Author Archives: Alan Street

About Alan Street

I work at IBM.

Strategic Technology: Release Coordination (UrbanCode Release)

This entry is part 29 of 33 in the series Strategic Technologies

Software development teams following an agile process to incrementally develop, build, deploy and release enterprise applications quickly find that keeping track of all of the components and inter-dependencies becomes unmanageable.  Spreadsheets become laborious to maintain and do not track the process and keep a record of who did what.

Release Coordination solutions such as UrbanCode Release help control and track incremental releases of complex enterprise applications.

Strategic Technology: Application Deployment Automation (UrbanCode Deploy)

This entry is part 28 of 33 in the series Strategic Technologies

Continuous Integration and other modern code development practices seek to manage scale and complexity, and increase speed and quality, by introducing automation across the software development life cycle (SDLC).  This is especially true of areas that occur frequently and contain many repetitive steps such as the deployment and release processes.

Development teams tend to build and deploy the code for one or more components to a development test server frequently as part of an agile development process in order to find code integration problems early and make sure they have a clear understanding of the status of a project.  However, this can be a laborious and tedious process, screaming for automation.

Additionally, the complexity of releasing enterprise applications to production requires that the release process be well-tested beforehand, and increasingly development teams are finding that the best time to start this testing is during development and early testing efforts.  This requires that the development team use the same process and tools during development that the operations team will use in production.

Application Deployment Automation solutions, such as Urban Code Deploy, facilitate the process of deploying components to servers and releasing them into production.  Urban Code Deploy controls the process, versions deployment artifacts, keeps a record of who deployed what to where, and facilitates incremental deployments.

Mobile Adoption and Trust

Mobile adoption is important to the banks that I have been speaking with.  With the investment that goes into the deployment of a mobile banking or mobile payments solution, reputations are on the line.  The importance of trust in the entire value chain is amazing to me.

Ground zero for where trust affects everything is the trust that individual consumers have in mobile applications–especially with regard to security.

As I contemplate adoption, my own security concerns come to mind.  I use mobile banking when I am in the USA.  As I travel around the world I frequently decide not to access mobile banking because of my lack of confidence in the security of the system.  I wait until I can get my laptop connected, fire up my VPN, type in my one-time-password (OTP) — and only then access online banking.

It is not enough to make mobile systems trustworthy.  We need to be able to explain how they work to users in a way that inspires their confidence.  For me, this is a necessary prerequisite to adoption.

Deeply understanding the concept of trust is important to both of these objectives.  So that is what I am thinking and reading about nowadays.

What is PCI DSS Compliance?

This entry is part 31 of 31 in the series Defining words

The PCI Security Standards Council provides the PCI Data Security Standard (PCI DSS).   Certain organizations including financial services providers need to be compliant with this standard as evidence that they protect payment card holder data (CHD).

The first step to applying the standard is to determine the portion of the IT environment where the standard is applicable (scope).  The PCI/DSS scope is called the Cardholder Data Environment (CDE) and includes “people, processes and technologies that store, process, or transmit cardholder data or sensitive authentication data.”  Network segmentation is the recommended means to reduce the scope as much as possible.

pcisecuritystandards.org breaks the standard down into 6 categories and 12 requirements:

  • Build and Maintain a Secure Network and Systems
    • Requirement 1. Install and maintain a firewall configuration to protect cardholder data
      • Segment the network to reduce exposure and scope of PCI assessments using firewalls and routers.  Separate the internet, DMZ, wireless networks, and internal networks from zones containing CHD.
      • Install personal firewalls on PCs and mobile devices.
      • Control the network and user devices to verify configurations are within policy.
    • Requirement 2. Do not use vendor-supplied defaults for system passwords and other security parameters
  • Protect Cardholder Data
    • Requirement 3. Protect stored cardholder data
    • Requirement 4. Encrypt transmission of cardholder data across open, public networks
  • Maintain a Vulnerability Management Program
    • Requirement 5. Protect all systems against malware and regularly update anti-virus software or programs
    • Requirement 6. Develop and maintain secure systems and applications
  • Implement Strong Access Control Measures
    • Requirement 7. Restrict access to cardholder data by business need to know
    • Requirement 8. Identify and authenticate access to system components
    • Requirement 9. Restrict physical access to cardholder data
  • Regularly Monitor and Test Networks
    • Requirement 10. Track and monitor all access to network resources and cardholder data
    • Requirement 11. Regularly test security systems and processes
  • Maintain an Information Security Policy
    • Requirement 12. Maintain a policy that addresses information security for all personnel.

