TFS vNext at the Austin TFS Users Group

 This Friday I will be presenting on TFS vNext with fellow ALM Ranger and MVP Bob Hardister at the Austin TFS Users Group. We will be covering: 

  • Requirements elicitation and review: story boards and stakeholder feedback
  • Agile project management: support for teams and a completely reworked team web access
  • Cool developer features for local workspace, code review and check-in: Team Explorer replaced by "Team Navigator" 
  • New exploratory "Agile" testing features: less reliance on formal test cases

We will be doing a drill-down demo using the TFS VM from BUILD conference. To get this version go to Brian Keller’s blog for complete instructions.

See you there.

ALM Summit Trip Report

This week I am participating of the ALM Summit. We have a great attendance of a diverse audience, comprised of ALM leaders in several Fortune 500 companies, plus Microsoft ALM MVPs and ALM Rangers. All the presentations have been great in pointing to upcoming ALM trends. I will be summarizing my perception on those in a few posts as I do this trip report.

The first day theme was on “Agile Acceleration”. The day started with Ken Schwaber’s key note “ALM & Scrum - Necessary But Not Sufficient for Agility”. In this talked developed the following reasoning:

• Agility Is Necessary

• Empiricism and Transparency Are Necessary for Agility

• Scrum and ALM Are Necessary for Empiricism and Transparency

• But, That Is Not Sufficient For Agility

So what else is needed? His answer is that Agility requires organizational culture change, and therefore Agility requires an organizational change program.

That implies assessing the current state of Agile adoption, providing training to cover the gaps, and other incremental culture improvement steps. Finally, Ken said that “ALM Is As Good The Culture”, that is the same toolset can be in several different ways, and not always are all appropriate. The culture has to internalize Agile if ALM is to be used in an Agile way.

Brian Harry continued with a retrospective of Visual Studio evolution. We revisited the well known themes of VSTS 2005 and 2008, which in essence were to bring transparency through streamlined data capture across development activities. These versions set the standard for the competition to follow in integrating the development tools beyond the usual “after the fact” (or “after acquisition”) strategy of others: Team System was built integrated from the ground up, not just assembled from existing parts. Smoothing the communication between Developer and PMs was the main goal.

The theme for Visual Studio 2010 became to smooth the not always clear relationship between developers and testers, to break the silo/glass wall that prevents straightforward resolution of issues and to eliminate the endless game of “bug ping-pong”, where each party tries to put the ball in the other court instead of focusing on collaborating towards the common goal of shipping the product.

Dev11, the next version, will be now focusing on streamlining the feedback loop between customers/users to developers and the rest of the team. It’s been well known that while you could always use TFS to do requirements management (if you don’t agree, just think on the fact that MSF CMMI could always satisfy the Requirements Management key process areas) but on the other hand there was always room for improvement. This is the coolest moment for Visual Studio because the Forrester CHAOS reports have always emphasized that poor requirements management is one of the main cause of the dismal rate of project success across the software development industry.

Visual Studio 2010: a more mature platform for your ALM efforts

VS 2010 was released today, and it has a great many novelties on the client and .NET Framework aspects.

What calls my attention though is that we are now one step closer to fulfilling the sense of ALM 2.0 – an integrated, transparent environment where traceability among all of the aspects of software development are tied seamlessly and as a result a much better experience to live, and to manage:

  • The new Testing Tools tie directly to the project data warehouse repository, bring the testing experience to new heights of sophistication and connectedness, and helping to break the “Testing silo” that many companies have been thrown into due to inadequate tools;
  • Work Item Tracking now allows for hierarchical linking, a much requested feature, and ties neatly into Microsoft Project;
  • The Architecture Tools moved one step closer to the same ideal integrating with Work Item Tracking;
  • Build Management gets one step closer to the dreams of Release Managers everywhere by providing a Gated Check-in, and enhance scalability with the new notion of build controllers;
  • New Branch visualization tools make it a lot easier to manage complex merge scenarios;
  • We are closer to Application Portfolio Management with the ability to connect multiple TFS installations by using team project collections;
  • Lab Management, when it is ready later in 2010 (you can use it today with a go-live license), will be the cream of the crop of this rich release as it will for the first time push the ALM boundary into Operations, something that had been announced in 2005 and finally comes true.

