Month: April 2013

Going Mobile – Technical Architect Series

Standard

Native_html5_hybridAre TAs expected to develop mobile apps?

No, they are not. However they are expected to understand pros, cons and risks associated with mobile platforms. TAs are expected to create mobile strategies while designing mobile solutions. Based on requirements, TAs are expected to zero-in on correct mobile strategy.

Why go Mobile?

Mobile apps are no longer an option, they’re a necessity now. People around the world are spending more time using mobile apps than browsing internet over their laptops or smartphones (can now be nicknamed “app phones” 🙂 )

Many enterprise companies have realized this and are now focusing on going mobile as well. And they are now willing to make their flagship products/services, available on mobile devices.

What’s inside Salesforce.com mobile SDK?

Salesforce’s Mobile SDK provides three Mobile Application Development options.

  • Native apps are specific to a given mobile platform (iOS or Android) using the development tools and language that the respective platform supports (e.g., Xcode and Objective-C with iOS, Eclipse and Java with Android). Native apps look and perform the best.
  • HTML5 apps use standard web technologies—typically HTML5, JavaScript and CSS. This write-once-run-anywhere approach to mobile development creates cross-platform mobile applications that work on multiple devices. While developers can create sophisticated apps with HTML5 and JavaScript alone, some vital limitations remain at the time of this writing, specifically session management, secure offline storage, and access to native device functionality (camera, calendar, geolocation, etc.)
  • Hybrid apps make it possible to embed HTML5 apps inside a thin native container, combining the best (and worst) elements of native and HTML5 apps.

Deciding factors

At times choosing the right option might get tricky. But if your requirements are clear and you are absolutely sure what you want? Then it becomes much easier to pick the right option. While working on your mobile strategy you will have to base your decisions on following factors (but not limited to)

  1. Platform (IOS or Android)
  2. Your development team’s skills.
    Could include HTML5, Javascript, CSS, Java, Eclipse, etc…
  3. Access to native components (like camera, calendar, etc.)
  4. Offline Data Storage capabilities.
    A must have feature when you want your users to be able to work even without internet access. And can synch  whenever internet access is available.

Here are some useful links:

http://wiki.developerforce.com/page/Mobile

http://wiki.developerforce.com/page/Webinar:_IntroMobileSDK

Hope that’s helpful.

Abstract class and Interface – Technical Architect Series

Standard

While designing any solution, we often spend good amount of time preparing coding standards, guidelines, best practices, etc… The idea behind such effort is to make sure that the chosen design is implemented with ease and quality work is delivered. Having a good design can have a profound influence on success of any implementation.

A good design needs to be robust and scalable. The code should be structured and reusable. There is no place for redundant code in a good design. Hence it is very important to understand different ways by which we can write less and reusable code.

By using Abstract classes and Interfaces developers can design robust and scalable solutions.

Are TAs expected to write classes and interfaces?
Yes in some cases and no in most cases 🙂 Even if you (as a TA) are not writing code, then you are expected to

  1. Have a clear understanding of how Abstract classes and Interfaces can be leveraged for a good design?
  2. Guide the development teams to a right design approach. If needed, teach them how to work with abstract classes and interfaces.

What is an Abstract Class?

An abstract class is just like any other class, having properties and methods. However it has following characteristic which makes it different from other classes.

  1. It can have executable methods and abstract methods.
  2. It can only subclass one abstract class.
  3. It cannot be instantiated.
  4. It can only be extended by other classes (called subclasses).
  5. Its abstract methods must be overridden by its subclasses.
  6. Its non-abstract methods cannot be overridden by its subclasses.

An example abstract class

public abstract class MasterDataHandler{
    //executable method
    public MasterDataService initMasterDataService(){
        MasterDataService objMasterDataService = new MasterDataService();
        /**
	your code goes here....
	**/
        return objMasterDataService;
    }

    //abstract method, which should be overridden by extending class.
    public abstract Boolean doSynch();
}

Examples of extending classes (sub classes)

public class AccountSynchHelper extends MasterDataHandler{
    public override boolean doSynch(){
        return true;
    }
}

public class ContactSynchHelper extends MasterDataHandler{
    public override boolean doSynch(){
        return true;
    }
}

What is an Interface?

