Posted 9:17:00 AM by Mike Tarrani
Years go by, the blog turns to rust ... but we are going to get this moving again! I have been settled in Central Florida for more than a few years now, and have also settled into a great job as director of configuration management for a large software company. The focus of this blog will be the trials and tribulations of hammering a solid configuration management process in place, and other thoughts and musings as they surface.

Posted 4:14:00 AM by Mike Tarrani
Update. I am still behind on final release of the content in our sister weblog, Postcards from the Revolution. I should have it up to date and released within the next day. I appreciate your patience.

Issues. That word has multiple meanings in this context. One meaning is that we have all been obviously busy these past six weeks, which means that we've been dealing with a plethora of issues, with more to come. Another meaning is that new issues of two of my favorite magazines are out.

The magazine that I most look forward to is CrossTalk, The Journal of Defense Software Engineering. Since we've been so far behind I failed to report on the past two issues - a situation I am going to rectify now:

• July 2002 is devoted to Information Assurance.
• June 2002 is focused on software estimation techniques.

Each of these issues contain other articles outside of the main themes, and both are well worth reading. The full list of back issues between 1994 and present are worth bookmarking.

The other magazine I make sure I read as soon as it comes out is The Data Administration Newsletter. In the most recent issue, Issue 21.0 - 3rd Quarter 2002, you'll find a fresh set of papers and articles, and the insightful feature columns that are written by genuine industry experts.

Also noteworthy are the following new issues of newsletters that I read:

• STQe-Letter, Information for Software Testers, Managers, and Quality Assurance People.
• Amy D. Wohl's Opinions Volume 2, Issue 26 (28 June 2002).
• The Server Side Connection.
• Doug Kaye's IT Strategy Letter.
• Mike Sisco's E-Zine (June 2002 issue).
• Methods & Tools.

Yes, I do a lot of reading. Until tomorrow, enjoy these resources and have a wonderful day.

Posted 4:59:00 AM by Mike Tarrani
Magic? Mystery? Why have five weeks worth of entries suddenly appeared? Answer:we've been adding the content, but didn't release it until a few minutes ago. Among the reasons for this are work, my trips to Florida and Texas, and Linda's busy schedule which includes frantic preparations for her OCP examination and a plethora of other issues.

Appreciation. One gentle voice who encouraged us to release the backlog of entries is Nikhil Joshi of Pune, India. Thank you for your support and encouragement Nikhil, and rest assured that we will try to not get so far behind again.

But ... The content for Postcards from the Revolution is going to take an additional day before we're ready to release it. Please be patient.

Posted 12:10:00 AM by Mike Tarrani
Quality and Testing. Rarely do I stray far from these topics, and the reason I am back in this entry is to share an excellent book titled Software Quality and Software Testing in Internet Times.

This book is a collection of papers that address the full spectrum of testing issues and challenges in rapid development/rapid deployment environments. Although the title implies that this book is about quality and testing of web applications, many of the papers go well beyond that narrow scope.

The papers are divided into five categories:

1. Managing for Optimal Time to Market. This categories contains an obligatory paper on high-speed web testing, which does address the key challenges. However, two of the papers are exceptional: Using QA for Risk Management in Web Projects drives home the relationship between QA and project risk, and Establishing Quality Procedures for Incremental Software Development is essential reading for anyone who needs to integrate testing into methodologies such as the Rational Unified Process or any other incremental/rapid development approach.
2. Processes. This section of the book has papers covering topics ranging from how to use Extreme Programming to manage project risks to adapting test processes to web applications. In many respects the papers in this section capture the essence of the book's theme.
3. Testing from the User's Perspective. This is my favorite section, especially the papers on business oriented testing for e-commerce and the paper titled "Strategic Testing: Focus on the Business". All of the material here reinforces my own experience and observations, and clearly shows the relationships among meeting business requirements, quality and project success.
4. Technical Testing. Test professionals will get the most from this section because it provides techniques. My favorite is "Securing E-Business" because this important aspect of testing is usually given superficial treatment (if it's covered at all) in most testing books. Another paper I liked in this section is "The Back-End Side of Web Testing: Integration of Legacy Systems", which is applicable to enterprise application integration and e-business system testing. In addition to papers on testing techniques, other aspects of quality are covered in this section, such as performance monitoring (more aligned to capacity planning and performance management than testing, but certainly applicable to quality and service level management).
5. Test Automation Techniques and Tools contains a single paper titled "Automated Testing of mySAP Business Processes". If you're involved in web-enabled ERP or portal quality this paper is a treasure.

Although this book is an anthology, the topics and editing make it coherent and focused. It is not a book that covers quality or testing as a unified methodology. If you're seeking such a book read Quality Web Systems: Performance, Security, and Usability by Elfriede Dustin, Jeff Rashka and Douglas McDiarmid does go into details and is one of the best books on end-to-end web systems quality.

Posted 11:02:00 PM by Linda
Taking Care of Business. Schaum's Quick Guide to Business Finance: 201 Decision-Making Tools for Business, Finance, and Accounting Students is a reprint of "McGraw-Hill Pocket Guide to Business Finance: 201 Decision-Making Tools for Managers" with a single difference. The now out-or-print book came with a runtime version of MathCAD and formulas for using each of the tools, while this new version does not. Also, don't let the title fool you - this book is as useful to working professionals as it is to students.

The 201 tools contained in this small, highly useful book range from Acid Test (doing a quick ratio of financials) to Z-Scores. Each tool is listed alphabetically, its use explained, and instructions on how to use it is provided. What I particularly liked is the worked examples that accompany each tool.

As an IT consultant who specializes in service delivery this book is not one I would normally include in my professional library. I was introduced to it when a colleague and I were writing a white paper on recovery management. We were searching for a way to link business imperatives to justification for investment in recovery strategies. We found one piece of the puzzle in this book - the Altman Z-Score. This tool predicts whether or not a company is likely to enter into bankruptcy within one or two years. This led to the development of a copyrighted model that addressed survival level objectives, and also became a key part of the Tarrani-Zarate Information Technologies Management Model. All this from a single entry in a small book!

Aside from discovering a relatively obscure, but important, tool I also found other useful tools in this book. Because I am not a business consultant or financial expert the tools were like a cram course in financial management for non-financial people. For example, I was able to apply some of the tools to personal financial matters - the real costs of a loan become quickly apparent when you compute them. I was also able to employ some of the tools to conduct realistic cost/benefit analyses, examine trade-offs supporting approaches to projects, etc. In this respect this small book has significantly improved my professional skills and has inspired me to read other books on financial management.

I strongly recommend this book - collection of tools really - to anyone who deals with finance, anyone who has P&L responsibilities, and business and IT consultants. The latter group will find this book to be invaluable for developing proposals, deliverables and project plans that add value.

Posted 10:33:00 PM by Mike Tarrani
Capability Maturity. Most books on the CMM assume that you're headed for Level 5 and then proceed to write a confusing and overwhelming guide for getting there from ground zero. Implementing the Capability Maturity Model is different.

The author of this excellent book give a realistic roadmap to achieving CMM levels 2 and 3, which are major hurdles in capability maturity, especially level 2 from a culture-shock point of view.

What makes this book realistic is the way you're lead through the important steps, with a complete focus on what it takes instead of theory. The book starts off with an obligatory overview of the CMM, but quickly segues into the steps needed to attain level 2 (repeatable), which are creating the structures, processes, training program and policies. While each of these are important, I especially like the inclusion of policies because they are necessary to codify goals and are frequently overlooked. This section also includes subcontractor management, which is important for aligning those with whom you are using on projects with your own organizational capabilities. This makes sense because if your organization is repeatable and your subcontractor(s) aren't, then you either need to go shopping for more compatible subcontractors, or get dragged back into ad hoc approaches.

The same approach to graduating to level 3 is used, with slight changes. In the section that covers level 3 the first topic is about focusing on organizational process improvement, followed by an in-depth chapter on defining organization processes. These reflect the key changes between level 2's repeatable goals and level 3's focus on defined processes. After these are clearly and completely explained the same formula - structures, processes, training program and policies - is addressed for level 3.

Following the steps to get to levels 2 and 3, the next section is centered on implementation and assessment. This section prepares you for the assessment process itself, and offers excellent advice on how to get through it. Additional information of value is provided in appendices B (Annotated Level 2 Preassessment Questionnaire) and C (Samples of Level 2 Policies), both of which are provided in PDF format from the book's associated web site.

