Reliable Systems

It’s very popular to consider the internal users of IT services as customers, acting like IT is an in-house service provider that the rest of the company purchases services from. The goal behind this is usually a reaction to a real or imagined belief that IT isn’t being responsive to the needs and budget of the rest of the company. The thinking goes that by having IT think of the rest of the company like an outside organization would of its customers, you can ensure better accountability and buy-in. Typically, organizations that go down this road also adopt a charge-back model where the IT organization charges back all or nearly all of its costs directly to the other divisions within the company that are consuming those services.

While there are several positive aspects that can come from this approach, there are several problems that can easily be created that stem from the problem that in most cases the rest of the company really isn’t a customer in the classical sense. Why? Because they lack a true buying choice. Furthermore, it generally isn’t in a company’s overall best interest for their divisions to really be customers of their own organization.

The original motivation for taking these approach is usually to address several issues:

• Division buy-in on costs and priorities: If they are directly paying the bill, they are going to pay for what they want and not ask you for things they aren’t willing to pay for.
• Clear status and communication: The project reporting and communication model is simpler for everyone to get their head around if it’s based on something we’ve very familiar with. Each player can figure out their part.

If you model the relationship between the IT organization and the rest of the company as a service provider – customer relationship, it’s easy to miss the transitive qualities of this: if they are your customer, you are their vendor. The word Vendor casts things in a different light: If you’re a sufficiently large organization you probably have a vendor management office whose sole job is to ensure you pay the least you can for things and fosters competition between vendors. Their job is largely to keep the company from getting too cozy with any one vendor. Are you ready to be just another vendor, like the one that bids annually to supply fresh coffee or office supplies?

Benefits

There are several good things that this model will tend to create.

• Defensible functional requirements: Unreasonable requirements tend to be expensive relative to their value, and the division is more ready to discard them.
• Role Clarity: The Vendor/Customer relationship is relatively easy to understand, and each party can generally determine their role quickly. When there are disputes, there’s a natural framework for resolution.

Challenge One: Buying Choice

It isn’t a long road from treating your internal divisions as customers until they look at you as a vendor. Once they consider you just another vendor (like the one they selected to provide fresh coffee to the office, or office supplies) they’ll want the advantages that come along with being a customer. For example, it’ll seem clear to them that it should be optional to use your services. This will feel very reasonable to upper management – it’s all part of the transitive nature of IT being accountable.  If IT can’t deliver a service at the best price, why not go to another provider?

This will likely start with something that will be difficult to argue against – such as a large software development project, perhaps in a language that your in-house talent isn’t familiar with.  Now, what about hosting for that product?  If you are charging back true costs for your data center to each division, you are unlikely competitively priced with what a division could get from Rackspace or Peer1.  It isn’t necessarily that those companies are more efficient than you are at doing the same thing (indeed, if they are then you should broker your own contract with them) but instead that it isn’t an apples-to-apples comparison.

Challenge Two: Implied Requirements

Whenever an internal IT organization takes on a project, there are a number of implied requirements that affect cost and schedule. Some of these requirements are from the IT organization itself (like technology choices) and others are from the corporation (role of internal staff and contractors, project management and reporting standards, etc.). When a division looks to bid out work to an external source, these requirements are usually unstated because in many cases they aren’t requirements the division has on the solution.

Another way to look at it is that any constraint on the solution that the customer (the division in this case) doesn’t have or care about is an implied requirement and likely a competitive disadvantage when comparing internal IT costs with external costs. In broad strokes, the difference in requirements is that a division’s requirements are almost entirely about outcomes, not methods: They care about the results their users get, not how they are achieved. IT organizations often focus their requirements on how results are achieved (using this technology, in that enterprise architecture, developed with our RUP-based approved process, tracked by our PMO) and they defer to the division the functional requirements.

Local Maxima and Minima

When each division or cost center is free to chose what services they are willing to pay for, they will converge over time on only those services that are good for them. Establishing shared services is generally challenging because each party will want to ensure that everyone is paying their fair share. This is often tricky to define – should it be proportioned by feature usage? Capacity?  This often creates a “first mover disadvantage” scenario where no part of the company wants to be the first to get a new service such as a database server or SharePoint Portal because they’ll be hit with the entire cost of it unless someone else comes along.

