The Daily Parker

Politics, Weather, Photography, and the Dog

Managing multiple CRM connections with one Azure application

We've published Part 3 of my series of blog posts about integrating Holden International's Azure-based sales training app with multiple customer-relationship management (CRM) applications. The combined parts 1 and 2 went up mid-August. Part 4 should come out within 10 days.

Here's the complete post:

In my last blog post, I outlined the code architecture enabling us to let Holden International’s Azure-based efox 5.0 application connect with multiple, arbitrary CRM applications. In this post, I’ll show you what it looks like to the end user using our SalesForce connector.

Users whose accounts are integrated with SalesForce can enter efox in one of two ways: either by going directly to efox, or by clicking a “launch” button from a SalesForce Opportunity record.

Going through the front door is simple enough. The user can go directly to efox, or the user can navigate to a saved URL that takes advantage of efox’s RESTful ASP.NET MVC interface. In either case the user may not have already logged into SalesForce.

Some customers haven’t set up SSO with SalesForce yet, because the SalesForce Professional edition doesn’t support it. We’re trying to get everyone using efox to upgrade, because the user experience without SSO is sub-optimal: it’s DSO (double sign-on), requiring users to keep track of two different sets of credentials (one for efox, one for SalesForce). I’ll cover that mess next time.

For now, let’s look just at the SSO user experience.

Because efox has to support non-SSO users, just going to without being signed in to SalesForce takes you to the efox login page:

efox SignIn page

That’s not helpful to SSO users, because (a) they don’t have an efox login and (b) efox doesn’t know which SSO provider they’re using. To solve this problem, we use a RESTful URL that looks like{CustomerCode}, where CustomerCode is unique tag identifying the customer.

Note how this URL lets the SSO controller not care what CRM system the customer is using. When the user navigates to their company’s efox SSO URL, efox looks up the customer and sends the user to the correct login page. So a SalesForce-integrated user gets passed to the SalesForce login page, with a SAML request under the hood telling SalesForce to send the user back to efox:

SalesForce login page

When the user logs in to SalesForce, the SAML magic happens, and they get back to their efox landing page:

Winning Sales Plan landing page

More commonly, though, users launch efox from their CRM systems. When we set up a customer to use efox, they add a “launch” button to their CRM’s Opportunity page:

SalesForce opportunity page with efox launch button

In SalesForce, the button is actually just a VisualForce link button; other systems just use a basic hyperlink. This is because it only needs to let users navigate to a link that follows the format{CRM Opportunity ID}/{User Name}. Navigating to that link takes the user to the SSOController class in efox, which starts the login process (if required) or sends the user to the next step (if she’s already logged in).

Again, through the miracle of MVC RESTful URLs, the link will work not only with SalesForce but with any other CRM provider. The SSO controller uses the user name to find out what customer to use, from which it finds out which SSO provider to use, to which it sends the user’s login request. The return path of the login request connects to the SalesPlanController class, which actually performs the import. (If the user is already logged in, the SSOController sends the user directly to the SalesPlanController.)

I won’t go over the specifics of how the controller pulls information from the CRM system, except to refer back to the discussion last time about the ICrmIntegration interface from last time.

I’ve used SalesForce for the artwork in this post, but the flow and user experience would be the same for any other CRM provider. Users get to move seamlessly between efox and their CRM system, and efox doesn’t care whether it’s connecting to SalesForce, Siebel, or a squirrel.

In my next post, I’ll talk about some of the problems we had to solve in order to let people use efox without SSO.

Integrating Multiple CRMs with One Azure Cloud Service

(This is cross-posted with the 10th Magnitude Tech Blog.)

Part 1: The Challenge

We developed efox, a Microsoft Windows Azure PaaS application, for our customer Holden International over the course of the last year. Our biggest challenge in the first release was to integrate their flagship sales training application, efox, with SalesForce. But from the beginning of the SalesForce integration effort, we had a constraint we couldn’t ignore: Not only would efox have to integrate with SalesForce, but it would also have to integrate with Oracle Siebel CRM, Microsoft Dynamics, and whatever other CRM application Holden’s customers want to throw at it.

At first glance it looks like a simple problem. Lots of applications, after all, integrate with CRMs. There are also lots of tools to help: SalesForce has a decent SDK, Microsoft has Windows Identity Foundation, most providers (including SalesForce) support OAuth...been there, coded that.

