It’s been weeks since I have been able to gather my thoughts and put out something meaningful into the blogosphere.  The scale of the technology migration we’re planning is really showing as we identify all the pieces that will be needed.  Migrating 30 years of work is no small task and the pressure is definitely on.  We’ve been having some fun with it as that is one way to mitigate the stresses we feel.  We now refer to ourselves privately as the "Transformers", will be naming our team room "Cybertron", and have even assigned character names to members of the team.  As the architecture groupie I am referred to as "Ironhide", weapons specialist, and one of Optimus Prime’s oldest friends.

Last week Optimus (our team lead) put together a great road map for what we’re doing and we will be distributing that around the company shortly.  The road map identifies the key things we need to do starting from the foundation and building up to the bells & whistles we want in our applications.  This road map has really become key to what we’re looking to achieve and is guiding us toward our short-term goal of a high-level plan and the associated deliverables.

Security is one of the foundations that is almost number one or at least shares number one with a few other things.  After our initial meetings the security umbrella fell to me with heavy involvement from our security guru and other members of the team.  We had designed several security solutions in the past and all of those were reviewed and compared to today’s standards which is where we arrived at our first recommendation.  This level of work is interesting because it is tempting to want to dive into details, and that’s OK, but you also have to stay high level enough that you aren’t over-designing things from the start.  The recommendation made revolved around the use of SAML and WS-Trust and a Security Token Service.  Based on our research and experience this was our best "guess" as to what would be appropriate.

Part of this process also involves identifying vendors and products that may fit into some of our high level ideas.  We found one vendor who was open enough to have an early dialog with us even though some of our timelines could put us out years and not just months.  While their product definitely is very much what we’re looking for we were also looking for some validation that our best guess had some real merit.  And this is my key point.  The people on this team are very smart and have experienced a lot of things but we know we can’t solve it all and we can’t code it all.  

We do know enough to take the business need, merge that with the technology experience, and create our best guess at a solution.  Having that validated by what others are doing is critical.  In the end, you and your business owners will know what is the best solution in terms of cost and maintainability.  Looking to the industry for those best practices and ideas will help you create a solution that gives you the right balance and flexibility you need.  You don’t have to have all the answers, but it never hurts to have good places to start looking.

Where do I look when I’m trying to find best practices and guidance to make sure I’m on the right path?