Secondarily, upgrading services gets challenging because no drop of rain believes it is responsible for the flood: If you want to upgrade to Exchange 2007 from Exchange 2003, one division can easily say that they don’t believe it’s necessary and thus decline the costs. If you need a larger server to house SharePoint, who is going to get the bill? A game of chicken often gets created where multiple parties all want a service, but no one wants to be the first to ask and risk subsidizing everyone else.

With each cost center pushing to only pay for those things it perceives sufficient direct value to take on, they are making decisions only based on what gives them the best cost or maximum value. This isn’t likely to align with providing the overall lowest costs for the company. For example, three separate departments could easily decide to implement their own direct attach storage for disk because none of them feels they can justify the cost of a SAN, however together it would be less expensive to construct and maintain a central SAN environment with SAN backup.

There are some straightforward exceptions to this problem where shared services are generally easy to get consensus on and cost out. Typically these are raw infrastructure services such as email or file storage where there are clear units of measure that allow for proportional billing (mailboxes and gigabytes used, for example).

An Alternative: Clients, not Customers

If the Customer/Vendor model isn’t the overall best approach for a company, what alternative model can provide the benefits without the unintended consequences? How about a term that’s between User (which has accumulated a substantially negative connotation) and Customer – Client. A quick trip to the dictionary shows that a client is any person or group that is the party for which professional services are rendered, which fits reasonably enough.

As your clients, they still are entitled to a great deal, just like customers would be. As the client of the project, they:

• Determine success & failure: Your project isn’t successful just because it follows the corporate processes or works on the corporate approved IT infrastructure; those are the constraints on how you solve problems that are immaterial to your client. Success is determined by whether you achieved the goals the client created. That may mean you need to do some extra communication to make sure your client knows that their goals were met, even if that’s not in the standard process.
• Decide if it’s worth the price: In the end, the problem may just not be worth solving.  Many things can be done but the cost in time and distraction exceeds the value.

Unlike a customer, since you’re part of the same organization you can share with the client your insight into the costs and risks of the project in a way that no vendor ever could.  In the end this creates the best partnership that delivers long lasting results.

A final note

If you don’t treat your users as clients, odds are very good they will eventually get themselves a buying choice. When they do, they won’t chose you. Don’t let it come to that, it isn’t ultimately in their interest, your interest, or your company’s interest.

If you’ve read more than one or two articles from Reliable Systems you probably have gotten the sense that we worry a lot about how to make things just work.   It’s that quality of anything where you get what you expect and what you need every time.  It can be in an experience (like a fun drive down a country road) or a product.  As a company if you can do this over and over you create a brand people develop a strong emotional connection to:  Apple, John Deere, Starbucks…

When you want to create a product that just works, you need to get all of the details right – from packaging through to maintenance and upkeep.  It’s not one thing that’s important, it’s all the things.  We are often engaged by senior management within a client when things aren’t working, and there’s conflicting opinions on why.  Usually along the path technology is being blamed: Not enough, not the latest thing, not someone’s favorite thing, not working.  As we dig into the situation, rarely is the technology the dominant factor:  More often, it’s how the technology is being integrated with the people and processes that all have to work together.

One of the first things we have to do in these engagements is to establish the real facts on the ground:  What exactly are the problems in the system, who’s doing what with it, how many times.  It comes down to establishing metrics to make sure time and attention are paid to the parts that make the biggest difference in the outcome.  Armed with these facts in a form the business can consume it’s possible to create plans of action that deliver virtually regardless of budget.

So let’s make this easier

The biggest trick is then getting the facts you need on an ongoing basis, easily, and in a form that the business can consume.  For over a decade we’ve been building instrumentation right into the systems we’ve worked on.  We’ve created a variety of toolkits to make this easier over the years, refining them as technology and our experience has changed.

About 18 months ago we decided it was time to really invest down this path.  We believe in routinely capturing key computer metrics along with whatever logging the application can do on its own.  We won’t do a project without using a great logging system that includes a strategy for managing runtime exceptions.   Now that we’re collecting all this data, we need to have a way of managing the raw data and turning it into valuable business data.

