Measuring performance of User Interface and REST service layer separately

Recently we were working on a project where we were looking to separately measure performance of UI (User interface) and REST service layer separately.

Technology involved were- C#.Net 4.5, MVC5.0, JQuery, JSON, XML, Restful Services

So we were searching for a profiling tool which can server our purpose with minimum cost and time/effort involved.

We found several tools that can be used -

• dotTrace
• Mini-Profiler
• MaintainJ
• Dynatrace 

Hope this helps someone who is looking for similar profiling tool.

Few points about Micro-services architecture

Micro-services are not meant to be scaled down version of SOA (Service oriented architecture). They should be based on business context and should not be created based on technical refactoring viewpoint.

Ideal platforms for microservices would be cloud were you can easily scale any one component we want. Example if we notice that one business component (say UI) need support 1000 instances and rest every thing can be 1 or 2 instances then decompose the UI component into a microservice

Cloud platforms and dockers are good area to experiment with micro-services as scaling, and management of  multiple versions can be easily accomplished there.

Few no's for microservices -

• No clustering should be planned
• Try to make integrations independent of programming language (rest, http, xml)
• Avoid single database for multiple microservices

Finally one word of caution, managing multiple microservices is very important. Otherwise after 5 to 6 microservices people loose track of which version is integrated to what.

jQuery data-table with features similar to excel

Recently in one of our projects, we were looking for a jQuery data-table with basic features similar to excel viz. -

• Navigate from cell to cell in a row using right arrow/tab 
• Enable cell edit key press after selecting the cell 
• Enable auto suggest based on the existing data in the column 
• Enable copy of cell and paste to another cell 
• Enable drop-down  to chose values rather than free text 
• Enable column freeze 
• Enable column wise filters

While researching for it, we found few useful components that provides these functionalities. 

1. Slickgrid jQuery plugin
2. Handson table
3. JQGrid

Hope this will help in any teams looking for data-tables with similar functionality.

Best practices for Enterprise level logging

Unless mandated by business requirements, all the log statements should be at minimum logging level. The idea is to reduce the logging overhead as much as possible. Sometimes the overhead is significant to impact application performance.

Use asynchronous logging wherever possible.

Use file rolling and archiving features of the logging framework instead of re-inventing the wheel.

It is a practice among developers to log method entry/exit for troubleshooting. This kind of logging should be done using AOP framework such as Spring AOP, and at debug/trace level. A better practice will be log at only those places where there is a significant processing/turning point.

Do not log any kind of sensitive information such as passwords, credit card numbers, national ids, Personal Identifiable information etc. which could lead to privacy and security issues.

Do not hard-code any credentials (e.g. database credentials when doing database based logging) etc. in logging configuration file.

Do not log huge payloads (such as SOAP request/response etc.) in production but log the important details going out and coming in.

Benchmark the log file growth as per production peak volumes and identify storage requirements (SAN/NAS).

Check regulatory/enterprise guidelines (if any) for the retention period of logs. Device the backup/archival/purge policy accordingly.

Suggest use of log analysis tools such as Splunk or ELK stack for monitoring, troubleshooting, quick searches, dashboards etc.

Secure the log files/sources from external access.

Design a new Framework or Use Existing Framework with a wrapper that can help you capture details better.

Make sure the exception or event is logged only at source. Most of the times, every component participating, in the process, logs the exception/event . This not only leads to unnecessary logging but also sometimes logs incorrect information for tracing the issue.

Have a unique event ID(within application & combination with an application id should make it unique across applications) for every Exception/Process/Event so the Support Group can triage, without much hassle.

Test SMTP server for DEV/Testing

Many times we face problem testing email settings/code in our development environment if we don't have a SMTP server in our development environment.

There is a easy solution for it.

Use dummy SMTP server - SMTP4DEV available in CodePlex at following location -

http://smtp4dev.codeplex.com/

Once it is launched, it sits in your system tray and listens on port no. 25 of your localhost (127.0.0.1) server. This helps in receiving and viewing messages and verifying their format/structure.

It however cannot be used for sending messages.

