual Studio background like me, who is not familiar with Qt creator, learning Qt Creator will take time. Thanks to Wiria and AK who brought Qt to my table for a review.

Qt GUI Toolkit is very useful to develop portable application (single source codes) for *NIX, MAC and Windows (including Windows 98 but not being tested for Windows 7).  In this post, I will show you how to start using Qt SDK only with Visual C++ 2008, you can use FREE Visual C++ 2008 express too.

Build VC++ Version of Qt

- Download and install qt-sdk-win-opensource-2009.01.1.
- Install the SDK to default directory, in my case C:\qt\2009.01. I didn;t install MingGW and Qt Creator as I don’t need.  

- Once QT and VisualStudio 2008 both are installed and ready, open the VisualStudio 2008 Command Prompt.
- Change directory to the Qt SDK installation folder in the Command Prompt. Usually it would be of the form "C:\Qt\2009.01\qt"
- Run Configure.exe to target platform win32-msvc2008. You can simply run by typing configure or using other options. For example:

   C:\Qt\2009.01\configure -no-sql-sqlite -no-qt3support -no-opengl -platform win32-msvc2008 
   -no-libtiff -no-dbus -no-phonon -no-phonon-backend -no-webkit

- Build Qt for use with Visual Studio 2008 by typing nmake
- Configure and nmake will take time, be patient enough. In my case, I started to build 19.17 PM and completed on 23.47 (4:30 hours)!
- Once completed, Qt SDK is ready for Visual Studio 2008.



Build and Run the Qt SDK Samples

Once your Qt SDK is ready to be used you can see samples directory in your Qt SDK installation (usually, C:\Qt\2009.01\qt\examples) and then open the examples.sln file from your Visual Studio 2008. If double-clicking .sln file does not work, open it manually from your Visual Studio. There are a lot of samples from Qt SDK.

If you build and debug – calculator project of instance – you will notification that the application because QtGuid4.dll was not found.

To let Visual Studio knows the include and library files of Qt, add their paths to the:  

Visual Studio Tools|Options|Projects and Solutions|VC++ Directories

section. Typically you would want to add C:\Qt\2009.01\qt\include to the Include, C:\Qt\2009.01\qt\lib to the libraries and C:\Qt\2009.01\qt\bin to the Executables sections. Also you can add C:\Qt\2009.01\qt\bin to the Path System variable so that the Qt dlls get probed correctly when loaded from your application.

A lot of Qt samples inside the SDK. Try to build and run those sample applications to see how powerful Qt as GUI Toolkit.

Using Qt’s Visual Studio 2008 Plug-in

You can try Visual Studio add-in RC version (this will be a commercial product) to get integrated Qt templates and visual IDE features in Visual Studio 2008. I will not cover in this post, but this tools is promising. I will show you in my other Qt-VC++ post.

Hope this helps!

Ciao – RAM