4.0 and 4.5.1 on IIS6 ( Windows Server 2003)

Two points to note:

.NET 4.0/4.5.1 runtime applications ARE supported on IIS 6.0 (Windows Server 2003) .

.NET 4.0 appears as an extension in IIS 6.  You do need to ENABLE this extension. The Web Service Extensions node (right below the Web Sites Node) lets you view and change the extensions that are allowed or prohibited. Simply “allow” .NET 4 and your .NET 4.0/4.5.1 applications should work fine.

Tfs Server (2012 and above) installation and Configuration gotchas

Tfs requires SQL Server to be installed – and of late, it more or less mandates SQL Server Reporting Services be installled as well. I learnt this the  hard way by leaving out the SRSS components during SQL Server install – and then suffering the consequences whilst installing TFS Server.

Headaches in installing and configuring SQL Server 2012 (and above) and SQL Server Reporting Services

  1. .net 3.5 – For the Basic Management Tools (SQL Server Management Studio), we still need .net 3.5 redistributable. Typically, you would not have this installed on a windows 7 machine (the world having evolved to .net 4.5.1 by now). However, you CAN go into the Add/Remove Windows Features – and install the 3.5 framework. It is a good idea to do this BEFORE you begin installing SQL Server – it will save you tons of time.
  2. Full Text Search – needs to be installed (this is UNCHECKED by default, so you will need to check it).
  3. TFS needs SRSS – and SRSS needs a bunch of stuff pre-configured. SRSS needs a reporting server database to be created. It will NOT create this during INSTALLATION, so you have to finish installation – and create a NEW ONE from the REPORTING SERVICES CONFIGURATION MANAGER (a separate piece of software that is installed along with SRSS).

Adding appropriate endpoints (opening TFS server port)

If you are installing on a VM (in Azure for example), you will need to open port 8080 (Add endpoint for 8080 in azure)

Accessing the TFS Server Web Interface

  • Localhost:8080/tfs/  –> from local box
  • full domain name :8080/tfs  –> from external box

Adding Projects to TFS – Using the newly installed TFS Server

Adding a new project has to be done from Visual Studio. From Visual Studio, File –> New –> Team Project and provide the URL of the tfs server shown above.

Sql versus NoSQL

This is a set of evolving thoughts and discoveries about NoSQL – when to use it – when not to…

  At a high level , the table shows the NoSQL analagous concepts to familiar SQL terms. 

Relational Model (SQL) NoSQL model ( e.g. Mongo DB )
database database
table collection
row document or BSON document
column field
index index
table joins embedded documents and linking
primary key
Specify any unique column or column combination as primary key.
primary key
In Mongo DB, the primary key is automatically set to the _id field.
aggregation (e.g. group by) aggregation framework
See the SQL to Aggregation Framework Mapping Chart.

Overview – Mainly around why we DESIGNED RELATIONAL databases in the first place

Relational databases helped eliminate data duplication (and errors related to duplication of data – for e.g. – having to update the SAME data in multiple places).  As it happens, NoSQL in fact does not overcome this shortcoming – and in fact, if your app queries consist of lots of updates, NoSQL is not as efficient a solution as relational (and will be as error prone as flat files were prior to relational dbs).

However, if your app queries are primarily READS – then going through a set of RELATIONSHIPS to read a single record of user data – is a lot of overhead. And NoSQL wins hands down – by storing all the relevant data in ONE record.

E.g. – Author Information and Book Information – In SQL you would separate these into different tables – and provide a RELATIONSHIP between the two – so that any updates to Author Info – only needs to happen in a single place – and will automatically be reflected in any BOOK query and AUTHOR query as well.

In No SQL, if the Author’s name changes, then the info will need to be updated in the AuthorInfo and the BookInfo NoSQL records (since they both contain the author name). Multiple places to update data – more error prone (there are a few patterns to work around this – but the basic issue remains).

Foreign Keys

In NoSQL , you can define relationships (it is hard to do anything meaningful with data without defining relationships). Relationships are of two types – GUID based – and Parent Child based. Say – you want to associate UserComments with a User. You would define Comments as a child of User – and it would be a Parent-Child relationship. Now, you could run queries (searches is more appropriate, since QUERY applies more to the relational model) against this parent child COLLECTION of objects.


Both models rely on indices.

Summary – When to Use Relational , When to Use NoSQL – Tradeoff

The important thing to understand, is how to perform efficient queries and to understand the referential integrity tradeoff that is made when we de-normalize to achieve high performance applications. Always consider the application query patterns when designing the data model.