Detailed instructions for installing and using this nifty tool can be found at its CodePlex location.

MSDN Subscriptions is now Visual Studio Subscriptions

From Oct 4, 2016, MSDN subscriptions will be re-christened as Visual Studio subscriptions.

After 4 October 2016, you need to go to the new Visual Studio Subscriptions portal to access your subscription.

Please note that you will have no access to the current MSDN Subscriptions portal between 9:00 pm (PST) 3 October and 9:00 pm (PST) 4 October, while we complete the migration.

In case of any questions, check the FAQ or contact Visual Studio Customer Service

Tech Trivia

• The word 'Robot' comes from Czech word 'ROBOTA'. In English, it translates to 'forced labor'. 
• A Red Panda is an animal native to the Himalayas and Southwestern China. The English word for Red Panda is Firefox which is where the browser gets its name from. So the Firefox Logo is actually a Red Panda and not Fox as thought by many (including me!).
• Android is Andy Rubin who is the co-creator of Android. It was a nick-name given to him at Apple before he joined Google, for his obsession and love for robots.
• Creators of PNG file format wanted it to be pronounced as PING.
• Nothing can be compared to the human mind. If a computer is designed which is as powerful as the human brain, then it would be able to perform about 38 thousand trillion operations per second. Also, it will be able to hold about 3584 terabytes of memory.
• HP, Microsoft & Apple have one not so obvious thing in common - they all started in a garage.
• If you find a security bug in Facebook, they are willing to pay money ($500 and upwards) for you to tell them about it.
• 160 billion emails are sent daily, 97% of which are spam.
• Wikipedia uses an army of anti-vadal bots. These bots prevent vandalism of wiki pages. As per them, vandalism is anyone signing up and editing pages with an intent to destroy or alter content in a negative manner.
• Ubuntu is one of the most popular distribution channels of Linux. The word Ubuntu comes  from the African word meaning 'I am because of you'.
• The actual name of Android mascot is 'Bugdroid', though it is not official, the team at Google refer to it by this name.
• The first known cell phone virus, Cabir.A, appeared in 2004.

C# - Serialize Object to XML HttpResponseMessage

Sometimes we have an explicit requirement to serialize a C# object to XML HttpResponseMessage format.

This generic function can be used to achieve this conversion -

public static HttpResponseMessage CreateXmlResponse<T>(T objectToSerialize)

{

    return new HttpResponseMessage(HttpStatusCode.OK)

    {

        Content = new ObjectContent<T>(objectToSerialize,

                                        new System.Net.Http.Formatting.XmlMediaTypeFormatter

                                        {

                                            UseXmlSerializer = true

                                        })

    };

}

The function takes an object of type 'T' as input and serializes it using XMLMediaTypeFormatter XML serializer available in .NET namespace System.Net.Http.Formatting.

A sample function call be like this - 

var response = CreateXmlResponse<ObjectClass>(object);

C# - Convert JSON string to JSON HttpResponseMessage

Use following method/function to convert string having JSON data to JSON HttpResponseMessage -

public static HttpResponseMessage CreateJsonResponse(string json)

{

    return new HttpResponseMessage()

    {

        Content = new StringContent(json, System.Text.Encoding.UTF8, "application/json")

    };

}

Following code can be used to call this method/function

var response = CreateJsonResponse(jSonString);

Following code can be used to call this method/function

Convert time-stamp in UTC format to local date time

Some times it is required to convert a time-stamp in UTC format to your local system data time.