One key question that needs to be answered: Which is better, this book or CMM Implementation Guide: Choreographing Software Process Improvement by Kim Caputo? My opinion is that both books are equally important and both should be read because they cover two different aspects of attaining CMM levels 2 and above. This book concerns itself with the nuts and bolts of processes, where Caputo's book is more focused on organizational change. I recommend both books, and think that they nicely complement each other.

Posted 11:41:00 PM by Mike Tarrani
Production Matters. The most critical phase in a systems life cycle is the transition to production. Done wrong and all of the work performed in the requirements, design and development phases count for very little, no matter how well the work was managed and how mature the processes. A book that specifically addresses this make-or-break event is The Unified Process Transition and Production Phases. In the Unified Process (or any systems life cycle) the milestones/phases up to transition are well documented, but these represent the tip of the iceberg with respect to determining project success and total cost of ownership. This unique book examines the transition and production support requirements, addressing some of the deficiencies in the Unified Process (production support is all but ignored), and can be applied to other development life cycle models, nearly all of which have the same blind spots.

Many of the ideas and the approach for this book were born in the author's earlier book, More Process Patterns, which examined the very transition and support requirements in a more generic manner. In fact this book, like the earlier one, is a collection of best practice patterns that cover the transition and production milestones. After an introduction that explains the rationale and approach, the book covers the workflows and patterns in the sequence in which they will occur: testing, deployment and environment, operations and support, project management and infrastructure management.

What makes this book important is that it extends the Unified Process to include the key milestones that account for cost and quality, and goes into great detail about what is required and how to avoid failure. If you work in operations and support you will find the material in this book invaluable - you should also buy copies for key members of the project team that is delivering your system so they have an understanding of and appreciation for the task of supporting their creation. While this book will obviously benefit shops that employ the Unified Process, the information and workflows are equally useful in any development approach.

Posted 5:47:00 PM by Linda
The Important Part of PM. A friend who is an experienced PM once remarked that there are three stages to becoming an enlightened project manager:

• learning the techniques
• realizing that it's really about people
• epiphany - it's about ensuring that someone else gets the blame if things go wrong and 1 & 2 are core skills in achieving this

Regardless of how true his theory is, People in Projects will certainly get you to the second stage of enlightenment, and also provide you with the knowledge and skills to manage stakeholder expectations, use effective intervention methods when things do get off track, and to maintain high project team morale.

The nine chapters in this 305 page book systematically cover all aspects of the people part of the equation. It starts with an accurate description of key management skills and duties required of a PM. It then addresses the basics of organizational planning, which focuses on roles and responsibilities. From personal experience I can attest that establishing roles and responsibilities is essential to project success.

Chapter 3, Human Resource Theory and Charts, sets the tone for the chapters on Staff Acquisition and Kickoff, and Team Development, both of which provide refined techniques for managing people and teams.

I particularly liked the chapters on resolving conflict (something that PMs deal with daily) and managing change, which is a constant. Since I work with multi-cultural teams that are international I also liked the chapter titled Worldwide Teams and Cultural Issues.

The chapter on project closeout and evaluation is a good reminder that there is a shutdown phase to projects, and this chapter provides guidance for how to perform this step in a structured manner.

Although this is a book on the PMI approach to project management, the material is also applicable to any project management methodology, including the UK standard (PRINCE2) and CompTIA's IT Project +.

Posted 10:21:00 AM by Mike Tarrani
Data Warehousing. Two books that will interest architects, developers and DBAs are:

1. Data Warehousing Fundamentals. This is one of the best introductory books on data warehousing I've read. The authors make few assumptions of reader knowledge beyond the fact that they are IT professionals who have a technical background that doesn't necessarily include database and data warehouse knowledge. They do assume a basic knowledge of IT operations, project management skills and systems analysis and design - skills that IT professionals are expected to have.
   The book is divided into five parts: Overview and Concepts, Planning and Requirements, Architecture and Infrastructure, Data Design and Data Preparation, and Implementation and Maintenance. These follow a development life cycle, making the structure of the book easy to follow.
   What I like about this book is it doesn't just cover the theory and concepts (which it does do well), but sets data warehousing in the context of a larger architecture designed to meet specific business requirements. I also like the way the authors address real world issues such as planning and managing a data warehouse project, and the issues and factors surrounding adding a data warehouse into an existing technical architecture. This information is what IT professionals are seeking when they are faced with a technology with which they may not have strong knowledge, and it makes this book useful to the intended audience.
   Among the chapters that I most liked are: Principles of Dimensional Modeling, Data Extraction, Transformation, and Loading, and Data Quality: A Key to Success. These capture the essence of data warehousing in my opinion and are topics that IT professionals without a data background need to understand. I also thought that each of the appendices were useful. They provided a finishing touch by covering project life cycle steps and checklists, critical success factors and guidelines for evaluating vendor solutions - each of which provide practical information.
2. Data Warehousing and Web Engineering. This is a collection of papers that cover salient issues in data warehousing with an emphasis on business intelligence, data mining and knowledge management applications. While many of the papers in this book are more useful to technical professionals, there is a lot of material that will also be useful to marketing and competitive intelligence specialists in the business domain.
   Some of the papers are more basic and introductory, such as "Justification of Data Warehousing Projects", "An Introduction to Information Technology and Business Intelligence" and "Some Issues in Design of Data Warehousing Systems". Some, however, address advanced topics such as "Data Mining Methods Databases and Statistics Point of Views" and "Incremental Data Allocation and Reallocation in Distributed Database Systems".
   My personal favorite papers were "Specification of Components Based on the WebComposition Component Model" (reflecting professional interests in component-based development), "Complementing the Data Warehouse with Information Filtered from the Web", and "Using Business Rules Within a Design Process of Active Databases" (another area of professional interest).
   In addition, the papers cover topics in data mining, data quality and knowledge management, which means that there is at least a few papers that will intersect with a reader's professional interests. The best audience for this book includes academics (the papers are citable), consultants who specialize in business intelligence and data mining, and organizations that have a solid base of experience with advanced uses of data warehousing.

Note: This book is also available as an eBook in PDF format.

Posted 11:47:00 PM by Mike Tarrani
Softer Side of Risk. I find much comfort in quantitative methods because numbers are unambiguous. However, numbers alone only tell part of the story. Experience is a good teacher and it is from experience that we grow as professionals. Coping With IS/IT Risk Management This is probably one of the most unique books on IT project risk management in that it doesn't go into the process and techniques of risk management, but in the common risks and how to deal with them.

Don't expect qualitative or quantitative risk assessment methods, or even a risk management process that is almost an obligatory part of most project management books. Do expect the collective wisdom of real people who were interviewed, and their recommendations for dealing with the real risks.

These risks range from misaligned or unwarranted expectations to slippery requirements. If you've managed an IT project many of the risks will be familiar. How the PMs who were interviewed handled them will be illuminating.

Aside from the fact that this is a highly readable book that is packed with wisdom and advice, the appendices also add a considerable value. Appendix 1 cross references the risks (constructs) by theme making it easy to quickly find the solution to a particular issue. Appendix 2 gives 5 hypothetical project profiles that reinforce the information in the body of the book, and Appendix 3 is a collection of strategies from the body of the book.

Regardless of whether you are preparing to manage your first project or are seasoned and battle-scared, this book provides knowledge and advice that you can use.

Posted 7:59:00 PM by Linda
More ABout Project Management. Mike is now going in one direction and I another with respect to our topics, and that adds balance to the material we're posting. One of the critical success factors in project management is taking the time to develop a work breakdown structure (WBS) before proceeding with planning, estimating and scheduling. In fact, it's nearly impossible to realistically estimate if you haven't decomposed the project into a WBS. Most people don't know where to begin. I've found that the Project Management Institute Practice Standard for Work Breakdown Structures to be a clearly written guide and one that I recommend all project managers read.

The four chapters in this short, focused book introduce work breakdown structures, define them from a conceptual point of view, explain why they are the foundation of project planning, and show how to create one. These chapters comprise a scant 18 pages, but are thorough enough to accomplish the objective of explaining the Project Management Institute's practice standards for WBS.

The real value of the book is contained in appendices E through O, in which a WBS for common industry project types are given as examples. These 44 pages are the real reason to buy the book because they show real examples of the conceptual and brief "how to" approach compressed into the first 18 pages. The project types in these appendices are:

E - Oil, Gas, and Petrochemical (OGP)
F - Environmental Management
G - Process Improvement
H - Pharmaceutical
I - Process Plant Construction
J - Service Industry Outsourcing
K - Web Design
L - Telecom
M - Refinery Turnaround
N - Government Design-Bid-Build
O - Software Implementation

Appendices A-D are filler that descripe the PMI standards process and associated information, and can be safely skipped unless you are interested in those topics.

