Archive for the ‘Infrastructure’ Category

Creating a code repository with Subversion

If you’re going to be serious about software development, you need to maintain a source code repository.  In this post, I’ll share my experience creating a source code repository with Subversion on a Windows server in under 30 minutes.   

image image

My first home repo

Kind of appropriate for a first post on a software blog, don’t you think?   I’ve done a ton of coding (C# and .NET mostly since 2001), but never took the time to set up a code repository at home.   Now that I think of it, it’s sort of like the cobbler with his tattered shoes, imagesince at work part of what I do is make sure that software best practices are followed:  checking in code, testing code, ensuring repeatable release practices (CMM) are followed, etc. 

But in my last experience as an architect and director at Advertising.com (now owned by AOL), we evaluated code repo’s, selected Subversion, and migrated the whole Technology division onto it.  

The best part about it – beyond that it works very well, of course – is that Subversion is open-source and free.

Preparing the server: 15 minutes

I chose to set it up on my primary network server, a Dell PowerEdge 1600SC running Windows Server 2003.    To do this, I wanted a dedicated and secure space, so I chose to create a separate volume for the repo.  

I followed my own, relatively new best practices for intellectual property (IP) and information assurance (IA) management, to ensure that this critical resource (code) was both secure and could not go away via a hard drive failure or other accidental happening:

  • Created a highly available disk volume. I created a volume (“DEV”) using Windows Disk Management on my most reliable, RAID-1 mirrored disks (Seagate 10K SCSI drives).  The likelihood of one of these failing is small enough, but the likelihood of both failing is astronomical
  • Enabled file system versioning. I set up a cross-volume shadow copy (VSS, not to be confused with the ancient Microsoft source control product) to ensure that prior versions of source files would be accessible.   Having your IP on mirrored, robust drives means nothing if you or someone else accidentally changes or deletes a file or folder.   If you’re interested in this kind of stuff, check out Windows volume shadow copy – it automatically keeps prior versions of files and lets you restore them using Windows Explorer. 
  • Locked down NTFS permissions.  I constrained the permissions on the volume to just Administrators, since this is a highly sensitive resource:  I removed the general Users group permissions.  This of course means that only users authenticated as admins will be able to browse the repo.
  • Shared the volume on the network.  I created a public network share (DEV), making it available to my development machines.  Once again, I restricted the share permissions – even though the effective permissions on a share under Windows are never less restrictive than the permissions on the underlying filesystem.   
  • Set up a file-level recurring backup task.  Set up a file/document level secure backup job under Scheduled Tasks in WS2003 using a 7-zip backup batch file I created.   This backup job ensures that all the files and folders on the volume are backed up nightly using AES-256 encryption, to a separate physical backup location (which is itself mirrored).    Since this archive is securely encrypted, it could also be FTP’d to an online storage service to provide additional security and recoverability. 
  • Set up a volume-level recurring backup task.   Hot-imaging the repo at the disk volume level provides additional recoverability: I feel much better knowing that if the primary RAID array failed for any reason, I would have not just one, but two separate means of restoring it.    This backup task I scheduled to run weekly and images the entire volume using a supporting batch file I created for DriveImage XML

Preparation extras

Other options you can consider, based on your knowledge of security and Windows, etc – I may implement some of these in the future:

  • Hide the share.  You could make the network share invisible to casual browsers by calling it “DEV$” instead of “DEV”:  this is a slightly hacky remainder which goes back to DOS, if I’m not mistaken.   This would prevent non-authorized users or hackers from even seeing that the share exists (“security through obscurity”).
  • imageEncrypt the volume. You could encrypt the volume using the highly secure Windows Encrypting File System (EFS) or BitLocker under Windows 7.   This would help ensure that the contents (your source code) would not be available to someone who swiped the actual physical server or hard drives.
  • Use asymmetric encryption on the backups.  You could use asymmetric encryption on the backup media (the archives and the volume images).   While the 7-zip archives I’m creating are locked down with highly secure AES-256, the password always ends up in a batch file somewhere, making it vulnerable to interception or theft.   With asymmetric public-private key encryption, the public key is used to encrypt – you can even give the key out to the world — but only the private key can decrypt – and it’s locked in your vault on a couple USB drives… and probably a good old piece of paper.

If anyone has experience or a best practices using secure and available volumes, please chime in via comment:  I’m a software guy, not a security expert or IT administrator. 

Installing Subversion: 10 minutes

Now that I had created a relatively secure home for the repo that couldn’t easily be wiped out by any single failure, it was time to actually create the code repository.  

In my case, I followed the simple and clear instructions at Coding Horror to install Subversion on my service, start Subversion as a service (so it’s always available when the machine is running), and create a code repo.  True to the article, it took less than 30 minutes:  ten in my case, since I had worked with Subversion before.   That’s it!

If you’ve set up Subversion on your home server, are there any great tips/tricks/links that I’ve missed here?    

Advertisements