A UTC time-stamp format looks something like this - 2016-08-23T11:59:00Z

This time-stamp is in UTC zone and following C# code can be used to convert this into local date time. As an example, here I am converting it to 'Central Standard Time (CST)'. Depending on your time zone, you can pass a different value.

public static string GetLocalDateTime(string timeStamp)

{

    TimeZoneInfo cstZone = TimeZoneInfo.FindSystemTimeZoneById("Central Standard Time");

    DateTime cstTime = TimeZoneInfo.ConvertTimeFromUtc(Convert.ToDateTime(timeStamp), 

                                                       cstZone);

    return cstTime.ToString();

}

An example call will be - 

var localDateTime = GetLocalDateTime("2016-08-23T11:59:00Z");

Output will be -  8/23/2016 6:59:00 AM

Options for SMS solution

One of our clients had the following requirements around their SMS solution:-

1.       SMS Authentication
2.       SMS Sales (Ordering pay per view / adding balance)
3.       Alerts and notifications

They were currently using a messaging platform which was very specific to a particular country. To reduce the overall cost, they were looking at other solutions and wanted to make use of the open source solutions in this space to replace the their existing solution. They were interested in building a custom solution and paying to the network carrier for billing rather than using a 3rd party off the shelf solution.

We performed study and comparison of various open source and COTS SMS Gateways. Found this article useful in comparison -

http://socialcompare.com/en/comparison/sms-gateways-1odvv6xv

The final solution recommended was Kannel. It is one of the highly scalable and efficient open source SMS and WAP Gateway solution that majority of the Messaging Providers uses in their suite. It is based on C technology and supports connectivity to various SMS Centers. It also provides HTTP based API for integration with other business suites for sending and receiving messages.

Hope this helps someone who is looking for similar comparison and solution.

The Open Group Paris - Oct 24-27, 2016 - Early Bird Rate Ends Sept 16

The theme for The Open Group Paris event is e-Government. Attendees will benefit from the opportunity to learn from industry leaders, network with peers and explore content that is relevant to both themselves and their organizations.

Emphasis will be on how techniques (such as Enterprise Architecture and Business Design) and how standards (such as TOGAF® and ArchiMate®) are acting as a foundational core for enterprise transformation.

Topics include: Issues surrounding business transformation, EA in government, digital business and customer experience, IT4IT™ in Practice, professional development and cyber-security.

Early Bird Registration - Ends on Friday, September 16, 2016

Register Now

Webinar: The TOGAF® Framework and Accelerated Delivery

Date: September 9, 2016 - 3:00pm (BST), 10:00am (EDT), 7:00am (PDT)
Speaker: Alan Simmonds (Consultant, Good e-Learning)

This webinar will look into accelerated delivery (not just Agile!) and how we can start to integrate this thinking across the Enterprise Architecture development cycle. TOGAF®, an Open Group standard, is a large framework and what this provides is a number of techniques for us to use and adapt for the accelerated delivery approach.

We’ll look at what accelerated delivery means, whether it is relevant in the Enterprise Architecture world and how we can start to integrate some of this thinking into our own architecture work.

To register, click here

The Open Group Event @ Austin (July 18-21, 2016)

When it comes to Enterprise Architectures, what does it mean to be "open"? In the technology industry, often we hear about things such as "open standards" or "open source" but what does open mean in each context and why are those differences important?

This event will focus on how organizations can use openness as an advantage and how the use of both open standards and open source can help enterprises support their digital business strategies. Sessions will look at the opportunities, advantages, risks and challenges of openness within organizations.

Keynote sessions will include:

The Future of Business Architecture: Challenges and Opportunities (Jeff Scott - President - Business Innovation Partners)

ArchiMate® 3.0 A New Standard for Architecture (Iver Band - Enterprise Architect - Cambia Health Solutions, Mark Lankhorst - Managing Consultant and Service Line Manager - BIZZdesign)

Driving IT Strategic Planning at ExxonMobil with IT4ITTM (Rick Solis, IT Business Architect - ExxonMobil Global Services Co. )

For details regarding fees, agenda, other information and registration, please use following URL

SharePoint 2013 - Opening Search results in new tab/window

In SharePoint 2013, we can use Search Center site to show/display SharePoint search results.