In a typical integration, the custom application extends the service provider’s application. For example, SalesForce has tools to create custom SalesForce extensions that extend SalesForce functionality. An application can run as a SalesForce user and share data with SalesForce transparently, using OAuth and the SalesForce REST API. This is, in fact, how the previous version of efox worked.

efox inverts the problem. Yes, it’s easy to integrate an application with one CRM; but it’s hard to integrate with all of them—simultaneously. At any moment, efox could have several hundred concurrent users going to half a dozen different CRM systems. The application therefore needs to treat each user’s session and each CRM request as a discrete unit.

In this and two succeeding posts, I’ll outline how we solved the architectural problem of separating the UI and back end to abstract away the specific CRM implementation from everything else; how we use ASP.NET MVC 4 routing to let people click a button in their CRM system to launch efox; and how we added single sign-on (SSO) using SAML to allow each user SSO access to efox—or not.

Part 2: The Architectural Solution

Before trying to implement an solution, we first designed the application to handle any arbitrary CRM integration we cared about.

First we created an interface, ICrmIntegration, that exposes these basic operations:

IEnumerable<Account> Accounts(Guid userId);
IEnumerable<Contact> Contacts(int accountId);
SalesPlan GetSalesPlan(string crmOpportunityId, Guid userId);
CrmLoginResult Login(string userName, string password, out string message);
IEnumerable<Opportunity> Opportunities(int accountId);
void Save(SalesPlan salesPlan);

The application uses Factory classes to retrieve objects from the database. We created new Integrated_Factory classes (like IntegratedSalesPlanFactory) that are aware of CRM integration classes and aware of the concrete Factories. Instead of calling the concrete factories, the UI now calls the Integrated factories, which decide whether to retrieve objects from the database or from the user’s ICrmIntegration.

This design completely abstracts the concrete CRM integrations away from the application’s UI. A controller class needing to retrieve a list of Account objects for the user calls IntegratedAccountFactory.Find(userId). That method calls the IntegrationFactory to get the user’s CRM integration (an ICrmIntegration implementation). If IntegrationFactory returns null, meaning the user isn’t integrated with a CRM system, then the IntegratedAccountFactory calls the regular AccountFactory instead. Otherwise it calls the Accounts method on the integration object to retrieve the list of accounts from the user’s CRM system.

Here’s the code in IntegratedAccountFactory:

public static IEnumerable<Account> Find(Guid userId)
	var tenantId = AccountFactory.TenantId(userId);
	if (!tenantId.HasValue) return AccountFactory.All(userId);

	var integration = IntegrationFactory.Instance.Find(tenantId.Value, userId);

	return (null == integration) ?
		AccountFactory.All(userId) :

The UI neither knows nor cares whether the particular user gets her accounts from efox, from SalesForce, or from a squirrel; all it cares about is getting a list of accounts. In a sense, this is a classic bridge pattern.

I'll have a couple more posts on efox's CRM integration over the next few weeks. Next up, I'll talk about how CRM integration looks to the end user, then after that, about how we integrated single sign-on (SSO) with multiple identity providers. Check back in a week or so for Part 3.

Giving 120% effort

It seems that Google is doing away with its 20% R&D policy:

When Google went public in 2004, the founders’ letter from co-founders Larry Page and Sergey Brin cited 20% time as instrumental to the company’s ability to innovate, leading to “many of our most significant advances,” including AdSense, which now accounts for about 25% of the company’s $50+ billion in annual revenue. Google engineers also used 20% time to incubate Gmail, Google Transit, Google Talk, and Google News, among other projects.

Recently, however, Google’s upper management has clamped down even further, by strongly discouraging managers from approving any 20% projects at all. Managers are judged on the productivity of their teams—Google has a highly developed internal analytics team that constantly measures all employees’ productivity—and the level of productivity that teams are expected to deliver assumes that employees are working on their primary responsibilities 100% of the time.

This is what happens when you get institutional managers. R&D makes or breaks technology companies; officially-sanctioned time to do it really makes a difference. I wonder what this will do to Google recruiting?

Unexpectedly productive weekend

Yes, I know the weather's beautiful in Chicago this weekend, but sometimes you just have to run with things. So that's what I did the last day and a half.

A few things collided in my head yesterday morning, and this afternoon my computing landscape looks completely different.

First, for a couple of weeks I've led my company's efforts to consolidate and upgrade our tools. That means I've seen a few head-to-head comparisons between FogBugz, Atlassian tools, and a couple other products.

Second, in the process of moving this blog to Orchard, I've had some, ah, challenges getting Mercurial and Git to play nicely together. Orchard just switched to Git, and promptly broke Hg-Git, forcing contributors to enlist in Git directly.

Third, my remote Mercurial repositories are sitting out on an Azure VM with no automation around them. Every time I want to add a remote repository I have to remote into the VM and add it to the file system. Or just use my last remaining server, which, still, requires cloning and copying.

