This is one of those deep nerdy windows internals posts that will interest some and make other say "wow,  Tom needs to spend more time away from his computer".  There is actually a good reason why I've dug into this topic and it stems from my recent hardware allocation in my new job.  When I started I received a new Lenovo laptop with 4 GB of memory and my base image came with Vista 32 bit.  I didn't think too much of it and loaded everything up.  This was about 6 months ago so there was no Vista SP 1 at the time. 

To my dismay when I opened my computer properties I saw that I only had 3070 MB of available physical memory.  So somehow I lost an entire gig of RAM.  I spoke with some of my other colleagues that were also new hires and they didn't have the same issue.  Many of them had HP or Dell notebooks and they had more like 3.5 GB of available physical memory on their machines.

It was right around this time that I got my first deep internals class for my new job.  In this class we learned all of the tips and tricks for doing advanced perfmon analysis of memory leaks, disk performance issues, CPU bottlenecks, the list goes on and on.  Well the instructor was just incredible so when there was a break in the class I asked him about this issue.  He very quickly explained that the reason you see different amounts of available ram was because of the chipset and reserved space for device drivers (video cards typically the biggest hogs).

Ok,  no big deal then right.  Lesson learned,  when you look to purchase a laptop that can support up to 4 GB of physical memory make sure you find out how much it will make available to windows.  Then,  Vista SP1 came out and I couldn't help but notice when I went to the computer properties the window now said I had 4 GB of ram available.  Well isn't that interesting,  someone must have lied to me!!!!  Actually it turns out that with SP1 we decided to show the installed RAM instead of the available RAM.  This is very confusing as it's never been that way for any previous OS version.  If you want to learn some more about it you can take a look at this kb article http://support.microsoft.com/kb/946003/. 

Now my story here is one of confusion and ignorance.  If you're the type that wants to really understand this stuff then you have to go the best windows internals guy on the planet.  Of course I'm talking about Mark Russinovich,  he wrote a long blog post just this week (which is what reminded me I wanted to blog about this) that gives a complete explanation of this issue along with some other really cool stuff about RAM limits on other OS versions.  He also shows a screenshot from the largest test server in the world used to define the limits for memory in 64 bit windows (currently 2 TB because there was nothing any higher available that we could test with).  This is a must read http://blogs.technet.com/markrussinovich/archive/2008/07/21/3092070.aspx.  If you just want the technical detail behind the 4GB issue I talked about above then scroll down to the "32-bit Client Effective Memory Limits" section.

So the main lessons here are:

     1) If you are still planning to run 32-bit windows clients and you plan to install more than 3 GB of RAM then not all hardware is created equal.  Make sure you ask how much physical RAM is made available to windows.  This becomes even more important when you start doing a lot of Virtual Lab work as I often do.  It sure would be nice to get that third Win 2K3 server running with a full GB of RAM.  Why didn't I install the 64 bit version of Vista Ultimate again?

     2) The 64-bit client version of windows is really the only way to ensure you can start to have enough RAM for doing a lot of virtualization work.  It's also the only way to get in and see how many gaps your hardware has left in the device driver ranges (see Mark's review of this).  64-bit is the future ... embrace it ... love it ... live it.

There are two reasons why I went ahead and deleted my other blogs today.  The first is that I finally came to grips with the reality that managing three blogs is not very realistic.  That was probably evident by the fact that each of those blogs had about 2 postings.  So I'll be adding some new blog posts in my good old SOA focused blog that have maybe some out of bounds topics (like support, debuggin, and SQL BI).

The second reason for consolidating my other blogs is that I'm finding that the technology gods, in their infinite wisdom, have carved out a path for me in my new role at Microsoft that leads to SOA.  Three areas I've been spending a lot of time on the last two months are WCF, BizTalk and the Managed Services Engine (codeplex.com/servicesengine).  You may have noticed this in the form of some more technical postings on WCF and BizTalk recently.  Well that's only the beginning.  I have quite a few more active support cases where I'm learning really interesting stuff and I'm about to head out to Seattle for 10 days of training.  Half of that training will be on all of our SOA related bits from the SOA Solutions team.  Needless to say I'm really stoked.

Expect to see a lot of posts coming from me in the near future about all this stuff I'm working on.  I know I've said this before but I'm now focused and very excited because of the technology area I'm beginning to venture into.  Mr. SOAPitStop is back baby!!!!

Before I forget to do this I wanted to post about this issue because it cost me a 1/2 day of debugging and I hope to save you this agony.  It actually turns out there's a nasty little issue when you use Virtual Server 2005 differencing disks to quickly stand up lab enviorments.  In my new role with Microsoft support I'm constantly setting up 1, 2, 3, and sometimes 4 node lab environments so differencing disks are pretty much a must.  Of course if you want to do this and still need the ability to join these servers to a test domain, then you have to make sure you rename / resid them.  That's where I've always relied on newsid from the sysinternals tools. 

