views:

22

answers:

1

I'm using VS2010 and TFS to build a complex medium sized website.

Which protocol is most efficient and secure? I think I can enable any protocol I need since I own the IIS server and control all aspects of it.

My choices are:

  • Webdeploy
  • FTP
  • FileSystem
  • FPSE

There is also a hint at something called "one click"... not sure what that is, or if it relates to any of the above.

+1  A: 

OK.. I'm sorry, but I'm not sure where to even start, and I'm not sure the question is answerable as-is. I'd probably put this as a note if there weren't a limit on the number of characters.

So much depends on the type of data in this app, your financial resources, etc. This is one of those subjects that seems like a simple question, but the more you learn, the more you realize you don't know. What you're talking about it Release management, which is just one piece of the puzzle in an overall Application Life-cycle Management strategy.

(hint, start at the link posted, and be prepared to spend months learning).

Some of the factors you may need to be aware of are regulatory factors that you many not even have thought of. Certain data is protected, and different standards require you to have formalized risk and release management built into your processes. For example, credits card data, medical records, etc, all have different regulations (some actual laws, some imposed by the Payment Card Industry) that you need to be aware of.

If your site contains ANY sensitive data, you need to first find out whether any of these rules apply to you, and if so, which ones? Do any of them require audit trails for how code goes from development to deployment? (PCI does, for example. That's because we take credit card payments, and in order to do that, you need to be PCI Certified or face heavy fines.)

If your site contains NO sensitive information at all, then your question could be answered as-is, and the question becomes a matter of what you're comfortable with.

If your application DOES contain sensitive info that makes it subject to rules that mandate a documented, secure ALM process, then the question becomes more complex, because doing deployments manually in such a situation is a PAIN IN THE BUTT. It' doesn't take too long before you start looking at tools to help automate some of the processes. (Build servers, tools such as Aldon for deployment, etc. There is a whole host of commercial and open source software to choose from.)

(we're using Atlassian for most of our ALM, but Team Foundation Server is also excellent, and there are a TON of other options.)

David Stratton
So TFS will do controlled deployments as well? Since there is so much information on the topic, do you have a direction, search words, or area I can concentrate on? (or just the blue link for TFS)
MakerOfThings7
If you go with TFS, start here: http://msdn.microsoft.com/en-us/library/fda2bad5.aspx
David Stratton