The challenge is that businesses don’t get up in the morning and say “what our customers want us to do is have great internal tools”, so you’re nearly always doing this on the cheap:  Borrowing time from development projects internally to cobble together various free or cheap solutions.  Frankly, we got tired of having to create new solutions with each client out of the margins of each project.  So, we pooled our best thinking from all of the work we’ve done (including a previous product that we did license to our clients over the past decade called CLAS) and started creating Gibraltar.

Rock Solid from Initial Release

With Gibraltar we wanted much more than a log system.  Of course, it had to be a log system too – and a really easy to use one that could work with each of our client applications.  More than that, it had to:

• Automatically capture all of the performance metrics we wanted.
• Integrate with existing logging available on the platform, including whatever a client might already be doing (like custom in-house options)
• Be absolutely, positively, for sure safe to run in production no matter what.   That means it can’t ever use too much disk space or disk throughput or block the application.
• Not use more than 5% of the performance of the app
• Include all of the tools necessary to get data from where it was collected to the people that could get value out of it
• Include the ability to look at the detailed session data up to high level analysis:  What’s the error rate?  What’s it correlate to?  Are we doing better or worse in this version?

From this initial sketch into everything we wanted, we’ve spent 18 months including four beta periods (from 2-4 months each) to refine the vision with real customers and real scenarios.  It was essential to us that this not be just a tool for techies but be ready for use by people with a wide range of skills.  It had to be pretty and just do what you wanted, when you wanted it to.

We’ve added a lot of capabilities along the way:  It can generate print-ready reports about application reliability that can communicate with senior management, you can define all kinds of custom metrics to easily track how your application is used and by whom.  We ran a number of betas to be sure that we had hit every goal we have above.  We’re happy to report that Gibraltar is in use within large deployments of custom applications, commercial applications, and small deployments right down to our corporate web site.

This tool isn’t for everyone – Our clients are nearly all Windows shops, and if they do any custom development it’s almost invariably in .NET, so that’s what we’ve targeted.   But, if you’re interested in easily getting real data on not just infrastructure (how well the application is running) but whether or not it just works, have we got an easy path for you.  You can see a quick demo video of how it works technically at Gibraltar Software.

You also don’t have to take my word for it at all, you can hear what one of our beta users did with it, which is really a more compelling story than what we might say.

I think you’ll find that our work sweating a lot of little details, from the exact design of the API and making sure the documentation was complete to rewriting our own licensing system to be very IT Admin friendly.  If we didn’t get a detail right, we want to know.  And the great news is that we’ve just begun:  We’re obsessed with the little things, and you can bet we’ll keep listening and watching to make it better.  Of course, this is made a lot easier because we’re using Gibraltar to monitor itself, and a select group of our users is sending that information back to us so we can make sure it just works in the field for real people.

It’s easy to start your journey

If you do development for Microsoft .NET, I’d encourage you to go over and download our commercial release of Gibraltar.  You’ll get great documentation, a free agent you can use like a flight recorder “black box” in every application you create, and a trial for a tool that will make you seem wise beyond your years.  And if you pay us the ultimate honor and purchase a permanent license, I can assure you that you won’t find anyone more committed to your satisfaction than we are.

It is very tempting to be one of the herd of gazelles in technology.  Every time there’s  a sense of a shift in the wind, everyone starts to run in a new direction.  For the past year I’ve been reading about how it’s all going to be laptop computers from here on out.  In fact, not even full fledged laptops, but netbooks – computers with small screens and small keyboard who’s main distinguishing characteristic is that they’re less of a computer than anything else around.

If all this sounds a little off kilter from reality, perhaps a few hard numbers would help:

Quoting Computer World, who asked “Do Business Desktop PCs have a future?”:

While desktop PCs account for the bulk of personal computers sold to enterprises, the gap in laptop sales to enterprises is closing. Of 168 million PCs sold worldwide to professional organizations in 2008, about 95 million were desktops and 73 million were laptops. That’s compared to 94.6 million desktops and 47.3 million laptops that shipped in 2006.

Now, as with any statistics there’s two ways to look at these numbers:

1. Laptops have grown tremendously in their total percentage of the market, and that growth rate has them on track to take over the world.
2. The majority of the growth in computer sales is coming in the form of laptops.