Proxy versus Reverse Proxy, Firewall versus Reverse Proxy

What is the difference between a proxy (forward proxy) and a reverse proxy ? What is the difference between a proxy and a firewall? This post attempt to highlight the differences.

Reverse Proxy

If you understand a web-server, you understand a REVERSE proxy server. It is JUST A WEB SERVER. With a few additional capabilities – such as URL forwarding. In other words, you can use IIS (or apache or your favorite WEB SERVER) as a REVERSE proxy server.  Why would you need this additional web server – when your existing web server already performs most of the relevant tasks (authentication etc.)?

There are several scenarios. For e.g. – if you wanted to conditionally send all SECURE requests (https) to another server.  You would need a RULE that looked something like this (in IIS ):

                <clear />
                <rule name="Redirect to https" stopProcessing="true">
                    <match url="(.*)" />
                        <add input="{HTTPS}" pattern="off" ignoreCase="true" />
                    <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" appendQueryString="false" />


Other uses of Reverse Proxies

Since reverse proxies are full blown web servers, you CAN perform full blown authentication on incoming client requests. For e.g. – you want to add an additional stage of authentication (say an Open Identity Auth using Google or facebook) – and you want to perform this step BEFORE your web server gets to process the request. A reverse proxy is ideally suited to perform this task.

The key use case scenario here is that you want to do some web server specific task WITHOUT TOUCHING or MODIFYING your existing web server or application – and without letting clients know the proxy exists. Enter Reverse Proxy.

How does Reverse Proxy keep it’s identity UNKNOWN (you do not want anyone to know that a reverse proxy exists)?

The client sends the request directly to the origin server. When the proxy server is in reverse proxy mode, it intercepts the request before it reaches the origin server.

Typically, this is done by setting up the DNS entry for the origin server (i.e., the origin server’s advertised hostname) so it resolves to the Proxy Server IP address.

Proxy (Forward Proxy)

Forward proxies are in fact, not very different from REVERSE proxies – with one key difference.  A forward proxy works to SERVICE a client browser directly (typically a GROUP of client machines, on an internal network). The client user typically is AWARE of the FORWARD proxy (in fact, has to typically CONFIGURE it in his/her client browser, typically you configure this in IE—>Internet Settings—>Connections—>LAN Settings). This DIRECT SERVICE of a CLIENT Browser involves blocking a client browser request – (e.g. if a company employee browser is trying to access ) – or it can block the client I.P. altogether (e.g. if the client machine is trying to hack into a server).


In all other respects, A Forward proxy is very similar to a REVERSE proxy – it is a full blown WEB SERVER – it can control the incoming requests – and it can perform authentication etc.


The key difference lies in the use cases – it typically works to BLOCK access for a client machine (or a group of client  machines). In contrast, a REVERSE proxy works on behalf of the web server – and is completely INVISIBLE to the client machines. Client machines do not even KNOW that they are accessing a reverse proxy –as far as they are concerned, they are accessing the WEB SERVER.

Firewalls – Network Firewalls versus Application Firewalls

Firewalls can exist as software packages that run on your computer or as hardware firewalls in network routers. Unlike proxy servers, firewalls are designed more as traffic controllers than as re-routers.

Using BOTH as part of your SECURITY solution

  1. Use a PROXY server to control who or what connects to your NETWORK.
  2. Use firewalls on local computers to control what gets ONTO each computer.

WordPress – multiple wordpress user groups with their own Sandboxes ( multiple private blogs within a wordpress installation )

Here is a simple use case : You are building a community of users to do collaborative document editing (i.e. create word, excel documents collaboratively – multiple authors can edit – comment etc.). In addition, there may be MULTIPLE such communities – e.g. DEVELOPER community building its own documents, EXECUTIVE committee working on its own documents – and you do NOT want any visibility across communities (i.e. DEVELOPERS cannot see EXECUTIVE documents  and vice-versa).

Here is the solution I came up with.

