I'm a developer for a government ministry (I'll let you guys figure out the
rest). The IT "powers-that-be" have stipulated that all software development
be performed on a separate network that in no way connects to the "main"
network - ever. IT's blanket reason is "network security". These separate
networks cost a lot of money - a second database server, app server and a
couple of development machines, they are unpatchable (can't connect to the
web to get updates), you've got to burn a cd everytime you bring out a new
version, and burn a DVD to move big database updates back and forth. OK,
enough griping!
Would any of you be able to point me at some resources dealing with software
development strategies, or even personal examples of how they do it where
you work? I need to come up with a strategy for my department.
Thanks in advance,
Tim Gallivan
I know I'm a great teacher because when I give a lesson, the person never
comes back.
10  1246 
We use a 4-tier development system for our enterprise software. We have a
production server, a quality insurance server (for final testing), a
development server and a sandbox server. Each of the last three are 'clones'
of the production server that are refreshed periodically.
My advice would be to follow something similar. If you are maintaining your
dev servers seperately, and patching them seperately, that will weaken their
ability to be good 'test' servers for production, since you can't guarantee
that they are the environments are the same.
-James
"Tim Gallivan" wrote: I'm a developer for a government ministry (I'll let you guys figure out the
rest). The IT "powers-that-be" have stipulated that all software development
be performed on a separate network that in no way connects to the "main"
network - ever. IT's blanket reason is "network security". These separate
networks cost a lot of money - a second database server, app server and a
couple of development machines, they are unpatchable (can't connect to the
web to get updates), you've got to burn a cd everytime you bring out a new
version, and burn a DVD to move big database updates back and forth. OK,
enough griping!
Would any of you be able to point me at some resources dealing with software
development strategies, or even personal examples of how they do it where
you work? I need to come up with a strategy for my department.
Thanks in advance,
Tim Gallivan
I know I'm a great teacher because when I give a lesson, the person never
comes back.
Thanks, James.
I'm assuming your four servers are on the same network. And what exactly is
a sandbox server?
"James Divine" <Ja*********@discussions.microsoft.com> wrote in message
news:B6**********************************@microsof t.com...
We use a 4-tier development system for our enterprise software. We have a
production server, a quality insurance server (for final testing), a
development server and a sandbox server. Each of the last three are
'clones' of the production server that are refreshed periodically.
My advice would be to follow something similar. If you are maintaining
your dev servers seperately, and patching them seperately, that will weaken
their ability to be good 'test' servers for production, since you can't
guarantee that they are the environments are the same.
-James
"Tim Gallivan" wrote:
I'm a developer for a government ministry (I'll let you guys figure out
the rest). The IT "powers-that-be" have stipulated that all software
development be performed on a separate network that in no way connects to the "main"
network - ever. IT's blanket reason is "network security". These
separate networks cost a lot of money - a second database server, app server and
a couple of development machines, they are unpatchable (can't connect to
the web to get updates), you've got to burn a cd everytime you bring out a
new version, and burn a DVD to move big database updates back and forth. OK,
enough griping!
Would any of you be able to point me at some resources dealing with
software development strategies, or even personal examples of how they do it
where you work? I need to come up with a strategy for my department.
Thanks in advance,
Tim Gallivan
I know I'm a great teacher because when I give a lesson, the person
never comes back.
First off, there is no reason why the development network shouldn't connect
to the web.
It doesn't have to connect to the main network in order to connect to the
web.
Secondly, if you are using a Microsoft network (and I assume you are,
considering that you posted here :-),
then suggest to IT that they can set up the dev network so that the main
network does not trust it.
Then, code developed on the dev network cannot access resources on the main
network.
A firewall can prevent most TCP ports from passing through. Nice thing
about a firewall: you can set it up so that connections that originate in
the main network can get a response from the dev network. You can then use
terminal server from your desktop to drive the server, install software, do
other work...while the dev server cannot host code that can access the main
network. Firewalls are not very expensive, either.
The "Network Security stick" has swung too far in your organization, my
friend. There are better ways to secure the network than to simply assume
that developers cannot be trusted.