 I've always wondered if this was a hack (versus a full sysprep) and I wondered when it would jump up and bite me.  I noticed in IIS that the anonymous user account does not get recreated to use the new computer name but that's never impacted me (I sort of figured a local account really isn't going to make much of a diff).  Well,  I have now finally found an issue that is ugly.  It turns out that if you are going to build an app server / db server both from the same base OS image you are going to have some issues with MSDTC.  I ran into this as I started to run through the BizTalk configuration tools.  I kept getting the following error:

 2008-07-08 17:44:58:0896 [ERR] WMI Failed in pAdmInst->Create() in CWMIInstProv::PutInstance(). HR=c0c025b3
2008-07-08 17:44:58:0906 [ERR] WMI WMI error description is generated: Exception of type 'System.EnterpriseServices.TransactionProxyException' was thrown.
2008-07-08 17:44:58:0936 [INFO] WMI CWMIInstProv::PutInstance() finished. HR=c0c025b3
[5:44:58 PM Error BtsCfg] d:\depot2300\mercury\private\mozart\source\setup\btscfg\btswmi.cpp(358): FAILED hr = c0c025b3

[5:44:58 PM Error BtsCfg] Exception of type 'System.EnterpriseServices.TransactionProxyException' was thrown.

At least this error helped me narrow down the root cause of the problem which is obviously System.EnterpriseServices.  So I started looking at all my settings for MSDTC and nothing seemed out of the norm.  All the right security settings and network dtc access settings were there.  So it was time to do a quick search with live.com (that's right ... I said live.com ... google is so 5 years ago :)

It turns out the problem is with the underlying CID settings for MSDTC.  It looks like newsid doesn't go in and take care of these.  Fortunately I wasn't the first one to come across this because I don't know if I would have come up with these steps.  A big bravo goes out to Wade Wegner who wrote a great overview of the problem and the steps to fix it.  You can read the full description and steps to identify wether or not this is your issue here:  http://blog.wadewegner.com/2007/08/13/quotWarningTheCIDValuesForBothTestMachinesAreTheSamequot.aspx.

If you just want the solution you can follow these quick steps on both machines. (taken from Wade's blog).

Use Add Windows Components, and remove Network DTC.
1. Go to the command line and run: MSDTC -uninstall
2. Go to the registry and delete the MSDTC keys in HKLM/Software/Microsoft/Software/MSDTC, HKLM/System/CurrentControlSet/Services/MSDTC, and HKEY_CLASSES_ROOT\CID. *
3. Reboot
4. Go to the command line and run: MSDTC -install
5. Use Add Windows Components, and add Network DTC.
6. Go to the command line and run: net start msdtc **

* for me the CID settings were deleted when I did the -uninstall so you shouldn't need to remvoe the last ones.  Also,  this does mean you should delete the key at the top level and purge all the subkeys,  that freaked me out a little at first but of course we're just talking about a test lab here so I figured why not try it.  It worked like a champ.

** This step wasn't required for me as the service was already running following me adding the network DTC access from the windows components installer.

Ok,  I've been working in Premier support for exactly 5 months now (to the day).  I must have learned something interesting I can share with everyone.  I mean it looks like the only blogger left alive on SOAPitStop is Anachostic (good stuff by the way David). 

Well there is some good news,  I've been spending time working on the distributed services PSS team as I continue to ramp up on dedicated engagements with custom solutions customers.  That means I've been getting some really cool deep WCF issues to dig into.  One of the most recent ones was a seemingly simple question about what happened to the PreAuthenticate switch between ASMX and WCF.  I was sure I had just missed this property on some internal Http channel class .... wrong!  I also figured this would be something plenty of people have already blogged about so there'd be no point in doing a long write up about this .... wrong!

Enough build up,  here's the short of it.  It turns out the PreAuthenticate flag is not something that can be easily controlled by you as a develoeper in the world of WCF.  In fact,  the underlying default channel factories will use your security settings to decide exactly how this setting should be set (ex. Basic auth gets PreAuthenticate by default,  NTLM gets UnsafeAuthenticatedConnectionSharing by default).  This is good and bad,  on one hand I think there were a lot of developers that were unaware of the overhead associated with reauthenticating every HTTP request when PreAuth was turned off.  I also think that it was a very misunderstood setting,  in fact,  until this most recent deep dive I had some misconceptions about how this worked too.

What I'm going to do is breakdown each of the main HTTP authentication schemes used in IIS and exactly how the WCF client proxies behave in each scenario.  Along the way I'll explain the gory details of the HTTP stack and how to avoid significant overhead with your HTTP based WCF services.  To reinfoce the behavior you'll see some snippets of IIS logs.

Basic Authentication:  I'll start with basic auth as it behaves in the most straight forward way.  If you have to use basic auth over SSL and you start using WCF you have nothing to worry about.  If you dive into the code you'll find in the System.ServiceModel.Channels.HttpChannelFactory.GetWebRequest that when the AuthenticationSchemes.Basic is set that the PreAuthenticate is set to true automatically.  Now this is where I initially had a misunderstanding about how this works.  I was under the impression that when I have the PreAuthenticate set to true that I would not see any 401 errors in the IIS logs.  In other words,  the initial challenge/response was short-circuited and would thus avoid two trips to the server.  My understanding was partially correct.  What actually happens is the initial request from that TCP connection always requires two trips.  Once the authentication handshake is complete each subsequent request will benefit from the PreAuthenticate flag.  This is why it is the default in WCF,  there's really no downside to having it set and it will significantly improve performance anytime you make multiple requests from the same authenticated connection.  One of the best write ups out there is from the MSDN Forums (http://forums.msdn.microsoft.com/en-US/asmxandxml/thread/3ae9753d-2d97-45b9-9ba2-6d551fe60a48/)

