I think it's a noble effort on Microsoft's part, but if you've ever developed large applications you know that security cannot be an after thought. It's been my experience that unless you design security in from the very begining, it's almost impossible to make it truely secure. Security has to be part of the foundation not a layer higher level layer.
I know. For me, the sad part is that they will mod me down because they are afraid of looking in the mirror. We have an image of ourselves that is the complete opposite of what our elected officials are about to do. We believe that we are a just, peaceful, and fair country that everyone loves. And I do believe that each of us holds the idea that our government is "Of the people, for the people, and by the people". So I think the real problem for us right now is accepting the responsibility of what our government (and therefore each of us) is about to do. Invade another country, against the will of the international community, against established international law, and with little or no evidence.
I really fear that we, in the eyes of the international community, will loose all moral credibility.
Is it any wonder why the rest of the world sees us as arrogant? We just keep acting like our laws are the only ones that are important. At least we are consistent since we are doing the same thing to the UN Security council.
Every application has different performance requirements and every app server has different pros and cons. It's absolutely critical that you figure out what you need from the app server.
Figure out and document the "typical" type of application you will need to run on your app server, then design and document an application architecture for it. Once you have the architecture, create a prototype of the architecture that establishes a "thin thread" through the entire architecture. For example, JSP to Servlet to EJB to JDBC. This is really important because one app server may be super fast at parsing and displaying a JSP but horrible at authorization checking. Now that you have the prototype, the fun part starts.
Conduct scalability testing, load testing, stress testing, and fault tolerance testing on each app server you are considering. Use your prototype architecture for the tests. Collect all the numbers and graph them out. It's really important that you establish a baseline hardware configuration and maintain that baseline throughout the tests so that you compare apples to apples.
This process is time consuming but I believe it's a critical. You will learn boat loads about each of the app servers as you do this. You'll learn what it takes to set them up, configure an application for them, how to administer them, oh yeah and also how they perform for your architecture.
Offer to take away all the computers and bring back typewriters and lots (and I do mean lots) of file cabinets. If IT provides no value, then you should be able to sell this as the ultimate money saver. Maybe even get yourself an award for thinking "outside" the box.
Slashdot Mirror
I think it's a noble effort on Microsoft's part, but if you've ever developed large applications you know that security cannot be an after thought. It's been my experience that unless you design security in from the very begining, it's almost impossible to make it truely secure. Security has to be part of the foundation not a layer higher level layer.
I know. For me, the sad part is that they will mod me down because they are afraid of looking in the mirror. We have an image of ourselves that is the complete opposite of what our elected officials are about to do. We believe that we are a just, peaceful, and fair country that everyone loves. And I do believe that each of us holds the idea that our government is "Of the people, for the people, and by the people". So I think the real problem for us right now is accepting the responsibility of what our government (and therefore each of us) is about to do. Invade another country, against the will of the international community, against established international law, and with little or no evidence.
I really fear that we, in the eyes of the international community, will loose all moral credibility.
Is it any wonder why the rest of the world sees us as arrogant? We just keep acting like our laws are the only ones that are important. At least we are consistent since we are doing the same thing to the UN Security council.
Every application has different performance requirements and every app server has different pros and cons. It's absolutely critical that you figure out what you need from the app server.
Figure out and document the "typical" type of application you will need to run on your app server, then design and document an application architecture for it. Once you have the architecture, create a prototype of the architecture that establishes a "thin thread" through the entire architecture. For example, JSP to Servlet to EJB to JDBC. This is really important because one app server may be super fast at parsing and displaying a JSP but horrible at authorization checking. Now that you have the prototype, the fun part starts.
Conduct scalability testing, load testing, stress testing, and fault tolerance testing on each app server you are considering. Use your prototype architecture for the tests. Collect all the numbers and graph them out. It's really important that you establish a baseline hardware configuration and maintain that baseline throughout the tests so that you compare apples to apples.
This process is time consuming but I believe it's a critical. You will learn boat loads about each of the app servers as you do this. You'll learn what it takes to set them up, configure an application for them, how to administer them, oh yeah and also how they perform for your architecture.
Offer to take away all the computers and bring back typewriters and lots (and I do mean lots) of file cabinets. If IT provides no value, then you should be able to sell this as the ultimate money saver. Maybe even get yourself an award for thinking "outside" the box.