Cheers to the Product Team for this great release, and to us as well for the amount of time it will save us!

Drinking from the fire hose – a retrospective

This year has been such a continuous wave that I am still catching my breath. How do I start?

I had a brief stint with the MSF Team (now called VSTS Process Team) that finished in October 2007. I wanted but couldn’t stay – my family is not yet ready to move from sunny Austin to cloudy Seattle. Maybe in the future. I joined the ALM team in MCS in early December 2007, as it was a natural follow up to the work I was already doing.

With ALM team my first work was on I presenting the talk “Using Key Performance Indicators (KPIs) to streamline development” in December and January of 2008. I also helped in the internal review of the SOX whitepaper.

In January and February I went a lot to the West Coast, both North and South, and was able to meet with a several development teams newly adopting TFS. I couple of them were still getting out of the woods in using waterfall SDLCs. In one of the cases, it was not because they didn’t know about Agile or iterative/incremental software development, but instead the platform and tools they were using imposed a waterfall structure, and not just at a governance level, but at the day to day development activities. What if took you a month and a half to create new build because your product consisted of a 4GL that generated 15K+ (that’s 15 thousand!) DLLs? Unsuitable technology trumps Agility. (For more on that, take a look at Kent Beck’s paper on “Tools for Agility”.)

I also had the opportunity to review and help recover a couple of projects with issues. One of those issues was a lack of understanding that the adoption of better practices in ALM has a cycle of its own. Tie it to a major development project with a different objective, and it will be run over. Choosing a proper pilot for ALM adoption is a major decision that if left to whimsical decisions taken in a tactical mode will derail both projects, the major application development and the ALM process improvement one. This has been by far the biggest cause for failure in adopting newer ALM practices.

In February, right after our internal TechReady event I went to the Netherlands to teach a workshop in MSF Agile and MSF CMMI to Europol. I was impressed by the quality of their development expertise. It doesn’t seem an isolated case but rather similar to other areas of Europe. MSF CMMI adoption seems higher in Europe than in the US. The message that it is possible to apply CMMI to an Agile process has been understood at heart over there.

Meanwhile back in the US I was at a customer helping them develop a customized version of FDD for TFS. FDD was well suited for their process as they were creating a major application framework to be reused by hundreds of other applications. An architectural design cycle fit it like a glove. It also reminded me that given the diversity of the original Agile methodologies, that there is no clear cut answer to process adoption. You make the process work for you. On that I subscribe to Alistair Cockburn’s philosophy of “a process per project team”. It’s the same as in life -  living things are not exact copies. They exhibit variances here and there. There is enough to see that they share a common inheritance, but the uniqueness of time, location, team and project makes them individuals with their own identity.

Then in mid-March Ajoy Krishnamurthy called me back to help represent Microsoft at SEPG 2008. For the first time I saw a reversal in a trend I had been observing since 2005: there were many more young faces at the conference. For 3 years while I was covering both the Agile and SEPG conferences I had the following experiences: I would feel old in the Agile one, and young at SEPG (the cynics will say I just got 3 years older, so now everyone seemed younger).

It seems that the renewal approach from SEI has been paying off, and its support to out of the box thinking in connecting Agile and CMMI is also bringing new faces to the table. Among others we had Microsoft’s input with David Anderson’s revolutionary approach in MSF CMMI. At SEPG 2008 I met [again] David Anderson and Hillel Glazer, who would by November last release with other SEPG members a widely circulated paper on Agile and CMMI.