Each search result has 3 parts -

• Heading (which acts as URL/link)
• Description
• Actual URL

We can click on the heading which is actually a hyperlink to go to the search result destination. By default, the search result is opened in same window if we click on hyperlink. If you would like to open the search result in a new window, then it can be achieved by customizing the search results display template. Here are the steps for same - 

• Go to Site Settings (You should have Site Collection Administrator permission).
• Go to section Web Designer Galleries.
• Click on Master pages and page layouts.
• A document library will open. Go to folder Display Templates --> Search
• Find following file in the folder - Item_CommonItem_Body.html
• Check-out the file and edit in any text editor.
• Find following line of text - 

var titleHtml = String.format('<a clicktype="{0}" id="{1}" href="{2}" class="ms-srch-item-link" title="{3}" onfocus="{4}" {5} {6}</a>',

Add target="_blank" between {5} and {6}. After modification, it will look like this

var titleHtml = String.format('<a clicktype="{0}" id="{1}" href="{2}" class="ms-srch-item-link" title="{3}" onfocus="{4}" {5} target="_blank">{6}</a>',

• Save the file and upload it back to same location from where it was downloaded.
• Check-in and Publish the file.
• Make sure to publish as a major version. In the past, we have faced problem in this template getting applied to other users without major version being published.

Perform a search on the search center site and click on any of the search results. The hyperlinks will now open in new tab/window.

Hope this helps !!!                                                                                

SQL Server Guidelines

Database Structure Guidelines

• Each table must have a primary key and a clustered Index. Clustered Index for any table is necessary and is created with the Primary Key (Only one can be created per table) . GUID fields should not be used for clustered indexes even if used as table’s Primary Key
• Multiple non-clustered indexes can be created for a table. Each index will be tagged to a column. Choose columns on which data will be filtered (example: create a non-clustered index for User ID column in the UserMaster table)
• Do not try to create too many non-clustered indexes. Avoid over indexing the tables. The non clustered indexed column should be updated less frequently. 
• Do not use TEXT as a data type; use the maximum allowed characters of VARCHAR instead  like varchar(50).
• Use the Database Engine Tuning Advisor to analyze your database and make index recommendations
• Any table that has a VARCHAR(MAX) column is a candidate for poor performance. Create a column of this type only if absolutely necessary . In case of selecting data from this table, avoid selecting the VARCHAR(MAX) column. If it is absolutely necessary, select this column separately on demand 
• Try to avoid duplicate values/attributes in the database. Normalize the database. Redundancy of same attributes causes data inconsistency issues hence is not recommended.

Coding Guidelines

• Write queries that insert or modify as many rows as possible in a single statement, instead of using multiple queries to update the same rows. By using only one statement, optimized index maintenance could be exploited.
• Cursors, Triggers should be avoided.
• Index Scan vs Index Seek: If we have a table with 1000 rows and we are querying all 1000 rows, then an index scan is performed, where every row of the table is parsed 

          Example: select * from UserMaster

        

          On the same table, if we are querying only 10 rows, then an index seek will be performed

 
          Example: select * from UserMaster where fkRoleId = 10 

         When any functions are used in the where clause, then an index scan is performed which results          in a very high cost for the query that may not be necessary

        Example: select * from UserMaster where LEFT(UserId) = 'pa'

       In the above example, we are using the “LEFT” function to ascertain the first two characters of           the query. However, since we are using a function on a column in the where clause, this                       function will be executed on every row of the table to check the condition – resulting in an                   Index Scan. Instead, we can re-write the query like this:

  select * from UserMaster where UserId like 'pa%'

• Do not call functions repeatedly within your stored procedures, triggers, functions and batches. While writing functions in the WHERE clause results in an Index scan and a very poor performance, functions used in the SELECT clause also affect the performance of a query at a smaller scale. Avoid Functions in SELECT clause wherever possible.
• Use Bulk Loads/Inserts for faster response times.
• Minimize the use of NULLs, as they often confuse front-end applications, unless the applications are coded intelligently to eliminate NULLs or convert the NULLs into some other form. 
• Use SET NOCOUNT ON at the beginning of stored procedures  to reduce network traffic.
• Off-load tasks, like string manipulations, concatenations, row numbering, case conversions, type conversions etc., to the front-end applications if these operations are going to consume more CPU cycles on the database server 
• Avoid the use of cross joins, if possible. 
• Avoid dynamic SQL statements as much as possible. 
• In a table, if a column’s type is varchar, then use single quotes for the value. If single quotes are not provided, then SQL Server does an implicit conversion, which results in a Index Scan

         Example – Column OrgID is VARCHAR(10) 

   SELECT * FROM UserMaster WHERE OrgId = 2 

        This will result in an index scan, because SQL Server will implicitly convert the value “2” to               varchar.