Fourth, even though it was doing a lot more when I created it a year ago, right now it's got just a few things running on it: The Daily Parker, Hired Wrist, my FogBugz instance, and two extinct sites that I keep up because I'm a good Internet citizen: the Inner Drive blog and a party site I did ten years ago.

Fifth, that damn VM costs me about $65 a month, because I built a small instance so I'd have adequate space and power. Well, serving 10,000 page views per day takes about as much computational power as the average phone has these days, so its CPU never ticks over 5%. Microsoft has an "extra small" size that costs 83% less than "small" and is only 50% less powerful.

Finally, on Friday my company's MSDN benefits renewed for another year, one benefit being $200 of Azure credits every month.

I put all this together and thought to myself, "Self, why am I spending $65 a month on a virtual machine that has nothing on it but a few personal websites and makes me maintain my own source repository and issue tracker?"

Then yesterday morning came along, and these things happened:

  1. I signed up for Atlassian's tools, Bitbucket (which supports both Git and Mercurial) and JIRA. The first month is free; after, the combination costs $20 a month for up to 10 users.
  2. I learned how to use JIRA. I don't mean I added a couple of cases and poked around with the default workflow; I mean I figured out how to set up projects, permissions, notifications, email routing, and on and on, almost to the extent I know FogBugz, which I've used for six years.
  3. I wrote a utility in C# to export my FogBugz data to JIRA, and then exported all of my active projects with their archives (about 2,000 cases).
  4. I moved the VM to my MSDN subscription. This means I copied the virtual hard disk (VHD) underpinning my VM to the other subscription and set up a new VM using the same disk over there. This also isn't trivial; it took over two hours.
  5. I changed all the DNS entries pointing to the old VM so they'd point to the new VM.
  6. Somewhere during all that time, I took Parker on a couple of long walks for about 2½ hours.

At each point in the process, I only planned to do a small proof-of-concept that somehow became a completed task. Really that wasn't my intention. In fact, yesterday I'd intended to pick up my drycleaning, but somehow I went from 10am to 5pm without knowing how much time had gone by. I haven't experienced flow in a while so I didn't recognize it at the time. Parker, good dog he is, let me go until about 5:30 before insisting he had to go outside.

I guess the last day and a half was an apotheosis of sorts. Fourteen months ago, I had a data center in my living room; today I've not only got everything in the Cloud, but I'm no longer wasting valuable hours messing around configuring things.

Oh, and I also just bought a 2 TB portable drive for $130, making my 512 GB NAS completely redundant. One fewer thing using electricity in my house...

Update: I forgot to include the code I whipped up to create .csv export files from FogBugz.

Bezos buys WaPo


The Washington Post Co. has agreed to sell its flagship newspaper to founder and chief executive Jeffrey P. Bezos, ending the Graham family’s stewardship of one of America’s leading news organizations after four generations.

Bezos, whose entrepreneurship has made him one of the world’s richest men, will pay $250 million in cash for The Post and affiliated publications to the Washington Post Co., which owns the newspaper and other businesses.

Seattle-based Amazon will have no role in the purchase; Bezos himself will buy the news organization and become its sole owner when the sale is completed, probably within 60 days. The Post Co. will change to a new, still-undecided name and continue as a publicly traded company without The Post thereafter.

WaPo's story about itself is lengthy and a must-read.

Update: James Fallows wieghs in: "Newsweek's demise, a long time coming, was a minor temblor by comparison; this is a genuine earthquake."

How U.S. government over-reach may kill the Inernet

Observer columnist John Naughton explains how the practices Edward Snowden revealed have hurt us:

[H]ere are some of the things we should be thinking about as a result of what we have learned so far.

The first is that the days of the internet as a truly global network are numbered. It was always a possibility that the system would eventually be Balkanised, ie divided into a number of geographical or jurisdiction-determined subnets as societies such as China, Russia, Iran and other Islamic states decided that they needed to control how their citizens communicated. Now, Balkanisation is a certainty.

Second, the issue of internet governance is about to become very contentious. Given what we now know about how the US and its satraps have been abusing their privileged position in the global infrastructure, the idea that the western powers can be allowed to continue to control it has become untenable.

His conclusion: "The fact is that Google, Facebook, Yahoo, Amazon, Apple and Microsoft are all integral components of the US cyber-surveillance system." And no European country wants to deal with that.

So, great. United States paranoia and brute-force problem-solving may have destroyed the Cloud.

Microsoft ID age-verification hell

Our company needs a specific Microsoft account, not attached to a specific employee, to be the "Account Holder" for our Azure subscriptions.