--- Nick
"Tim Gallivan" <no**********************@edu.gov.on.ca> wrote in message
news:Or**************@TK2MSFTNGP10.phx.gbl... I'm a developer for a government ministry (I'll let you guys figure out
the rest). The IT "powers-that-be" have stipulated that all software
development be performed on a separate network that in no way connects to the "main"
network - ever. IT's blanket reason is "network security". These separate
networks cost a lot of money - a second database server, app server and a
couple of development machines, they are unpatchable (can't connect to the
web to get updates), you've got to burn a cd everytime you bring out a new
version, and burn a DVD to move big database updates back and forth. OK,
enough griping!
Would any of you be able to point me at some resources dealing with
software development strategies, or even personal examples of how they do it where
you work? I need to come up with a strategy for my department.
Thanks in advance,
Tim Gallivan
I know I'm a great teacher because when I give a lesson, the person never
comes back.
Tim,
All of our systems are on the same network, but there really is no reason
that they would have to be. If you were using something like Symantec Ghost
to clone your machines, you could simply create a carbon copy of your
production server (off network) and then modify the network settings to fit
your test environment.
our sandbox is used to play around and test things that have a high
potential of blowing something up. It'sa nice lucury, but not critical.
I understand the theory of 'protection by isolation', keeping your dev
environment offline, but there are practical ways of ensuring securty while
still allowing limited network and internet access. However, since you're
working for a governmental agency, I'm sure security is a very high concern.
-James
"Tim Gallivan" wrote: Thanks, James.
I'm assuming your four servers are on the same network. And what exactly is
a sandbox server?
"James Divine" <Ja*********@discussions.microsoft.com> wrote in message
news:B6**********************************@microsof t.com...
We use a 4-tier development system for our enterprise software. We have a
production server, a quality insurance server (for final testing), a
development server and a sandbox server. Each of the last three are
'clones' of the production server that are refreshed periodically.
My advice would be to follow something similar. If you are maintaining
your dev servers seperately, and patching them seperately, that will weaken
their ability to be good 'test' servers for production, since you can't
guarantee that they are the environments are the same.
-James
"Tim Gallivan" wrote:
I'm a developer for a government ministry (I'll let you guys figure out the rest). The IT "powers-that-be" have stipulated that all software development be performed on a separate network that in no way connects to the "main"
network - ever. IT's blanket reason is "network security". These separate networks cost a lot of money - a second database server, app server and a couple of development machines, they are unpatchable (can't connect to the web to get updates), you've got to burn a cd everytime you bring out a new version, and burn a DVD to move big database updates back and forth. OK,
enough griping!
Would any of you be able to point me at some resources dealing with software development strategies, or even personal examples of how they do it where you work? I need to come up with a strategy for my department.
Thanks in advance,
Tim Gallivan
I know I'm a great teacher because when I give a lesson, the person never comes back.
James,
Thanks again. A separate network is doable, but getting data on/off it
(remember it has to be physically separate) is a royal pain not to mention
expensive, and the developer can't easily look things up on the web.
Do your web developers develop locally (e.g. with IIS installed on their
workstation?)
"James Divine" <Ja*********@discussions.microsoft.com> wrote in message
news:15**********************************@microsof t.com...
Tim,
All of our systems are on the same network, but there really is no
reason that they would have to be. If you were using something like Symantec
Ghost to clone your machines, you could simply create a carbon copy of your
production server (off network) and then modify the network settings to
fit your test environment.
our sandbox is used to play around and test things that have a high
potential of blowing something up. It'sa nice lucury, but not critical.
I understand the theory of 'protection by isolation', keeping your dev
environment offline, but there are practical ways of ensuring securty
while still allowing limited network and internet access. However, since you're
working for a governmental agency, I'm sure security is a very high
concern.
-James
"Tim Gallivan" wrote:
Thanks, James.
I'm assuming your four servers are on the same network. And what exactly
is a sandbox server?
"James Divine" <Ja*********@discussions.microsoft.com> wrote in message
news:B6**********************************@microsof t.com...
We use a 4-tier development system for our enterprise software. We
have a production server, a quality insurance server (for final testing), a
development server and a sandbox server. Each of the last three are
'clones' of the production server that are refreshed periodically.
My advice would be to follow something similar. If you are
maintaining your dev servers seperately, and patching them seperately, that will weaken
their ability to be good 'test' servers for production, since you can't
guarantee that they are the environments are the same.