The gazelles are taking the first road.  And why not?  People love to assume the disruptive is true, it’s a lot more interesting.  Before you charge down that road, consider what seems likely.  There are a few problems with the first conclusion:

• Two data points don’t make a pattern: If you follow the trend back farther, the sales of PC desktops has held up consistently, but laptop sales go up and down.  This would seem to indicate that the most likely interpretations of the data are that either the overall market is expanding (for example by people having two systems) or that this is a momentary, periodic surge in laptop purchases.
• Past large growth rarely projects forward: Just because there was a large growth in one year (either in absolute or percentage turns) doesn’t mean it will repeat at all.  It’s just as likely that the next year pattern will be flat or even retreat.

So before you see the first twitch and assume it signals a migration of the whole herd, step back and think through the underlying facts.  Is this really the first sign of a monumental shift?  Or just another twitch of the needle?  Then look at your own situation.

Now, we have a few laptops, but we have more hard core desktops – the laptops are used for on the road presentations or working at Starbucks for fun.  Of course, we’re developers so we’re in the category of users that are always excluded from the norm.  But what’s not to love about a desktop?  For the same money they will always be faster and more capable than a laptop because they don’t have the burden of being small or extra power efficient.  Even if you buy into the idea that everything will be run through the web so computers are just glorified terminals…  Something still has to compose all of those web pages and make it all come together, and web apps can burn a surprising amount of processor and RAM locally.

In the end, I think we’re seeing a lot of folks buying second computers or getting additional laptops for other uses that complement their primary work computer experience.  Additionally, there are folks in emerging markets that need what laptops offer (self-contained, reliable power) more than performance but this reflects an increase in the overall market, not a shift in the existing market.

When I was growing up I spent a lot of time with my father doing woodworking.  One lesson you pick up pretty quick when woodworking is that you have to keep the work clean at each step.

• If you take a piece of wood and don’t sand the surface smooth it won’t take a stain evenly.
• If you let glue creep out of the joint and get on the wood, the stain won’t look right in that spot.
• A piece of dust on the surface will get magnified by each layer of varnish.

Each layer depends on what’s underneath it.  Any flaw in a lower layer will tend to get magnified and distorted by layers above it.

Whenever I get involved in enterprise architecture I get reminded of this analogy because I often run into irrational exuberance that you can add a layer to an existing system and paint over the flaws underneath.  I was involved in a few projects like that early in my career:  It was too hard to talk directly to the mainframe from the web server so you put a layer in front of that.  There was already a C++ layer doing a DCE RPC gateway, but that was also too hard to program against for large use so we added a COM interface to the DCE RPC gateway.  We made some prototypes and validated the concepts and charged in full bore, only to run into big delays and teething problems near the end of the project trying to get everything polished up and suitable for production.

The problem is that at each turn you may be making the developer’s short term life easier by giving them an interface more natural to their preferred programming environment but since it just builds on the layers underneath it will end up with all of the limitations they have – and they can show up in the most surprising places.  For example, we ran into problems where certain input would cause failures which we ultimately discovered was caused by % being used as an insertion marker in a gateway library several layers underneath what we were doing – so at best it would drop the % and the following character, but at worst you’d get back a random data element if you managed to create a valid insertion name.

Layering issues are particularly problematic because they tend to be data sensitive and highly situational depending on how the various layers interact.  This means that it’s very difficult to design a comprehensive test plan:  The system can act as if it’s nondeterministic, making it infeasible to state with certainty that the various modes of the software have been demonstrated by a test plan.  At best, you can say that it worked for the exact test inputs it was given.  When you do have a problem in production, the multiple technologies in multiple layers can make it particularly hard to debug because it requires a lot of chairs around the table to hit all of the possible players.

Are you decorating?  Or covering up the problem?

Whenever you’re part of a team proposing adding a new layer over an existing system to fix its problems or adapt it to a new situation, you should be suspicious.  Is this really the right path to make the API look right?  Or are you temporarily covering over a problem?  If it’s the latter, it’ll just show through later – and now you have two problems to deal with not one.