Overall this is a much needed book because WBS are still skipped during the project planning phase in too many projects. This is unfortunate because the first thing that a professional does when called in to rescue a project is to examine the WBS, and if there isn't one, the first step towards rescuing a project is to develop one. By following this book, especially if any of the example WBS is similar to your project, will go a long way towards ensuring its success.

Posted 9:58:00 PM by Mike Tarrani
Tools of the Trade. Since I've dragged a business-oriented discussion into this weblog, I'll continue until Linda jumps in and changes the direction. One of the most valuable skills an analyst can develop and build upon is decision making. Not making snap decisions based on gut feeling, but doing it the right way. The foundation for decision making is in Decision Analysis for the Professional.This book is an excellent intermediate-level text on decision analysis that deals with both uncertainty and risk. It uses realistic examples that working professionals will appreciate and to which they can relate.

It's written as a tutorial that uses two tools, Sensitivity, which is used with the chapters dealing with decisions under uncertainty, and Supertree for developing decision trees related to risk analysis. Instructions on obtaining the student versions of these programs are included in the book. Note that the student version of Supertree accommodates trees with up to 250 endpoints, and the student version of Sensitivity performs sensitivity for up to 12 variables.

My most used text on decision analysis is Making Hard Decisions by Robert T. Clemen. Where that book is more comprehensive, it's also less suitable for the working professional who needs a refresher and a desk reference. Therein lies the main value of this book - it's more aligned to real world problems that you'll find in the workplace and is written to be both a tutorial and a reference.

Posted 12:45:00 AM by Mike Tarrani
Consultant, Manage Thyself - Part II. In my last entry I discussed Building Professional Services. This book, in my opinion, is the best starting point for anyone who is involved in establishing and managing technical services or starting a consulting company. PSA: Professional Services Automation by Rudolf Melik, et al is the second book you should read because of the way both books complement one another. Actually, one should follow the other because PSA: Professional Services Automation is about automating the professional services organization after it has been established.

In the past I gleaned information and techniques from books about managing professional services from the perspective of law firms and other industries - good information to be sure, but fell short of the realities of technical services.

What I like about this book is the complete look at professional service management, with an emphasis on both personnel and cost management. I especially like the way the authors show how to go beyond mere cost management to optimize revenue and profit. The information and strategies they provide reflect extensive experience and a strong focus on the business aspects of professional services. I also like the ties to customer relationship management and various types of services, and the PSA components. This first decomposes the components of professional services management (manual or automated) into the critical success factors, then reconnects them into a coherent whole.

Although this book is about automating professional services management, most of the information, especially part 2, can be used effectively without automation. Therein lies the main value of this book and the reason why I think it's simply the singlemost important book a professional services manager can have. In order to get the information collected between the covers of this book you'd have to purchase a pile of related books from other industries, and spend a significant amount of time reading articles and surfing the net. If you are a professional services manager you already know that you don't have time for that. If you're being placed in a professional services management position you need this book.

Posted 12:18:00 AM by Mike Tarrani
Something New. If you are a consulting, and particularly if you manage a services group, you'll find that Building Professional Services fills a sorely needed gap in the computer consulting industry, and is especially valuable for start-up consulting companies, established companies that want to achieve higher profitability, and for internal IT organizations that are seeking a way to move from a cost center to a profit center.

Regardless of your goals or motivations, the first two chapters helps you to clarify your objectives, decide on the appropriate business model and mission statement, and introduces key concepts that will be used throughout the book. One of the most effective techniques in this section of the book is the way the authors lead you through framing your mission and goals and employing a service alignment risk factor to test the clarity of your mission and how it aligns to other business processes. This is especially important if technical services is not your core business.

Chapters 3 and 4 are, in my opinion, the heart of the book because they address revenue and profitability, and organizational structure - two areas with which many companies struggle. The information in these chapters will show you what you need to do to become and remain profitable, as well as how to best organize your resources to deliver in accordance with your chosen business model. For start-ups Chapter 3 provides an excellent framework for business plan pro formas. Chapter 5, Selling, thoroughly covers the critical success factors and metrics for selling services.

In chapters 6 through 8 services delivery, productizing and promotion are given the same thorough and insightful treatment. Of particular value is the customer engagement workflow that is provided in Chapter 11, and the four phases of professional services given in chapter 12. The phases provide a path by establishing basic implementation services as a service offering, then building upon these to provide integration services, consulting services and productized services - each phase represents an increase in what you offer customers (external or internal). For each of the phases the authors address the following factors: value proposition, profitability triangle focus, critical skills, required operational infrastructure, target mix, revenue growth rate, target gross margin and target operating profit.

I like the way that these (and all of the chapters) end with sample budgets and issues to watch, and the key financial models provided in Appendix D.

You can get more information about this book, including associated articles and PowerPoint presentations, from the author's webpage.

Posted 2:24:00 AM by Mike Tarrani
Building a Bridge. Building systems in a vacuum results in technical achievements that fail to meet business requirements. In other words, a disaster. One book, Totally Integrated Enterprises, bridges the business and IT domains. It educates business process owners on the capabilities and technologies that provide tools to support operations, and gives IT insights into how to best develop and deploy systems that meet business requirements.

Integration is assumed to be within the context of ERP systems, which are enterprise-wide in scope. The level of detail is kept reasonably high so that both audiences can easily grasp the key issues and understand the challenges and needs of the other. What I like about the book is the fact that it never loses sight of business requirements, and the manner in which it stays focused on quality and real world issues. I also like the way case studies are used to reinforce some of the more abstract aspects of enterprise integration.

Highlights of this book that will interest both business and IT include:

• Totally Integrated Enterprise Goals and Agile Enterprise, which give a business framework for the technology solutions that are discussed later in the book.
• Methodology for Understanding Enterprises, which places integration and technology into the context of meeting business requirements.
• Business Development and Product Management, which provide insights to IT about the challenges that their business constituents face and their support requirements.

Because this book is a high level view of enterprise integration many details that support the decision to employ integrated systems and how to implement them are missing. However, the true value of this book is the way it brings together business and technical information and the way the authors have managed to address both groups that are normally widely separated.

If you are seeking a book about deciding whether of not to implement an enterprise-wide system I recommend Enterprise Resource Planning Systems: Systems, Life Cycle, Electronic Commerce, and Risk by Daniel Edmund O'Leary. If you are more interested in an implementation methodology I recommend E-Business and ERP: Rapid Implementation and Project Planningby Murrell G. Shields.

Posted 3:14:00 AM by Mike Tarrani
Then There's That Stuff in the Middle. One of the biggest challenges in designing, building and implementing an enterprise-wide system is the middleware component. Enter The Complete Book of Middleware, which is a collection of papers divided among eight major topic areas, each on a specific middleware category. The main value of this book is the wide range of technologies and vendor solutions, and the fact that it's up to date.

I like the complete coverage of both transaction and queuing approaches, and the vendor-specific information that includes Microsoft's .NET and Sun's Java, as well as everything in between. The sections database middleware and middleware performance are especially valuable because they are more generic and applicable to a wider audience than the MS- and Java-centric sections.

While individual papers have a slight vendor bias, the book as a whole is vendor neutral. This is not a book for learning about middleware as much as a good description of what's currently available and their strengths and weaknesses. If you are looking for a more general book I recommend Chris Britton's IT Architectures and Middleware: Strategies for Building Large, Integrated Systems for the fundamentals, and David Linthicum's B2B Application Integration for a detailed text on how to employ middleware in practice. However, this book will give vendor-specific details and a more up-to-date view of middleware that are missing from Britton's and Linthicum's books. If you're a system architect or consultant this book is an excellent desk reference.

Posted 10:37:00 PM by Mike Tarrani
It's About the Data. The foundation of any system, standalone, single-user, or enterprise-wide, is the data. Manufacturing Data Structures is an essential reference for ERP analysts, developers and DBAs. It is unique in that it addresses data requirements for materials management within the context of manufacturing processes, with an emphasis on bills of materials.

The chapter on engineering change control stands out because this aspect of both data structures and process change management are not covered (or only lightly touched upon) in other ERP references. This chapter and its companion on implementing change add significant value to the book and reflect mature and best practices. I also liked the chapter on new product introduction and custom manufacturing because these aspects of the manufacturing process come with a different set of challenges and requirements from steady production processes.

Regardless of whether you're using SAP, Baan or another ERP package (or are developing custom applications to automate manufacturing materials management) this book will expose the relevant details of the data structures, which are the foundation of any application.

