Sitecore testing licenses - sitecore

I currently work for a company that uses allot of Sitecore servers and has many dev seats across Europe.
A problem that I have run into is that we desperately need a testing environment for Smoke Testing, Automation Tests and other Manual pre QA deployment.
The internal department that deals with licenses says that kind of environment is classed a a full server and requires the full license fee (which has allot of zeros!!)
Because its an enterprise business we are now in a catch 22 situation. I have heard that spinning up a new VM on the machine I am developing on is allowed on a developers license / and I can reusue my developer license on any machine as long as i am the only person that uses it.
So, if our tester sets up his own test machine that only he uses, its covered by his developer license? That thing will be rebuilt several times a week and never have anybody else connect to it really, maybe other developers. (license overlapping?)
Anybody have any similar issues or solution? I need to provide formal proof if I have any chance of pushing this forward. (I contacted sitecore also but it may take a while for them to come back, Just looking too see if anybody else may help in the mean time)

I have experienced this same scenario with several clients who did not purchase licenses for their test servers but are now wondering if their developer seats can cover this. I have always recommended that a separate server license be procured and not to attempt to use the developer seat.
You state that you need a 'formal' proof. That can only be obtained from your Sitecore sales rep. They are usually very quick to respond to clarify licensing questions on what your particular licensing agreement covers for your organization.
If you are working with an implementation partner, they may also be able to help you understand your licensing, but in most cases they would still need to confirm with your Sitecore sales rep.

Sitecore 8+ licensing structure has changed and will allow you to create multiples of Virtual Machines using a single license. This can be leveraged for test systems, load balancing, pre-production or quality assurance uses.
IMHO: The only reason they did this was to probably get onto the
"cloud" marketing train and realised their 1990's extremely restrictive licensing terms
needed to be overhauled as it prevented them selves from using their
own software in virtual machines.
So prior to Sitecore 8, No. You have to have a full license for each machine and each machine.
Basically extremely restrictive licensing that cost a fortune, as that is the Sitecore business model.

Related

Is there a free (non-trial) version of Memurai available?

I'm just evaluating databases for one of our products and found RedisDb. Unfortunately this does not seem to be supported for windows and the current best option seems to be Memurai.
On their webpage I see that you can download a free 10 days evaluation version.
Is there a free version available like for other dbs (e.g. mongodb) or does someone now how much they charge for using this in an commercial product?
Memurai Developer is free to download and it is intended for explorations and development only, it is not intended for production use. After 10 days it will stop, however, a simple restart will make it run for another 10 days. There are no time-bombs, or restrictions on how many times Memurai Developer can be restarted.
Memurai Enterprise is designed for production use; the pricing is dependent on the use-cases. For more details please contact the Memurai team https://www.memurai.com/contact

proving application is secure

This isn't really a technical question, but say you've developed an app for commercial use. If you get questions pertaining to the security of your app from a person who isn't necessarily technically well-versed, saying that you've taken standard security measures like encryption of passwords, protection of routes, secure database connection etc. won't have much meaning to people who don't understand what these terms mean. With that in mind, is there any way to show/prove more generally that your app is secure e.g. is there a certification from AWS for example, that will show clients that your app can be trusted?
For a security aware client, to gain assurance that your software is reasonably secure, you should be able to present the secure development lifecycle that was in place during development and resulted in secure software. Because that is really the only way to gain that assurance.
A secure sdlc includes elements like developer security awareness/education to know about and be able to avoid security issues. It includes feature reviews, security architecture and code reviews during development, static scanning (sast), dynamic scanning (dast), or more recently iast, it also includes penetration testing, and in case of SaaS, also secure operations, configuration management, log management, devsecops.
You simply cannot get this level of assurance afterwards.
You can have some elements of it though.You can run a static scan, you can buy a penetration test, you can show how you deal with security issues and so on. In many cases, that's actually good enough, but be aware that really secure software is not only this.

