Zero Deployment

1
Zero Deployment

• ?? ????? ???? ??????
• ????? ??? ???? ?????? ???????
• ????
• ??????

Magen MTC
eynatm_at_magen.com
2
Agenda

• Overview
• Drill-Down Zero Deployment
• Application Download
• Code Access Security Issues
• Debugging
• Updating Options
• Update from Web
• Application Updater
• Where are we going to?
• ClickOnce

3
Agenda

• Overview
• Drill-Down Zero Deployment
• Application Download
• Code Access Security Issues
• Debugging
• Updating Options
• Update from Web
• Application Updater
• Where are we going to?
• ClickOnce

4
Web or Rich Client?

• Web application
• Portals, search engines, documents, simple forms
• Reach desktops without .NET Framework
• Desktop application
• Rich user experience
• Leverage Windows controls and standards
• Drag/drop, right-click, keyboard shortcuts, etc.
• Reduce network round trips

5
Win Deployment Problems

• Installing client apps is fragile
• Will the install of app1 break app2?
• Traditional DLL hell problem
• Installing client apps is hard expensive
• Must touch every client
• Both for 1st time install subsequent updates

6
Reach vs. Rich

• Web App is great for reach ease of deployment
• Windows is great for rich ease of development
• The best of both for the Intranet
• Assume a certain client configuration
• Deployment of web applications
• Rich/Ease of development of Windows applications

7
Agenda

• Overview
• Drill-Down Zero Deployment
• Application Download
• Code Access Security Issues
• Debugging
• Updating Options
• Update from Web
• Application Updater
• Where are we going to?
• ClickOnce
• Summery

8
Run From Web
9
Application Download

• Application launched using an URL
• HTTP request/response protocol used to download
  app

GET /wahoo.exe HTTP/1.1 Accept
/ Accept-Language en-us Accept-Encoding gzip,
deflate User-Agent ... Host localhost Connection
Keep-Alive
HTTP/1.1 200 OK Server Microsoft-IIS/5.1 Date
Fri, 01 Feb 2002 021129 GMT Content-Type
application/octet-stream Accept-Ranges
bytes Last-Modified Fri, 01 Feb 2004 014116
GMT ETag "50aae089c1aac11916" Content-Length
45056 ltltstream of bytes from wahoo.exegtgt
10
Download Cache

• Entire app is downloaded to Assembly Download
  Cache
• User-Based directory
• Use gacutil.exe /ldl to view all the assemblies
  in the cache
• Use gacutil /cdl to clean the assembly cache
• The caching store limits can be configurable

11
Always up-to-date

• Downloaded applications cached in IE cache
• Cached used next time app is launched

GET /wahoo.exe HTTP/1.1 Accept
/ Accept-Language en-us Accept-Encoding gzip,
deflate If-Modified-Since Fri, 01 Feb 2004
014116 GMT If-None-Match "50aae089c1aac11916"
User-Agent ... Host localhost Connection
Keep-Alive
HTTP/1.1 304 Not Modified Server
Microsoft-IIS/5.1 Date Fri, 01 Feb 2004 024203
GMT ETag "a0fa92bc8aac11916" Content-Length 0
12
Other Assemblies

• Assemblies can be loaded implicitly or explicitly
• Both will look in the same places
• Assembly version needed determines how far to
  look
• GAC
• Download cache
• AppBase

13
Run From the Internet
14
.NET Code Access Security

• .NET Code Access Security is preventive
• Code prevented from doing anything its not
  awarded permission to do
• Code awarded permissions based on evidencewhich
  is often where the code came from

15
Permission Sets

• CAS permissions grouped into sets
• .NET comes with several named permission sets
• E.g. FullTrust, LocalIntranet,Internet and
  Nothing

16
Code Groups

• Permission sets are associated with code by code
  groups
• Code grouped together based on evidence
• .NET comes with several named code groups
• E.g. My_Computer_Zone,LocalIntranet_Zone,Interne
  t_Zone

17
Intranet and Internet Permission Sets
18
Run From the InternetWith full trust
19
Checking For Permissions

• Any action for which the code does not have
  permission will cause a security exception
• Knowing what permissions are available allows for
  graceful degradation

20
Ex Asking For Permission
using System.Security using System.Security.Permi
ssions bool HavePermission(IPermission perm)
try perm.Demand() catch(
SecurityException ) return false return
true void label1_Click(object sender,
EventArgs e) SecurityPermissionFlag flag
SecurityPermissionFlag.UnmanagedCode
SecurityPermission perm new
SecurityPermission(flag) if(
!HavePermission(perm) ) return ... // Fire
event
21
Debugging

• Sometimes things go wrong
• Debugging needs to happen in a semi-trust context
• Use IEExec.exe as start application
• IEExec is used to host downloaded assemblies

22
Debugging in semi-trusted context
23
Agenda

• Overview
• Drill-Down Zero Deployment
• Application Download
• Code Access Security Issues
• Debugging
• Updating Options
• Update from Web
• Application Updater
• Where are we going to?
• ClickOnce

24
Updating Options

• Always up-to-date
• Run-From-Web
• Application Updater
• Two code blocks from Microsoft make updating
  client-installed applications easier
• AppUpdater component
• Easier to implement
• Updater Application Block
• Best choice for enterprise-grade applications

25
Application Updater

• How it works
• Polls for available updates
• Detects via web service, manifest file or
  folder/file check
• Downloads updates in the background
• Applies updates
• Restarts the application
• AppUpdater Component
• http//www.windowsforms.net
• Application Updater Block from Patterns and
  Practices
• http//msdn.microsoft.com/library/en-us/dnbda/html
  /updater.asp

26
Agenda

• Overview
• Drill-Down Zero Deployment
• Application Download
• Code Access Security Issues
• Debugging
• Updating Options
• Update from Web
• Application Updater
• Where are we going to?
• ClickOnce

27
Where are we going to?ClickOnce Vision

• Bring the ease reliability of web application
  deployment to client applications.

28
ClickOnce Design Goals

• Safety of Web applications
• Application isolation
• Easy to install
• No large infrastructure investment
• Apps can be installed by User
• Easy to update
• App automatically detects and applies updates

29
Whats new in ClickOnce?

• Built-In deployment supports in VS
• Support for running applications offline
• Rolling back to previous versions of an
  application
• Listing an application in the Windows Start menu
  / Remove Programs catalog within the Control
  Panel
• Enable distribution the .NET Framework with a
  Windows client application.
• CAS Improvements

30
The Publish Wizard
31
ClickOnce
32
References

• .NET Zero Deployment
• Chris Sells, MSDN Magazine, July, 2002
• http//msdn.microsoft.com/library/default.asp?url
  /library/en-us/dv_vstechart/html/vbtchno-touchdepl
  oymentinnetframework.asp
• CAS
• http//msdn.microsoft.com/library/default.asp?url
  /library/en-us/dnnetsec/html/THCMCh08.asp
• http//msdn.microsoft.com/library/default.asp?url
  /library/en-us/dnnetsec/html/HTCode_Acc.asp
• SDK

33
Summary

• Smart clients combine the best of both rich
  clients and web deployment
• Requires .NET Framework pre-installed
• Runs only inside Internet Explorer 5.01
• Best suited for the Intranet