CF Advisor (P.C.) - We'd like to find out what's going on with ColdFusion these days. You guys released version 4.5 just launching right now …
Berrey - That's right, at today's session [of the 1st Annual Allaire Developer Conference] we announced ColdFusion 4.5 and in this release we've really had three focuses. The first and really the most important is that we've made ColdFusion native on UNIX and we've released a version for Linux. So this is really one of the first proven web application servers that is now going to be available on the Linux platform. The second thing we've done is we've really focused on the fundamentals. We've taken the core things in ColdFusion and we've made them stronger, we've made them more reliable, and we've added functionality, productivity, scalability, integration, and security. The third focus for the release is really supporting this new Allaire e-Business platform strategy. This is our first major release since we've announced this strategy, and ColdFusion 4.5 really helps us support that.
|
"There are a lot of new features in ColdFusion version 4.5, but a lot of them are focusing in on the fundamentals, the things that the product has done well in the past - making it do those things better." |
CF Advisor (P.C.) - Why did you come out with version 4.5 rather than 5.0? What makes it come up short of a full-version upgrade?
Berrey - We decided to call this a point 5 release because our main focus has been rewriting the core code base to support and to run natively on UNIX and to support Linux. Since we made such a big engineering investment there, we weren't able to spend as much time on new features as we might do in a major release. Now, that said, there are a lot of new features in ColdFusion version 4.5, but a lot of them are focusing in on the fundamentals, the things that the product has done well in the past - making it do those things better.
CF Advisor (P.C.) - You have made a major commitment to the UNIX and Linux platforms; what percentage of the marketplace do you envision that taking?
Berrey - That's a challenging question. If you look at the market overall right now, about 14% of server shipments last year were Linux according to IEC. So Linux is growing very fast; it's actually the fastest growing operating system. If you look in our actual base, the majority of our base is still Windows NT. But we're increasingly seeing customers using Solaris, and we're hearing a lot of demand for Linux. So it's hard for us to predict what the actual market share is going to look like. We expect the majority to continue to be Windows NT, but we expect Solaris and Linux to also be strong.
CF Advisor (P.C.) - Two to three years from now, do you expect that to shift even more towards Linux or do you still expect Windows to retain the majority share?
Berrey - I think that's really hard to say. So much of that depends on where the operating system vendors take their technology and where our customers want to go over the next several years. Our main objective is to really meet our customers' needs and our customers' demands. So we're going to follow their lead, and where they take us, we're going to go. Right now we can't say exactly where that will be.
Spectra Support
CF Advisor (P.C.) - I'd like to ask you about Spectra. What can ColdFusion developers expect in terms of support for their use of Spectra?
Berrey - Spectra's really exciting for ColdFusion developers. There are a couple of things about it that are great. The first thing is that it lets you do a lot of things that folks are doing again and again and again, like building content management systems, or doing process flows, or doing personalization. It lets you do those things a lot faster than you're able to do, if you're just trying to write everything from scratch. At the same time that it gives you all this productivity, because things are finished, it also gives you a lot of flexibility.
If you think about Spectra, it's really like a whole bunch of new APIs. There's over 300 new tags in Spectra and so while you get a lot of stuff that's already built, you still really need developers to customize, to design, to build, to architect. And it leverages the strengths that you already have if you know ColdFusion. So if you know CFML and you know how to use ColdFusion well, you're going to be able to take advantage of Spectra to do a whole lot more.
I guess, the one more thing I'd say about Spectra is that it gives our partners the ability to enter accounts at a new level. You can make a much more strategic sale when you're selling both infrastructure and package systems. We've seen again and again that when our partners are able to talk about the fact that they can now deliver e-commerce content management package systems on top of an application server, it gives them the opportunity to do larger sales, bigger deals, and more interesting and more strategic projects.
CF Advisor (P.C.) - So you don't see any possibility of developers being in less demand because of Spectra? Actually you see it the other way around.
Berrey - I can understand your concern there - that you'd raise that kind of question. But I really don't think so. First off, the demand in this market is growing so fast right now that frankly there's a shortage of developers. Everywhere I go, no one can find enough developers. And with Spectra there's really more opportunity. Spectra's not the kind of thing that you just plug in and run the install. Spectra's a system that requires customization, it requires development, it requires design work, and it requires the work of really highly trained developers. We expect it to actually generate a lot more work for developers.