IIS Logs Sample (4 Requests):

2008-06-26 15:10:27 W3SVC310214380 192.168.1.210 POST /Service.svc/BasicAuth - 8787 - 192.168.1.103 - 401 5 0
2008-06-26 15:10:27 W3SVC310214380 192.168.1.210 POST /Service.svc/BasicAuth - 8787 soapitstop\user1 192.168.1.103 - 200 0 0
2008-06-26 15:10:27 W3SVC310214380 192.168.1.210 POST /Service.svc/BasicAuth - 8787 soapitstop\user1 192.168.1.103 - 200 0 0
2008-06-26 15:10:27 W3SVC310214380 192.168.1.210 POST /Service.svc/BasicAuth - 8787 soapitstop\user1 192.168.1.103 - 200 0 0
2008-06-26 15:10:27 W3SVC310214380 192.168.1.210 POST /Service.svc/BasicAuth - 8787 soapitstop\user1 192.168.1.103 - 200 0 0

Integrated Authentication (NTLM): The first thing to do here is differentiate between NTLM authenticaiton (aka Integrated "Windows" Authentication) and Kerberos authentication which is the typical default used on Windows Server 2003.  In fact you will often find that IIS needs to be forced to use NTLM exclusively because of the desire to use Kerberos (this is largely because Kerberos is considered a better security standard).  Forcing IIS to use NTLM as the authentication provider is a blog post for another time.  Let's just say you've gotten your client and service to communicate using NTLM instead of Kerberos.  How does the PreAuthenticate switch factor into this.  Interestingly enough it doesn't play in at all.  What actually happens in this case can be found in System.ServiceModel.Channels.HttpChannelFactory.GetConnectionGroupName.  In that method you can see a call to "IsWindowsAuth" followed by the setting of the UnsafeAuthenticatedConnectionSharing property to true.  Well,  that sure does sound scary doesn't it.  Not to worry,  the "Unsafe" keyword is there because without a user based ConnectionGroupName you could see users gain elevated connection privileges.  In the case of WCF the connectiongroupname is built from the incoming credentials so everything is isolated as you would expect.  Once again,  without doing anything special you'll see that you get the benefit of a reusable authenticated TCP connection when using WCF.

IIS Logs Sample (4 Requests):

2008-06-26 15:10:25 W3SVC310214380 192.168.1.210 POST /Service.svc/WindowsAuth - 8787 - 192.168.1.103 - 401 5 0
2008-06-26 15:10:25 W3SVC310214380 192.168.1.210 POST /Service.svc/WindowsAuth - 8787 - 192.168.1.103 - 401 1 0
2008-06-26 15:10:25 W3SVC310214380 192.168.1.210 POST /Service.svc/WindowsAuth - 8787 SOAPITSTOP\aanalyst 192.168.1.103 - 200 0 0
2008-06-26 15:10:25 W3SVC310214380 192.168.1.210 POST /Service.svc/WindowsAuth - 8787 SOAPITSTOP\aanalyst 192.168.1.103 - 200 0 0
2008-06-26 15:10:25 W3SVC310214380 192.168.1.210 POST /Service.svc/WindowsAuth - 8787 SOAPITSTOP\aanalyst 192.168.1.103 - 200 0 0
2008-06-26 15:10:25 W3SVC310214380 192.168.1.210 POST /Service.svc/WindowsAuth - 8787 SOAPITSTOP\aanalyst 192.168.1.103 - 200 0 0

 Integrated Authentiation (Kerberos):  This is where things start to get interesting.  Based on the last section you already know that this configuration will also get the UnsafeAuthenticatedConnectionSharing property set to true.  You would also think that this means it would behave consistently with what that peroperty did with Ntlm.  Unfortunately,  that is not the case and I don't actually have a good answer for this at this time.  I continue to do background research on how to avoid multiple round trips when using Kerberos instead of Ntlm but until I have a better answer (which may end up being a security enhancement or some other type of known benefit to reauthenticating every request) you'll have to do one of two things.  The first one (and by the far the easier of the two) would be to just use Ntlm in an intranet (specifically Windows to Windows) scenario instead of Windows Auth.  If you absolutely have to use Windows/Kerberos (I keep saying "Windows" because that's the enum option in the WCF transport security) then you may want to explore building your own channel and insert your own implementation that can set the PreAuthenticate switch to true for Windows auth in the same way it does for Basic.  I have not validated this yet myself but I plan to when I get some free time.  If nothing else I hope this helps clarify what has always been a confusing topic in my book.  One other noteworthy aspect of this last configuration is about the IIS metabase and the AuthPersistence flag settings.  I actually played around with these a lot but they didn't buy me anything,  come to find out the AuthPersistence flags are only relevant to Ntlm.  For more information on these you can look at the following link http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/8feeaa51-c634-4de3-bfdc-e922d195a45e.mspx?mfr=true 

IIS Log Sample (4 Requests)