-James
"Tim Gallivan" wrote:
> I'm a developer for a government ministry (I'll let you guys figure
out the > rest). The IT "powers-that-be" have stipulated that all software
development > be performed on a separate network that in no way connects to the
"main" > network - ever. IT's blanket reason is "network security". These
separate > networks cost a lot of money - a second database server, app server
and a > couple of development machines, they are unpatchable (can't connect
to the > web to get updates), you've got to burn a cd everytime you bring out
a new > version, and burn a DVD to move big database updates back and forth.
OK, > enough griping!
>
> Would any of you be able to point me at some resources dealing with
software > development strategies, or even personal examples of how they do it
where > you work? I need to come up with a strategy for my department.
>
> Thanks in advance,
> Tim Gallivan
> I know I'm a great teacher because when I give a lesson, the person
never > comes back.
>
>
>
For getting data on and off of the networks, in your situation, I'd clone
to a cd/dvd and handle it that way.
We do develop on the same network as our production systems, and debug
locally for most of our stuff, but we do have some fairly strict testing and
sign-off requirements before something makes it to the production server.
"Tim Gallivan" wrote: James,
Thanks again. A separate network is doable, but getting data on/off it
(remember it has to be physically separate) is a royal pain not to mention
expensive, and the developer can't easily look things up on the web.
Do your web developers develop locally (e.g. with IIS installed on their
workstation?)
"James Divine" <Ja*********@discussions.microsoft.com> wrote in message
news:15**********************************@microsof t.com...
Tim,
All of our systems are on the same network, but there really is no
reason that they would have to be. If you were using something like Symantec
Ghost to clone your machines, you could simply create a carbon copy of your
production server (off network) and then modify the network settings to
fit your test environment.
our sandbox is used to play around and test things that have a high
potential of blowing something up. It'sa nice lucury, but not critical.
I understand the theory of 'protection by isolation', keeping your dev
environment offline, but there are practical ways of ensuring securty
while still allowing limited network and internet access. However, since you're
working for a governmental agency, I'm sure security is a very high
concern.
-James
"Tim Gallivan" wrote:
Thanks, James.
I'm assuming your four servers are on the same network. And what exactly is a sandbox server?
"James Divine" <Ja*********@discussions.microsoft.com> wrote in message
news:B6**********************************@microsof t.com...
>
>
> We use a 4-tier development system for our enterprise software. We have a > production server, a quality insurance server (for final testing), a
> development server and a sandbox server. Each of the last three are
'clones'
> of the production server that are refreshed periodically.
>
> My advice would be to follow something similar. If you are maintaining your
> dev servers seperately, and patching them seperately, that will weaken
their
> ability to be good 'test' servers for production, since you can't
guarantee
> that they are the environments are the same.
>
> -James
>
>
> "Tim Gallivan" wrote:
>
> > I'm a developer for a government ministry (I'll let you guys figure out the
> > rest). The IT "powers-that-be" have stipulated that all software
development
> > be performed on a separate network that in no way connects to the "main" > > network - ever. IT's blanket reason is "network security". These
separate
> > networks cost a lot of money - a second database server, app server and a
> > couple of development machines, they are unpatchable (can't connect to the
> > web to get updates), you've got to burn a cd everytime you bring out a new
> > version, and burn a DVD to move big database updates back and forth. OK, > > enough griping!
> >
> > Would any of you be able to point me at some resources dealing with
software
> > development strategies, or even personal examples of how they do it
where
> > you work? I need to come up with a strategy for my department.
> >
> > Thanks in advance,
> > Tim Gallivan
> > I know I'm a great teacher because when I give a lesson, the person
never
> > comes back.
> >
> >
> >
"Nick Malik" <ni*******@hotmail.nospam.com> wrote in message
news:O%x9d.328975$mD.263719@attbi_s02... It doesn't have to connect to the main network in order to connect to the
web.
But there may be practical considerations: To keep the networks
physically separate (as required by the OP), two separate internet gateway
machines, each with it's only internet connection.
--
Truth,
James Curran
Home: www.noveltheory.com Work: www.njtheater.com
Blog: www.honestillusion.com Day Job: www.partsearch.com
(note new day job!)