Java Support and Integration
CF Advisor (C.A.) - I'd like to talk about the support for Java that's been introduced, and ask if you could describe it in the context of the different classes of constituencies that you have. You might think that you've got very large organizations/enterprises, who have a demand that may be driven from their own intentions of wanting to have a certain platform in place, and that's obviously a need that you've got to satisfy. Then you've got smaller clients that maybe don't feel the same driving need, but tend to want to do whatever they think is the next upcoming thing, they want to make sure that if it's out there they want to participate. And then you've got two classes of developers, I would think, like development houses, groups of 30-40, and they may look at that and go "OK. Well, we've got to add some people to it to start learning how to use. We've definitely got to understand it." And then you might have the very small groups, who might have just a couple of developers, their focus is on ColdFusion and they're looking at this and saying, What's in it for me? Do I really need to learn it?" And from what I've heard and from some of the announcements, I get the sense that some of what's new with the Java support may not even necessarily imply that those very small organizations need to do anything, but they'll get benefit. And I've not heard that articulated very clearly yet in some of the things that I've read, not because I don't think anybody has an answer, but it's just a different perspective and it's one, I think, that the developers reading this would be interested in hearing about.
Berrey - I guess there are a couple of things about the Java integration that are significant. The best way to look at it is from two perspectives: one is how we let you extend ColdFusion with Java, connect to other software written in Java; and the other is how we're going to let you use Java within the context of ColdFusion. In terms of extending ColdFusion with Java, just as you said, we've added support along a range of different needs.
On one level a lot of folks are very happy with what we've got in ColdFusion right now; they rarely run into a need to extend it or to add a new component. For those folks, well the fact that you can connect to Java maybe isn't so important, and the core features in ColdFusion is really what they're going to leverage and take advantage of.
The next group of developers are folks that are looking for additional functionality, and it's not available in ColdFusion - they want to write it themselves, they want to create new components. Right now in our tag gallery, there are over a thousand third-party components that are available. With our support for being able to call Java objects, you can now write extensions to ColdFusion essentially in Java; so if there's something that you want the server to do that it's not doing right now, you can write that in Java. It used to be that you had to use C or C++. So for the developers that are looking to sort of extend ColdFusion, do more sophisticated ColdFusion applications, they've got Java to extend it.
At the third level, which is really the large scale, very big enterprise applications, what we see happening in corporations is that they're bringing in two different kinds of technology that sit here at the center of their e-businesses. One is what we call Object Transaction Middleware - that's the technology that hosts ComPlus in Microsoft's case, it's the ORB and the services wrapped around CORBA in the CORBA community, and it's the EJB server in the Enterprise Java Beans server. These technologies are not unlike your relational database or your messaging server. They're some hardcore pieces of your backend infrastructure. In addition to that, folks are bringing in the e-business platform - a web application server package systems management visual tools. And what they want is, for their e-business platform to able to connect their object transaction middleware.
So, what goes into object transaction middleware? Well, it's a hard question, but it tends to be that it's a small amount of the code, but it's this complex business logic; in fact, a lot of this business logic right now is sitting in mainframe computers. It hasn't even been moved into the three-tier of the client-server world; it's still sitting in 390, it's still running in COBOL. What we think is going to happen over the next couple of years is that there's going to be a group of system programmers that's going to take that out of COBOL and put into EJBs. From within your ColdFusion application, you're going to want to be able to connect to those Enterprise Java Beans. So we've offered that at that level. That's the first piece - it's how we connect to Java on a bunch of different levels. And all of those new features are in ColdFusion 4.5.
Now the other thing we've done, and we've officially announced it [at the conference] today, is that we want to give folks the ability to actually write applications on the ColdFusion server in Java. And this is really a logical evolution of our server. If you think about what the server has, at its base there are a set of core services - services for connecting to databases, to middleware, to protocols, to ERP systems. Then on top of that there are a set of services that are run-time services, things like logging, scheduling, load balancing, indexing, and searching. Then on top of that we have a set of language services, and those services are essentially a way to get at the backend features and a way to script dynamic pages. Well, Allaire really pioneered this in the web space with a tag-based scripting language CFML, and it's incredibly popular; in fact we think it's become really the de facto standard, it has so many developers that are using it.
In addition to that though, we've heard from customers that they want to be able to use all their other languages as well. They want to be able to take advantage of the great functionality in ColdFusion in other environments. And so what we plan to do is take the award-winning technology in JRun, and integrate that into the ColdFusion server, so that you can use CFML or you can use JSP. Java Server Pages is basically a lot like ASP, except in the page, instead of putting VB script, you put Java. Now, I should say at the same time that we're gonna do that, we're going to leave JRun as a standalone product; because some people want to have just a standalone JSP Java Servlet engine. It's a really cool technology if you're looking for something with a small footprint right on the cutting edge of the specification, and it's real popular for things like embedded systems where people are doing 100% pure Java projects. So Java's really working its way on a lot of levels into the platform.