What is the difference between 'SAS' and 'Salesforce'

I would be starting ft in one company, where i was been told that the application is developed using 'Sas' and 'salesforce'. What is the difference between two?
And which are recommended online resource which I can use to learn more about it.
SAS is software for statistical analysis. If your company/job description doesn't look like working with large sets of data & complex reporting that's probably not it.
They probably mean SaaS (Software as a Service) model, also known as "the cloud", cloud computing etc. You write the program (or use / modify existing one) but you don't buy servers, worry about network connection, electricity costs, load balancing (spikes in traffic will not cause your website to go down). Many apps operate in this model. Microsoft's Azure cloud (or even online wersions of MS Office). There's Siebel Oracle on Demand CRM, Microsoft Dynamics, SAP I think also has SaaS offering...
It's a big topic, I'm simplifying a lot here. And then there are Platform as a Service things too (PaaS) where they give you "just" the hosting etc but no base application to build on top of. You write everything you need from scratch and upload it. Think Heroku or Amazon Web Services (AWS).
Salesforce is "just" one more SaaS application. You start with base application & database, similar to all other clients in the world. You can install plugins to it (some free, some paid), configure it yourself, write custom code if your functionality is too complex... You can do a lot with just clicks & drag & drop but if you need to code stuff then JavaScript (for client-side) and Apex (for server-side) will be your friend. Apex is bit similar to Java.
Where to start... Trailhead is good source of self-paced trainings. You can sign up for a free Salesforce Developer Edition (has almost all features as the paid one but limited storage space), try to pass some courses... Or in SF help&training there should be tons of videos (actually in that link whole left menu "getting started with salesforce" might be good).

Sitecore environments

Our organization's website is moving to Sitecore CMS but we are struggling with setting up the environments for Developers (4), Designers (4), QA persons (3), Authors (10-15) and Approvers (4-10) in a way where they can work independently, I know that there will be dependencies but idea is to minimize it.
Here are couple of rules:
1) Whoever is responsible for the change then they should do it everything until and unless there is any dependency.
2) If one team is working on one feature then it shouldn't stop or effect other team's work. For example, if QA is testing the feature then Derringers and Developers should continue their work on the same feature for new enhancements.
Questions related to environments:
1) Where the Designers will work? I mean where they will add their html, js and images? On which server? In Sitecore? In Source Control (TFS)?
2) How the Designers and Developers should work together? I know developers will work on their local machine's in Sitecore. And will promote their work to Integration server but How they will get the Designers stuff? Let suppose the feature has gone into production successfully now only Graphics Design changes are required, let say font styles and some images then where Designers should make these changes? On which Server? And after that how that Sitecore instance will sync with other Sitecore instances. And for design changes I do not want developers for promoting any code or file.
3) What is the safest way to sync the Sitecore environment/databases? Means whatever has been published into production website, we will need back in DEV, QA and UAT environments.
We do not want to do any manual promotion of code, html, js and image files. Is there any way to do these kind of things automatically via tool or Sitecore commands. Personally I do not like the Sitecore packages.
4) Do you know any good reference? Where I can find answers of similar questions? Any website, book, blog?
I know one document "Understanding Sitecore Deployments 6.2" but designers part and how the different environments will be synchronized are not discussed over there.
Thanks.
There’s no need for your designers to have access to Sitecore to build static markup/js/css/images but for that to be incorporated into Sitecore you will need someone to integrate it by adding sublayouts or renderings which have the markup and reference the css/js/images. If you have separated your designers and developers it is normally helpful to explain to them that you are using a asp.net web forms environment as there are special considerations to bear in mind around that (e.g. control IDs and form usage). Having them share source control with your developers is a massive advantage as it limits the amount of rework that may need to be done if both are working in tangent and making separate updates.
It's worth conceptualising the difference between static and dynamic content. If you need to make a "design change" which involves updating markup/css/js then you will need to push that change through your software development lifecycle in just the same way as developers do. In fact, it would be best for the developers to do that. If you need to make a change which is more "dynamic" in nature and has been developed for - e.g. updating text, links, images, even css in some cases through using Rich Text Editor fields you could of course have designers do it. They would be "editors" like anyone using a CMS. How much involvement they have in the editorial process is very much up to how far you stretch the "content based" paradigm. If you wanted, you could have all your pages just expose a rich text editor field but that would be extremely bad practice from Sitecore's perspective.
Check out a product called Team Development for Sitecore from Hedgehog Development.
There are many RSS feeds by leading sitecore developers such as John West, Alex Shyba e.t.c. There are also lots of reading lists out there.
This illustration shows a way to organize your environments avoiding overlaps and blockings. Answering your questions:
1 and 2) Both Devs and Designers works at their local machines, using local Sitecore instances. They use TFS as the Source Control system so they can mutually integrate their work. Usually Designers works more in CSS, Javascrips, Images, Sublayouts (markups) and Developers at the code itself. We have a Continuous Integration server in place (Ex: TeamCity) deploying changes to 3 different environments - CI Server (for build healthcheck), QA Server (For QA) and Prod Server (for content edition and public access). When, for instance, a designer has to fix a layout issue, he will do that at his local machine, then commit changes to TFS. Next step, TeamCity will deploy changes to the CI server, if the build is Ok the QA person can trigger a build and test the fixes. If everything is working as expected, someone can trigger the build to the production server, and the fix goes live.
You have this another diagram showing details on how you can setup your Production server to separate Content Authoring and Content Delivery - Here is a search I found several blog posts on setting this up: sitecore content authoring delivery
3) You need TDS (Team Development for Sitecore) - Use this tool to serialize/deserialize items from one Sitecore instance to another. Then you can have the serialized files to TFS and share across the team and environments. The good thing is you can use TeamCity to automatically push items to CI/QA/Prod environments;
4) The main source for info on Sitecore is their SDN - You can register free (or have an extended account if you have a sitecore license)