Hello James,
"James Curran" <Ja*********@mvps.org> wrote in message
news:%2****************@TK2MSFTNGP12.phx.gbl... "Nick Malik" <ni*******@hotmail.nospam.com> wrote in message
news:O%x9d.328975$mD.263719@attbi_s02... It doesn't have to connect to the main network in order to connect to
the web.
But there may be practical considerations: To keep the networks
physically separate (as required by the OP), two separate internet gateway
machines, each with it's only internet connection.
If you have a single ISP hookup (T3, I assume), you can put many IP address
ranges on that connection. A switch and two firewall machines will get you
to two networks, in total isolation. If you need proxy services, then you'd
need seperate proxy services. After that, there's no distinction
whatsoever.
VLANs can easily be configured on the same switches, so you don't need more
internal switches to keep the networks seperate. Routing tables can be
controlled using IPSec.
The practical consideration of having 10 developers and testers, each of
whom will spend the equivalent of 30 minutes per week in productivity loss
due to this configuration FAR outweighs the cost of the extra hardware.
To the OP:
The agency is right to be cautious about security. However, in Ontario,
there is a smart company called Sierra Systems Group. They have some
brilliant network engineers who can help the agency set up security without
compromising efficiency. They set up security at a number of provincial
agencies throughout Canada, and had a major hand in setting up the
healthcare EDI solutions used by the BC government. They are the largest
Canadian systems integration consulting company, and a former employer of
mine. I'd love it if you would give them a call and have someone come out
and discuss options for security with you.
You can also call Microsoft Consulting Services. No one knows how to secure
their products better than they do. Many of MCS's clients are far more
concerned about security than your agency is, and that says something. Think
Banks, Insurance companies, Healthcare organizations, etc.
I think you will find that you have more options than you think.
--- Nick
Personally I think that keeping the networks separate is a sound idea. that
way your production environment cannot be affected by the developers.
Ideally you should also have a separate test network that is a duplicate of
the production environment so that when you test the software you know that
its going to behave as it should in the production environment.
If the cost of the hardware is an issue then possibly using Vitual PC could
work. There are a number of companies offer software for this, a couple of
examples are MS Virtual PC/Server and VMWare.
What you really need is a sound Configuration Management policy. This will
allow all of the networks to kept in sync and manage any changes to the
networks and software. CM covers more that just having something like
SourceSafe to check the source code in and out. It applies to the software
you install on the computers and the patches that are applied. The way the
software is configured, which includes the operating system, networks etc,
all of the documentation that is relevant, the way bugs are raised, fixed
and released and new changes are requested by the users.
Paul.
"James Divine" <Ja*********@discussions.microsoft.com> wrote in message
news:B6**********************************@microsof t.com...
We use a 4-tier development system for our enterprise software. We have a
production server, a quality insurance server (for final testing), a
development server and a sandbox server. Each of the last three are
'clones' of the production server that are refreshed periodically.
My advice would be to follow something similar. If you are maintaining
your dev servers seperately, and patching them seperately, that will weaken
their ability to be good 'test' servers for production, since you can't
guarantee that they are the environments are the same.
-James
"Tim Gallivan" wrote:
I'm a developer for a government ministry (I'll let you guys figure out
the rest). The IT "powers-that-be" have stipulated that all software
development be performed on a separate network that in no way connects to the "main"
network - ever. IT's blanket reason is "network security". These
separate networks cost a lot of money - a second database server, app server and
a couple of development machines, they are unpatchable (can't connect to
the web to get updates), you've got to burn a cd everytime you bring out a
new version, and burn a DVD to move big database updates back and forth. OK,
enough griping!
Would any of you be able to point me at some resources dealing with
software development strategies, or even personal examples of how they do it
where you work? I need to come up with a strategy for my department.
Thanks in advance,
Tim Gallivan
I know I'm a great teacher because when I give a lesson, the person
never comes back.
To be honest, Paul, I agree with the idea of seperate hardware for dev,
test, and prod.
If anything, Virtual Server is even better for dev and maintenance because
you can keep around an entire machine setup that is particular to an
application without spending money and deskspace on a physical system.
My objection is not to having the hardware seperate. My objection is to the
unnecessarily strict interpretation that prevents packets from being routed
from one network to another, preventing data transfers, install packages,
and software updates to pass electronically...
That is silly and inefficient. Developers are not the enemy. If anything,
they are far more aware of security issues than non-technical employees.