CF Advisor (P.C.) - That brings up another question related to the new release. When people get the upgrade, particularly the power users, what is going to be included with the package to clue them in to all the new tags that are available and so forth?
Berrey - Well we've added some great things to do that. In the visual tools, and also on the Server CD, there is going to be a multimedia title that walks through all the feature highlights. The new feature list that's in our release brief, which is available on our Web site today, is also going to be listed in the documentation. We'll be updating our training courses and all our training materials after the release at the beginning of next year. So there will be a lot of avenues where people can go for information. The best place to go now is just to the Web site.
|
"We're focused on security and it's one of our highest priorities." |
CF Advisor (C.A.) - Just to pick up on a couple more things that were discussed [at this morning's briefing] in the overview of the product roadmap, there was a distinction about the visual tools as being a component of the product roadmap. And I was just wondering, there wasn't any discussion today that seemed to talk about extensions to that. Are there any plans that you can discuss now publicly of any extensions to the visual tools aspect of the product roadmap?
Berrey - Right now our strategy is to focus on the tools that we have - ColdFusion Studio, HomeSite, and the tools that are available in the Spectra webtop. As you can imagine, as we add additional support for Java in the core platform, we plan to add new support for Java in the tools. We're still developing a strategy for how that's going to happen, but you can expect that we'll have more support for Java in our tools.
Open Source Initiatives
CF Advisor (C.A.) - There was also a comment made, and I don't know whether it was a foreshadowing of something that would be announced later today, but it wasn't followed up [at this morning's briefing], about making Spectra freely available to developers. It struck me that there could be an interesting possibility to help developers get Spectra in their hands for development, just like the single-user version of ColdFusion could facilitate them doing development, and then pushing that out onto a platform or a server where there was a licensed copy for multiple-user use. I know that a lot of people have been doing beta testing and get that, in a sense. Was [this morning's comment] a suggestion of something that may be coming?
Berrey - [Later in this conference] we're going to announce several open source initiatives that we're doing. There are really three big ones. First is WDDX. WDDX 1.0 is done and the source for that, that's Web Distributed Data eXchange, is going to be available from wddx.org. Second thing we're going to do is we're going to take forums and we're going to release that as an open source project. And then finally, we're going to take a part of Spectra, which is the COAPI - it's sort of the heart of Spectra, not all the additional services, but it's these core content management APIs - and we're going to have an SDK wrapped around the COAPI, which is going to be an open source project as well.
CF Advisor (P.C.) - I've had some developers ask, including some Team Allaire members, about the hidden tags and things of that sort, and how to make those more readily available to these high-end developers; in much the same way as Microsoft puts out a package that developers can buy which provides them with all the source information and the little tricks of the trade, as it were. Do you have any plans to come out with something like that for developers?
Berrey - Well, there were really only a handful of tags that we hadn't documented in ColdFusion 4.0 - those were all tags that were used in the ColdFusion administrator and functions. What we decided to do was in 4.5, we've documented all the tags. Some of them don't have quite the same detail that the other tags do, but they're all listed and we talk about what each of them does. So right now there won't be any undocumented tags or functions in ColdFusion 4.5. As far as putting together a special tips and tricks, that's not something that we're planning to do, but we've seen a real market growth for books and materials on ColdFusion and we expect to see some more of that.
Security Features
CF Advisor (P.C.) - Let's talk for a moment about security features in ColdFusion 4.5. There have been some well publicized security holes in the past that have come to light - for which, by and large, Allaire has done an admirable job quickly admitting to and rapidly deploying the necessary patches to people - but they still crop up. Quite often people don't hear about them until it's too late for them. Although you do make the patches available to them when they need it, what can you do to better get out the word to developers, to be a little more proactive about closing these security holes, and what in 4.5 has been done to improve the security features?
Berrey - We're focused on security and it's one of our highest priorities. In ColdFusion 4.5 we've added several really great new security features. First thing that we've done is we've introduced much tighter integration with OS security in Windows NT. So what you can do now is first authenticate a user using Windows NT authentication. And then once that user is authenticated, they'll be operating under the privileges of their user account throughout whatever they do in the ColdFusion application. So for example, if they're using an application that tries to access a file, their file access will be restricted by whatever their user privileges are under Windows NT security.
Second thing we've done is we've given you the ability to create what we call OS level security sandboxes. So again, using Windows NT security you can create security sandboxes. Essentially what that means is you assign security privileges to a directory and then every template running in that directory runs under those security privileges, instead of running under the privileges that the overall ColdFusion server will run; again giving you another way to restrict users who are using your server.