I delved deep for the next 10 months in the deliveries of the ALM team:

It’s been a nice mixture of consulting, training and coaching. A common trend has surfaced from talking to so many different customers in so many different situations:

  • Public or semi-public companies currently have their sweet spot for ALM process improvement in adopting TFS as a source control tool, and look forward to implement some sort of Release Management discipline.
  • Private companies have implemented TFS as a SCM tool a while ago, and are now moving into adopting TFS to manage their Application Project Portfolio. Aside from the occasional new project,  they have a standard set of developed applications that are mostly in maintenance, and need a place to track change requests and bugs. They are almost Agile, but are held back by siloed requirements/change request “phases”. On top of that, there is rarely the concept of a multidisciplinary Agile team, with the same team member fulfilling all conflicting quality goals which leads to a tactical prioritization of customer needs.
  • ISVs have a firm grasp of their process, and are primarily concerned about using TFS to achieve more productivity by establishing a Metrics program as part of a wider ALM optimization effort.

This is of course based on just my experience with a few dozen customers, and I can name several exceptions already. This induced perception however has led me to realize that I have had the privilege of getting first hand experience in improving over ALM baselines, at several adoption phases and at different levels of maturity. Having been part in implementing those steps has definitely helped me in assisting other customers as it is now easier to weave them into a continuous path for improvement.

So the “fire hose” is in reality this incessant learning experience with customers all over the place to enact improved ALM processes using Team Foundation Server. More than that: I feel like I have been watching, from the first row, the dawn of a new way of working with software development using the Microsoft platform. It reminds me the old days in 1996 when VSS was a novelty. “So you don’t use source control? Here’s VSS. It will double your productivity”. And it made a difference. After a couple of years, you couldn’t call yourself a professional developer if you didn’t use some kind of source control.

And today the same is happening with ALM 2.0: a few years from now, you won’t be called a professional developer unless you have a set of integrated tools that will finally make the overhead of capturing project management metrics a thing of the past. Better and more transparent tools such as TFS will fade in the background leading to the enactment of that Agile pillar principle: Individuals and interactions over processes and tools.

Implementing SOX with TFS

I touched on this topic on a previous post in December, when I mentioned that Andrew Delin from the VSTS Process team was working on a comprehensive whitepaper to be delivered sometime in 2008.

And here it is: Sarbanes-Oxley 404 and Visual Studio Team System 2008. There isn't a one-size-fits-all solution for SOX implementation with TFS, but this paper provides the guidelines that will allow you to sort out the many implementation options. Enjoy.

Error 29112 when installing TFS 2008 and Reporting Services as part of a scale-out installation

Normally I would post the resolution for this issue in the appropriate VSTS/TFS forum, but since posting there does not include pictures, here it goes.

Note: Error 29112 is a catch-all code. This blog post only handles one possible case. A blog that also mentions other causes for this error is Will Buffington's WebLog, and one TFS forum thread about it is Team Foundation Server - Installation Error 29112.

Error message:

Microsoft Visual Studio 2008 Team Foundation Server Setup
Error 29112.Team Foundation Report Server Configuration: Either SQL Reporting Services is not properly configured, or the Reporting Services Web site could not be reached.  Use the Reporting Services Configuration tool to confirm that SQL Reporting Services is configured properly and that the Reporting Service Web site can be reached, and then run the installation again. For more information, see the Team Foundation Installation Guide.
Retry   Cancel  

Right before this in the installation log was the following message:

"TFSUI: [2] wsschecker.exe : *** ERROR: Unauthorized access of sharepoint url http://xwyz/: The remote server returned an error: (401) Unauthorized."

Context: I was trying to install SSRS as part of a scale-out SSRS installation.

Troubleshooting steps: By looking at the Reporting Services Configuration Manager, I found out that there was probably some version mismatch.


The highlighted message in the picture says:

"You specified a connection to a report server database that contains encryption keys for another report server. If you are configuring a scale-out deployment, that feature is not supported by this edition of Reporting Services. If you want to use this report server database with the current report server instance, remove the existing encryption keys first."

I checked out and found out that the customer was using SQL Server Standard Edition on the TFS application tier, while the database tier already had SQL Server Enterprise edition.

From the documentation on Configuring a Report Server Scale-Out Deployment:

"The Reporting Services edition must be Enterprise, Developer, or Evaluation. Standard edition does not support a scale-out deployment. You can create a scale-out deployment using a combination of editions as long as the edition supports the scale-out feature."