--- Nick
"Paul O'Connell" <po*@globalnet.co.uk> wrote in message
news:f8********************@brightview.com... Personally I think that keeping the networks separate is a sound idea.
that way your production environment cannot be affected by the developers.
Ideally you should also have a separate test network that is a duplicate
of the production environment so that when you test the software you know
that its going to behave as it should in the production environment.
If the cost of the hardware is an issue then possibly using Vitual PC
could work. There are a number of companies offer software for this, a couple of
examples are MS Virtual PC/Server and VMWare.
What you really need is a sound Configuration Management policy. This will
allow all of the networks to kept in sync and manage any changes to the
networks and software. CM covers more that just having something like
SourceSafe to check the source code in and out. It applies to the software
you install on the computers and the patches that are applied. The way the
software is configured, which includes the operating system, networks etc,
all of the documentation that is relevant, the way bugs are raised, fixed
and released and new changes are requested by the users.
Paul.
"James Divine" <Ja*********@discussions.microsoft.com> wrote in message
news:B6**********************************@microsof t.com...
We use a 4-tier development system for our enterprise software. We have
a production server, a quality insurance server (for final testing), a
development server and a sandbox server. Each of the last three are 'clones' of the production server that are refreshed periodically.
My advice would be to follow something similar. If you are maintaining
your dev servers seperately, and patching them seperately, that will weaken
their ability to be good 'test' servers for production, since you can't
guarantee that they are the environments are the same.
-James
"Tim Gallivan" wrote:
I'm a developer for a government ministry (I'll let you guys figure
out the rest). The IT "powers-that-be" have stipulated that all software development be performed on a separate network that in no way connects to the
"main" network - ever. IT's blanket reason is "network security". These separate networks cost a lot of money - a second database server, app server
and a couple of development machines, they are unpatchable (can't connect to the web to get updates), you've got to burn a cd everytime you bring out a new version, and burn a DVD to move big database updates back and forth.
OK, enough griping!
Would any of you be able to point me at some resources dealing with
software development strategies, or even personal examples of how they do it where you work? I need to come up with a strategy for my department.
Thanks in advance,
Tim Gallivan
I know I'm a great teacher because when I give a lesson, the person never comes back.
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Adam Schroeder |
last post by:
I'm a computer science student looking for a little advice on network
programming using TCP/IP? I'm using Borland's 5.02 compiler, but I could
use Dev C++ if you advise that... is there any...
|
by: Henri Schomäcker |
last post by:
Hi folks,
I am developing a apache2 so module in c++.
At the moment, I'm trying to get it to compile with automake & friends, but
don't get it to work. I tried to modify the example in the...
|
by: Usman |
last post by:
Huy everyone ,
Well I am not a big C++ programmer , I am just a little
young kid on it tryint to learn . Actually I was given an
assignment last week by my teacher which I solved
...
|
by: Martin Marcher |
last post by:
Hi,
I've read several questions and often the answer was
'C knows nothing about .'
So if C knows that little as some people say, what are the benefits, I
mean do other languages know more...
|
by: jester.dev |
last post by:
I am learning c through an online tutorial currently. And I
am running Linux, but the tutorial does not deal specifically
with linux. I'm not sure if I am compiling correctly or not
because I get...
|
by: Steve |
last post by:
Hi, i know this is an old question (sorry)
but its a different problem, i need to write a binary file as follows
00000011
00000000
00000000
00000101
00000000
11111111
|
by: Marco Ippolito |
last post by:
Hi,
I am giving a seminar on C# interop and I would like to feature an original
sample class to stimulate some interest.
Does anybody want to write an open-source ConsoleApp || WinApp that,...
|
by: riversmithco |
last post by:
Hi all,
This is a tad off-topic but I want to get some profressional opinioins.
Does anyone have recommendations for a solid Content Management
System? Obviously, this is a huge topic by itself...
|
by: ash |
last post by:
i am writing this program (for exercise1-9 in k&r-2nd edition) which
removes extra spaces in string
example- "test string" will be "test string"
#include<stdio.h>
#include<string.h>...
|
by: Javier |
last post by:
Hello people,
I'm recoding a library that made a few months ago, and now that I'm
reading what I wrote I have some questions.
My program reads black and white images from a bitmap (BMP 24bpp...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
| | |