My Travels

—– UK Travels
27 Jul 2014    10 Aug 2014    Business S
29 Jan 2008    31 Jan 2014    Business 9
19 Feb 2008    25 Feb 2008    Business 9
25 Aug 2009    27 Aug 2009    Business F

—– Other Travels (Date/Country/Reason/PpPage) —–
28 Apr 2008    SINGAPORE    Business 8
06 Mar 2008    BELGIUM        Business 8
23 Apr 2008    MALAYSIA    Business 8
15 Apr 2010    BRAZIL        Business 9
14 May 2008    TAIWAN        Business 10
24 May 2008    SINGAPORE    Business 10
31 May 2008    TAIWAN        Business 10
28 Apr 2008    SOUTH KOREA    Business 11
10 Sep 2007    AUSTRALIA    Business 12
22 May 2008    MALAYSIA    Business 12
26 Feb 2008    IRELAND        Business 13
26 Apr 2009    TURKEY        Business 14
16 May 2008    CHINA        Business 14
26 May 2008    MALAYSIA    Business 16
07 Jul 2008    BELGIUM        Business 16
09 Sep 2008    BELGIUM        Business 17
27 Jul 2008    SINGAPORE    Business 17
13 Sep 2008    SPAIN        Business 18
02 Mar 2009    MALAYSIA    Business 18
21 Feb 2009    SINGAPORE    Business 18
03 Mar 2009    SINGAPORE    Business 19
08 Mar 2009    SINGAPORE    Business 19
04 Mar 2009    INDONESIA    Business 19
10 Jun 2009    SINGAPORE    Business 21
07 Jun 2009    PHILIPPINES    Business 21
15 Jun 2009    MALAYSIA    Business 21
28 Oct 2009    FRANCE        Transit  A
14 Nov 2009    SINGAPORE    Business C
24 Oct 2010    FRANCE        Transit  C
17 Jun 2009    INDONESIA    Business C
12 Jan 2010    SINGAPORE    Business C
20 Jun 2009    CHINA        Business D
31 May 2010    CHINA        Business D
12 Jun 2010    CHINA        Business D
08 Nov 2009    NEW ZEALAND    Business F
29 Jul 2009    FRANCE        Business F
22 Sep 2010    SPAIN        Business G
17 Jun 2010    BRAZIL        Business G
17 Jul 2010    JAPAN        Business G
21 Oct 2010    SINGAPORE    Business H
03 Oct 2009    CANADA        Business H
18 Jul 2010    INDONESIA    Business H
06 Sep 2011    MALAYSIA    Business C
27 Nov 2011    MALAYSIA    Business C
26 Jan 2012    SINGAPORE    Business C
28 Jan 2012     MALAYSIA    Business F
19 May 2012     MALAYSIA    Business F
18 Feb 2013    MALAYSIA    Business F*
21 Dec 2012    KUWAIT        TRANSIT     F
29 Jun 2012    SINGAPORE    Business F
22 Jul 2012     INDONESIA    Business G
01 Jul 2012    MALAYSIA    Business G
25 Jul 2012    MALAYSIA    Business H
03 Jan 2013    MALAYSIA    Business H
17 Jan 2013    HONG KONG    Business J
24 Jan 2013    MALAYSIA    Business J*
01 Feb 2013    MALAYSIA    Business J*
31 Jan 2013    INDONESIA    Business K*
17 Feb 2013    INDONESIA    Business K*
08 Mar 2013    THAILAND    TOURISM  L*
11 Mar 2013    MALAYSIA    BUSINESS L*
11 May 2013    THAILAND    BUSINESS L*
16 May 2013    MALAYSIA    BUSINESS M*
28 May 2013    MALAYSIA    BUSINESS M*
10 Jan 2014    MALAYSIA    BUSINESS M*
27 May 2013    INDONESIA    TOURISM  N*
05 Mar 2014    MALAYSIA    BUSINESS Q*
07 May 2014    SINGAPORE    BUSINESS Q*
04 Mar 2014    INDONESIA    BUSINESS R*
07 May 2014    MALAYSIA    BUSINESS R*
25 May 2014    MALAYSIA    BUSINESS S*
24 May 2014    SINGAPORE    BUSINESS S*
10 Jul 2014    MALAYSIA    BUSINESS V*
21 Aug 2011    BRAZIL        BUSINESS W
02 Nov 2010    MALAYSIA    Business K
29 Sep 2009    AUSTRIA/SLOVAKIA Business L
17 Jan 2010    CANADA        Business L
09 Jun 2010    MACAU        Business M
09 Jun 2010    HONG KONG    Transit  M
18 Mar 2010    BRAZIL        Business N
11 Jun 2010    HONG KONG    Transit     N
18 Aug 2010    BRAZIL        Business P
12 Nov 2010    BRAZIL        Business Q
30 Mar 2011    BRAZIL        Business Q
20 Jan 2011    BRAZIL        Business R
11 Aug 2014    BRAZIL        VISIT    S*
02 Feb 2011    MOROCCO        Business X
06 Apr 2011    PERU        Business X
14 Aug 2011    CZECH REPUBLIC    Business 23

Category: Me

IT Capability: User Centered Design

This entry is part 10 of 10 in the series Strategic IT Capabilities

The IT group is usually tasked with designing new applications.  I am not sure I advocate that but that is what I have seen in practice at banks.  Therefore, I categorize User Centered Design as an IT Capability.

