• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 512
  • Last Modified:

Secure development environment

We are working on developing a unique software and I would appreciate and value your opinion and thoughts on an issue we are having.

We have a developer that wants to contract with us. He has already signed an NDA so we are covered on that aspect. He is working on a requirements document, which should be done by Monday. The issue is a development box to work on.

I’d prefer that all development work be done on a “protected” server, like a Rackspace cloud environment where we as the owners of the project can create a VM working environment and create AD “user accounts” for the developer to log into and build. It our opinion, that would serve to keep the code developed off his local machine and on the corporate server. In addition, we could also have the ability to create user accounts for the developer so that if an issue occurred, we could always disable their access to the source code.  If he followed the Agile methodology, updates should be done periodically.

We have a fairly lengthy discussion with him and his response is below. I will admit I am a bit out of my field on this, and certainly would value any insight you may have.

I appreciate your time and thoughts...

<Developer's comments>

Here's various notes and links to things we've discussed this morning. I still have outstanding to begin the discussion towards a requirements document.

Source control: we'll want to evaluate each of these three based on their merits:
SVN: http://subversion.apache.org/
Mercurial: http://mercurial.selenic.com/
Git: http://git-scm.com/

All 3 are open-source and completely free, though we could choose to purchase support if we wanted to. I recommend against it as there's really no need. Microsoft Team Foundation Server (TFS) is also a player in this space, but it tends to want to take over and force you down the blessed path. I recommend we flee from TFS. Thus far, I'm leaning towards Mercurial, though I only have a hunch of why thus far. If we choose to keep all development on Rackspace servers we won't need the features of a distributed source control system, and SVN becomes the logical choice.

BizSpark: http://www.microsoft.com/bizspark/ The program provides pretty much all Microsoft software for free for 3 years. There are a few restrictions for entrance in the program described at http://www.microsoft.com/bizspark/Faqs.aspx#13 A similar program is WebSiteSpark (I incorrectly called it WebSpark on our call) found at http://www.microsoft.com/web/websitespark/ The former is geared more broadly, the latter is geared specifically to websites. Upon closer inspection, it appears WebSiteSpark won't offer us the diversity of benefits we require.

Server specifications: We discussed how TPS would really feel more comfortable if development happened on machines in his infrastructure rather than only controlling the build process. I can appreciate his concern for intellectual property, and though not recommended, we could proceed to build this infrastructure. It will have a negative effect on productivity, but if that's the critical feature here, of course we need to build it that way. The build server is necessary to insure continuous software quality, and should be a separate machine from the development server.

If all copies of the source remain on boxes you control, I can't provide backups should disaster strike. Historically, I've been better at keeping source control both safe from prying eyes and backed up in case of emergency -- typically much better than my clients. With you on the case, I can see this situation is not that way. However, we should find an adequate disaster recovery scenario including at the very least daily file backups and periodic image-based backups.

Build Server:
Standard configurations:
- Windows Server 2008 R2 x64 (from MSDN)
- Sql Server 2008 R2 x64 (from MSDN, as we scale this will move to a different machine)
- IIS 7.5
Windows Update will get you:
- All patches and updates (you probably don't need Live Essentials or Windows Media Player 11)
- .NET Framework 4.0
Microsoft Web Platform Installer allows you to install:
- Web Deployment Tool
- Microsoft Farm Framework isn't necessary yet, but will be helpful when the time comes
- Avoid the IIS 7 default listings in spite of their tempting appeal
Other free tools (installation is tricky, so I'd prefer to either assist or do these):
- CruiseControl.NET - http://ccnet.thoughtworks.com/
- NAnt - http://nant.sourceforge.net/
- Our chosen source control server - VisualSVN Server from http://www.visualsvn.com/server/ or Git, etc.
- NUnit - http://www.nunit.org/

Development Machine:
Standard Configurations:
- Windows Server 2008 R2 or Windows 7 x64 (from MSDN)
- Sql Server 2008 R2 Developer Edition x64 (from MSDN)
- IIS 7.5
- Visual Studio 2010 Premium (from MSDN) - installation is tricky, so I'd prefer to either assist or do this
Microsoft Web Platform Installer allows you to install:
- Visual Studio 2010 Service Pack 1
- ASP.NET MVC 3 including the Tools Update
- SEO Toolkit
- Web Deployment Tool
- Avoid the IIS 7 default listings in spite of their tempting appeal
Free tools we can download and install:
- Fiddler - http://www.fiddler2.com/
- WinMerge - http://www.winmerge.org/
- 7Zip - http://www.7-zip.org/
- GrepWin - http://tools.tortoisesvn.net/grepWin.html
- The Tortoise appropriate for our chosen source control - TortoiseSVN, TortoiseGit, etc
- Net Reflector - http://www.reflector.net/ - There is a paid version, but we don't need it
- Scattered and extensive list of Visual Studio extensions inserted here
Tools we'll need to purchase separately:
- Resharper - http://www.jetbrains.com/resharper - we only need the C#
Personal edition
- LinqPad - http://www.linqpad.net/
- TestDriven.net - http://www.testdriven.net/ - the professional license is sufficient
- An appropriate source control plugin for Visual Studio: VisualSVN from http://www.visualsvn.com/visualsvn/ is such a tool for SVN
- RedGate Sql Compare / Sql Data Compare -
http://www.red-gate.com/products/sql-development/sql-developer-bundle/ - Sql Developer Bundle is likely an easier way to do this - This is a non-trivial price point, so we can discuss other ways to do what these tools do, though ultimately they're the one everyone uses as a yardstick
- Image manipulation tools - Photoshop is the industry standard, but is a non-trivial price point
We'll also want appropriate antivirus, anti-malware, firewall (preferably separate hardware, definitely not Windows Firewall), VPN software to these machines, etc. We'll also want to insure both machines have free outbound
access to the internet so they can pull in NuGet packages and CDN resources during the course of development.