  1. Define a CATEGORY to represent each GROUP – e.g. DEVELOPER Category, EXECUTIVE Category. The categories will serve as the Sandboxes for each GROUP of users. No group will be able to access a CATEGORY that is not associated with its own GROUP (see below).
  2. Now, if we set up our groups correctly, we can ensure that only the DEVELOPER GROUP has access to the DEVELOPER CATEGORY. This is done easily enough using a plugin called User Access Manager. Not only does it let you define custom groups (and add users to those groups), it lets you control the CATEGORY visibility for the defined groups.
  3. NOTE: When you create the NEW group – by default – leave out any ROLE AFFILIATION – i.e. the group should not have a pre-existing association with SUBSCRIBERS or EDITORS or any ROLE whatsoever. If you fail to do this – say you end up with a SUBSCRIBER ROLE that is affiliated with a group. Then, ANY user who is a subscriber, regardless of what group they are in, will be able to see posts from other groups (something we want to avoid).
  4. That’s it – now, any post/page created by a user in group A will be invisible to a user in group B. Each GROUP has its own WORDPRESS environment – so to speak.
  5. Admin Roles – What if you wanted to have an AdMIN user – PER GROUP (sort of like a group admin)? Unfortunately, the UAM plugin does not allow that – the only admin allowed is the top level wordpress admin – who has access to ALL the groups. The solution is to create a new ROLE called GROUPADMIN – and GRANT all GROUP specific privileges to this GROUPADMIN role.

Themes that work for such MULTI – GROUP sites

You want to provide a minimalist theme  – that does not take up too much real estate. Here is a list of such themes – one of my favorites is Hellish Simplicity.

APPENDIX A – Glossary

Roles – WordPress has FIVE pre-defined roles – Administrator, Editor, Author, Contributor and Subscriber (see below for details on what each role can do). Each role is allowed to perform a set of tasks called Capabilities.

Creating Groups  – Going beyond default USERS –To create custom roles, use a plugin called  User Access Manager . Allows you to Create custom user groups – and assign capabilities (read, write etc.) to these groups as a whole.


Capabilities – There are many capabilities including “publish_posts”, “moderate_comments”, and “edit_users”.  A set of default capabilities is assigned to each role. To change the default set of a role’s capabilities, use a plugin called User Role Editor (see screenshot below) :

Going beyond default Capabilities – Use Editorial Access Manager plugin to define one-off capabilities – e.g. allow a Contributor to edit SOME posts (but not all). So Contributor becomes an editor for certain posts.

Approval Workflow – There are several workflow specific plugins – use this guide to determine what is best for your use cases.

APPENDIX B – Default Roles built into WordPress

Contributors can:

  • Write/edit their own posts
  • Delete their own unpublished posts

Authors can do everything contributors can, and:

  • Edit their own published posts
  • Delete their own published posts
  • Upload media (pictures, etc.)
  • Publish posts

Editors can do everything authors can, and:

  • Manage categories
  • Moderate comments
  • Manage links
  • Edit, publish, and delete other users’ posts
  • Create, Edit, and publish pages
  • Read all private posts/pages

Administrators have full control over the blog, including:

  • Edit anything
  • Update WordPress
  • Install plugins and themes
  • Configure widgets and plugins
  • Create and manage users
  • Perform other administrative tasks

Subscribers  can simply read the content on the blog

TFS 2012–Features, Typical Enterprise Architecture and Cloud Hosting

TFS 2012 has a lot of new features to offer.  Adding project management features to make it a one-stop solution for larger projects, it now offers Agile and Scrum templates. Git support makes it easy to access git repositories without leaving Visual Studio.

  1. Agile Planning  and Agile Collaboration – Templates for Scrum and Agile development. Create backlogs, work items etc.
  2. GIT Integration – Distributed version control is also built into the product for Git repositories (TFS itself is more of a  Centralized source and version control system).
  3. Reporting Features – Advanced reporting features (based on SSRS reporting). Report generation using the TFS Web Server.
  4. Web based test case management

Typical Architecture

Typically, you would want to separate these three TFS components.

  1. A TFS SQL Server database serves as the repository (ideally, you want a backup solution for this server).  Requires port 1433. SSRS needs to be installed to enable web based reporting.
  2. A TFS Web Server – used for web access to everything in TFS – including backlogs, workitems , test cases, reports etc.  Requires ports 80 and 8080.
  3. A Build Server (optionally on a separate server, but can combine, if you run builds only occasionally )

Hosting the TFS Architecture in the Cloud

The diagram illustrates a typical TFS architecture for the enterprise. However, this architecture can be hosted in the cloud (AWS or Azure) fairly inexpensively (use the Azure calculator or the AWS calculator to price the instances in this diagram).


Migrating TSQL to PLSQL or vice versa


Apart from syntax differences, there are a host of logical differences – For e.g. TSQL procedures that use temp tables or locks have no counterpart in Oracle – there are dozens of such ‘logical’ differences.


SQL Server (TSQL) has no concept of Bitmap indexes, IOT, Table Clusters, Single Table hash clusters, non unique indexes enforcing unique constraints – any of these in use in a PLSQL stored procedure, will not have a counterpart in SQL Server.