So here was the issue. However, the TFS 2008 installation program does not details this and aborts with error 29112.

Resolution:  I reinstalled the app tier SSRS with a SQL 2005 Enterprise version, and the installation was able to finish.

An old metaphor for project management

Our culture owes a lot to the influence of Newtonian mechanics in shaping the thinking in other areas, such as in Psychology with the notion of "energy". Even though this usage is obsolete within professional circles, the expression is still an active part of the popular culture.

The fabric of our thinking also has another Newtonian concept as a background: the mechanical "static equilibrium". We usually see stability in a way that is contradictory to what happens in life, where equilibrium is a delicate balancing of multiple forces woven in a dynamic exchange.

This cultural influence extends to ideas on project management. We tend to see projects as a collection of static endeavors where everything is predictable, punctuated in between with checkpoints at which some change might be added, in a predictable way, into the system.

I would rather refer to Heraclitus "everything changes" idea when thinking about project management. And that implies continuous adaptation, not just at staggered checkpoints or milestones.

Juggling has always been a great metaphor for project management, for although we don't think about it while watching their mesmerizing performance, jugglers are constantly adapting to where the balls go. Even though they kind of have an idea of a ball's trajectory through their experience, their greatest skill is going after it in the nick of time.

The following video by Fatboy Slim is a homage to adaptive project managers of all times, from Heraclitus to Agilistas today, with eyes on the ball and ears on the rhythm. Enjoy...

Keep your SOX clean

I have been to a few customers who have implemented or are implementing Sarbanes-Oxley (SarbOx or SOX) compliance in their development processes using VSTS. Andrew Delin from the VSTS Process team is creating a whitepaper on how to do that with VSTS. In the meantime, here are some reflections based on my personal work with this topic so far.

[The next is a PPT-like intro to the topic. For those who know what SOX, you can skip it].

What is SOX?

  • Federal legislation signed into law in July 2002
  • It requires higher accounting standards, improved trustworthiness in corporate reporting, and greater financial transparency
  • Two key sections of the law that have drawn the most attention
    • Section 302: Requires executives to personally certify the validity of financial statements
    • Section 404: Requires complete documentation of financial controls and auditor attestation to management's evaluation

Section 404

Requires “an internal control report, which shall

1) State the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting;


2) Contain an assessment, as of the end of the most recent fiscal year of the issuer, of the effectiveness of the internal control structure and procedures of the issuer for financial reporting.”

[end of introduction]

Ok, given this very brief summary, I can now tell you that the best general guide I have found so far to understand how to implement SOX in an IT environment is "IT Control Objectives for Sarbanes-Oxley, 2nd Edition".


This book explains the rationale for establishing the controls needed from the IT perspective, starting with SEC's own recommendation:

"Historically, assertions on control by an organization have been mostly voluntary and based on a wide variety of internal control frameworks. To improve consistency and quality, the SEC mandated the use of a recognized internal control framework established by a body or group that has followed due-process procedures, including the broad distribution of the framework for public comment. Specifically, the SEC referred to COSO".


"For Sarbanes-Oxley compliance efforts, it is important to demonstrate how IT controls support the COSO framework. An organization should have IT control competency in all five of the components COSO identifies as essential for effective internal control. They are:
• Control environment
• Risk assessment
• Control activities
• Information and communication
• Monitoring"

How does that relate to the normal IT framework controls that we are used to, such as ITIL/MOF, and SDLCs such as MSF for CMMI Process Improvement?

Here is a short summary plot:

  • SOX recommends COSO per SEC
  • COSO maps to COBIT (Control Objectives for Information and related Technology) standard
  • portions of COBIT map to relevant parts of CMMI
  • other parts of COBIT map to ITIL and other IT management standards

Said in this way it would seem that by implementing ITIL/MOF, and by using MSF CMMI as the standard SDLC, we would be covered in SOX compliance. This seems like a lot of overhead. However, you don't need all that, as we will see next.