2008-06-26 14:39:42 W3SVC310214380 192.168.1.210 POST /Service.svc/WindowsAuth - 8787 - 192.168.1.103 - 401 5 0
2008-06-26 14:39:42 W3SVC310214380 192.168.1.210 POST /Service.svc/WindowsAuth - 8787 SOAPITSTOP\aanalyst 192.168.1.103 - 200 0 0
2008-06-26 14:39:42 W3SVC310214380 192.168.1.210 POST /Service.svc/WindowsAuth - 8787 - 192.168.1.103 - 401 5 0
2008-06-26 14:39:42 W3SVC310214380 192.168.1.210 POST /Service.svc/WindowsAuth - 8787 SOAPITSTOP\aanalyst 192.168.1.103 - 200 0 0
2008-06-26 14:39:42 W3SVC310214380 192.168.1.210 POST /Service.svc/WindowsAuth - 8787 - 192.168.1.103 - 401 5 0
2008-06-26 14:39:42 W3SVC310214380 192.168.1.210 POST /Service.svc/WindowsAuth - 8787 SOAPITSTOP\aanalyst 192.168.1.103 - 200 0 0
2008-06-26 14:39:42 W3SVC310214380 192.168.1.210 POST /Service.svc/WindowsAuth - 8787 - 192.168.1.103 - 401 5 0
2008-06-26 14:39:42 W3SVC310214380 192.168.1.210 POST /Service.svc/WindowsAuth - 8787 SOAPITSTOP\aanalyst 192.168.1.103 - 200 0 0

Well there it is,  hoepfully this explains why you really don't need to set these settings anymore in the WCF client proxies.  I also have some other good support cases I've worked on performing pre-compilation with WCF services and a huge scalability and perf overview of TCP based services.  I hope to get around to writing those up in the next few days.  If you have any follow up questions please post a quesiton or comment here on SOAPitStop.

I know what you're thinking,  "what ... I thought this blog had been shut down?".  Not quite,  I will admit that I've been a little less than active though.  I'm just coming out of about 2 1/2 months of *very* busy new job startup stuff.  I think it's safe to say that I now know what it means to be really busy :) Things are just starting to settle down now so I hope to be posting to this and my new Business Intelligence blog (also on SOAPitStop.com). 

The reason for this post is that I wanted to share a new publication that came out of a huge collaboration with all of the Microsoft field and support professionals that work every day with BizTalk 2006. They basically took all those experiences and put together a 625 page operations/field manual.  This will fill in the gaps from all of those BizTalk books that have been published.  I don't know about you but I'm always looking for best practices and checklists to make sure I know I am at least starting from a good solid base.  Sure these things are never absolute but they probably hit the 80/20 rule for sure.  This is also very relevant for my new job where I'm responsible for helping customers adhere to best practices for custom solutions which may include base products like BizTalk,  SQL Server, Team Foundation Server, Project Server, Visual Studio, etc.. 

 As far as the operations guide,  here are some highlights:

• Planning for performance and high availability
• Operational readiness checklist
• Best practices for configuring SQL Server
• Monitoring Biztalk Applications
• Best practices for deploying an application
• Using the Performance Analysis of Logs (PAL) tool to assess the health of BizTalk server
• Best practices for disaster recovery
• Investigating and Identifying performance bottlenecks

Click here to download your own copy: http://msdn2.microsoft.com/en-us/library/cc296643.aspx

I am really excited to announce that starting January 27th of 2008 I will be taking a position with Microsoft.  My new title will be Premier Field Engineer (Solution Specialist) and I will work under the Product Support Services (PSS) umbrella.  So what does that mean?  Well this is the team that is called in when those really gnarly issues show up.  Regardless of whether its a custom application or a Microsoft SKU we can get called in to "save the day".  I've heard it described as "commando debugging".  So if your organization has a support contract with Microsoft we may be working together sometime in the near future!

Actually,  that's only part of the role,  I will also be heavily involved in our library of tools at PSS and I can often be called on to develop and deliver tailored training materials for our customers.  The combination of these responsibilities scratches me excatly where I itch.  As you can probably tell I'm really excited about this opportunity.  Working for Microsoft has been a professional goal of mine for some time now.  Also,  the team I'll be working on is stocked full of really incredible technology professionals (and I haven't even met all of them yet).  I have a lot to learn and I can't wait to start with this knew challenge.

For those of you that know me and know that I'm in the west Florida area,  don't worry,  you'll still see my smiling face at local user group meetings.  This role does not require me to relocate so I'll be working primarily out of my house with the occasional trip out of town to help our customers.  That being said,  I will most likely be backing out of some leadership roles in organizations like IASA and of course I will no longer be a Microsoft MVP so there will be some changes.

Finally,  I have to thank those that have helped me get here.  My managers and peers at my current employer are all great people and I will miss working with all of them.  They are truly doing some incredible groundbreaking work there.  The commitment of the management team to move full speed into the next generation of Microsoft products is really encouraging.  If you know anything about fortune 100 companies you know that its often very challenging to embrace new technologies in a timely manner and they do.  Also,  the role I played there was one that was able to make a huge impact which was very rewarding.  If you're at all interested in getting that type of experience let me know and I'll gladly forward your information to them.  Also,  the fine folks at DevelopMentor have been really nice to me as well.  We never did manage to get to a point where I could become a full time instructor but they completely opened my eyes to another level of technology knowledge. 