An interface is like a class in which none of the methods have been implemented—the method signatures are there, but the body of each method is empty. To use an interface, another class must implement it by providing a body for all of the methods contained in the interface.  Interface has following attributes that makes it different from abstract classes.

  1. It has no implementation code.interface
  2. All its methods are abstract by default.
  3. A class can implement any number of interfaces.
  4. An interface can extend another interface.
  5. As with classes, when an interface extends another interface, all the methods and properties of the extended interface are available to the extending interface.

Please refer below links for more information

http://www.salesforce.com/us/developer/docs/apexcode/Content/apex_classes_defining.htm
http://www.salesforce.com/us/developer/docs/apexcode/Content/apex_classes_interfaces.htm
Hope that’s helpful.

SSL and TLS – Technical Architect Series

Standard

We talk about firewalls and proxies and their rules to secure access to your resources. But have you ever wondered, what is the underlying mechanism, to secure your traffic between requests (browser) and responses (server)? Well, the answer is Secure Sockets Layer (a.k.a SSL).

Are TAs expected to setup SSL/TLS?
Nope, they are not. However, TAs are expected to understand how SSL/TLS works. If you ever get stuck with issues related to certificates/security. You (as a TA) are expected to co-ordinate with client’s technical teams to tell them what needs to be done? to resolve the issues.

What is SSL?
TLS and its predecessor, SSL, are cryptographic protocols that provide communication security over the Internet.

SSL was developed by Netscape and if you google and check its history, you will be astonished to know that its first version  was never used and second version was hardly used and its third version (SSL3) enjoyed little adoption and usage.

And you will be equally amazed to know that actual SSL technology (developed by Netscape) is no longer used. It’s just the name that floats around but the fact is actual SSL technology is no more used. Instead a new technology has emerged and is widely used these days. It’s called Transport Layer Security (a.k.a TLS).

How do I secure my server resources with SSL?
Just install the server certificate on the server and make sure that your application applies that server certificate to itself, thats it. Your application resources will be secure. Once installed, SSL will allow HTTPS:// to function on server.

What is a certificate?
In simple words, a Certificate is block of information in a cryptographic manner, essentially telling the other computers that I am who I say I am. Certificates are used for either authenticated single sign-on with an external website, or when using your organization as an identity provider.

  • You only need to generate a Salesforce.com certificate if an external website needs verification that a request is coming from a Salesforce.com organization. (I.e. your Salesforce instance).
  • You can generate a self-signed certificate (signed by Salesforce) or a CA-signed certificate (must be sent to a CA[Certificate Authority] to sign)

What is a two way certificate or client certificate?
In some cases HTTPS:// is not sufficient. After the initial security handshake is done, the customer might expect salesforce.com to prove that it actually is salesforce.com when salesforce.com is calling a customer resource. A couple of examples of that are:

Salesforce sends client certificate as part of

  1. Outbound messages
  2. Delegated authentication callout.

Some important things to note are:

  1. In salesforce, custom client certificates can be created and used within the app.
  2. Salesforce does not expect your client applications to send client certificates to salesforce. But Salesforce does send a client certificate as part of every outbound callouts, outbound messages, etc.

How does it work?
One important ground rule is, both client and the server should support SSL/TLS for a secure communication to happen. If browser supports and server doesn’t, then the connection cannot be established and communication won’t happen.

Since protocols (HTTP, FTP, etc..) can operate either with or without TLS (or SSL), it is necessary for the client to indicate to the server whether it wants to set up a TLS connection or not. There are two main ways of achieving this; one option is to use a different port number for TLS connections (for example port 443 for HTTPS). The other is to use the regular port number and have the client request that the server switch the connection to TLS using a protocol specific mechanism (for example STARTTLS for mail and news protocols).