SOX is about financial reporting

This was very eloquently mentioned by Dave Erickson:

“Sarbox is about assessing risk. While risk assessment is an element of ITIL, it isn’t the framework’s primary focus. Furthermore, CIOs who put ITIL or any other IT framework in place solely to comply with Sarbox will have gone overboard, says Erickson. The Sarbanes-Oxley Act requires only that companies establish controls over the systems relating directly to financial reporting. ITIL, Cobit and other frameworks for IT help companies put in place general controls for IT—a good thing to have, but much broader than the narrow scope required by law.”

So one of the first things that needs to be established from an IT perspective is a control that identifies the application being developed as impacting financial reporting. These type of applications will need to follow SOX constraints. Other types of application do not need all the overhead, especially if you are doing Agile development.

Usually SOX compliance teams will keep their own database of such applications. In VSTS it is possible to create a work item to identify those for reporting purposes. That would be the first of several work items that might be needed for SOX compliance.

So given that part of what is needed in already in the MSF CMMI template, it is clear that a few items need improvement. Remember that this just a sample of what might be needed, not a comprehensive list:

  • Strategic planning alignment
  • Risk management process
    • We need to add risk reports per project and across portfolio (slice risk management by financial management applications)
  • Traceability
    • We need to implement reports that show traceability of work items that impact financial reporting. This will be easier to do with
      • Adding new fields to work items (such as a task work item with a tag “SOX regulation” )
      • Adding work items that have have more workflow steps to deal with regulations
  • SCM (as part of change management)
    • Add work items that correspond to checkpoints for branching (see article by John Jacob et alii on branching guidance)
  • Audit trails
    • Have additional reportable fields, pivoted with the SOX attribute, and provide more reports for auditors
  • Security
    • Existing process guidance already handles part of this, but it is not enacted in tooling
    • We need to implement Secure Development Lifecycle with work items as checkpoints, and corresponding work products and reports

As mentioned above, another big part of SOX compliance is covered by ITIL/MOF. I won't go into the infrastructure topics per se (see the book above for that), but there is one clear common implementation point with VSTS/TFS/MSF CMMI in security groups. Segregation of duties is mandated by SOX. However the currently default process template security groups are loosely defined, allowing persons without the proper authority to review/modify documents.

  • The full implementation of security model described in MSDN documentation is a solution.
  • Reporting needs enhancement to provide evidence of compliance showing that groups are separated in their duties.

Finally, part of SOX compliance is covered by IT Portfolio Management. Therefore, reporting needs enhancement to provide evidence of compliance using, for instance, a portfolio view of a dashboard showing compliance status. This view could used departments as pivots.

So as I mentioned above, these are just initial thoughts in a very complex topic. Andrew Delin and the VSTS Process team are working on getting more comprehensive guidance on how to tackle this subject.

Presentation on ALM foundational concepts

I did a presentation for the VSTS Inner Circle in September 11th, and I am still getting requests for the video link and slides. Here they go:

Fundamentals of ALM

Abstract: What you should know to elevate an enterprise to an intermediate or higher level of maturity regarding SDLC and ALM. Includes discussion of the features of VSTS that enable integrated ALM, and an overview of what is coming in the next couple versions of VSTS (Orcas and Rosario).

View Recording
Recording Details
    Subject: Fundamentals of ALM
    Recording URL:
    Recording ID: K7K7ZZ
    Attendee Key: PFSN5?2$m

This presentation has a five minute delay to start (recording started too soon). I have asked the organizers to edit those minutes out, and I will post the link to the edited version when it is available.

I want to thank Sam Guckenheimer who co-authored an earlier version of this deck which was co-presented at TechReady 4 (an internal Microsoft conference).