Posted 11:17:00 PM by Mike Tarrani
Integrating the Enterprise. My next few entries are going to deal with some of the better books about enterprise systems. One such book is Enterprise Systems Integration.The audience for this book consists of architecture and integration group members, making this book an ideal addition to group libraries. The focus is on ERP architecture, although the range of topics overlap into non-ERP domains, and is best used as a desk reference because it's a collection of short papers written by 70+ authors instead of a book that focuses on a specific approach or methodology. The papers comprising this desk reference are organized in logical groupings that are akin to layers in an enterprise architecture.

Each section is devoted to carefully chosen papers, some of which reflect individual authors' experience. The strength of this approach is that you benefit from a rich diversity of viewpoints and deep subject matter knowledge. The weakness is that some of the material is inconsistent with what precedes or follows in the book.

Since this is a technology-focused book the highlights are that the information is current and reflects issues, methods and technologies that are valid as of the date this review was written. The editors ensured that information that is not commonly used in ERP integration, such as web services, are not addressed. This doesn't imply that web services will not play a future key role (such as in PeopleSoft 8), but that most ERP implementations are integrated using middleware, XML and other methods. The more typical integration methods are covered in great detail, and the sections on database servers and data warehousing are especially informative.

I also like the section on Internet commerce, which covers topics ranging from web-based testing and capacity planning to XML-based B2B commerce - topics that are not commonly found in other ERP texts. The section on project and systems management also contained excellent information, such as the paper titled "Service Level Management Links IT to the Business", which touches upon a critical aspect of integration. Each of the four papers in the Component-Based Development section also included information that should be carefully considered by large enterprises, especially those that are using off-shore development of off-site contractors to develop modules. This section goes into each of the major critical issues, including economic considerations, domain engineering, server-side Java development and object library management.

Some of the information in this book is time sensitive in that it will be rendered obsolete as web services play a larger role in ERP systems (which is already happening in a sense), and XML and/or ebXML emerge as a core component of all of the major packages, such as SAP, PeopleSoft, Baan, etc. If you have a defined architecture or integration group this book will make a good investment because of the wide array of topics covered. If, however, you are seeking a book that provides a methodology or focused technology description this book may not be for you.

Posted 6:43:00 PM by Mike Tarrani
Project management is a core skill that all IT professionals need to master in order to achieve increasing levels of responsibility and professional growth. There is another facet to project management in software, which is how to align project management processes and procedures to an enterprise operational model. One unique book that deals with this is Software Project Dynamics. This is not a book about project management per se, but a book about how to integrate project management processes into a large software development organization using analysis based on system dynamics.

If you are not familiar with system dynamics, it's a methodology for studying and managing complex feedback systems using time graphs and causal loops, and more formal analytical methods such as simulation and exploring alternatives in a structured manner.

This book uses those techniques to align project management processes to software development. The best way to determine if this book is right for you is to answer the following questions:

• Is your core business software development?
• Is your organization at approximately the same level as that described by SEI's CMM for level 3 or above?
• Is there a commitment to implement an integrated process that is driven by the executive or board level and does this commitment have a strong sponsor?

If the answer to at least two of the above questions is yes, then this book will be valuable. Also note that some knowledge of system dynamics is assumed. If you need to become familiar with this discipline I recommend Business Dynamics: Systems Thinking and Modeling for a Complex World by John D. Sterman. This book addresses system dynamics from public policy and strategy points of view, but will provide a thorough understanding of the subject.

Those who will benefit most from this book are organizations that have found existing PM methodologies to not fully meet objectives. For example, the U.S. standard based on the Project Management Institute's Project Management Body of Knowledge (PMBOK) is too generic for software development, and the U.K. standard called PRINCE2 is not as well suited for product-line and software vendor approaches to development. While the PMBOK and PRINCE2 contain processes and procedures that can be used, the system dynamics approach defined in this book gives a method for selecting, evaluating and integrating the processes and procedures borrowed from these two standards. Moreover, since the CMM and related models identify key process areas for project management, they do not prescribe how they are to be implemented. This book will provide the tools and techniques for tailoring the techniques to PM process areas.

If your objective is to find a book that describes a complete project management maturity model you will be better served by Strategic Planning for Project Management Using a Project Management Maturity Model by Harold Kerzner; if you are looking for an off-the-shelf methodology to use with iterative processes such as the Rational Unified Process I recommend Software Project Management: A Unified Framework by Walker Royce. However, if you are seeking to develop and implement a best-in-class, tailored project management methodology that is seamlessly integrated into your software development processes this book will show you how to achieve that goal.

Posted 12:31:00 PM by Linda
Shifting Once More. We normally cover project management in Postcards from the Revolution, but when material is also applicable to the more technical readers of this weblog we cross post here. One such book is The Project Workout, which is one of the most business-focused books on project management that you can read. Where other books go into techniques that are specific to project planning, scheduling and control, this one ensures that business issues are interwoven into each element of project management.

Parts that set this book apart from the others include an emphasis on developing a business case and the structured way in which all project stakeholder requirements are considered in project quality and reporting. I also like the way projects are managed at the enterprise level as portfolios and integrated into programs instead of standalone projects. In addition, the many forms, checklists and diagrams are highly useful and can be used with little or no modification.

This book is also completely consistent with the PMI PMBOK and UK PRINCE2 methodologies, and the author's web site that supports this book contains a wealth of up-to-date information that adds to the value of this book.

Posted 10:40:00 PM by Mike Tarrani
More About Components. It appears that Linda and I are locked into some spiral, because my chosen topic before she posted was also about components. Foundations of Component-Based Systems is an excellent secondary companion to Component Based Software Engineering: Putting the Pieces Together by Heineman and Councill. It is a secondary text for practitioners and academics that will provide insights into a narrow slice of component-based software engineering issues. Organization is a collection of papers that are grouped in four sections:

1. Frameworks and Architectures. Consists of four papers of which I particularly liked Key Concepts in Architecture Definition Languages and Acme: Architectural Description of Component-Based Systems because of professional interests in ADLs.
2. Object-Based Specification and Verification. The three papers in this section were focused on narrow topics; however, I gained much from Modular Specification and Verification Techniques for Object-Oriented Software Components. This paper alone made the book worthwhile to me, but this is a subjective remark with which you may not agree.
3. Formal Methods and Semantics. Each of the three papers in this section were, in my opinion, valuable. My favorite, Toward a Normative Theory for Component-Based System Design and Analysis, contained a viable framework and approach to component design, which is a topic that receives little coverage in other component-based books.
4. Reactive and Distributed Systems. The two papers in this section are interesting in that their topics intersect nicely with the discipline of semantic web engineering. If your interests or work also includes that knowledge area then the papers (Composition of Reactive System Components and Using I/O Automata for Developing Distributed Systems)will 'connect the dots' in a manner of speaking.

Much of the material in this book is academic and/or theoretical, but is backed up with results from projects and supporting project data. What I like most is that the material uses tools and technologies that are hot topics, such as UML, EJB and COM.

The second book is Component-Based Product Line Engineering with UML. Where most books on the subject cover the component-based development life cycle at a high level with an emphasis on the development, deployment and QA aspects, this one is about requirements and design. That is what sets it apart and an important work. It becomes even more important if you are using or trying to adapt the Unified Process to a component-based environment. Obviously if your environment also includes product line development the value of this book increases even more.

The book contains five parts which build upon each other. Part 1 is a thorough, 60-page introduction that compares and contrasts development life cycles, summarizes the approach the book proposes, and the concepts, artifacts and process associated with "KobrA" (a German abbreviation for "Component-based application development".

Part 2 is devoted to component modeling based on the KobrA component model, and covers all aspects in 153 pages. This part ends with an excellent introduction to patterns and UML, which lays the groundwork for the next part. The information in this part drills down into requirements and specifications, which is one of the reasons I cited above that sets this book apart.

In Part 3 (Embodiment) refinement and translation, component reuse and incremental development are covered in detail. Part 4 introduces and covers product line, framework and application engineering. It is here that the KobrA foundation laid in the previous parts begins to become coherent and the viability of the approach becomes apparent.

Part 5 is my favorite because, like Part 2, it gives a view of component-based development that most books gloss over. In particular, the chapters on maintenance and QA are filled with information that reflects the realities of component-based development, and the chapter on quality modeling is among the best treatments of the topic in any book or paper I've recently read. The 60 pages of appendices are also valuable sources of information and knowledge about metamodels, maintenance and process. I found this book to be an invaluable reference and recommend it to anyone who is heavily involved in component-based software engineering in conjunction with product line development.

