Friday, November 6, 2009

.Net Application Development Best Practices

Recommendations for building Highly Available .Net application

Cross cutting related

1.Consider Vertical and Horizontal partitioning of the application logic into layers and tiers, application having independent presentation, business and data layer is essential to build highly scalable and available application
2.Consider Internet Information Server (IIS) 7.0 and above at Web Server and app server tier, Windows Server 2008 as Server Operating System, SQL Server 2005 or higher for Databases
3.Take special care while selecting 3rd party components in the application architecture, usually not appropriately tested components can cause memory, security leaks leading to main application down. e.g. ODP.Net driver version 10.2.0.2.1 causes memory leak issues when used in .Net application. Check and use version which is latest and appropriately tested.
4.Design self healing applications, applications which log data and based on type of error and knows how to recover without administrator intervention.
5.Select logging, tracing and exception management framework which logs correct and useful information. Enterprise Library blocks can be considered for the same. Always provide graceful code exits than aborts.
6.Ensure code review is done for the complete application and standards, best practices are adhered to. No infinite loops, and avoid recursion logic.
7.As far as possible use the namespaces, apis, controls, components available OoB with framework than trying to implement same functionality through user defined programs
8.Thoroughly Test application for security attacks like SQL injection, Denial of service attacks
9.Ensure and plan for soft and hard memory growth with increase in number of users.
10.Ensure software releases, service packs are appropriately tested before rolling out in production.
11. Ensure appropriate latest antivirus software's are installed in the environment
12.Provide appropriate page security using transport security (https), data encryption using encryption algorithms, secure user logins implement certificates using 3rd party security certificates like Verisign.
13.Design system for least access rights, low surface area.
14.Least access right means to run an application, it should need least amount of privileges. Low surface area means application will expose limited software surface area or endpoints which are accessible by other applications, possibly implement this by writing modular windows services.
15.Consider software and hardware firewalls, as far as possible place database server and application server behind firewalls in the order mentioned.
16.Conduct memory profiling, perfmon analysis for appropriate memory and security counters before releasing application into production

Presentation Layer

1.Consider using disconnected scenarios when applicable. Use MS Smart client - Composite Application Block.
2.While designing stateless applications, remember to disable view state of controls, pages.
3.Plan appropriate size aspx pages and avoid too many controls on the page. Split complex functionality into multiple pages, tabs to reduce page size loads.
4.Implement client side Java script validations and report errors at presentation layer itself for data inappropriateness without making server calls
5.Appropriately employ Ajax behavior in the application/pages. Ajax calls leads to increase in network calls.

Business Layer
1.Assign dedicated Application pool for application hosted in IIS
2.Provide Caching in the middle tier and presentation layer.
3. For Distributed Caching, use Velocity framework. For application level caching one can use EL Caching block. Refer this for more info. State server provides reliable cache than InProc.
4.Write deadlock free Database and Dotnet programs, use appropriate threading and monitoring, mutex mechanisms.
5.For long running or Human workflow, consider persisting Workflows. .Net 3.5 has persistence feature which is further improved in .Net 4.0 Windows Workflow.
6.Consider designing stateless WCF services using appropriate configuration parameters for singleton, state full, per session, etc.
7.Use connection, session and thread pools and set respective timeouts
8.As far as possible avoid invoking unmanaged code from .Net, if the need be ensure the unmanaged objects are released from memory
9.Microsoft Dublin, currently in beta can be considered as part of application server for hosting Windows Workflow, WCF, Workflow Services as it provides high availability, scalability, reliability by providing features for persistence, state management, monitoring, etc.
10.Consider .Net Configurations (xml) for driving application settings, as one doesn’t have to restart the application for changes to take place.
11.Consider Clustering, Load balancing for presentation, business logic and Database tier
12.If possible, consider separating stateless logic from state full and plan independent hosting for the respective ones. Consider application pool recycling for stateless sites.
13.Consider setting web garden for multi core CPUs. Number of cores = Maximum Worker processes
14. Consider Caching in the middle tier and presentation layer.
15. For Distributed Caching, use Velocity framework. For application level caching one can use EL Caching block. Refer this for more info.
16.Consider asynchronous communication (fire and forget) patterns for modeling long running transactions, workflows.
17. Appropriately close WCF proxy connections on client, also plan for exception conditions. Recommended practice is mentioned here
18.If not appropriately written, developer written threading logic can cause unexpected application behavior, hence write it only when necessary.
19. Avoid using GC.collect(), as .Net automatically schedules Garbage collection(GC) when memory pressure builds up, no need to force it, as and when GC happens all other operations are suspended.

Persistence Layer

1.Microsoft will stop supporting Oracle driver for .net from 4.0 onwards, if planning to use ODP.net, consider using driver for 11G and above.
2.Physically separate Reporting, data warehousing from real time OLTP data
3.Consider Partitioning (horizontal, vertical) Database.
4. Consider Database Replication options (transactional, merge, snapshot as applicable) for high Database availability.
5. Have appropriate Database archival and backup strategy
By no means this is an exhaustive list; please feel free to add points based on your experience.


Most of these points were collected from Infosys Microsoft blog. Thanks to Sudhanshu Hate for providing these wonderful lists.

No comments: