Development practices to minimize OS end of life risks
Derrick Sharpe, Senior Application Development Manager, talks about application compatibility and how to minimize the risk associated with OS end of life transitions.
In case you haven’t heard by now Windows Server 2003 support ends on July 14, 2015. Microsoft will no longer patch Windows Server 2003 for new security vulnerabilities. You certainly don’t want to deal with increased security risks and loss of compliance by ignoring this deadline. Hopefully this is not a surprise and you have been testing those applications on a newer OS to be fully migrated before the end of life date arrives. What can you be doing to help mitigate your risk with enterprise development going forward?
We often see companies scrambling at the last minute to test and migrate applications to a newer operating system. There are many advantages of moving to a newer OS before a support lifecycle change makes it a requirement. These advantages include performance, security, and new capabilities that may provide competitive advantages in your market. The key to optimizing a migration effort is being able to automate the deployment and testing of the application.
There are a lot of tools available such as Microsoft Test Professional and Release Management that makes compatibility testing of an OS migration easier. Automated testing is important not only for new OS releases but also testing the impact of updates and fixes to any current OS on your application. For example, developers sometimes take advantage of undocumented features only to have a security update close that capability and break their application in production. Having an automated test suite that can run against your application will minimize the risk of missing problems that result from any change to the underlying OS.
From a development perspective, there are a few items that can help minimize the risks up an OS upgrade:
- Using the .NET Framework minimizes many of the common end of life risks associated with low level OS dependencies. You do still have to plan for any changes that result from moving to a newer .Net version, if required on a newer OS.
- If you are using C++ then OS dependencies are more likely and care should be taken. Mitigate sensitive code areas (security, certificate retrieval, tcp/ip layer, etc.) by thoroughly documenting OS risks. You can move higher risk areas of code into separate projects to encapsulate and make them easier to test and modify independently.
- Use code reviews and architectural reviews should help call out areas of concern and promote good coding practices for future iterations.
- A foundation in the SOLID principles are recommended if you are not currently adhering to them today.
- Ensuring that you are utilizing Test Driven Development and are attaining a high code coverage rate will help minimize risks as well as improve overall application quality.
Server modernization presents a huge opportunity to take advantage of the latest operating system advancements. With Microsoft Azure, you can get your applications up and running in minutes instead of spending weeks procuring and provisioning your infrastructure. Having a well prepared and automated test plan can position you to quickly take advantage of these new capabilities. Premier offers services and guidance on how to optimize your usage of Azure and how to automate your processes.
Many of the risks associated with upgrading and operating system can be mitigated by following good architectural practices and having a good Application Lifecycle Management process. These are areas that Premier Developer works with our customers every day. Premier Developer will provide guidance and best practices on ALM and application architecture as well as helping to ensure application quality and developer productivity.