We've also extended our support in advanced security, so we've added the ability to secure functions, which you couldn't do in 4.0. And we've added a whole new UI that makes it a lot easier to use and makes it a lot more flexible for using the advance security features. In addition to that, we really and strongly encourage people to register for our security notification service. We've added a new page in the ColdFusion Administrator, the first page of the Administrator now lists different services, and on there is a link to the security notification site.
We sell a lot of product to the channel - there are a lot of customers who get the product without necessarily coming directly to Allaire. They use one of our great partners. It's really those folks who need to come to our site and register for the security notification service, and that's the best way to get information. We put bulletins out there when anything comes up, and we often will put bulletins out not just for things with Allaire products, but things that might work closely with ColdFusion and we think affects a lot of our customers.
CF Advisor (C.A.) - I'd like to follow up that advance security issue by asking something that I've wondered about, and maybe we can get this clarified once and for all. Does advance security require the enterprise version or doesn't it? My sense from reading some of the materials is that the only thing that requires enterprise is the server sandbox, as far as security goes, and that the other advanced security capabilities, including remote developer service security, user authentication security, and administration security, are elements that would not necessarily require the enterprise. And yet I know that the advance security requires the site-minder extension, and it would seem like that might only be part of enterprise.
Berrey - There's a lot of confusion about this feature. First I have to say that there are two different kinds of security in ColdFusion. There is what we call basic security and there is what's called advanced security. Basic security lets you secure your administrator, secure RDS access, and lets you turn off some of the tags that would be the most egregious tags in a shared hosting environment. It provides essentially a base level of security.
The advanced security services do really two sets of things. The first is they give you the ability to do what's called single sign-on, or integrated authentication, where you're able to authenticate users. The second thing they let you do is they let you set up access control by setting up policy stores and then associating the users with those policy stores in security context so that people are restricted in the kind of access they can get. The third thing advanced security lets you do is take server sandboxes and set up sandboxes which are really designed for shared hosting environments. So you've got multiple untrusted developers in the same machine [and] you can secure each one in a sandbox and gain a greater level of security. Now the advanced security features, the authentication and access control are both available in both the professional edition and the enterprise edition. The sandbox security is only available in the enterprise edition.
CF Advisor (C.A.) - That then confirms for me something that I've found a lot of people are confused about and that is, you can secure and lock down remote development with just the advanced security features in professional, without using the sandbox capability.
Berrey - That's correct. Using the advanced security in professional, you can set up users for remote development and have multiple security developers. I should also say that the services aren't available on a couple of our platforms at this time. They're not going to be available on the Linux release initially. They will be next year. Our goal is to have parity across our platforms, and right now they're not available on our HP-UX edition.
Coolest Features of 4.5
CF Advisor (P.C.) - [I'd like to wrap up this portion of our interview] with one more question. During your portion of the speech at this morning's Keynote Address [at the conference], you received a lot of applause when you indicated that extraneous white space would be removed in ColdFusion 4.5, and little things like that seemed to get a lot of positive attention from the crowd. What do you think are not necessarily the biggest and best of version 4.5, but the coolest features that developers might really appreciate and that would make their job a lot easier in terms of simplicity and ease of use?
Berrey - I was also surprised by the reaction today [to the removal of extraneous white space], but was also excited by it. I think it's a real example of how what we've done in this release is focus on the fundamentals, focus on the things that developers have really been wanting. I think that overall what developers are going to find is that everywhere they look, all the features that they've been using right now - the query, the functions, the protocol tags - all of these things have really nice refinements. We've added capabilities and we've added functionality that people have been asking for. It's just the whole product is easier to use and does more.
There are a couple of things that I think people are really gonna love. Projects are a great concept and in the last two releases we've had good evolutionary steps. With this release, I think we've really nailed projects and people are going to find that they make themselves a lot more productive. So on the development side I think people are going to be excited by projects when they get their head inside what's going on.
On the deployment side, the service level failover is incredibly cool. There's nothing like having the confidence that if you've got a cluster and ColdFusion has a problem on one of the servers, your web server has a problem on one of the servers, and pages aren't being returned to users, users aren't [going to be] seeing that. That's fundamentally what you get out of service level failover, and it's a great feature.
More to Come
In the next issue of CF Advisor see what the future holds for Allaire Corp. when Allaire's primary technology evangelist joins the interview. Adam Berrey is joined by Jeremy Allaire, Vice President, Technology Strategy to discuss Allaire's future product direction as well as Jeremy's responsibilities for establishing key strategic partnerships within the Internet industry.