Posted 3:29:00 PM by Linda
Building Things. Mike introduced me to component-based development last summer. It's a subject that interests him, and also piqued my interest. However, the book he recommended at the time, titled Component Based Software Engineering: Putting the Pieces Together, was overwhelming at 800+ pages. However, I recently came across Component-Based Development: Principles and Planning for Business Systems, which at 224 pages is a more realistic introduction. This book is an excellent and clearly written introduction to component-based development from business and software engineering process perspectives.

It does not contain technical information for developing components in various environments, nor does it go into the relative merits of component-based development from the viewpoint of any vendor. What it does contain is a tutorial on component-based development as a software engineering discipline, and makes a strong business case for adopting this approach to software development.

If you're expecting an end-to-end life cycle you may be somewhat disappointed because the book only covers the design through build phases of development. However, since this book is more about showing the value of components this scope is more than sufficient. If, on the other hand, you are evaluating component-based development as a business strategy you'll like the details about the value and underlying processes, and how this approach differs from more traditional software development. In particular you'll like the way the author goes into organizational issues (who owns the process), and the unique requirements of component-based development (such as strict configuration control and reuse strategies, and cataloging and certifying components). The case study at the end of the book pulls the preceding 13 chapters together and provides a realistic view of the strengths and weaknesses of components.

Posted 8:48:00 PM by Mike Tarrani
Back to Me? Linda is absolutely correct - the foundation of any process improvement or quality initiative is measurement. There are two excellent books on the subject that are specifically for software professionals:

1. Applied Statistics for Software Managers. If you're working in SQA or managing software development projects this book is an excellent introductory text to statistical analysis.
   What I like about this book is that it's a tutorial on the statistical skills and knowledge that you'll need, and it combines this learning goal with the basics of software metrics and how they can be employed to measure productivity, estimate projects, and manage costs and organizational quality. The core approach is data analysis, and the main tools that the book employs are multi-variate techniques, regression analysis and correlation and sensitivity tests. The author has a talent for clearly explaining a dry subject, and while it will take a good deal of effort to master the material because of its nature, the excellent writing and illustrations will make it easy to quickly grasp statistical fundamentals and put them to use.
   The lessons are taught within the framework of four case studies that are realistic and apply to the real world. The case study topics are: productivity analysis, analysis of time to market factors, development cost analysis, and maintenance cost drivers. These cover the full range of both internal development and product-line software engineering. I especially like the inclusion of maintenance costs as a topic of study because this area contributes significantly to total costs of ownership, but is often overlooked.
2. Measuring the Software Process. This book contains the keys to meeting core CMM level 5 requirements, which defines key processes for optimizing and continuous improvement, and for achieving 6-sigma processes. However, you need not be striving for either (or both) of these goals to use the techniques and approach in this book to full advantage.
   Implementing and employing statistical process controls are the basis of this book. The authors lead you through the steps and techniques necessary to implement and use SPC, starting with background information on processes and a process measurement framework, and moving through topics such as planning your measurement strategy, data collection and analysis, and developing and interpreting process behavior charts using common SPC chart types. The most common controls are x-bar (mean) and r (range) charts. Be aware that any SPC approach requires two conditions to be met:
   • defined processes
   • the processes are in statistical control (meaning that the data points being measured have settled into a normal distribution that are randomly clustered around a mean and have defined upper and lower control limits)
   New processes, or processes that are not managed well enough to have these characteristics are not candidates for SPC.
   This book requires knowledge and skills in basic statistical analysis. If you require a refresher I recommend reading Visual Statistics before tackling this book.

Deciding which of the two books is better is a matter of assessing your needs. The key strengths of Measuring the Software Process are the tutorial nature and the wide range of case studies that are used to reinforce the learning. The key strengths of Applied Statistics for Software Managers are that it goes much deeper into analysis and also includes statistical process controls and other techniques that are present in highly mature development organizations. Regardless of which book you choose (or if you choose both), the information and knowledge to be gained is the foundation of SQA and best practices in project management.

Posted 11:01:00 PM by Linda
Games People Play. Mike and I have been playing tag in our recent entries. I come in from left field with a new topic, he follows, then changes it and I follow. In this spirit I'll augment his last entry on software process improvement by discussing two books that provide foundation knowledge and skills for any process improvement initiative.

Understanding the Essentials of the Six Sigma Quality Initiative is a short book that does one thing and does it well - clearly explains what Six Sigma is and why it's important. It accomplishes this in less than 100 pages, making it a succinct guides to a highly complex topic.

Practitioners will find the material too basic, but business managers will find it sufficient to see the value of a Six Sigma initiative. It's also useful for communicating an initiative and its importance to employees who are not directly involved, but need to be on board to imbue it into the corporate culture.

It devotes the first 35 pages to explaining the what's and why's in clear, non-technical prose, and the rest of the book covers the how's by explaining each of the tools that are used to achieve Six Sigma. Each tool, ranging from Analysis of Variance to Team Development, is quickly described at a high level, with all key factors and a brief summary of what it is and how to use it.

If you are a member of the organizational implementation team I recommend that this book used to communicate the reasons for the initiative and what Six Sigma will mean to your organization to employees. If you have a direct role in Six Sigma and your statistics are rusty I recommend augmenting this book with Visual Statistics by Jack R. Fraenkel, Enoch I. Sawin and Norman E. Wallen.

I've struggled with statistics for years, and had resigned myself to continuing that struggle until I read this wonderful book. Where most books assume that you remember lessons from high school this one starts from scratch. It also differs from other books by teaching you how statistics work instead of force feeding you formulas that you learn by rote, but do not impart an understanding of how statistics work.

I like the way that this book uses illustrations and clearly describes the 'whys' to make statistics come alive. Shortly after I started reading this book (which is actually interesting!), I began seeing the significance of data distributions, relationships and dependencies. This not only will improve your understanding of statistics, but also gives you the confidence to tackle problems that may have intimidated you or were beyond your knowledge level.

If you need to quickly refresh your knowledge and skills, or want to understand statistics instead of crunching formulas, this book is a fast way to get there.

Posted 10:49:00 PM by Mike Tarrani
On Software Process Improvement. Before we become mired down in Oracle topics I am going to take an abrupt turn back towards quality and process improvement. One excellent book on the subject that covers both process assessment and improvement, is Software Process Improvement. With exceptions that I've noted below this is an in-depth examination of standards, initiatives and methods for software process improvement (SPI) and software process assessment (SPA).

The book is divided into twelve chapters, each of which contains two or more papers written by top experts in the field, including Mark Paulk (of CMM fame), Watts S. Humphrey (creator of PSP and TSP, and prolific author of software engineering process papers), Robert B. Grady (author of three standard references on metrics), and others who key players, but are not as widely known outside of the SPI and SPA community.

Chapter 1 covers software process assessment with an article by Paulk that surveys the more common models for SPI and SPA, and a reprint of Sarah Sheard's excellent article from CrossTalk Magazine titled "The Frameworks Quagmire". Chapter 2 contains three articles on the SW-CMM, which seems to be the centerpiece of this book. Chapter 3, "Other Approaches to Software Process Assessment" contains four articles that add balance by covering non-CMM approaches that are in common use, especially in Europe (Bootstrap). I especially liked the article by David N. Card titled "Sorting out Six Sigma and the CMM", which combines two hot topics. One of the exceptions that I cited at the beginning of this review is the article on Trillium, which in my opinion has been superseded by TL 9000 in the telecommunications industry.

The three articles in Chapter 4 (Software Process Improvement: How To Do It) address common concerns and barriers to any SPI initiative, and each add well thought out ideas, especially Sandra McGill's "Overcoming Resistance to Standard Processes, or, Herding Cats", and William Florac's "Statistically Managing the Software Process".

Watts Humphrey's Personal and Team Software Processes, and CMMI are the key topics in Chapter 5, which covers developments inspired by the SW-CMM. All of Chapter 6's Software Product Evaluation articles were my favorites from among the collection in this book, and I particularly liked Jørgen Bøegh's "Quality Evaluation of Software Products" and Geoff Dromey's "A Model for Software Product Quality" because they go to the heart of key issues in both product line engineering challenges and user acceptance testing.

Chapter 7, ISO 9000 Series and TickIT, is the second exception that I previously noted. Much has changed in ISO 9000 with the 2000 standard, which renders this entire chapter moot in my opinion. I also thought the five articles in Chapter 8, The SPICE Project, would have been a better fit in Chapter 3. The same goes for Chapter 9, Experiences of Software Process Assessment, which is nearly an extension of Chapter 8, and is closely related to Chapter 3.

