Deploying and Maintaining Smart Client Applications .Henrik Lykke Nielsen Software arkitekt, Captator Microsoft Regional Director for Denmark lykke@captator.dk www.captator.dk/captator.aspx?blog=dothenrik Today's Agenda Best practices for building well-designed, secure, data-driven, smart client applications Session 1: Designing and building smart clients Patterns and practices for smart clients, IssueVision Session 2: Securing smart client applications Tips for secure data, CAS, encryption, and more Session 3: The ins and outs of secure data access Best practices for smart client data, offline data Session 4: Deploying and maintaining smart clients Tips for deploying and updating apps to avoid “DLL Hell” Agenda The “Deployment Big 3” for smart clients Drill-Down: Design choices for deployment No Touch Deployment options Installing the .NET runtime with your app Best practices for deploying Smart Client apps Drill-Down: Design choices for updating Automatic update options Best practices for updating Smart Client apps Avoid Collisions Avoid collisions between apps and versions! Installing App B must not break App A .NET Application Isolation Private deployment by default By default .NET applications use the assembly versions they were built with, not the latest Multiple versions coexist by default “Side-by-Side” installation Sharing, if any, is controlled and explicit Can be shared by installing to the Global Assembly Cache (GAC) No DLL registration Just copy files Protect Resources and Data Control which local data and resources your application may access! .NET Code Access Security Access is controlled based on evidence Who created the program (code signing) Where the program came from Corporate intranet, specific manufacturer, Web site, etc. In .NET, resource security can be controlled at deployment time Tools including CASPOL and Group Policy help administrators manage secure access policies Control Costs Control deployment and update costs! Easy, “self-service” installation Automatic detection and download of updates Low Cost .NET Deploy and Update Just copy files to the deployment location .NET No Touch Updates detect, download and apply updates Drill-Down: Design Choices for Deployment • Run From Web • Code Download • MSI-Deployed • Installing the .NET Framework Deployment Options .NET offers several options for deploying and installing smart clients This discussion focuses on three common choices: Run From Web User runs the app by clicking a link in a Web page Code download User runs a bootstrap program from their desktop that downloads and executes code from the Web (or intranet) MSI-deployed User runs the application locally. The application downloads updates from the Web (or intranet) Run From Web Entire app is downloaded to Assembly Download Cache IEExec process launches the app with restricted security settings Advantages Very easy to deploy / update Limitations Runs only inside Internet Explorer 5.01+ Semi-trusted Can be difficult for users to discover Run From Web Run From Web Opsætning af sikkerhed på klienten Lagret som XML i: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4 322\CONFIG .NET Framework 1.1 Configuration MMC snap-in CASPOL command line tool Via MSI: Lavet vha. .NET Framework Configuration snap-in Vha. kode: System.Security.Policy namespacet Code Download Program is partitioned into assemblies that are downloaded as needed ‘Stub’ program is installed on local PC The stub downloads and runs assemblies from the Web or intranet using Assembly.LoadFrom() Advantages Small installation size, incremental updates Launched from My Programs Fairly easy to deploy and update Code Download, continued Limitations Application must be factored appropriately (hard to do) Local footprint requires an install process No support for working offline No support for side-by-side versions Updates occur only when app or module is loaded Permissions based on where assembly came from Must be connected Best used for… Apps that have distinct functional modules Apps that can tolerate download delays Code Download Client Install Via MSI Deployed to a client machine from a web location, a UNC share or a file location Functions like a standard Windows application Advantages Best range of Smart Client functionality, including offline Best performance Best integration with the Windows shell My Programs shortcuts, Add/Remove programs Supports working offline Supports updater technologies Client Install Via MSI, cont. Limitations Local footprint requires an install process Best used for… Apps that require the best possible client performance Apps that let the user work offline Apps that access local resources Apps that support side-by-side versions Bundling the .NET Framework Free redistributable version of .NET Framework Stand-alone executable file, dotnetfx.exe Distribute via SMS, Active Directory or bundle with app More information: http://msdn.microsoft.com/library/enus/dnnetdep/html/redistdeploy1_1.asp Example project from MSDN http://www.microsoft.com/downloads/details.aspx?FamilyId=B F253CFD-1EFC-4FC5-BA7E-6A6F21403495 Shareware plug-in to Visual Studio .NET Automates adding dotnetfx.exe to you setup project http://www.gotdotnet.com/community/workspaces/workspace .aspx?ID=2F8F0A23-F529-4158-8E0A-D187D16F41F1 Best Practices #1: Deployment Design up front for deployment Choose the deployment option that best fits your app… Performance Security Functionality And, helps you control maintenance costs Be careful about sharing code between applications Use application isolation to avoid future collisions Grant access only to the resources and data it needs Bundle .NET with your application if users might not have it already Drill-Down: Design Choices for Updating • Update Web Hosted DLLs • Application Updater Updating Options “Always up-to-date” Run-From-Web and Code Download apps “Price” is no side-by-side Application Updater Two code blocks from Microsoft make updating client-installed applications easier AppUpdater component Easier to implement Updater Application Block Best choice for enterprise-grade applications Application Updater How it works: Polls for available updates Detects via manifest file or folder/file check Downloads updates in the background Applies updates Restarts the application .NET Application Updater Component windowsforms.net/articles/appupdater.aspx Application Updater Block from Patterns and Practices http://msdn.microsoft.com/library/enus/dnbda/html/updater.asp Deploying and Updating IssueVision Captator.Eifos.Updating Launcher.exe startes i stedet for selve app’en Authentication mod XML web service (WSE2) Henter AppInfo og info om download-server(e) fra central server (via WS) Kan eksempelvis afhænge af authenticated bruger Sammenligner med lokal AppInfo Henter og installerer nye komponenter (WSE2) IDirectoryStrategy Kalder eventuelle upgrade funktionaliteter Launcher (nyeste) version af applikationen Best Practices for Updating Design and plan for updating Evaluate updating deployment options Web-Deployed, Code Download Check for updates every time they are launched Check for updates only when they are launched MSI-Deployed Supports side-by-side versions Can automatically update the running application Use Application Updater block Summary .NET solves the “Deployment Big 3” for smart client applications Avoids collisions, protects resources and data, controls deployment and updates costs Control your deployment costs by installing applications from an intranet or Internet location Control your maintenance costs using No Touch updating Use Updater Application Block for enterprise-grade applications Resources Deploying and Distributing Overview http://msdn.microsoft.com/vbasic/using/deploying Patterns and Practices www.microsoft.com/resources/practices/bytaskImplement.asp .NET Framework 1.1 Deployment Guide msdn.microsoft.com/library/default.asp?url=/library/enus/dnnetdep/html/dotnetframedepguid1_1.asp?_r=1 Microsoft Visual Studio .NET 2003 Bootstrapper Plug-In www.microsoft.com/downloads/details.aspx?FamilyId=62792 1A0-D9E7-43D6-A293-2F9C370BD19&displaylang=en Nyheder, artikler, information, … www.captator.dk Smart Clients in Review The best of Windows with the best of the Web Cost-effective deployment of programs and updates Best practice for data: Use stored procedures, if possible Use optimistic concurrency For offline data, use DataSet to help you work with data locally, and sync changes back to the server Best practice for security: Let it work for you! Smart Client apps give you fine grain control over who gets to do (or see) what. Best practice for deployment: Control your deployment costs by downloading applications and updates from an intranet or Internet location © 2003-2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.