In closing,  I realize that every change has unknowns and that can be scary.  In my situation,  these are risks I am more than willing to accept to be able to work with a technology company like Microsoft.  Every Microsoft employee I've ever met seems to be made out of some of the same materials.  Add 3 parts intelligence, 2 parts professionalism, and 5 parts passion for technology and you have what it is that I completely grok about becoming a Microsoft employee.  I am truly honored to be given this opportunity and I will definately be making the most of it!

I know these things are all really lame and contrived but who cares ... it was fun.  I'm not sure what this is supposed to tell me but it turns out the super villain quiz has me taking on the personality of Dr. Doom.  Kind or makes sense ... half nerdy ego maniac.  Right up my alley :)

Blessed with smarts and power but burdened by vanity.
 

Click here to take the Supervillain Personality Quiz

Well if you missed the first meeting of the Tampa chapter of IASA then shame on you.  Ok,  you're forgiven,  but only if you make sure you don't miss this next one.  Cory Foy (Premier Engineer at Microsoft) has volunteered to give us an hour talk about Michael Feathers work titled "Working Effectively with Legacy Code".  Cory used to work on NUnit and has a ton of background on Unit Testing and TDD.  If you're an architect and you would like ideas on how to improve legacy code then you have to attend this session.  If you're an architect and you don't deal with legacy code ... where do you work and are they hiring :)

Go here to register and tell your friends!!!!

http://www.clicktoattend.com/?id=122714

That's right,  my wife and I just had our first child and we couldn't be happier.  Kaitlyn Elizabeth Fuller was born on 10/16/2007 at 5:22 pm weighing in at 7 lbs 10 ounces and 20 inches.  Baby and Momma are recovering well and I'm able to take 11 days off to stay home and enjoy this wonderful time.  If you want to see some pictures go here: http://www.soapitstop.com/kaitlynfuller.

I spend a lot of time and energy teaching systems designers how to deliver code that would be considered well architected.  For the past three years, that has been predicated on the tenets of Service Oriented Architecture.  What I continue to see 9 out of 10 times is deliverables that miss the mark.  This list of seven sins is my therapy for the frustrations of designing to the SOA tenets (in other words I apologize ahead of time for the ranting :).  Please leave comments, flames, counterpoints ... I'd love to hear your thoughts on all of these.

 Without further adieu ... "The Seven Deadly Sins Of SOA"

 1)  The only way to ensure high availability or high performance in a SOA system is to replicate data between systems.

Commentary:  A past colleague and myself wrote an entire article on this anti-pattern for SOA in The Architcture Journal.  The idea that you need to physically move data between systems in order for them to work is about as logical as saying your entire database needs to be in memory on your app server in order for that to work.  If you have that type of availability requirement then sure these types of solutions must be considered.  More often,  there's very small edge cases that could create a temporary delay in a business process.  Usually,  the issue isn't the availability of the service,  instead its the manner in which it is consumed (i.e. batch or synchronous transactions instead of async transactions). 

Fault tolerance is a design goal that all consuming applications must deliver based on their requirements,  if the requirement is that it can absolutely never fail then you have to eliminate all external dependencies.  That might mean caching the output of the service but you have to make sure you use it only as a cache.  You can't start using it as a permanent data store and joining to the cache with other queries.  Once you've done that you've built a very tightly coupled dependency. 

The other myth I hear all the time in this space is that if I focus on "data residency" with my database design then I'll be able to avoid some of this replication.  That's interesting but dangerous becuase I think it starts to move you down the path of putting together an enterprise database (or at a minimum one database per line of business).  It also gives you an easy way to cheat and grab data that logically violates your defined boundaries.  Again,  the concern there is the coupling of business components down at the data tier.  This is why I favor middle out domain driven design as opposed to a data tier up approach (more on this later).

Now as far as performance goes ... well you're going to see me talk a lot more about that one in other sins so I won't harp on it here.  For more information on this one read "Data Replication as an Enterprise SOA Antipattern" at http://msdn2.microsoft.com/en-US/library/bb245678.aspx.

2) In order for us to achieve optimal performance we must pre-process all business transactions and persist the results using a batch process.

Commentary:  I deal with this design strategy almost every day and it is the most damaging design approach I know of to the overall health of the enterprise architecture.  This really boils down to a batch processing mind set versus an event driven architecture mind set.  The latter being the one that provides you with better adaptability, supportability, and extensibility.  The most obvious pitfall of pre-generating results in a batch process is that those results are immediately stale.  If any of the data that feeds into these processes changes then the results we calculated in the batch job are now bad.  There's also the horrible job of babysitting these super long running processes to make sure they do at least 90% of their work 100% of the time.  Very often this requires people to be "watching the jobs" or building in things like retry logic or checkpoint/restart.  In my opinion this is probably the most expensive and inflexible way to build an enterprise system.  This ususally will result in overproducing results (batch processes don't know what the users are going to ask for) and adding horrible capacity and logging demands (when I talk about logging I mean things like archive logging in the database ... imagine a system that has to pre-create millions of results that would normally happen throughout the day when a service is called ... that's one big freaking transaction log file).