There are good occasions to add a new layer:

• To smooth technology upgrades: When you are shifting technologies, say from COM to .NET, you may want to create a custom layer as a new standardized interoperability adapter which will let you separate the upgrade problem into phases and handle them independently.
• To support multiple technologies: Sometimes you need to support multiple types of clients – varying either by environment (say Java and .NET) or major architecture (say Client/Server and Web sites).

And a few suspect ones:

• Mitigate architecture risk: To isolate a new subsystem architecture from the main codebase. We’ve heard this one before – you want to try out something new and iffy, like say Entity Framework.  To contain the risk, you want to introduce a layer between it and the rest of the platform so if it all goes bad you can easily swap it out.
• Impedance Mismatch: You need to interact with something, but just don’t like the way it works. Perhaps it throws around ADO.NET recordsets and you prefer to work with strongly typed objects.

If you find yourself in one of the suspect scenarios, you should seriously question whether the work you’d do to create and validate a layer is really forward progress or just yak shaving.  Before you go down the path, you should seriously estimate:

• Fixing the underlying problems: If the underlying layer(s) aren’t doing what you need, what would it take to get them changed (in the technology they’re currently in) so you could work without adding another layer? That puts the responsibility where it belongs, and keeps complexity under control. Do a full estimate of this approach.
• Make a parallel layer: If you ignore the powerful aversion to creating duplicate routes to the same data, what if you created an alternate path to the underlying information. It may be that you bypass all of the layers or just some of the layers (such as down to the stored procedures that call the database). While this creates duplication, it lets each platform work in their own optimal way and allows for deterministic testing.
• Using the existing layer as it is: It’s easy to overstate the impact of reusing a known system with issues. There’s a natural tendency to not realize that you’re comparing a well understood but flawed system with an unknown solution with unknown problems. Trading known problems for unknown problems makes everyone happy at the start of a project, but creates significant project risk downstream.

Put down the shovel and back away

When you create a new layer on top of existing layers you are often digging your project into trouble, both now and downstream.  In addition to problems with each layer creating a leaky abstraction, deploying and supporting these highly layered systems is extraordinarily challenging.  It becomes prohibitively expensive to make changes in lower layers because of the high chance of unexpected side effects showing up as defects in dependent applications.  More often than not, each layer has to be held static with any changes accommodated by creating new queries or items at each layer to be served in parallel with the older methods.

Before you go ahead, be sure you look at the total lifecycle cost of that decision, including support and maintenance.   Have a good or bad experience with putting up some software wallpaper?  Let us know in the comments!

Hi. My name is Kendall Miller, and I’ve been an Internet Explorer user for 12 years.

I know it’s very uncool to admit – IE is only available on Windows, isn’t the most standards compliant, it has a bad reputation for security and there aren’t 1000 cool addins for it. And oh yeah, it’s from Microsoft – aren’t they evil?

But here’s the thing: From day one, it was the practical choice. Not because it was distributed with Windows, but because it worked. Worked as in it was easy to keep upgraded (thank Windows Update for that) it could do anything we needed it to (and yes, that used ActiveX) and it supported integrated authentication – so users could just point their web browser at our company sites and not get any login prompts, just get access to all the resources they needed.

Not only that, but IE was really forgiving. The thing that many people miss is that at the end of the day it isn’t about being standards compliant per se, it’s about the web browser just working. Put another way, while you want to develop using something really strict, when it comes time to hand it over to your users do what I meant, not what I said is best. Frankly, I was amazed at how tolerant IE was of HTML errors. In the end, do you think that users would say Thank you for not doing what I meant because it would have meant breaking the rule that you can’t wrap a div with an href? Most users I know would just rather it displayed the page.

Is the pace of IE development slower than Firefox or other browsers? Well, yes – but again, so what: businesses really don’t like change, change costs money. Change means retesting applications, and for what? It has to give them something to justify that cost. It isn’t like IE won’t remain a viable tool for browsing the Internet for some time. Remember, these are the same companies that are still (justifiably) writing applications in VB6, an environment that its creator has been trying hard to kill for 8 years.

