SSL/TLS Integration between Java and .NET

Through the years, I've done a lot of integration between Java and .NET platforms. Mostly things play well together, but every once and while an interoperability issue is raised that I haven't encountered before.

Recently, we had a service written in C# on the .NET 4.5 platform that exposed a custom length-based framing protocol over TCP. Essentially requests and responses are prefixed with length-bytes which indicate the subsequent message length, and the same is true for any variable-length fields within the message itself. We needed a Java 7 client library for this service, so I wrote one that exposed a contextual service API backed by a connection pool. The pool would eventually serve-up reusable secure connections with the SSL sessions being reused as well to reduce overhead.

I had built in support for SSL throughout, but had turned it off in my local configuration for most of the development testing. At this stage, all of our concurrency and throughput tests were passing. However, when we flipped the switch to turn on secure connections, any tests that reused a connection were failing. Breaking the problem down to the smallest reproducible scope, we could recreate the issue with 2 sequential requests.

1. Create secure socket to the service and complete handshake
2. Send request A to the service
3. Receive response to A from the service, OK
4. Reuse previous secure socket
5. Send request B to the service
6. Service never responds with a response
7. Timeout occurs

Out comes Wireshark on both sides to see what's going on...

Too Busy to Improve?

Adopting DevOps

There are many lessons learned (originally outside of software) in lean manufacturing and single-piece flow that profoundly improve an organization's ability to rapidly produce software products and services.

In some companies, the culture maintains a notion that the development group has its own delivery pipeline, separate from the IT operations pipeline. This approach is more of  a delivery conveyor belt anti-pattern. The software team is only ever committed to transporting product to the end of their conveyor. From there, it's off to a different belt and becomes another team's problem.

In contrast, a deployment pipeline delivering value directly to the customer implies a continuous and constant flow. At the very least, it starts with the source-commit (or sooner) and doesn't end until value is delivered to the customer. That pipeline is a common resource, owned and shared by all teams, to deliver products and services directly to the customer as a continuous stream of value. Just like water does not need hand-holding as it flows through a pipeline, the ideal road to production should be fully automated with sensors along the way ensuring quality is maintained.

Spring-integrated Hibernate 3 to Hibernate 4 Upgrade

I recently upgraded a large Java web application from Hibernate 3.6.6 to 4.3.5. Given the level of Spring and Hibernate integration in this application, I also upgraded Spring from 3.2.2 to 4.0.5 at the same time.

This was a relatively painless major upgrade. The application configuration changes were pretty straightforward and the code changes were minimal.

Here are the changes required for this particular upgrade:

Continuous Stream of Value

New customer acquisition, existing customer retention, and continuous improvement are three major pillars for any business. For software products, these needs tend to converge as work items for the software development team.  In fact, the number of items being added to the team's work backlog is directly proportional to the amount of time that passes. Business will always need more features and fixes, deployed in less time. These are constants we can and should rely on. We're engineers after all -- we like reliable. 

Since business value is only realized when work items are deployed to production, monitoring the performance of the software development team directly relates to the three major business pillars above. So how well is the team doing? Is the road to deployment a traffic jam or a high-speed freeway to production? Are releases large and high-risk, or small, frequent, and high-quality?

I've found that in a healthy team culture, using an agile methodology to deploy small, frequent, low-risk, high-quality releases, a natural team velocity is reached that more than meets the business need. As the team establishes a cadence, estimates improve and business teams are bolstered with a high level of confidence in the software delivery process. Much like software teams, they too find a natural cadence and velocity. 

As the teams engage this pull-based work management model, the business leadership is no longer pushing on the delivery process and can maintain focus on customer acquisition, retention, and continuous improvement. Sales teams and relationship managers are empowered with a healthy "can do" support structure behind them. With the teams working together in more positive and efficient ways, customers enjoy a continuous stream of value and the business as a whole is able to maximize growth. 

Application Feature Switches

Feature Switches provide Development and Operations with control of the behavior within an application. User interfaces are told what components to show or hide. Server-side business logic can transition to new services or strategies at the flip of a switch. If something is misbehaving, it can simply be turned off until a fix is put in place. 

Try as we might, we can't always fully anticipate user behavior in a production environment. Using feature switches to disable services can save headaches and time dealing with production support while the service goes back under development.

I've worked in environments where clients must be notified well in advance of any little user interface change, but in an agile team, it may be difficult to provide enough notice of exactly what screen changes will take place. In these environments, feature switches with auto-enable support come in very handy allowing the release notes to be delivered even as late as the install date. If for example the client-agreement requires 7 days notice, all features going out can be set to turn themselves on after 7 days.

Feature Switches can be expanded to support not only auto-enable, but also incremental roll-out (percentage of users), external system dependency management, API migrations, user interface design overhaul, etc. The possibilities are endless and having this control is a necessity in the foundation of every project.

Features, Quality, and Cycle Time

It's no secret that I'm a big fan of adaptive leadership principals and techniques. Here's a great talk by Jim Highsmith from last year on continuous delivery, metrics, and measurement.

Jim makes a great case for the importance of quality and the inherent flaws in trying to balance business outcomes against technical outcomes.