 If you drive all of the processing back to the core events/transactions that begin all of this activity and if/when they become long running you favor asynchronous managed transactions over store and wait batch processes you'll find that you're in a much better position to adapt to your customers needs.  Just about everything that happens in an enterprise can be traced back to some type of an event that some user is initiating ... the only things that don't have event triggers are those things that are time phased (for example triggering archiving of data after it's 14 days old).  I can't even count how many times I've heard that we can just "add another step to the nightly batch" as an answer to a business problem that should have been as simple as adding a few lines of code into the managed business transaction/process/service.  I often call myself the "batch killer" because I find if you force designers to think about how they would solve their problem without the batch crutch they use a lot more ingenuity and deliver a much more useful piece of software.  This sin is a big one and I think it's the number one obstacle for any company trying to do enterprise SOA.  Batch has to become a dirty word or you'll never see half the benefits you should be seeing with SOA. 

3) In order for us to be service oriented we simply need to have a layered architecture that forces web services between our user interface and busines layer.

Commentary:  I've seen first hand what can happen when you follow this approach.  This strategy can at first seem like a good way to get the enterprise to buy into web services and SOA as a standard distributed design goal.  The problem is,  if you don't have good design practices that are based on appropriate component boundary definition then you're likely going to be putting web services in front of components that lack cohesiveness.  This will result in the phenomenon known as "private services".  I hear that from designers at least once a week.  "Why do I need to define a web service if my application is the only one that will consume it".  The answer to that is easy ... you are not building web services for your application you are building business components that are scoped to the enterprise and you are exposing business services using a neutral technology like HTTP/Text so it could be consumed by others.  Ok ... maybe it's not that easy of an answer :) 

Seriously though, the goal with SOA is to take the meaningful domain components and expose their logic via an interface that can be interoperable (this is why I love the flexibility in WCF .. I don't have to start with HTTP/Text ... I can move there when I need to).  There's nothing magic about ASMX or WCF in terms of designing components so they can be useful to your enterprise.  That burden falls back on the strategy architects and solution architects.  You have to know that when you deliver a system you are delivering pieces of business functionality.  You might be aggregating three or four interesting business components.  If you don't define those components as seperate assemblies and encapsulate all of the aspects of those business components then I'm sure your services will suck.  A service that simply exposes the logic to save some cobbled together composite business entity that a user dreamed up is probably not going to be useful to expose.  However,  two different services that expose data from very cohesive business components that are simply aggregated for viewing purposes will be.  If you find yourself saying your web services are only useful to my application ... your design is off track.  Stop .... back up ... and look at your component design boundaries.  That's the problem.

 4) The only services I need to create are CRUD services.

Commentary:  This happens all the time and I believe it's because there is a serious lack of focus on the business processes/transactions that drive all of the work in the enterprise.   I believe this comes down to what drives your software design.  There's a lot of strategies in this realm,  things like "Test Driven" or "Domain Driven" or "Architcture Driven".  I think the important one is actually "Business Process Driven".  A good friend of mine wrote a nice article on this called "Purporting the Potence of Process" (http://www.code-magazine.com/article.aspx?quickid=0703021&page=1).  He and I are very like minded when it comes to enterprise systems development so I won't go into too much of rant here ... he's already done that for me ... thanks Ambrose :) 

I will say this though,  if you aren't making sure that business processes are helping to drive out your system then you probably are going to end up with relatively innocuous services like the CRUD services mentioned in this sin.  The real business processes have very interesting steps and very interesting state that they will represent during their life cycle.  If your design is lacking any sort of state diagrams or business process diagram then you're probably designing services that are based on an extremely limited view of what that business component is supposed to do.

5) I am in a .NET to .NET scenario here so why should I care about interop.

Commentary:  This type of thought process just lacks vision.  When a developer tells me they don't think any Java client will ever call their service I tend to say this "Your crystal ball is no clearer than my crystal ball".  That being said,  we don't want to add a ton of complexity just to win an interop award and put it on the wall.  That's why it's so great that the WS standards bodies have helped us to understand what we can and can not do.  This doesn't add any serious overhead to your design if you keep it in mind up front.  Well,  I'll take that back,  with the onset of WCF and .NET 2.0 I would say that it doesn't add a lot of overhead to your design.  In the days of .NET 1.1 when you tried to avoid things like datasets or collection types you found yourself having to do weird little hacks like manually genterating the proxy classes or manipulating the generated code to re-reference your data transfer entities.  It really sucked. 

That's why I love what is now available in WCF.  This makes your interop decision an easy one,  make sure you understand what should be available based on the WS-BasicProfile and if you want to define other access points that can do the fancy .NET to .NET stuff then go ahead and do it with another endpoint.  This type of flexibility would have saved me hours of design arm wrestling with system designers who were 100% sure their services would never get used by a different platform.  Oh by the way ... it's not just about can a Java client call your service either ... see my last post on BizTalk server or consider some of the other portal environments out there or third party systems that might be able to consume services in the future.  You simply don't know what the future holds ... that's why architecture always tries to make strides toward the most broadly reusable design specifications (assuming of course you can still satisfy the requirements of the system).

6) I know that my logic in this component will never be reused by anyone other than my application ever until the end of time.