SELECT * FROM UserMaster WHERE OrgId = '2' 

       This will result in an index seek, since there is no implicit conversion required.

• Avoid wildcard characters at the beginning of a word while searching using the LIKE keyword
• Avoid searching using not equals operators (<> and NOT)
• Select * from [table]  should be avoided. Always query for only the required number of rows – querying for all rows and filtering in the Business Layer or UI is a bad practice.
• When using a table variable in joins, and when the table variable is inserted with large amount of rows, use the RECOMPILE statement, so that SQL Server Optimizer will consider the large amount of rows and use the correct join method. 
• Use temporary tables for filtering /manipulating or implementation of business logic.
• While using temp tables ensure that only filtered data from the actual table is inserted into the temp table not the entire dataset. 
• Table partitioning can also have performance benefits but it needs to be evaluated before proceeding.
• Use joins instead of sub queries as the former is faster. 

Agile Tutorial - Release Planning / Sprint 0

Release Planning or Sprint 0 is a key event in Agile process. Here the entire team participates to create a Release backlog from Product backlog along with a release plan/schedule. It is focused on only one release. A release cycle is generally of 3-4 months.

In release planning, Product backlog consisting of features/epics is further groomed by adding User stories. These are prioritized and estimated. Based on team capacity (also known as velocity), sprints are planned along with release (deployment) date.

Few key points -

• Release planning is the first meeting where entire core scrum team participates. This runs for 2-3 weeks.
• Product owner shares the Product vision and Roadmap which is the output of first two levels of planning meetings.
• Based on the Roadmap, Epics/Features for this release is the only focus.
• Depending on the state of the Backlog, two key activities happen - 
• Story breakdown
• Backlog grooming
• In these activities, epics/features are converted to user stories.
• One user story is one requirement which has a specific format and follows INVEST principle. It is small and detailed enough that it can be estimated.
• User story prioritization is done - 
• Using MoSCoW analysis
• By assigning business value
• By assigning requirement clarity
• By assigning technical clarity
• User story estimation is done using Planning Poker/ Wideband Delphi techniques. Estimation is done by developers and testers of team in Story Points.
• Parallel activities like High level architecture/design, prototyping is done. Team setup like desktops, software, licenses installation/procurement is done in parallel. If number of team members is high, then team division is also done.
• Team will now have a prioritized and estimated Release backlog.
• Using the Triple Constant Triangle technique, Release plan/schedule is prepared having following details - 
• Number of sprints and their dates.
• Release/Deployment dates.
• Planned velocity and their projections.

Agile Tutorial - What is Agile Planning?

Agile planning is the process of brainstorming with key or all stakeholders/members to define goals, identify activities to achieve the goals and planning/organizing the activities.

There are 5 different levels of planning in Scrum framework. Each has a associated Scrum Ceremony with specific objectives. Like any other ceremony, all these planning meetings are time-bound.

5 levels of Agile Planning -

• Product Vision
• Product Roadmap
• Release Planning
• Iteration Planning
• Daily Planning

Product Vision - 

This is a broadest level picture of the product, with a vision statement of the Product Owner along with different business users/stakeholders. This is done yearly as part of Vision workshops, where questions like what the product should be, how it should work, who it should benefit, how/when it will be achieved etc. Various assumptions and constraints are discussed too.

Keywords - What, Who, Why, When, Constraints, Assumptions

Product Roadmap - 

Roadmap serves as next building block assigned with the vision. These are done as Roadmap Workshops either bi-yearly or quarterly with high level pieces identified for the next 4 quarters. These pieces can be Business Features (also called Epic/Themes), and or Architectural components. These go into Product Backlog with initial estimates done using 'SML (Simple-Medium-Complex)' methodology. Planning of releases is also done along with their tentative dates.