Two other favorite chapters are 10 (Software Process Improvement for Small Organizations) and 11 (Benefits of Software Process Improvement). Chapter 10's three articles dispell any notion that SPI is only feasible for large organizations, and the three articles in Chapter 11 focus on the benefits of SPI, especially Herb Krasner's article titled "Accumulating the Body of Evidence for the Payoff of Software Process Improvement". I also liked the final chapter, which covers software processes in general, including an excellent article on modeling. I felt that this chapter should have been at the beginning of the book instead of the end.

Overall, this is a book for those of us who are nearly religious about SPI; but is not a good introductory text. It's main value will be to IT consultants who specialize in either SPI or SPA (or both), and who need to be familiar with the mainstream standards and approaches.

Posted 8:04:00 PM by Mike Tarrani
A Challenge. In my last entry I didn't really take Linda's spot - XLM and Oracle (or any database) have a natural affinity. XML is the magic. You can stuff the results of a SQL query into a DTD, which is the stuff of application and database integration. However, there are also security challenges. The topic of this entry is XML and database security, and is based on two excellent books I recently finished reading.

The first book is Translucent Databases. This book contains an innovative and viable approach to securing databases, and one that I've not encountered anywhere else. In a nutshell the author provides techniques, based on standard SQL and Java, for securing sensitive data without restricting general access of less sensitive data to authorized users. The core of this approach is based on encryption and one-way functions, including PKI and secure hashing, and accepted authentication techniques such as digital signatures.

What makes this book unique is that while it's based on solid theoretical ground, the material is practical. As the techniques are discussed they are illustrated by 15 different scenarios, all of which contain problems faced by e-commerce, HIPAA and other high security environments, and code examples that show how to solve the problems. I like the way the author shows how to implement his solutions in common database environments (PostgreSQL, MySQL and Oracle - the approach should also work in the MS SQL Server environment). As I read this book I saw interesting possibilities for implementing role-based access controls and securing against SQL-based statistical attacks using the author's approach.

This book is essential reading for DBAs, system architects and IT security professionals, especially those in healthcare who are struggling with meeting HIPAA requirements, and in e-commerce who are challenged by protecting credit card and account information. This book shows the DBA how to secure his or her database, and the system architects and security professionals what is possible using SQL and Java. The book also has an associated web site which is supposed to have soft copies of all of the source code contained in the book. As of this entry the link to the source code is on the site, but the code itself is not yet available. When it is the value of this book will increase even more because of the time it will save by not having to manually create the code from scratch.

If you are new to the cryptographic techniques introduced in this book I recommend Cryptography Decrypted by H. X. Mel and Doris M. Baker, which is one of the best introductions to this complex subject. I also recommend reading Secrets and Lies: Digital Security in a Networked World by Bruce Schneier, which covers the technical, organizational and social aspects of security and gives a clear description of the technical underpinnings discussed in this book.

The second book is XML Security. Given the fact that XML is a key component of web services, and extensively used in e-commerce and enterprise applications integration, this book addresses a genuinely important topic. For one reason, XML is text-based and can expose proprietary information, which is a vulnerability for competitive intelligence specialists and corporate spying.

Before going into what the book contains it's important to know that much of the material is based on RSA's view of the security. This isn't a criticism, but an up-front statement of fact because if you're looking for a book that is 100% vendor neutral you are going to have to wait until one is written - this is the only book I know of that is solely about XML security.

The book starts with primers on security and XML to set the context. It then covers, in succession, digital signatures (chapters 4, 5 and 6), and XML encryption. These chapters are consistent with work and specifications produced by XML Signature WG (joint the Working Group IETF and W3C for digital signatures) and the W3C working group for XML Encryption.

Chapter 8 is specific to RSA products. It shows how to implement XML encryption using RSA BSAFE© Cert-J, which can be downloaded in a trial version from RSA's website. Chapter 9 covers XML key management specification, which are consistent with the W3C working group's specifications, and how XML security relates to web services.

Despite the slight bias towards RSA this book is an invaluable reference. It provides an in-depth discussion of major security issues, as well as how they are being addressed by the W3C. It goes without saying that anyone who is responsible for system architecture, design and/or security should carefully read this book.

Posted 10:01:00 PM by Linda
Reality and Sanity. I have to agree with Mike that wading through thousands of pages of technical text is not the best use of time and energy - unless you are cramming for a certification exam. For the working professional a better book, especially for mastering SQL and PL/SQL, is Database Systems Using Oracle: A Simplified Guide to SQL and PL/SQL. This book is remarkable for the clear manner in which it explains the basics of relational databases in general and Oracle in particular. I am currently in training for Oracle Certified Professional and had been using study guides and class material to learn Oracle. These are fine for passing the OCP exam, but they leave many gaps in the finer points which lead to thoroughly understanding Oracle.

Since this book's goal is to explain Oracle's SQL Plus and PL/SQL languages instead of getting you through an examination with a passing grade it goes into details that my training missed. I especially like the way that database concepts, design and modeling are covered in the first chapter, and the step-by-step approach to teaching SQL and PL/SQL by actually performing useful tasks such as creating tables and working with tables.

In addition to the basics, this book covers advanced topics such as row locking, performance and joins and set operations. PL/SQL is given the same thorough treatment as SQL Plus and as you read through the book and actually perform the tasks on a real Oracle instance your understanding and skill level increases greatly. Since PL/SQL is rich in features and programming constructs the care with which the author explains the basics and how to apply them in a real environment made learning fun and builds your self confidence.

I also liked the attention given to database administration tasks in the final part of the book, and found the SQL Plus and PL/SQL quick reference in the back of the book useful on many occasions.

If you don't have the luxury of attending Oracle training this book is an excellent substitute, and even if you're going through OCP training this book will fill in the gaps that will surely arise since the course is fast paced. Note that this book uses Oracle 8i as the example environment, but the material works with the newer 9i version too.

Posted 3:38:00 AM by Mike Tarrani
Taking Linda's Spot. The boxed set of Oracle books that Linda discussed in her last entry are a bargain for someone who is immersed in a training program. However, who really has the time to wade through thousands of pages and a stack of CD ROMs? (Unless you're facing a certification exam). What if you merely want to gain basic Oracle skills and are overwhelmed by the six inch thick books out there? A refreshingly slender book is So You Want to Be an Oracle DBA?. First, you need to know that this book is based on version 9i and is focused on the UNIX environment. If you're using Oracle 8i and have no immediate plans to upgrade you will find that the previous edition to be more suitable.

The ideal audience for this book is the new Oracle DBA or UNIX system administrators who have either inherited DBA responsibilities or who want to gain cross-functional skills. Experienced DBAs will find much of this book too basic, and may complain that it doesn't cover the full range of database administration topics.

In my opinion the relatively narrow scope of this book is one of its strengths. Instead of overwhelming the new DBA with hundreds of pages it sticks to the essentials. Another point in its favor is that the author doesn't attempt to go into gory details about how things work (information that you can get from other books as your comfort level and self-confidence improve), but remains focused on what you need to do in order to effectively manage and support an Oracle 9i instance.

While I liked the Getting Started and Some DBA tasks (Sections I and II) that start this book, I especially liked Section III, which covers tuning. This is the essence of what a DBA does, and the basics are well covered. This section also gives some excellent scripts that the new DBA will find invaluable. Section IV, is somewhat useful, but Section V is another favorite because it shows how to begin building your own set of tools, which is the hallmark of an experienced DBA. The scripts that are provided in this section are the foundation of database administration, and will spark ideas for additional and more specific scripts. The value is that you can learn much from what is provided.

Each topic in this book is given a brief 2-3 pages, which makes it somewhat terse. In many cases you'll have to go to other books for deeper explanations, but at least you'll be quickly functional.

If I had to choose a single book with which to get started this would be it. Of course you'll outgrow this as your skills and experience evolve, but it will get you started and does so using good practices and workable techniques.

Posted 3:54:00 AM by Mike Tarrani
Trapped in a Time Warp? Are you currently stuck in the mainframe or mid-range world and are seeking an escape? Or perhaps you realize that your skills are growing obsolete and you want to remake yourself. Programming the World Wide Web may be your ticket out. If you're trying to break into development and are seeking a basic book that will prepare you for a career as a web developer, this isn't what you're looking for. It's neither a programming tutorial nor a book on specific environments, such as .NET. However, if you're doing maintenance programming in, say, RPG/400 or writing JCL and are wondering how you can refactor your skills and get out of the mid-range and mainframe environment this book is ideal.