Commentary: This is a little different than the one you see above which is about reuse across platforms.  This is where a designer tells me unequivically that the logic we are designing for this system is only useful to this one single deliverable.  It's logic that no one anywhere will ever want to invoke ever.  This is a very "one-off" thought process and also lacks vision for just about everything in the distibuted development world.  I think just about any business service that gets defined around a cohesive business component has a potential to be used in a different way in the future.  Let's use an example,  lets say I am building a business service that is defined to be used as part of a batch process (yes ... that's right ... I see a lot of this).  Well what if in the future we wanted to start calling that same business service realtime.  It wouldn't be hard to imagine another entry point that wasn't responsible for processing 1 million business transactions in a single bound but instead it could handle batches of 10 or 20 that were being called from a user interface or from an asynchronous workflow.  When you consider the increased capabilities of application servers to run parallel processes with multi core processes you have to expect that building scalable systems in the future will be different than today.

This brings me to another interesting point about this one-off approach to delivering distirbuted systems.  It seems to me the same designers that feel like there is no way this process step could be used anywhere other than a batch process are also the ones that are not really strong at defining and delivering to an object based or domain driven design paradigm.  When you think about the aspects of your system in terms of domain concepts you can't help but think that everything your defining has value beyond the scope of your deliverable.  Isn't that what we as designers would want to strive for?  It is amazing to me how many designers want to put up walls around their components because they want to deliver just "to the specs" of their problem.  I guess part of me understands it.  We don't usally have a parade for people when something they delivered is easier to reuse or update 2 years later.  We do on the other hand reward those that meet the timelines of the project and deliver what was asked for in that time window (no matter how short sighted that may be).

It really is a shame though,  I always find myself wanting to desperately build stuff that is interesting and useful to as broad a set of consumers as possible.  It just feels more rewarding/fun to know that what I designed is now useful to 10 systems instead of 1.  Maybe that's because my role as an architect affords me the ability to have broader scope.  Maybe that's because the people I interact with are all similar in their approach at delivering systems.  Not sure what it is but I just think it's really boring to deliver stuff that only satisfies one function and then privatize it so it has no flexibility going foward.  That is procedural one-off thinking and it produces code that will have a finite lifetime because someday ... I promise you ... there's going to be some other use for that function you didn't think of.  This is actually more of an issue of enterprise development agility than anything else.  I actually think that topic deserves a blog entry of its own so I'll stop there.

7) Performance is not "a" requirement it's "the" requirement.

Commentary: Ok this one has been crawling all over me for the past 3 months or so.  There always seems to be this extremely passionate set of people that make every decision based on uber-performance goals.  Often times these are very smart people.  They can explain every millisecond of overhead possible in every component of the system.  There is usually a super heavy focus on how to optimize everything at the database and then make the rest of the architcture fit into whatever design goals exist for fetching and persisting data.  It all makes all the sense in the world ... if performance is "the" requirement.

The problem with this is that it becomes almost a battle cry for every developer and designer in your enterprise.  What was initially a design direction that should be followed when there's an extreme case of a process that has to read 15 million rows of database in 15 minutes (guess what that is ... can someone say batch process) becomes a strategy for everything that exists.  Developers are always avoiding things like round trips to the database (even though they have very little overhead) or serialization to XML.  That's where web services and even SOA start to get a dirty name in the "Performance Oriented" design world.   Like anything with architecture/systems design performance has to be considered and has to be evaluated against the requirements and the long term goals of the architceture.

Very often (like 90% of the time) the performance overhead associated with calling a web service is insignificant.  The alternative is always to take the logic and either rewrite it (often using cut and paste techniques) or just redploy the components locally (contributing to versioning, maintainbability, and code fallout problems).  All for the sake of avoiding milliseconds of xml serialization.  I've already said it earlier in this post but I'll say it again.  I can't wait to have these performance discussions once WCF is mature and available to me as a tool in my enterprise customers.  I would love for a designer to argue that the overhead associated with a named pipe transport or a TCP/Binary call will kill their performance.  I guess this is another reason I have nighmares about batch processes.  Usually these arguments are only interesting when we are talking about millions of transactions in a compressed time window.  If you can remain creative and use some ingenuity to avoid the batch process all together then you'll never be dealing with a "we can't use a centralized component because it adds .0000001 of overhead".

No ... I'm not done .... I actually could rant about this for another couple of paragraphs but I'm going to stop ... for now :)

In closing, I hope you found some of these items interesting and maybe even had your eyes opened so some issues in your enterprise that lead to poorly designed SOA components.  The good news is,  I think this is all getting a lot better as the frameworks and tools for delivering solutions to the SOA tenets improve.  WCF and .NET 2.0 took a lot of the problems and made them simple configuration switches.  I also see more and more designers and developers understanding and appreciating the long term goals of SOA.  If you want to hear more about this topic you should pick up the TechEd 2007 DVDs and listen to my talk titled "Best Practices for Designing Reusable SOA Services".  In there I go through a bunch of very concrete strategies that'll help you deliver services that are flexible enough to avoid these sins.  Lastly,  please sign up on SOAPitStop.com and give me your feedback on these.  I really want to hear what you think!!!!!

Recently I was involved in troubleshooting a very interesting problem with a ASMX 1.1 web service that I wanted to share.  Being a self-proclaimed SOA geek I was shocked to learn that the character type in .NET was not interoperable.  That's right folks,  if you build a web service and expose a character field you are not conforming to the basic XSD specification and you are subject to 10 lashes from the interop police.

