Wednesday, November 24, 2010

“Application Development Teams Must Find A Better Way To Develop Apps”

In his recent blog post, “Java Is A Dead-End For Enterprise App Development”, Mike Gualtieri, a Forrester Analyst, describes the reasons for which Java, though still firmly planted in enterprise IT shops for custom-developed applications, has served its purpose, and that now it is time for Java based development teams to move forward and that “Application development teams must find a better way to develop apps”.

Java’s success can be contributed essentially to two of its basic characteristics: Cross Platform and Open Source.

Though open source proved to be successful for commercial companies selling commodities such as Linux, MySQL, and JBoss, as Peter Yared writes in his guest blog post “The Failure of Commercial Open Source Software”, it failed to provide companies any significant advantage over proprietary software. “Commercial open source companies have the same cost structure as the enterprise software companies that preceded them” says Yared, and he further explains that “many open source companies exhibit at tradeshows, have salespeople, systems engineers, customer services departments, and on top of that employ the vast majority of developers that are working on their open source project.” and he adds “ the headache of maintaining a community and integrating random code patches is just as expensive as fixing reported bugs with your own people.”

However, with all its merits, Java was and still is a 3GL coding platform, which haven’t really resolved the coding complexities that many organizations wish to avoid. “Java development is too complex for business application development” says Gultieri. And he is absolutely right. Big, complex enterprise business applications become a coding nightmare when based on Java (or any other 3GL for that matter).

Gualtieri concludes his blog post by stating that “Development platforms are not the only items to consider. Cloud computing and mobile, to name a few, are other trends that must factor into your new strategy”. Indeed! Many companies are now at a significant cross-road, where turning their applications into cloud-enabled application becomes imperative and new, apt technologies and platforms are required. Companies realize that they need much more than a development platform, they need a cloud-enabled, mobile-enabled application platform that will enable them to make this dramatic shift with minimal risk, shortest time to market and with a significant, rapid and positive ROI.

Ttrend trains are moving faster than ever
uniPaaS is exactly what companies should be looking at right now. These are critical times, where trend trains are moving faster than ever, and companies need to get their act together and move fast. Decisions need to be taken now. Decisions should not be based on past glory, or fondness of past platforms. Brave decisions should be made for the near and far future. The chosen platform should be such that covers all angles: Cloud-ready, Mobile-ready, Super Productive, Super Flexible, an Completely Open to enable companies to rapidly ascend to the clouds in the shortest time possible without throwing away past investment in legacy applications, and while preserving the option to move between on-premise to off-premise deployment at any given time.

Cloud and Mobile are very disruptive trends, luckily uniPaaS is able to sooth such disruptions and overcome them with great success. As Gualtieri sums it up “You must transform to a Lean, Mean Change Machine”.

Click below to share this post:

Monday, November 15, 2010

RIA Security – From Blazing Livestock to Solid Platform

The web is still buzzing over Firesheep and the easiness of hacking that it demonstrates.

Firesheep serves as a good wake-up call for many end-users and application developers, reminding us, again, the great vulnerability of web applications.

In a short and concise explanation in his recent blog post, Jeff Atwood shows that except for properly packaged UI, intended for the novice hacker, Firesheep brings no actual technology news, and in fact it just surfaces part of the web vulnerability which hasn’t changed much in the past years.

A web session hijacked by FireSheep

Firesheep is one more example of how browser-based web applications can be easily hacked and intruded by malicious third-parties.
Firesheep is based mainly on packet sniffing done over unsecured wireless connections. But the same principles can be employed also on LANs.

Many organizations that choose to developer their in-house applications as RIA, sometimes overlook the fact that even though the application is not exposed to the outside world, malicious interventions are still a threat.

Organizations who are about to develop their new internet applications must consider the following:

To be (Browser based) or not to be (Browser based) – The browser open and standard nature suggests that web application developers who chose to go “browser based” (which is still the default choice for many) must go into many security considerations and preemptive design to circumvent the browser default vulnerabilities. Though for many “browser” is very much a synonym for “Internet”, more and more developers and IT Managers realize that an internet application does not necessarily need to be confined to a browser. Considering the security vulnerabilities of the browser and many other factors (Desktop UX, Client Side Interaction, etc) an independent RIA client would be a much more secured and suitable solution.

Sir Laurence Olivier as Hamlet

To Code or not to Code – Coding your own infrastructure means that one takes upon oneself a very big load of responsibility and work to cover all security issues. If you want your RIA fully secured, and enable your end-users to log-in your internet application, even over unsecured lines at the airport, you must cover all issues yourself.
On the other hand, a comprehensive RIA platform, dedicated for business applications, which covers all security issues for you and protects your applications from phising, impersonation, script injections, session hijacking and more, allows you to peacefully concentrate on the business requirement of your application, and spend little, if no time at all, in resolving all the security issues yourself.

Click below to share this post

Monday, November 1, 2010

The Corporate On-Premises Power Plant

Every second person that attempts to explain to a newbie what Cloud Computing is all about uses the analogy of Electricity as a utility we all consume as a service. This analogy emphasizes the economical benefits of utilizing electricity that is generated at a huge power plant: The costs are much cheaper by leveraging the economy of scale, usage fluctuations are easily addressed, you pay for what you use, etc.

Like many other analogies, also this one is limited. I very much agree with James Urquhart who
wrote in his blog post “In cloud computing, data is not electricity” that while I do not care which electrons are being served to my refrigerator by the power plant, I do care very much which data bits are served to my PC from the remote data center that I am using.

Some use other utility services as an analogy to Cloud computing. For example, office services, car leasing, or water supply.

Nevertheless, Electricity is still the best analogy, especially when it comes to businesses.

Software and Electricity are two services without them most enterprises cannot work. Being out of toilet paper, or without water for a few hours would not make much difference for most enterprises (putting aside the time wasted in complaints of frustrated employees) but business continuity is not affected. Once software or electricity goes down, business continuity is gone, and money is lost.

For this reason many organizations that cannot afford to have their business continuity disrupted invest in their own, small-size, on premise power plant - aka an Electric Generator.

On-Premises Power Plant

It is clear for many that in order to insure business continuity; enterprises must have an on-premise backup option to cope with unexpected power-failures.

In this respect the Electricity analogy still stands. When it comes to cloud computing and Software-as-a-Service, enterprises realizes that an on-premise option of their software and local replication of its data is a must-have requirement.

Cloud computing is far from being at the maturity stage of nation-wide electric grids. This is why a hybrid deployment capability (off-premise and on-premise) is imperative.

Click below to share this post