Solid programming skills are assumed (preferably in C or C++, but that isn't essential). You should have a basic understanding of databases and data structures. If you have these skills this book will systematically familiarize you with the web programming environment and common tools and programming languages that you'll need to master in order to transition out of the data center. I like the way the book touches all of the key knowledge areas, starting with HTML and going through javascript, perl and the usual cast of mark-up, scripting and programming languages. More importantly, this book doesn't skim the surface - it does into databases, XML and server-side development. If you've read the table of contents and are tempted to question why CGI was included in such a relatively new book, bear in mind that most of the information in this book is ideal for maintenance programmers, and there are literally thousands of systems that still employ CGI scripts. This also reinforces my opinion about who will benefit most from this book - maintenance programmers from mid-range and mainframe environments.

In a nutshell, you bring your knowledge of algorithms, data structures and development methodologies, and the book will show you how to apply them to web programming.

Posted 3:53:00 PM by Linda
My Turn. Mike's been plowing through topics, and before he gets stuck in XML I am going to break his stride. I'm still in Oracle OCP training, and want to share a collection of books that I've found useful: OCP Oracle9i DBA Certification Boxed Set. This collection of study guides and the CD ROMs that come with it represent potential value, but the decision to go with this set versus buying 'best of breed' books on each subject area boils down to a personal choice. Factors include budget and how willing you are to endure some of the typos in most of the books in this set.

What you get: This collection consists of the following books, each of which I have reviewed on their product pages. I am summarizing the reviews to save time:

1. OCP Introduction to Oracle9i: SQL Exam Guide. I rated this at 4 stars - be aware of the fact that this book does have errors, make sure you read the errata and you'll find it quite helpful.
2. OCP Oracle9i Database: Fundamentals I Exam Guide. Another 4-star rating - there are editing flaws and inconsistent writing that do make this book ponderous at times. There have been times when I wished the authors and editors had paid more attention to the book, and other times when I silently thanked them for clarifying a concept.
3. OCP Oracle9i Database: Fundamentals II Exam Guide. 4-stars. Among the strong points of this book are the self tests and practice exam questions. Weaknesses include poor editing, which seems to plague this series, and the inconsistent writing that is at times extremely clear and others quite obtuse. I prefer OCP: Oracle9i DBA Fundamentals II Study Guide by Doug Stuns and Matthew Weishan, which is better written, consistent and complete. It is also a 'best of breed' book.
4. OCP Oracle9i Database: Performance Tuning Exam Guide. Unlike the others in this set this book is a 5-star gem. All of the key elements of performance tuning are covered, the illustrations are excellent and aid in understanding, and the drills, self tests and practice questions have been a tremendous help.

Pros: price, over 2000 pages of materials and CD ROMs with practice questions and other material.

Cons: with the exception of the Performance Tuning Exam Guide the guides in this set have editing problems and errors.

You choose.

Posted 1:13:00 AM by Mike Tarrani
Still More XML Resources. I mentioned Definitive XML Application Development in my last entry. If you're a developer this is an excellent resource. Be aware that the book requires a solid working knowledge of XML and associated protocols (XLST, XPath, XML Schema), Python and Java), and is written for practicing developers who are involved with web services, e-commerce and extended supply chain applications. You should also be reasonably familiar with DOM, data structures and relational databases to get the most from this book.

After a quick introduction to the XML processing the author wastes no time getting to the meat by going into processing types in Sections II (Event-Based Processing), III (Tree-Based Processing) and IV (Declarative Processing). Each of these sections are comprised of chapters and topics that cover the strengths and weaknesses of each approach, common tools and example applications, and tips and techniques.

Section V is focused on Java development, including SAX in Java, DOM in Java and XSLT In Java Applications. This section covers APIs, tools and specific considerations for each topic.

The final section addresses XML processing in detail, and deals with alternative processing approaches (including hybrids of event-, tree- and declarative-based models), schemas, and RSS.

In addition the appendices are informative and add to the value of this book. In particular, Appendix A, A Lightning Introduction to Python, will get seasoned developers up-to-speed (augmented by Appendix C which covers Python XML Packages). Appendix B is a glossary that goes into considerable detail, making it a handy reference.

Posted 5:19:00 PM by Mike Tarrani
More XML Resources. It's one thing to have a book of spcifications, such as the one cited in my last entry, but such books are more useful as references than as learning tools for mastering the underlying technology. One of the best collections of XML resources is The Definitive XML Professional Toolkit. This boxed set contains three books that have been published in December 2001 and represent the essentials for anyone who is working with XML and web services. The books are:

1. Charles F. Goldfarb's XML Handbook (4th Edition) by Charles F. Goldfarb and Paul Prescod. Goldfarb invented SGML, upon which XML is based and which had a significant influence on the design of HTML. At 1200 pages this book is probably one of the most complete references that one can have. It covers every conceivable topic, ranging from a good description of XML and how it evolved from SGML, to semantic web and web services (each of which are disciplines onto themselves).

   Expected topics are given in-depth treatment (XML, schemas, DTDs, datatypes, XSLT, XSL-FO, XLink, XPath, XPointer, XSDL, namespaces, topic maps, RDF, SOAP, UDDI, WSDL and VoiceXML), with a focus on the following:

   • integration of XML and the older EDI approaches to e-commerce and extended supply chain systems
   • a sound approach to content management - how XML fits into the web services framework
   • chapters on important topics such as portals, databases, content acquisition, conversion and publishing
   • a series of chapters devoted to tutorials on XML basics, schemas, and transformation and navigation protocols
   In addition this book comes with two CD ROMs that are packed with applications such as IBM's AlphaWorks suite and NeoCore XMS Native XML Database (Personal Edition). A trial version of TurboXML IDE & Schema Editor is also included among the 175 programs on the CD ROM set.

   This is an overwhelming book for beginners, but is a valuable resource for anyone who is deeply involved in web services, XML and related technologies. If you fit the latter category this is probably the only XML reference you'll need.

2. Definitive XML Schema by Priscilla Walmsley. In a nutshell this book gives a detailed description of the XML schema and associated topics. The author is a member of the W3C working group that created XML Schema, and the material in this book is consistent with W3C recommendations. See the editorial description and reviews on this book's product page for specifics.
3. Definitive XSLT and XPath by G. Ken Holman. Covers everything you need to know about transforming information structured vocabularies and output formats. The author is the chair of OASIS's XSLT/XPath Conformance Technical Subcommittee. See the editorial description and reviews on this book's product page for specifics.

What's not included in this set, but worth getting is Definitive XML Application Development by Lars Marius Garshol. However, the books that do come this this boxed set will provide you with a solid foundation of the basics as well as software tools that you can evaluate as candidates for your own development environment.

Posted 11:26:00 PM by Mike Tarrani
XML Resources. Because XML is so versatile, especially for enterprise applications integration, and as a core component of web services and e-commerce systems, I want to share some of the better XML books that are available.

Although you can download XML specifications from the W3C working groups, a single book that summarizes these specifications is worth the investment. XML Family of Specifications: A Practical Guide is such a book. It's a comprehensive and up-to-date (as of this review) reference on XML as defined by the W3C. Part I is more of a desk reference (with a lot of example code), which covers XML syntax, modeling and parsing, DTDs and schemas. Part II, also with many examples, is a complete treatment of parsing with APIs, with separate chapters on SAX, DOM, JDOM and JAXP. Transformation and display protocols are covered in Part III, including CSS2, XSLT and XPath. XSLFO for formatting is also covered in this part. Xlink and Xpointer to facilitate referencing operations are the subjects of Part IV, and the book wraps up the formal descriptions of the family of specifications in Part V, which covers XHTML and RDF. I have a personal interest in RDF, and found the chapter devoted to it complete, but terse. This characterizes all of the chapters in this book. What makes this book valuable is the way the information is displayed. Each chapter starts with either an overview or concepts, and each clearly explains each specification and gives clear examples to demonstrate how they work in practice.

Appendices at the back of the book are especially valuable because they summarize much of the information in the body of the book. For example, Appendix A depicts the family of specifications in a format that clearly shows the relationships among them. In addition, the web site that supports the book provides a lot of supplementary material, including over 900 links to related resources and an image map of the family of specifications that is one of the most visually appealing and informative resources one can have at their disposal. Note that the web site is not up-to-date - some information that was cited as coming in April and May were still not online as of late June.

This is not a book for learning XML as much as it's a reference. The main value over W3C material that is available over the web is the clear writing and many examples. It reads much better than dry specs and is complete in its coverage.

Posted 3:53:00 AM by Mike Tarrani
Now For Something Strange. As long as I'm dredging up old books that I think are still useful, here is one that is worth tracking down: Testing to Verify Design and Manufacturing Readiness This book, despite the editorial description on this page, is entirely about hardware/software integration as it pertains to managing acquisition risk for the buyer and the processes and procedures that need to be employed by the developer.

