Are you storing passwords in any of your applications? If you are, reconsider. Passwords are very sensitive, because people have so many accounts that they are forced to reuse passwords. Read about what (eventually) will happen: http://www.codinghorror.com/blog/archives/001263.html

In his last two posts Anko describes the Peer-to-Peer-replication in SQL Server 2005. It is a valueable tool in improving both the availability and scalability of the database tier. Because the other tiers of the application can be easily 'scaled out' using load balancing this directly affects the scalability and availability of the entire application.

What is scalability? Wikipedia defines it as "Scalability is a desirable property of a system, a network or a process, which indicates its ability to either handle growing amounts of work in a graceful manner, or to be readily enlarged". If your application supports 100 concurrent users, how difficult would it be to support 1000 users? A 'graceful manner' would be to add some extra hardware to the server. It would not be graceful if you had to re-build the entire application.

With the continuing growth of the power of hardware, it becomes increasingly rare that an application would require more than a single database-server to deal with the load. Adding more hardware is called 'Scale up': a more powerful server enables more transactions. Although in most cases a normal server would be sufficient, you could spend a bit more: for a mere 6 million dollars you get over a million tpmC. If the business case requires these numbers of transactions, the cost of the server will probably become less important.

The alternative is 'Scaling out': adding more servers to share the load. Peer-to-Peer-replication enables this kind of scenario. The requirement for consistency between the different nodes makes the scaling out of the database much more difficult than scaling out the web/application-server.

Suppose we have two nodes, A & B, with peer-to-peer replication enabled. In an ideal situation it shouldn't matter which node processes an incoming request. For reading relatively static data this works pretty well. The real challenges come with modifying data. If an insert is performed against node A, you can't succesfully perform an update to that record on node B before the insert from node A is replicated.

The are two ways of solving this problem:

• Perform modifications on all nodes before completing the transaction
• Divide the database into logical pieces. Modifications to customers with a name starting with A-M are performed on node A; modifications for names from N to Z are performed on node B.

The last solution is what the article on MSDN suggests. Another solution mentioned in the article is to have all modifications performed on one of the nodes. Read-only tasks could be performed against the other node. This comes pretty close to physically clustering the database, but would still require the application to be aware of the configuration of the database. The application should be able to cope with the situation where an record that's inserted in one node, is not being returned from the 'read-only'-node.

The use of Peer-to-Peer-replication is something that should be decided when developing the architecture of the entire solution. At that time it can be weighed against other options like dividing the application into different subsystems with their own databases and caching data on the web/application-server.

So there are multiple options to scale SQL Server to handle a large number of transactions. Spending enough time on architecture and adding more hardware should cover most requirements. Combined with scaling out it's hard to imagine a load that it would not be able to handle.

Next post we'll look at availabilty.

At http://www.groktalk.net/blog/ you'll find a few dozen groktalks. I have watched a few sofar. Because they're 10 minutes or less, it is easy to 'browse' the different subjects that are covered. These range from AJAX in ASP.NET 2.0 to recompling stored procs in SQL Server. I recommend looking the one by Jackie Goldstein on Winforms and databinding.

 

Just recently we've been looking into using one or more of the code blocks that are available from Patterns and Practices. Because of the work that was needed to integrate the different blocks, we decided to wait for the new release of the enterprise library. I just received an email from Pascal with the news that MSDN Patterns and practices just released the new/public version of the Enterprise Library; quite a bit sooner than we had expected.

This release should integrate the following blocks: “Caching Application Block, Configuration Application Block, Cryptography Application Block, Data Access Application Block, Exception Handling Application Block, Logging & Instrumentation Application Block, and Security Application Block“.

Download can be found here.

Rocky's comment on the article at enterprise-architect.net is spot on. The main tenent in SOA is that we can assume very little about the services we interact with.

The only thing that is shared between services is the contract. Making assumptions at build-time beyond this, are bound to limit the usability of that service later on. Trying to change an existing system so that it can cope with a distributed scenario, seems similar to adding other fundamental features like security.

When done as an afterthought, it will take dramatically more effort and it will also be more prone to inconsitencies in it's implementation.

Take a look at the possibilities of designing an UI with WinForms and Visual Studio 2005. Click here for the video. Developer productivity is cranked up another notch.

Now combine this with a SmartClient-scenario where the WinForm-app is started using a href/exe. What would be the reason of using a browser-based application anymore?

Clemens is a guest on the latest episode of .NET Rocks. There is a discussion (or should I say monologue?) on service-orientation and the mindshift that this entails.

The biggest challenge in getting this to work within an large organization, will not be of a technical nature. The current 'owners' of large applications would have to cooperate with the 'owners' of other applications or departments and share functionality. Getting people to get along is always harder than solving technical issues.

The ServerSide.NET is quoting a report on the number of developers that are using .NET vs. the number using J2EE. Although it is nice to see that so many are using .NET, this kind of headline is usually the start of a flame-war between the two groups of supporters.

More attention should be given to increasing the ease of interoperability between the two platforms. The easier this gets, the better the chances are that everybody is able to use the technology that they find to be the most productive. The amount of effort that is now being put into convincing people that the technology that they use is wrong, can then be used to create a better solution for the end-user.

This has led folks to marshal said DataSets over the wire using Web Services, which is against the spirit of Web Services

---

Short answer: the combination of DataSets and Webservices is just plain evil.

It will probably work sort-of okay on systems that are based on .NET; interoperability with other systems will probably be dubious at best.

A small comment based on Rocky's entry on combining SOA and OO:

The real challenge in getting SOA to actually span the boundaries that we weren't able to cross using OO and/or component technology: to get people to agree upon standards. The technical challenge to get different systems to communicate has (for the larger part) been met.

It will more difficult to agree on issues that are more related to the actual functionality that we are trying achieve with the technology. Think of things like agreeing on the definition of a customer or how to 'share' authentication. Most of these aren't even technical problems, so the technological background shouldn't matter in contributing to possible solutions.