« Overgrown Lotus Notes Infrastructures | Main| Lotus Notes Strikes Back »

Composite Applications Considered Harmful...


Bookmark : del.icio.us  Technorati  Digg This  Add To Furl  Add To YahooMyWeb  Add To Reddit  Add To NewsVine 

...for governance that is. Don’t get me wrong, I really like the idea behind composite apps. However, after playing around with the new ND8 feature “Composite Applications” a bit over the last few days, I have come to a disappointing conclusion: I can’t recommend them for any use that would require strict controls.

Maybe it’s just me, but there are two glaring holes in the way they have been implemented. First, when you are using the Composite Application Editor (CAE) you are actually editing a live application. Every time you make a change the app gets saved meaning anyone who is accessing the application at the same time will instantly start using your change. This particular point has been mentioned on the Notes 8 forums over at LDD so I know I’m not the only one who sees this as a problem. Good news is that apparently IBM realizes this is a problem also and has given it a high priority for the next release.

The second problem is that I can’t see any way to test composite apps in a compliant manner. When you create a composite application you have to test two major aspects: the components and the wiring. If these are Notes apps, in order to get them to react when one of the other applications changes states, both applications have to interface with the Notes Property Broker. Since this is a new functionality, you have to modify the applications to add this capability. You can’t just modify apps without documenting those changes and testing them (especially given the newness of these features), so this has to happen in a development environment. (more)

Once the property handlers have been implemented you have to place the components into a composite app and configure the wiring (wiring is how all those new properties get triggered). Composite apps are stored as a single XML file within the NSF. The problem with all this is the same as with embedded views: the actual links to the components inside the composite app are hard coded in with servers and replica ids! Given that we are setting this all up in my development environment, as soon as I move the app to test, everything breaks! To fix it, I have to manually edit the XML file that defines the composite app and change the server names and replica ids of the components. Server names change, obviously, because now I’m on my test server, but since I was doing all my development in templates and test dbs in development, the replica ids also have to change so they point to my test versions of those applications. Then do the same thing when I move the app again into production. This simple problem is why I believe that you cannot use composite apps in any sort of compliant application. There is no way that an auditor would allow the manual editing of a live application. Not to mention the shear hassle it would be to actually do it.

Maybe the problem is just in documentation. The docs for deploying a composite application is pretty light, so maybe there is a trick I’m missing…..Anyone from IBM out there want to comment on how these were supposed to be developed, tested and deployed?

Anyway, let me be clear, I think the direction IBM is taking Notes is really exciting, but before anyone starts seriously considering implementing some of these new features in a production application, I think you should fully understand the implications of the way Composite Applications are currently implemented. I’m confident, however, that IBM has plans to address these over the next few releases because the promise of composite apps is too good to ignore!

Posted by Craig Schumann On 10/23/2007 | Digg This |

Comments

Gravatar Image1 - Well, the difference between hand editing an XML file and doing File->Application->Copy is just one of tools. I'm not quite sure why that would stop compliance. Both would enact the same process.
I wrote a tool to do it which might make its way onto DevWorks someday. It wasn't hard. I imagine someone on product developing is doing something similar for a future release.
Certainly the current setup is cumbersome. There is certainly room for improvement. But I wouldn't necessarily see it as a show stopper.

Posted by Jo Grant At 01:26:41 PM On 10/23/2007 | - Website - |


Gravatar Image2 - With all due respect, I think there is a *huge* difference between making a new copy of a database and hand editing an XML file - especially one that is stored in the application itself. The biggest problem is the question of what have I tested if someone then goes and modifies the thing I just signed off on? There should be no modification of the application once it leaves development. Modifying the application invalidates all the test results. There are just too many chances to introduce new bugs, or worse. This is the very thing that compliance audits are looking for.

Posted by Craig Schumann At 01:42:56 PM On 10/23/2007 | - Website - |


Gravatar Image3 - Craig, You're such a shoot-from-the-hip hack! LOL ...not at ALL, really.

Dang, this is a thought-provoking post. I've been experimenting a *little* with Comp Apps, but have really only been playing ...getting things to work, seeing what's in there. I've been nowhere NEAR this level of really thinking about what's going on at a deeper level and how this affects a disciplined SDLC.

I truly believe that Composite Apps are a *huge* reason why organizations need to be digging into the new features available with Notes 8. But it's also seemed - even at my neophyte level - that this is an early implementation. I absolutely expect that the CAE will see a fair bit of refinement. And after reading your post and starting to think about deployment in an environment where developers are rightly firewalled from the production environment ...I am convinced that the deployment process will have to be enhanced - or well-documented if there IS a way to deploy without a developer needing to manipulate the production systems.