Guidelines to choose your ALM pilot project and pitfalls to avoid

Some Agile and/or ALM adoption efforts are canceled midstream because of lack of understanding of the basics of finding a suitable candidate development project. I have seen in more than a single situation that the chosen project is cutting edge in all three aspects of technology, process and people:

  • The technology is brand new, or new to the team, sometimes in even more than a single tier (for instance, new database software coupled with new UI development tools and a new programming language)
  • The development process is being changed (say from waterfall to Agile)
  • New people are being added to the team just after receiving their first training in the new technology

But the biggest mistake with Pilot efforts is to to use a strategic, high profile brand new project as the proofing ground for all these aspects, all at the same time. This is more common than expected. It starts as something like this:

  1. Business has some urgent need for strategic functionality that allows them to challenge the existing technical architecture
  2. However, the effort still has to abide by the usual existing waterfall processes that dictate that all must be done in a single pass
  3. So the project is approved, but no cycle is allowed to try out the new tools and processes in a smaller context , and multiple changes to the environment are bundled together in an insurmountable ticking bomb that will later explode as a "death march" project.

To add insult to injury, sometimes on top of all this no proof-of-concept is ever tried with the new technology and processes (Proof-of-concept differs from pilot in that it is done in a lab environment, with no impact on business). Pilot projects do have business justification, but usually one chooses a minor project instead of betting the "jewels of the crown" on risk upon risk.

The mistake on all these lies usually in the governance management tier(PMO, office of the CIO, etc). It is usually associated with just enforcing the status quo, and it takes some brand new business need to act as a catalyst to challenge it. This governance tier should be the one to understand how to evolve their environment through carefully taken steps, and to know how to spread the risk underlying the business need into preparatory small projects (using proof of concepts and pilots) that will pave the ground for more ambitious ones.

If a governance tier is not active in doing this, the new project decays into a rogue that just reinforces the "didn't tell you so" attitude of those who see governance only as keeping IT madness in straightjackets.

Allowing this to happen is like building on moving sand: the construction might be impeccable but will collapse upon itself if it doesn't have firm ground to support the pressure of adding new layers.

The best practices for selection of a Pilot project are widely known, and for quite a long time. Here is an excerpt from a Microsoft Official Curriculum course from 1993. It is part of Course 124 - Managing the Migration to Client-Server Architectures. I modified the text to fit ALM adoption (the text in brackets [] replaces "client-server" and updates the context of other points):

"Start small - with a Pilot Project

We suggest you start your exploration of [new ALM processes and tools] with a pilot project.

  • Maintain excitement:
    • Sponsors will lose enthusiasm
    • Team members will lose enthusiasm
    • Reduce risk of turnover
  • Need strategic answers quickly to be of value.
  • Avoid management problems of large projects:
    • Large projects require more layers of management
    • Coordination of client developers and server developers is critical
    • Coordination will be much easier in a small group that talks to each other

Selection Criteria of Pilot Projects

  • Well defined data requirements
    • Don't want to get bogged down in data analysis
    • Could be existing application
    • Could be part of a new application, where data analysis has been completed
  • Benchmark available
    • If don't have, need to build in-house benchmarking capability
    • Performance criteria
    • Quantify savings and benefits
    • Define ball-park expectation
    • Use to validate tool selection
    • Use for quality control in future projects
  • Decision support application [Business Intelligence in today's jargon] as opposed to data entry application
    • More showy, if that's what's needed
    • Safe place to start - it won't disrupt business operations
    • Usually a simpler system
    • Deliverable flexibility - keep concentration on testing the [ALM processes and tools]
  • Committed and supportive users
    • Might be #1 critical success factor [that includes not only end users of the application in the role of product managers, but also developers, project managers and upper management]
    • Willing to work with the team
    • Willing to allocate the time required for the project
    • Could use internal IT system so "end users" are IT
  • Low Cost
    • Use equipment you already have [for instance, VPCs]
    • Look for idle equipment [for instance, a PC with Windows XP can be a build server for a small project]
  • Low Risk
    • It's better if this might be considered a throw-away project
      • Objective is to evaluate [new ALM processes and tools], not build an application. Concentrate on tools and platform rather than application development"
    • If you need to choose a project that is mission critical, at least let it not be time-critical

As you can see, those best practices are nothing more than codified common sense, and I highly recommend you have those in mind when scoping your next ALM project.

Technorati Tags:


<<  July 2024  >>

View posts in large calendar

Month List