Keywords - Release date, Theme/Feature set, Objective, Development Approach

Release Planning - 

This is also known as Sprint 0. Its focus is only on the current release. It involves creating Release Backlog. A release backlog consists of user stories from features/epics. These are prioritized using multiple iteration techniques. These are estimated using Story Point estimation technique. Release planning is done by involving the entire team and it generally has a time-line of 2-3 weeks. Sprint/Iterations and release dates are planned based on the estimates and team strength/capacity.

Keywords - Iteration, Team capacity, Stories, Priority, Size, Estimates, Completion definition

Sprint/Iteration Planning - 

This is the first activity that is taken up in every Sprint/Iteration. Focus is only on the current sprint. This is done by involving entire team for 2-4 hours. This activity involves picking up top stories from the Release Backlog and creating Sprint Backlog out of it. The Sprint Backlog consists of Tasks having estimates in Hours. Sprint Goal is also defined and Sprint Commitment is given by the team. 

Keywords - Stories, Tasks, Completion definition, Level of effort, Commitment. 

Daily stand-up - 

It is a 15 minute time-boxed/bound meeting between all team members. Each team member talks about what they have accomplished yesterday, what are the plans for today and impediments if any in achieving them. This ensures that team is on the same page and everyone in the team has a sense of purpose and meaning about the work to be accomplished on a daily basis.

Keywords - What I did yesterday?, What I will do today?, What is stopping/blocking me?

Agile Tutorial - What is Scrum framework?

Scrum is a time-boxed, iterative and incremental agile software development framework. It is the most commonly used Agile methodology in the software industry.

The Scrum approach to Agile software development marks a dramatic departure from waterfall model. Scrum emphasizes collaboration, functioning software, self-organized team, and the flexibility to adapt to emerging business realities.

It is inspired by empirical inspect and adapt feedback loops to cope with complexity and risk. It uses real-world progress to plan and schedule releases. Time is divided into short work cadences, known as Sprints or Iterations. These are typically two week long. At the end of each sprint, stakeholders and team members meet to see a potentially shippable product increment and plan its next steps. This allows direction to be adjusted based on completed work, and not on a plan or speculation or predictions.

Scrum is a simple set of roles, responsibilities and meetings that never change. It is a charter of 3 pillars, 3 roles and 3 artifacts.

3 pillars/foundations of Scrum -

• Transparency/Visibility
• Inspection
• Adaptation

3 roles in Scrum - 

• Development Team - Self-organizes to get the work done.
• Product Owner - Responsible for the business value of the project.
• Scrum Master - Ensures that the team is functional and productive and is following scrum.

3 artifacts in Scrum - 

• Product Backlog - Ordered and Prioritized list of ideas for the product.
• Sprint Backlog - Set of work from the Product Backlog that the team agrees to complete in a sprint. It is broken down into individual definable tasks.
• Product Increment - Required result of every sprint. This is an integrated version of the product kept at high enough quality to be shippable.

Scrum ceremonies - 

• Sprint Planning - Before the sprint, the team meets with the product owner to choose a set of work to deliver during the sprint.
• Daily Stand-Up - During the sprint, the team meets each day to share progress and impediments.
• Sprint Review - After the sprint, the team demonstrates what is has completed during the sprint.
• Sprint Retrospective - After the sprint, the team looks for ways to improve the product and the process.

Workflows in SharePoint 2013

Overview of workflows in SharePoint 2013

• SP 2013 workflows are powered by Windows Workflow Foundation 4.
• SP 2013 workflows run in Microsoft Azure.
• SP 2013 workflows are declarative only (XAML).
• SP 2013 workflows are designed to interact with cloud and work with SharePoint 2013 apps.
• SP 2013 workflows are hosted and run outside SharePoint environment.