How did I come across this?  Well I was helping to troubleshoot a problem with BizTalk server where a developer wanted was building an orchestration that would have to do checks against a simple character type to facilitate decision making in the workflow.  In other words the code needed to say "if message.node.innertext = Y ... do this".  The problem started to show up when the messages were dumped to a file for tracing.  Instead of "Y" as the innertext in the xml node it was "89".  Hmmmmm....well that is actually the ascii code equivalent to that character so it's not as wacky as it initially seemed.

The first thought was that some character encoding setting was "kerflunkered" on the BizTalk orchestration.  We looked here and there,  we changed different pipelines to use xmlreceive instead of passthrough, and we tried adding some hints to the message transformers to get it to change.  Unfortunately none of these things made any difference.  The next things I looked at were the XSD definition of the response message from the web service in BizTalk and that started to point out the issue.  In the type definition of the character fields you could see that it didn't use the standard "xs:" types.  Instead it was a type that had a namespace of www.microsoft.com/wsdl/types.  Uh oh ... now it's starting to become clearer.

The next thing I had to look at was the actual response from the web service on the wire.  So I started up my SOAP toolkit trace utility and captured the messages flowing back and forth to the web service and sure enough there it was staring me in the face.  The response from the web service was already represented as the ASCII code before it even got back to BizTalk server.  Well crap,  then how does .NET always make it so easy for you to work with character fields when you're dealing with web services?  I mean if this is true then every web service and consumer that has dealt with character fields would have been comparing against integer values. 

Well this is where the magic and wonder of the XMLSerializer comes in.  If you open up the XMLSerializer code and look at how it serializes and deserializes character types you'll find that it does a conversion to a UInt16 and then does a directcast to a character using the XMLConvert class.  This is why I titled this my love/hate relationship with the xmlserializer.  I love that this detail was abstracted away from me but I hate that I never noticed it and obviously could cause all sorts of interop problems without really even knowing it.  I guess this is why the contract first camps continue to get traction whenever you start talking about truly interoperable web services.  There's just so many little things you take for granted with your type system.  If you start with XSD you'd never have this problem.  Bravo to BizTalk server for sticking to it's native XML tenet. 

Lastly,  I had to look at how this was handled in WCF (because in my opinion that's what Saturday mornings are for :) with the new System.Runtime.Serialization namespace.  So I opened up Lutz's reflector and started digging into the datacontract serializer.  To say that it's a little more sophisticated would be a gross understatement.  Basically you have to first figure out how WCF deals with the built in data types which was initially a little tough to track down.  Eventually I found the "TryCreateBuiltInDataContract" methods on the DataContract type (this was after some initial dead ends of tunnelling through the DataContractSerializer type).

What you will quickly see from this class is that each of the different known types in .NET has its own contract.  I am interested in the character type so I need to look at CharDataContract which is a type in the root of system.runtime.serialization.  Once you get to this type you can see there are two key methods "ReadXmlValue" and "WriteXmlValue".  The write method is the easiest so I'll describe that first.  You can see the code is simply "writer.WriteChar((char) obj)" and in that method you can see the value is written as "writer.WriteValue((int) value)".  Guess what that means ... it means with WCF you'll still see the ASCII value in your xml when you are using the new data contract serializer. 

Some additional inspection of the read side of this shows me that there is a "ReadElementContentAsChar" which actually calls to the same System.Xml.XMLConvert class that was used by the old serialization routine.  How about that for some consistency.  So you'll still be getting just about exactly the same behavior your used to in terms of the character type when you move to WCF.

In conclusion,  I'm not saying that any of this is good or bad.  It just surprised me that the ASCII character codes were what are used on the wire.  I suppose it makes sense when you consider all of the possible character sets that could be handled by using the ASCII/Unicode number ranges.  As an additional experiment I'd like to see how the Java web service stack handles this as that'll go a long way to understanding how interop would truly work in these situations.  If you don't want to worry about this stuff then stay away from the character type all together and just use strings.  Sure there's some very slight memory footprint benefits you're getting by sticking with a primitive value type like character but if you're dealing with xml as a transport you're not really focusing that much on data transport/storage size anyway.

That's right,  the Florida .NET community continues to grow.  The Central Florida .NET User Group will be based out of Lakeland, Florida and we will be having our first meeting on November 13th at 6:30 pm.  This gives all of those .NET junkies that live somewhere in between Tampa and Orlando a great alternative to battling through rush hour traffic to get to a meeting.  The group is being run by Roy Lawson (former colleague) and it'll have the same type structure and objectives as the Tampa and Orlando groups.  If you live in the Lakeland, Winter Haven, Plant City, or Auberndale this is going to be really convenient for you.

 So what will I be talking about,  well I thought we'd take a step by step walkthrough on how to convert an ASMX 2.0 web service to a WCF endpoint.  This is something everyone is probably starting to dive into now that .NET 3 has been available for close to a year.  As I walk through that upgrade I'll explain all of the differences and flexibility that you start to get out of the box with WCF.

Space is limited so register now at: http://www.cfdotnet.org/

I look forward to seeing you all there!