SOA / ESB Dilemma

Sorry for the very involved question, but this is something I've been researching for a while now and it is really frustrating me. I feel like in today's age we have a million and one ways to implement services tat are cross-platform (SOAP) and easy to build (thanks to .NET, java, and other frameworks). However, these technologies have been in the community for 5-10 years, but we are (or at least I am) constantly plagued with the same issues:
Identification (Tracking services) - UDDI; e.g., had to remind a co-worker the 3 times this month where a service is at, despite the fact there is a wiki that discusses the service and a PDF version of the same documentation that lives in a repository where we keep our service docs.
Scalability - Out of the box clustering; As organizations, we spend a lot of money on paying our admins just to watch the utilization of our services and make decisions like, does this service need more RAM, more CPU, more interfaces? How do I load balance this?
Monitoring - error logging, etc; I can't count how many times I have to set up tracing on services in order to see why a bug is happening that only seems to affect one customer, or have to code logic into the service to serialize exceptions, log exceptions to dbs, fail gracefully, etc.
Deployment - easy to deploy; none of this deploying DLLs to 5 load balanced servers
Each one of these problems requires some type of custom solution implemented by the organization. Documentation and UDDIs for #1. Virtualization and load balancing hardware / software for #2. Tracing, writing exceptions to databases / logs, etc for #3. Custom deployment software for #4. I work for a mid-sized organization. I can't even imagine how a company the size of Sun, Google, or Microsoft would tackle these dilemmas.
Maybe my vision is unrealistic, but I dream of having a Framework per se that lives on top of a server cluster that manages all of the above. I was ecstatic to read about Microsoft's AppFabric since it really seems to extend some of the functionality of BizTalk to WCF service implementors: Caching, Hosting, Monitoring, etc. However, from what I've seen, I still don't feel it lives up to my dream for an all-in-one solution that assists the developer and organization in writing services that are scaled across clusters easily, deployed into the cluster easily, and identifiable, possibly even version-able.
So, I don't mean this post to be about my dream. I do actually have a question. For starters, is my dream / want completely unrealistic? Furthermore, what solutions are there available that attempt to solve these problems without confining us to a new and more proprietary way (BizTalk) of developing services? An lastly, in concern to a complete SOA / ESB solution, where do we see the most potential in the market right now or in the future?
I think that you are talking about different kinds of problems here.
1). Developers who don't read documentation. This is an endemic problem, not limited to SOA - just look at some questions on StackOverflow. At least the developer is asking you whether there is a service, rather then just duplicating logic in their own code. I don't see any technical solution to these kinds of problems, you've already provided good registries and documentation, but some developers prefer to talk to people. Maybe, even, this is actually a good thing - human interaction has value above the technical content of the interaction. Or maybe, you're too nice: "No, I won't answer that question, look it up."