Workflow Manager Client 1.0

• Provides the management of workflow definitions.
• Hosts the execution processes for workflow instances.
• New workflow execution host.
• In SharePoint 2010, workflow execution was hosted in SharePoint itself.
• In SharePoint 2013, workflow execution is moved outside SharePoint (in Workflow Manager Client).
• Workflow Manager Client 1.0 interacts with SharePoint 2013 via Workflow Manager Client 1.0 Service Application proxy.
• Server-to-server authentication is provided using OAuth.
• SharePoint events are routed to Workflow Manager Client 1.0 using Microsoft Azure Service bus.
• REST API is used by Workflow Manager to call back SharePoint.

What’s new in workflows for SharePoint 2013

1. Enhanced SharePoint Designer 2013 authoring support

• SharePoint Designer 2013 provides workflow authors with both a designer surface and a text based workflow authoring environment.
• It can import custom actions (created in Visual Studio 2012).
• Custom actions can be accessed from Workflow designer.
• Can be effectively used by both non-developers and developers.

2. Visual Studio 2012 workflow project type support

• Visual Studio 2012 introduces SharePoint workflow project types.
• It also provides workflow custom action-item type that lets developers create custom actions.

3. Completely redesigned workflow infrastructure

• SharePoint 2013 workflows are powered by Windows Workflow Foundation 4.
• Uses messaging functionality provided by WCF 4.
• Microsoft Azure is the new workflow execution host.
• Workflow execution engine is outside of SharePoint in Microsoft Azure.

4. Fully declarative, no-code authoring environment

• Workflows are fully declarative.
• They are no longer compiled into assemblies.
• No longer deployed to assembly cache.
• XAML files define workflows and frame their execution.

5. Tool support for SharePoint workflows

• Visual Studio 2012 provides templates and support for creating SharePoint 2013 workflows.
• SharePoint 2013 workflows can also be created using SharePoint 2013 Designer

6. New workflow actions 

• Many new workflow actions have been added in SharePoint 2013 workflows.
• New workflow actions enables workflows to integrate with Project 2013 by creating Project based workflows

SharePoint workflow interop

• Enables SharePoint 2010 workflows to be executed from within SharePoint 2013 workflows.
• SharePoint 2013 includes a SharePoint 2010 workflow host i.e. Windows Workflow Foundation 3 engine. 
• This is used for executing for SharePoint 2010 workflows.
• Helps in backward compatibility.

Workflow Authoring Components

1. SharePoint Designer 2013

• Create and deploy both SharePoint 2010 and 2013 workflows

2. Visual Studio 2012/2013

• Provides a designer surface for creating declarative workflows
• Create SharePoint apps and solutions that fully integrate with Workflow Manager Client 1.0 functionality.

SharePoint 2013 App Licensing

What are SharePoint 2013 app licenses

• An app license is a digital set of verifiable information stating usage rights of an app.
• Usage right means – 
• App is free or need to be purchased
• App is available on per-user or site basis
• App is a trial or full version
• App license can be verified by querying Office store.

SharePoint 2013 App license categories

License Type	Applies To	Duration	Users	Cost
Perpetual all user	All users of a SharePoint deployment, with no expiration	Perpetual	Unlimited	Free or paid
Perpetual multi user	Per user, with no expiration	Perpetual	N (per user)	Paid
Trial all user	All users of a SharePoint deployment. Can have a set expiration date.	15, 30, 60 days, or unlimited	Unlimited	Free
Trial multiuser	Per user. Can have a set expiration date.	15, 30, 60 days, or unlimited	N (per user)	Free

App license features

• App license applies to – 
• Specific app
• For a specific SharePoint deployment
• And Specified users
• Only site, tenant, or farm administrators can purchase app licenses, as only users with those roles have sufficient privileges to install an app in a site.
• For security reasons, app license tokens expire and must be renewed periodically.

App licensing framework

• Provides a way for app developers to customize app access and behavior based on license information.
• Does not enforce app licenses on its own.
• It just provides a structure which can be used by code in app to retrieve license information and act accordingly.
• Applies only to apps downloaded from Office store.
• Provide APIs to get license information.
• Provides web service to verify license validity with Office store.

App license acquisition process

• User acquires/downloads the app from Office Store or App catalog.
• Office store generates app license and license token.
• License token is downloaded to SharePoint deployment.
• User can manage the license token and assign license to one or more users based on license type.