As you can see, a lot goes into making a productive development workstation, and maintenance of said environment including patching and updating can get intense. This is why I prefer to keep this environment on my machine and
update and secure it as a natural course of action. If we must maintain development within the hosted sandbox we definitely can, but it adds a layer of infrastructure and management -- and ultimately cost -- that is significant, say nothing of the burden to the developer while using it.

1 Solution
Neil RussellTechnical Development LeadCommented:
My first comment would be..... Given all your security concerns and NDA Signing etc....

Did you ask his permission to post his entire response on a public forum for critic?  I know if it was me dealing with you I'd be pretty peeved about it if you havent.
ramitchell0954Author Commented:
In the process of professional development, all comments from the team are open for critique. I consider and value EE as a "team member" due to the experts on hand.This is an area that is beyond my immediate knowledge and I would appreciate direction and commentary. This is not unusual for our team to use different "experts" as part of our brainstorming. Even in an academic sense, this is information gathering prior to project launch and I'd gladly add commentary from the experts on hand at EE.

There is nothing to be "peeved" about...
Yes, the build server/test environment should be carefully controlled and a sand-boxed environment could help. However, what is the point of making a developer work in a sandbox? If you don't trust them, why allow them to develop your code? It wouldn't be spectacularly difficult for the developer to take a copy of the source code no matter how well you lock up your development sandbox - I can think of a couple of ways just off the top of my head.

Number one issue here is trust. If you allow him/her to develop code there is no way you can prevent them from getting a copy of it onto another machine unless they are supervised personally by someone looking over-the-shoulder at all times.

A developer usually understands his own development environment, having frequent and less-frequently used tools available immediately. If source control is done correctly it doesn't matter if the development machine blows up/gets a virus/falls off a cliff. If you are worried about the development machine getting stolen by a competitor just keep the working code copy on a TrueCrypt'ed disk on the development machine.

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

ramitchell0954Author Commented:
I understand and agree that the "best" security is only as good as those that use it. I can set up every protected environment I can think of, remotely or locally, but no matter how hardened the environment is, the potential still exists for sooner or later a USB drive walking away with my source code on it. I get that. I also get the trust aspect.

What I'm trying to establish, and maybe the question was phrased poorly, but what I'd like to know is what is "best practices" for creating a remote environment for allowing remote employees to develop proprietary code? For my due diligence, I would like to understand if there is a "standard" environment that others use.
A USB drive isn't required - screen scrapers or keyloggers will do just as nicely and I haven't started thinking deviously yet!

I don't know of a standard remote development environment. Development environments vary so much depending on the many thousands of different tools a developer might use to accomplish their goals. Here are a few recommendations I would start with ...

1) Build server/test environment should be situated on company property and behind company firewall. You might want to investigate a third-party Cloud setup if the company doesn't have the infrastructure and support people for this.
2) If the code can reside off-site for development, the working copy should be encrypted. TrueCrypt is nice for this job - just set up an encrypted disk and put the project onto it.
3) Any backups of code should be on encrypted media in case of loss/theft.
4) A VPN or ssh tunnel for sending code/data to the build server is necessary.
5) If you are working with personal data of individuals e.g. names/addresses - Any interchange of data between the build server and remote developers should be on a secure channel. e.g. testing development code attached to a database on the build/production environment. Check the Data Protection laws for the country you live in and also the laws of countries where you expect to deploy the application.
6) You can specify the firewall and anti-virus set-up on the development machine.

One approach we've employed successfully before for situations like this is only giving the developer access to a subset of the codebase.

This part they can download, compile into a library locally, use whatever tools they want.

But in order to integrate and test the code they need to submit it through source control - (which is normally HTTPS on a VPN) to a build server, which then compiles the entire code base and updates a test environment where they and anyone else with access can execute it.

This model achieves both good security (you never give them any kind of access to the bulk of your code so if somebody got their piece it's not a disaster) while also allowing them to remain efficient (they use whatever local development environment they wish).

It also requires very little in the way of special tools.  No need for sandboxing.  Just source control, a continuous integration server (lots of tools can do this off the shelf), a VPN etc.  Since most development houses already have all of this setup for internal work, there's really very little extra cost.

The main consideration is just ensuring that it's possible to build a portion of the code and plug it into the rest of the codebase independently.  That's good architecture, but may require some work if your code base tends to the monolithic.

ramitchell0954Author Commented:
This was the most concise explanation that I was looking for. Thank you.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now