2). Scaling. There are technologies addressing this issue. (Disclaimer I work for IBM, who sell some, so I'll reference these - I'm not intending to imply that IBM are the only vendor with solutions in this space.) There are products such as this that can provision a new machine, install a software stack and add it to a cluster to address workload changes. Then at a finer grained level of control in the Java EE world the Application Server can dynamically shape traffic and adjust clusters. See WebSphere Virtual Enterprise
3). Monitoring. I don't "get" what you expect here. In all likelyhood such tricky bugs will require application level trace. For some problems such as finding memory leaks and performance bottlenecks there are very good tools, at least in the Java EE world.
4). I can't speak to the .Net world, but I'd say that Java EE app servers do a reasonable job of deploying the apps across clusters smoothly, and in the cases where we use JNI and need DLLs deploying then we can use products such as the Tivoli stack I mention to manage this.
So, in summary, I do think that vendors are trying to address these issues. And I don't think your life would be simpler without SOA. Imagine instead the same problems applied to myriad separate, independent applications.
Here's my two cents.
I've been a developer at a company that used SOA incorrectly. The worst solution they implemented was field level validation of form elements on a desktop app using SOA. To perform acceptably these require very low latency. A 2-4 second wait to change to a new field gets old fast. The service ran over the network on a biztalk server. Everyone hated it.
If you're going to do this you really need to spend a lot of time dealing with network latency, service failure, timing, and timeout issues.
Don't get carried away and think SOA is the solution to every problem. Used at a high level it's great, used at a low level it makes your applications fragile, slow, and impossible to debug.
If you talk to IBM or one of the big SOA vendors, they got a products that cover each scenario.
Identification (Tracking services) - UDDI; e.g., had to remind a co-worker the 3 times this month where a service is at, despite the fact there is a wiki that discusses the service and a PDF version of the same documentation that lives in a repository where we keep our service docs.
Registry and Repository server. Nice thing is that it does governance (promotion, demotion, versioning, approval) and your ESB typically does a "lookup" for the latest and greatest against the register server.
Scalability - Out of the box clustering; As organizations, we spend a lot of money on paying our admins just to watch the utilization of our services and make decisions like, does this service need more RAM, more CPU, more interfaces? How do I load balance this?
Transaction monitoring software like IBM Tivoli Composite Application Manager for SOA. Basically, it tracks things from a horizontal point of view and to see if there is a service disruption from a end user/end app point of view.
As far as your clustering.... you have to pick good middleware and architecture. Personally speaking, get stuff that is "cloud" ready. App Servers with NoSQL connected by MOM.
Monitoring - error logging, etc; I can't count how many times I have to set up tracing on services in order to see why a bug is happening that only seems to affect one customer, or have to code logic into the service to serialize exceptions, log exceptions to dbs, fail gracefully, etc.
Enterprise standards for your developers and for your vendors. Integration of all business and system events into a single dashboard. (Most companies spilt them). This is done already at most enterprise shops.
Deployment - easy to deploy; none of this deploying DLLs to 5 load balanced servers
Ahh.. Microsoft IIS Web Deployment Tool 2.0. You can sync 100s of MS servers by just updating the master. It's really easy.