App license verification process

• App license token gets downloaded to SharePoint installation during installation.
• When app is launched, app’s license checking code queries the SharePoint deployment for the license token.
• App verifies license token’s validity and retrieves license information by querying Office Store verification web service.
• Based on license validity & information, app code takes appropriate action.

App license verification – Best practices

• For security reasons, minimize access to code that performs app license check.
• For security reasons, Use server side code to query Office store verification web service.
• For performance reasons, check for license only when needed.
• For performance reasons, cache the license token (if possible) until it expires. 
• Ensure that production version of app does not accept test licenses.

AEA Webinar - Career as Disruptive Change Leader and Disruptive Change as an Opportunity

AEA is organizing webinar on following topic - "Career as Disruptive Change Leader and Disruptive Change as an Opportunity"

Description -

Executives that we come across often express two sentiments – Discontinuities in our market are presenting infinite opportunities for growth and prosperity but our organization lacks the necessary disruptive change leadership skills. We have lot of individual superstars, we need a super star team. How can we, the EA professionals, respond.

Learning goals -

• Nature of Disruptive Change
• Opportunities
• Organization Challenges
• Skills Gaps
• Plan to Close the Skills Gap
• Litmus test – are we making a difference?

Date:     Wednesday, April 20, 2016

Time:    17.00 GMT/ 12:00 EDT/ 10:00 CDT/ 9:00 PDT

Registration Link

SharePoint 2013 App Permission Management

What is App permission management?

• Managing the ability of apps to 
• Access and use internal SharePoint 2013 resources.
• Perform tasks on behalf of users.
• Determining minimum permission levels required for an app.
• Determining app authorization policy.

App permission requests

• Collection of permissions that enable apps to perform specific tasks.
• Following app permission request levels are supported – 

Permission Request	Description	Permissions included
1. Read-only	Enables apps to view pages, list items, and download documents.	·         View Items ·         Open Items ·         View Versions ·         Create Alerts ·         Use Self-Service Site Creation ·         View Pages
2. Write	Enables apps to view, add, update, and delete items in existing lists and document libraries.	Read-Only permissions, plus: ·         Add Items ·         Edit Items ·         Delete Items ·         Delete Versions ·         Browse Directories ·         Edit Personal User Information ·         Manage Personal Views ·         Add/Remove Personal Web Parts ·         Update Personal Web Parts
3. Manage	Enables apps to view, add, update, delete, approve, and customize items or pages within a web site.	Write permissions, plus: ·         Manage Lists ·         Add and Customize Pages ·         Apply Themes and Borders ·         Apply Style Sheets
4. Full control	Enables apps to have full control within the specified scope.	All permissions

App permission request scopes

• Indicates SharePoint 2013 hierarchy levels where permissions given to app are valid.
• Following permission request scopes are supported – 

Permission Request Scope	Description
SPSite	App permissions are valid at SharePoint site collection level and below.
SPWeb	App permissions are valid at SharePoint web site level and below.
SPList	App permissions are valid at SharePoint list level and below.
Tenancy	App permissions are valid at level of set of site collections that are configured and administered as a single unit.

App authorization policies

• Authorization policy is required to ensure that app functions correctly and complies with specified authorization requirements.
• Following authorization policies are available – 

App Authorization Policy	Description
User and App policy	Both logged-in user and app should have sufficient permissions for app to run
App-only policy	Only app is required to have sufficient permissions for app to run
User-only policy	Only logged-in user is required to have sufficient permission for app to run

Managing app permissions

Permissions for an app can be managed in following manners – 

• During app installation.
• By using explicit permission management where website administrator manages app rights.
• End user managing app permission.
• During app removal.

How app permissions works

• User signs in to SharePoint and is authenticated.
• User choses an app to install from Office store/App catalog.
• App requests for permissions during installation.
• User grants permissions to app to access SharePoint resources on user’s behalf.
• When app is launched, SharePoint 2013 provides a context token to the app based on permissions granted to app.
• With the help of context token, app accesses SharePoint resources on behalf of user.