If you work within the framework of the FDA's General Principles of Software Validation or the FAA's DO-178B for safety-critical avionics the material is consistent with these governing documents, but is too outdated to be useful.

However, if you are working on integrated projects that are unregulated with respect to government controls you may find this book useful. It contains a wealth of useful guidelines for establishing and managing processes to support development of products that are based on embedded software or hardware/software integration, The core of this book is a collection of templates that were developed and proven in the DoD industry, and are designed to manage integrated testing, failure management and field feedback. Each element is applicable to commercial environments, especially for companies that are manufacturing intelligent network devices, data storage systems and specialty products such as digital control systems, sensors and other integrated hardware/software products.

The templates are introduced in Chapter 1, and each of the seven functional areas covered by the templates are discussed in separate chapters. These functional areas are: integrated testing, failure reporting, design limits, product life, test/analyze/fix process, uniform test reporting and field feedback. A chapter on applying these follows, but the material is slanted towards DoD issues. If you apply thought and imagination while reading this chapter you should get ideas on how to refactor the cases into your own environment.

Section 2 devotes three chapters to software design and test, which are based on the older waterfall development life cycle. However, this particular life cycle lends itself well to developing embedded systems, making this material valid and applicable to commercial environments.

Overall, this is a useful book for the intended audience I cited above if you can track down a copy. In particular, the checklists and overall framework are valuable, and much can be learned from the risk-based approach taken in the book.

Shifting Gears. Although I'll inevitably return to quality and reliability, I am going to shift to another topic in my next entry: XML. Also, most of the topics for the next few weeks will be in the form of book reviews instead of the tutorials and news items that we've been writing about. That will change as soon as things stabilize. We're all busy and haven't the time to do the research we normally do, nor the freedom to craft original essays on topics that are dear to us. That will change in due time, but until then please bear with us.

Posted 2:10:00 PM by Mike Tarrani
Oldies, But Goodies. One of my personal favorite books, and one that has had a profound influence on me, is Quality Assurance for Information Systems. This book represents a pivot point in Perry's prolific published works that date from 1981. What makes it pivotal is the fact that this book synthesizes his approach to IS quality assurance from a production support viewpoint and his future work which focuses on software testing.

Although over 11 years old the QA approach contained in this book is still valid. To get at the gems, though, you have to overlook a few things. For example, terminology common in the mainframe data center of past decades sounds quaint even to those of us who came from that environment. Also, the code examples used to illustrate quality problems are sure to confuse the younger generation of C++ and Java developers and test professionals who probably never heard of PL/I and only vaguely know about FORTRAN.

What I like about this book and the reason why I think it's still an important reference is the fact that application quality from an enterprise perspective is addressed. This goes beyond testing and release processes, as well as beyond project issues surrounding applications delivery and SQA. The focus is on production and maintenance, although testing, SQA and project metrics are addressed.

In addition to the focus, the book contains checklists, questionnaires and sample forms that can be updated to reflect modern computing environments - and you may be surprised to find that much of this 'ancient' material requires very little modification. Another aspect of this book that I like is the material on software maintenance, which seems to be a lost art, although it's as important now as it ever was.

Don't let the age of this book deter you if you're interested in quality assurance from a production support point of view. The best recommendation I can give is that this book has served me well in over a decade of consulting, and it probably will for years to come. However, it shouldn't be your only reference either.

Posted 4:12:00 PM by Mike Tarrani
More on Quality and Testing. In previous entries I covered most of the newer books on quality, reliability and testing. However, there are some older books that are still valid or contain enough information of value that they merit a mention.

• Testing Very Big Systems. After you've peeled back the layers of testing techniques that are better documented and more refined in more recent books, and archaic language that characterized the mainframe lingo that was dying out when this book was first written a decade ago you'll find gold.
  First, the way test case management is presented stands the test of time. The author is obviously well versed in managing complex system testing and it shows in his detailed approach to developing a test strategy and managing a large array of test cases. As good as this material is, it isn't a sufficient reason to track down a copy of this book because Rick Craig and Stefan Jaskiel have a more modern book, Systematic Software Testing that accomplishes the same goal.
  The real gold is in the way that this book integrates testing, issue management and metrics. Although there is a large body of knowledge on these topics, this book manages to sort out the complexities in the clearest terms I've encountered. I also think that the approach change management is excellent, and especially the way this is linked to issue management. On the subject of issue management, the taxonomy of issue types has served me as a model during numerous consulting engagements for service delivery and software engineering process development, and have been proven in the field.
  Additional gold is in the chapters on test documentation (especially the treatment of status reporting) and managing management. I also like the way that the author takes economic considerations into account, which was not much in vogue when this book was written in 1992.
  If you're an SQA or applications delivery practitioner I strongly recommend tracking down a copy of this book. Look past the archaic parts and you will find one nugget after the other of useful information. I wish this book would be rewritten to reflect today's environment and the lessons that the author learned in the decade since this book was first published because there is much in this book that you will not find elsewhere.
• Ensuring Software Reliability. Despite this book's age and the subsequent software reliability books that have since been published, it adds a perspective and information that is either not in more recent books, or is not given the same comprehensive treatment.
  If you are familiar with software reliability as a discipline and with any of the major books, such as John Musa's Software Reliability Engineered Testing, you'll probably not find anything new in Part I, although chapters 3 (software failures and failure processes), and 6 (reliability terms and definitions) add clear, succinct descriptions and definitions to these topics.
  Part II, however, is where this book shines and why I use this book as one of my principal references. Specifically, chapter 7, which covers software reliability data collection, is thorough and comprehensive. I especially like the way data collection is integrated into a reporting process, and the near exhaustive list of error, product and process metrics and their associated descriptions. Chapter 8 is another gem. It describes 12 major reliability models, ranging from Musa's models to predictive models. One of the most interesting models in this catalog is the 'Leone Test Coverage Model', which is based upon percentage of completion and coverage of specific development and testing tasks. For each model the author gives a summary description, provides assumptions and parameters of the model, and the associated math. Each model's summary contains strengths and weaknesses, and when in the life cycle the model is best employed.
  Overall, this book contains some invaluable information and information that has been superseded by newer books (especially the last chapters in Part II). If you're seeking information that I've highlighted above, this book is a worthwhile investment. If you're looking for a book that is more up-to-date I recommend Software Reliability Engineered Testing by John Musa. This book will remain an often referenced part of my library for some time to come.

In my next entry I'll provide additional books that I like in spite of their age.

Posted 7:08:00 AM by Mike Tarrani
Short Break. I am going to briefly break from the testing, SQA and reliability thread because I don't have time right now to devote to properly wrapping it up. I will offer an interesting article titled Use of Metrics in High Maturity Organizations to keep the pace alive until I return to the topic.

Wireless and M-Commerce Development. I just posted my take on a book titled Mobile Business Strategies: Understanding the Technologies and Opportunities in our sister weblog, Postcards from the Revolution.

That weblog focuses on service delivery and business/IT alignment issues, while this one is slanted towards software engineering and more technical topics. The book fit within our theme for Postcards from the Revolution, but there is a related book that is more suitable for this audience. The title is The Complete Wireless Internet & Mobile Business Programming Training Course (with CDROM), and the friend who called it to my attention was enthusiastic. It appears to be a complete training course in all aspects of wireless and mobile commerce development. Judging from the content of the thirty-four associated PowerPoint presentations that are available for free download this is, indeed, a complete training course. If you need to get yourself or your staff quickly up-to-speed and you have a constrained training budget this may be a cost-effective alternative.

Back to Quality. Before ending this entry I want to revisit quality. If you are pursuing the ASQ CSQE certification you may want to get a copy of Fundamental Concepts for the Software Quality Engineer. This book is published by the sponsor of the certification (ASQ), and the book editor is Taz Daughtrey, who is editor-in-chief of ASQ's peer-reviewed quarterly journal, Software Quality Professional.

Posted 7:20:00 PM by Mike Tarrani
More on SQA + Reliability. In my haste to provide SQA resources yesterday I left out two important ones that should be bookmarked and frequently visited by anyone who is interested in software quality assurance:

1. David F. Rico's home page.
2. Tantra Management Services.

These are my personal favorites, and I have been using them for years as primary resources.

Software Reliability - Short Version. I am still pressed for time, so this entry is going to be as terse as my last. In the same manner that I use a single book as my primary reference for SQA, I use Software Reliability Engineered Testing by John Musa as my primary reliability reference. My 11 May 2001 review on Amazon will show why I hold it in such high regard. That doesn't mean that it's the only book I use - I have a large collection of SQA and reliability books - it means that it's the first one to which I turn for authoritative information on the topic. On the web the first place I go is the