Once the client and server have decided to use TLS they negotiate a stateful connection by using a handshaking procedure. During this handshake, the client and server agree on various parameters used to establish the connection’s security. Here are some of the initial events that occur during a secure communication.

  1.  The client (browser) sends the server the client’s SSL version number, cipher settings, session-specific data, and other information that the server needs to communicate with the client using SSL.
  2. The server sends the client the server’s SSL version number, cipher settings, session-specific data, and other information that the client needs to communicate with the server over SSL. The server also sends its own certificate, and if the client is requesting a server resource that requires client authentication, the server requests the client’s certificate.
  3.  The client uses the information sent by the server to authenticate the server. If the server cannot be authenticated, the user is warned of the problem and informed that an encrypted and authenticated connection cannot be established. If the server can be successfully authenticated, the client proceeds to the next step.

Hope that’s helpful.

Firewalls and Proxies – Technical Architect Series

Standard

What is a Firewall?
In simple words, a firewall is something (software or hardware) which protects your resources from external world (internet).

Why Firewall?
Ask yourself these questions:
Do you leave your bank lockers unlocked?
Do you leave your car unlocked in the parking lot?
If your answer is in negative (unless you are adventurous) then, why would you want to expose your servers to the internet?
You would want to put some security to protect your server’s resources from public/internet. And at times you may want to restrict your employees from accessing certain websites. You can do that by using a Firewall.

How does a Firewall work?
Firewall works, based on pre-defined set of rules, typically done by Network Admins. These rules are instructions given to a Firewall. Based on these instructions Firewall will allow or deny access to resources.

Are TAs expected to setup a firewall?
Nope, they are not. 9 out of 10 times your customer’s Network Admins would already set this up for you. But as a TA, you are expected to understand how Firewall works. TAs are expected to co-ordinate with Network Admins to setup the Firewall rules to gain access to resources on the servers.

Why will a TA even bother about Firewall, if it’s already setup by customer’s network admins?
Well, many a times when you try to connect to an external client system from salesforce. You may hit client’s network firewall. The firewall may not allow a callout/request from Salesforce to reach client’s system. It’s because firewall doesn’t recognizes the request as a valid one. Hence you will have to instruct firewall to allow requests coming from salesforce. Meaning a new rule should be added to firewall’s rule set, where your client’s team may ask you to provide IP ranges of Salesforce’s data centers.

What is a Proxy?
In simple words, a proxy is like a middleman between two parties (systems). A proxy could be software application or a hardware device or a mix of both.

For example, if you are unable to access internet from your browser. You will go to internet options and try to check your network settings and see if your proxy setting is set properly. If you correct your proxy setting then your internet starts working. Which means if you typed google.com in the address bar and hit enter key, your request will first go to your proxy (its like you are asking your proxy to get you google.com), proxy will forward your request, get the response and send it back to your browser.

What is a Forward Proxy?
A forward proxy controls and monitors traffic from an application behind a firewall.

What is a Reverse Proxy?
A reverse proxy controls and monitors traffic from the internet that requires access to a server inside the customer’s firewall (a typical use case when working with Salesforce.com and external systems)

What are some of the Reverse Proxy use cases, from a salesforce.com implementation standpoint?
Your client might open up following services to salesforce.com via a Reverse Proxy.

  • Delegated Authentication Endpoint
  • Web services (REST or SOAP)
  • Outbound Message Endpoint
  • Email Relay

So whenever you try to hit any of the above services, your request will first land on the client’s Reverse Proxy server. And it is Reverse Proxy server’s responsibility to forward your request to appropriate services.

Here are some of the famous technologies used by enterprises. There are many more such technologies available in the market.

  • IBM DataPower
  • Layer 7 Secure Span Gateway
  • Apache Http Server – moc_proxy

What is a Proxy rule?
Proxy servers allow the admins to define a set of rules. These rules can include following (but not limited to)

  • Authentication
  • Control time of access
  • URL Filtering
    for example google.com may be allowed but bet365.com may be blocked.
  • etc….

Hope that’s helpful.

Watch out for more blog post on this TA series.