Azure only allows one and only one account holder, you see, and more than one person needs access to the billing information for these accounts. Setting up a specific account for that purpose solves that problem.

So, I went ahead and set up an email account for our putative Azure administrator, and then went to the Live ID signup process. It asked me for my "birthdate." Figuring, what the hell?, I entered the birthdate of the company.

That got me here:

Annoying, but fine, I get why they do this.

So I got all the way through the process, including giving them a credit card to prove I'm real, and then I got this:

By the way, those screen-shots are from the third attempt, including one giving them a different credit card.

I have sent a message to Microsoft customer support, but haven't gotten an acknowledgement yet. I think I'm just going to cancel the account and start over.

Update: Yes, killing the account and starting over (by denying the email verification step) worked. So why couldn't the average pre-teen figure this out too? This has to be one of the dumber things companies do.

Re-evaluating tools. Again.

At 10th Magnitude, we have used Beanstalk as our central code repository. We transitioned to Mercurial about a year ago, which Beanstalk supported.

Today they sent around an email saying they're ceasing Mercurial support—including existing repositories—on September 30th, and would we care to switch to Git?

No. No, no, no. No Git. I'm not asking people to learn another damn version control system. (Plus Git doesn't quite suit us.)

But fortuitously, this forced re-evaluation of Beanstalk coincides with a general self-reflective re-evaluation we have underway. That doesn't mean we're going to Git, or (angels and ministers of grace, defend us!) back to Subversion, but as long as we have to move off Beanstalk, why not take a look at our issue tracking, external bug reporting, project management, and document sharing?

I'll have more about this as we get closer to the September 30th date, along with some awesome stuff about how we have developed an Azure application that does single sign-on with...just about any identity provider.

Inner Drive Azure benefits

As I promised four weeks ago, I have the final data on moving all my stuff to Windows Azure. I delayed posting this data because Azure pricing recently changed, as a number of services went from Preview to Production and stopped offering 25% discounts.

The concrete results are mixed at the moment, though increasing within the next couple of months. The intangible results are much, much improved.

First, electricity use. Looking at comparable quarters (March through May), my electricity consumption is down two thirds—even before air-conditioning season:

Consumption from March-May 2013 was 1028 kW/h, compared with 3098 kW/h over 2012. But this explains why the concrete benefits will improve: during June-August 2011, when all of the servers were running and so was the air conditioner, use was 4115 kW/h. I'm expecting to use less than 1800 kW/h this summer, just a little more than the one-month consumption in June 2011.

Costs, alas, have not fallen as much as hoped, unless you add the replacement costs of the servers. I'm currently running 3 SQL Database servers (consuming 2 GB), 3 extra-small cloud service instances, 1 small virtual machine, and 55 GB of storage. Total cost: $150.

Electricity in June 2013 was $55, compared with $165 in June 2012.

Don't forget the Office 365 subscription to replace my Exchange server at $26.

Finally, DSL and phone service went down from $115 to $60, because I dropped the phone service. Temporarily I'm supplementing the DSL with a FiOS service for $30. In a few months, when AT&T bumps the FiOS from 1.5 Mbps to 30 Mbps (they promise!), FiOS will go up to $50 and the DSL will go away.

So, cash flow for June 2012 was $279, and for June 2013 was $289. Factoring in the variability of electricity costs means Azure costs exactly the same as running my own rack.

What about the intangible costs? Well, let's see...I no longer have 8U of rack-mounted servers spinning their cooling fans 24/7 in my Chicago apartment. When I shut them off, the place got so much quieter I could hardly believe it. And I no longer worry about the power going out and losing email while I'm out of town.

In other words, I'm literally sleeping better.

Also, moving to Azure forced me to refactor my demo site Weather Now so extensively that I can now add a ton of really cool features that the old design couldn't support. (Once I have free time again. Someday.)

When you consider as well the cost of replacing the three end-of-life servers ($6000 worth of hardware), the dollars change considerably. Using 60-month depreciation, that's $100 per month savings on the Azure side of the ledger. I'm not counting that, though, because I may have limped along for a couple more years without replacing them, so it's hard to tell.

So: dollars, same; sleeping, better. A clear win for Azure.

A long time ago in a valley far, far away

On this day in 1977, the Apple ][ went on sale.

The base model had 4 kB of RAM, a 1 MHz 6502 processor, and could display 24 lines of 40 columns in 8-bit color. You could buy one for $1,298 ($5,029 today), or if you wanted to upgrade to 48 kB of RAM you would pay $2,638 ($10,222 today). It came with a cassette interface at first, then later with a 5¼-inch, 160 kB floppy disk drive.

I learned how to program in assembly language on one. Ah, memories.