The following diagram lifted from Modern Web Development with IBM WebSphere gives a feel for what User Centered Design involves:

dev process - 01fig07

What I will say about User Centered Design is that it should not be the first step.  You must have some process that answers the question: “User Centered Design of what?”.  You need innovation processes operating at both the strategy and organization design levels.

Strategic Technology: JavaScript, Frameworks and Libraries

This entry is part 27 of 33 in the series Strategic Technologies

I feel a little crazy listing JavaScript as a strategic technology — Even more crazy enumerating the related frameworks and libraries, which seem to replace each other far too frequently to be considered “strategic”.  But I want to make the point that how you build Web applications (including mobile Web and hybrid apps) can have a material impact on the competitive advantage of even the largest banks, and that makes it a strategic topic.

Never has any programming language been adopted as widely as JavaScript.  The power and flexibility of the language as well as the extensive support by open source frameworks and libraries makes it very likely that JavaScript will continue to be the basis for most of the Web applications of the coming years.

Generally, I consider a library to be any set of related functions packaged up to be included in an application.  Some libraries are built by the app developer and some are external.

I consider two types of frameworks:

  • A set of libraries that work together in a tightly integrated way
  • A library that acts as a main function such that building an app means mostly filling in the blanks (overriding object methods in a prescribed way).

Two of the most important JavaScript libraries, in my view, are Dojo and jQuery.  These foundational frameworks build on Ajax to build Web 2.0 user interfaces.  A key early decision point for an enterprise architecture team would be which one of these two frameworks (or more likely a deft mix of the two) to get behind.

Note: The classic Web application architecture, where you build Web pages and “screen flows” on the server side with frameworks like Struts, JavaServer Pages (JSP) or JavaServer Faces (JSF) is nearing end-of-life (i.e. not strategic).  This architecture has been replaced by the Web 2.0 rich internet application (RIA), where apps use only a single page or a few pages to provide a page-oriented user interface (POUI).  The pages are built and updated by client-side JavaScript or similar client-side scripting language or mechanism.  Besides being more functional and attractive, RIA’s are more scalable because they move most of the user interface (UI) processing and information that the app stores about the state of the UI to the client, freeing the server memory and CPU to handle more clients.  For more on this please see Modern Web Development with IBM WebSphere.

 RIAs are generally divided into client side and server side components which communicate with each other via an application programming interface (API).   The trend is for this API to be made up of REST interfaces which transmit data in JSON format.  Invoking API interfaces and handling the results within the client is the core function of Ajax.

Client-Side Architecture

On the client side (again from Modern Web Development with IBM WebSphere):

RIA client side architecture 05fig10

JavaScript-based client architectures are standard for Web RIAs, mobile Web RIAs, and hybrid mobile apps.  There are a number of proven architecture stacks for doing this.  Two of the most popular are jQuery-Toolkit-based and Dojo-Toolkit-based.

Mobile Client Side Architecture based on the jQuery Toolkit

A configuration of JavaScript frameworks being used in mobile Web and hybrid apps (especially in conjunction with IBM Worklight) are:

  • Cordova (access to native mobile capabilities)
  • jQuery (General JavaScript library, especially for the DOM)
  • jQuery Mobile (navigation, page management, responsive grid)
  • Backbone (MVC, controller)
  • Underscore (Requires dependency library for Backbone)
  • Handlebars (templates for creating views)
  • JQM Themeroller (styles)
  • RequiresJS (class dependencies)
  • Twitter Bootstrap (responsive grid)
  • LESS/SASS (styles).

 

 

Anatomy of a BlueMix App

This entry is part 2 of 2 in the series Start here

When you start out to create a cloud-based app it helps to understand the environment that it will run including the components that are external to it as well as the framework and runtime components that are integral to it.

An app runs both on the device (client) and in the cloud (server) and invokes services on both platforms.

ReadyAppsVHLA

Much of the logic that you build into an app is in the form of JavaScript.  On the server this might be application logic in the form of JavaScript running in the node.js runtime.

On the client side the JavaScript might be Dynamic HTML client-side scripting running in a browser or a mobile app.

JavaScript developers typically use standardized JavaScript code written by other developers in the form of libraries such as jQuery (on the client).

If I had time on my hands…

This entry is part 1 of 2 in the series Start here

I dream of having time on my hands.  Ah, what would I do to occupy myself if I was a high-school kid dreaming to get a start in software development?

Knowing what I know now about how complicated developing software can get, I would try to do something very simple.  In fact, I would want to make it as simple as possible.

First, I would avoid one of the least productive and most complicated parts of software development — setting up my development and test environments.   I would look at developing in the cloud using a Platform as a Service (PaaS) such as IBM’s Bluemix.

Secondly, I would do it for free as much as possible.  In luck…IBM provides a free DevOps and PaaS services!

Sign up for free IBM DevOps Services and free trial for Bluemix.

Create a DevOps project.  I created a Git repository (https://hub.jazz.net/git/alanstreet/)

Copy the sample project as described here, fork it, and build & deploy it as instructed.  Run a test!