So it makes a lot of sense that when it came to IE 8, Microsoft focused on what IE users really wanted. It isn’t standards compliance for its own sake, it was:

1. Make it as fast as possible for how people browse the web today.
2. Fix as many of the quirks in standards interpretation as feasible that make it easy to develop good sites for IE.
3. Do what you can to make it hard to have a rash of new security problems.
4. Don’t break any site that works today.

If you want a good feel for just how hard this problem is, Joel Spolsky did a great (but long) writeup.

So I’m writing this in IE 8 – and it is just what Microsoft promised, it hits all of the points above and is certainly a solid improvement over IE 7. Microsoft made a great call in focusing not on Javascript performance but looking at the totality of what affects the apparent browsing performance for users and addressing that. It feels nice and fast, and I haven’t encountered anything that’s broken.

But it’s no longer my default browser. While I’ve been trying to love it, I just can’t get there. I switched over to Chrome when it went into release and haven’t looked back. On the surface of it, this is a bit crazy:

• Many sites don’t work quite right with Chrome. I’ve gotten halfway through a shopping cart with Chrome and had the buttons not work to go next. Things don’t align right… Virtually every web app we use at eSymmetrix had to be patched to work with Chrome. Even WordPress seems to work better with IE than Chrome in some ways.
• Google is getting evil. They’re doing things Microsoft never could get away with. For example, every Google thing installs its own Google Updater service. It doesn’t ask if it can, I can’t find any way to get rid of them through uninstall.. they’re just there. I have no idea if they’ve ever updated Chrome because they’ve never asked. You can be sure that if Microsoft this they’d be in court faster than you can say Slashdot.
• It’s not really stable. About every other day I get the admittedly cute Aw Snap! page where Chrome just isn’t quite happy.

But it doesn’t matter, I still dramatically prefer it to the other three browsers on my computer. Why?

• It’s fast.
• I love the automatic 9 recent site dashboard with preview. I love how it handles browsing history.
• The document inspector is great for web development, so I use it all the time when developing web pages and style sheets.
• It’s the future.

It’s the last point that’s really got my interest. It’s the future. Why? Because while it really doesn’t matter right now, the approach Chrome uses for Javascript is going to rewrite the face of the web.

That’s just Crazy Talk

Right now Chrome has around 1.5% of the total browser market share. That’s nothing – about what Opera and Netscape have put together, much less than Safari at 8%. On the other hand, IE 6 and IE 7 each have the market share of all the rest put together (more or less). So statistically, Chrome is completely irrelevant – and it’s had a lot of time to get to that point in market share. IE 8 cot to that point of market share pretty much as soon as it was released.

So what justifies it being the future? Because the V8 Javascript compiler is a game changer. Not on its own, it’s a piece of the puzzle. Four things have to come together:

1. Universal high bandwidth: Enough to move say 3mb in 5 seconds reliably.
2. A compiler that converts Javascript into machine code within 50% of the performance of compiled Java or .NET.
3. A standard Javascript library that can function as a GUI Toolkit on par with .NET WinForms or Cocoa.
4. A visual Integrated Development Environment (IDE) that can bring it all together with a good debugger for browser and server.

We already have the first one. It takes about 6 mbps throughput – cable modem speed – to move 3MB of data in 5 seconds. Chrome brings in the second one (and actually bests that by some margin). Now we need the third and fourth.

Up until now the third item has been held back by the general problem that Javascript was slow enough that the overhead of having a common API (full of things you didn’t need for any single situation) was infeasible. Writing something broadly reusable is about an order of magnitude harder than writing it to handle a specific scenario, and ends up doing a number of things you don’t need to do because someone might need it. That overhead isn’t acceptable with the historical performance of Javascript, but if it’s compiled down to native code then it becomes a small, inconsequential optimization.

So now that there’s an environment that can run it, we need a general UI toolkit and the IDE to develop with so we’re putting our time and attention into creating features for our users, not how to make a menu that dynamically expands and highlights. The IDE needs to provide an end user experience like developing for WinForms or WPF in Visual Studio – clean, easy, visual, without surprises.

Microsoft was right – today it isn’t about Javascript performance. But if we’re lucky, tomorrow will be – and we’ll be able to develop much better, stronger applications for the web without resorting to Flash, Silverlight, or very expensive development and testing cycles.