Many thanks for sharing!
Emoticon

Posted by Joe Litton At 03:38:01 PM On 10/23/2007 | - Website - |


Gravatar Image4 - I have the same concerns about Composite Apps and other "Web 2.0" mashup techniques, and I've been trying to figure out hoe these techniques will ever be accepted in an enterprise.

The only idea I came up with was to (as an IT organization) certify the individual components, NOT the mashups. Treat them like you would treat a personal page on a portal. But that limits the ways that portlets or components can interact. If they are all read-only, in effect, it's fine. But if one component updates another over a wire, that's an app that has to be testable and auditable. And at this point, CAs are neither. In their defense, that's the same critique I give about all mashup engines.

Posted by Rob McDonagh At 04:10:01 PM On 10/23/2007 | - Website - |


Gravatar Image5 - Rob, I totally agree. For me, this is where the composite app thing falls down. More and more often developers are getting locked out of production - which is a good thing. As a developer responsible for a CA I'm not going to rely on someone else to make a critical change to my app once it lands in production. Besides, the whole point of locking developers out of production in the first place is not about the *people* it's about the activity! You should not be making code changes in production *PERIOD*!


Posted by Craig Schumann At 06:07:48 PM On 10/23/2007 | - Website - |


Gravatar Image6 - I agree with most of what you say, and I encourage you to read our blog on topics and changes coming. However there are some things that are just point in time statements. As for the governance, this model is not so different than many other models coming out - like mashups. Declarative wiring is something that enables business users to do this stuff. I personally would never edit a live application on a server - which you could have done for years in Notes - and many newbies did paid the support price.

"if these are Notes apps, in order to get them to react when one of the other applications changes states, both applications have to interface with the Notes Property Broker."

In XPD 6.1.2 and Notes 8.0.1 you will not have to modify Eclipse components or Notes components to get things like basic selection or simple actions. Unfortunately I agree with you, this was a stretch goal for Notes 8.0 that simply did not make it in and I considered it one of the main features for reusing existing assets.

For deployment, it should be similar to the way you develop a Notes DB today. Do it on a dev server (or locally) and manually replicate the changes to production. This is of course assuming you are using replicas if not then yes the repid's in the XML make it challenging - which is a known issue and will be addressed.

Our doc, like always, is a problem. Dev is so pressed to get features out it seems doc always lags behind.

Posted by Bob Balfe At 08:02:30 AM On 10/25/2007 | - Website - |


Gravatar Image7 - Bob, thanks for jumping in!
Regarding the newbies, I almost every company we go into, people are doing some level of development in production. One of the whole reasons we started this blog is to educate readers about why that is such a bad thing. In fact one of my personal goals is to get every developer out of production Emoticon ! Unfortunately, CA's make my job harder...most people will take the shortcuts.

The CA stuff on the IBM blogs is covering some pretty advanced topics a lot of times. Not that many companies I have talked to have any eclipse components to use right away. I think most people are going to start out simple and play with things that they have lying around and are easy to understand and experiment with - this means a Notes app. Which is exactly how I started in on my CA.

As Rob said, I think the mashup concept has a long way to go before it's generally accepted that anyone is just going to rearrange the forecasting application. Should it be that one user can rearrange the application for everyone without any sort of controls in place? And if they shouldn't be doing that, we are back at the beginning with the challenge of developing composite apps in a dev environment that in many cases isn't even cross certified with prod.

I think I'm still missing something.... Emoticon

Posted by Craig Schumann At 08:14:15 AM On 10/26/2007 | - Website - |


Gravatar Image8 - No, your posting is right on. Actually most company's being introduced to this think having CAE enabled for anyone but developers and very techy business people is simply not going to happen. Which, if I was still working at Key Corporation we would follow that mentality.

I also think there are many companies that have to invent a process from going between dev and production with all Lotus Notes applications. I don't think the Notes Design/Admin client do a good job in this space and there is room for improvement. Your comments about embedded views is the same problem now in CA XML with reference to rep id's. However, you can also have the server be null in the URL's and the rep id should find a replica so it may not be that bad for CA's.

Anyway, I love blogs like this because it gives focus where its due and that is the enterprise readiness of technologies. And you obviously did your homework to come up with these evaluations.

Posted by Bob Balfe At 10:41:43 AM On 10/26/2007 | - Website - |


Gravatar Image9 - BTW, here's a blog entry that talks about the ability to use @Formulas to compute notes :// URL paths for Composite Apps in 8.0.1:

{ Link }

Posted by Julian Robichaux At 09:31:59 AM On 11/05/2007 | - Website - |


Post A Comment

:-D:-o:-p:-x:-(:-):-\:angry::cool::cry::emb::grin::huh::laugh::lips::rolleyes:;-)