What is the best way to give SCM access offshore to a centralized SCM system?

Jirong  Hu's picture
Jirong Hu asked on October 5, 2012 - 6:16pm | Replies (3).

Nowadays many large companies have outsourced their development to offshore. Almost all large organizations I've worked with has a large number of developers in India. One common issue is how to let them access to our SCM system?

Many use VPN, but have concerns, because these developers has nothing to do with our organization, e.g. we outsource to IBM, IBM gives it to India, and so on. There are concerns to let these developers come into our WAN/LAN directly from VPN.

I've worked with ClearCase and RTC, as well as MS TFS, and I also put a couple of posts here to discuss this issue. https://jazz.net/forum/questions/90147/rtc-offshore-access

I am just wondering how you guys are handling this issue and what product/solution works best for you.


3 Answers

Bob Aiello's picture
Bob Aiello replied on October 16, 2012 - 3:04am.

This is an interesting topic. Git and Mercurial certainly make the case for a distributed version control system which means that you can clone a repo and have a copy in any location - although you are right that somewhere there should always be a master repo.

Many companies do indeed offshore to India and I have taught CM in Hyderabad, Chennai and Mumbai. But there are also lots of offshore efforts in other countries including China, Poland and the former Soviet Union. I am heading to the Middle East at the end of November and plan on meeting with high tech companies in Israel to discuss configuration management best practices. I have used ClearCase with Multisite for this effort and also IBM Rational Team Concert (RTC) to support offshore development. I think that the goal is to setup version control repositories that can be accessed from any location.

I would like to offshore myself to work from laptop on a beautiful beach with an endless supply of cold beer!

baynes's picture
baynes replied on October 17, 2012 - 9:03pm.

You could put your CM server in a DMZ and allow HTTPS or SSL connextions to it.

Or why not use an externally hosted CM service. I have used Collabnet in the past and that would provide what you need. Each project can have individual access control. We allowed extenals access to selected projects. I know of one case where it was used specifically to allow communications between two colaborating companies who did not want to connect their networks. There are lots of other alternatives available.

Joe Farah's picture
Joe Farah replied on November 1, 2012 - 5:11pm.

One option to you is to use Neuma's CM+MultiSite. CM+ itself is fairly inexpensive (<$1K/user), and this includes the full CM/ALM suite. So not just your source code, but your problems, activities, documents, test cases and results, build definitions, etc. will all benefit from a multiple site operation.

With CM+MultiSite, each site looks and acts like a central CM site. But in fact, each transaction is sent to every site and processed there.

There is the ability, and this is crucial in your case, to restrict certain files, documents, etc. from going to specific sites. So, you might want to exclude, for example, all files of a given file type, or all files for a particular product, etc. It is very flexible in how you create an exclusion list. This is known as Physical Data Segregation (PDS).

You may also use Logical Data Segregation (LDS). Unlike PDS, all files are sent to all locations but users can only see specific records. This applies to source code, problem reports, features/activities/tasks, test cases, documents, etc. and whatever other functional data you decide to add to CM+.

With LDS, users cannot tell the difference between an entire repository and a logically restricted one. They both appear to be complete, but in fact, for restricted users, there is information missing. And this can be specified in a dynamic (rules) or static (records) manner.

When using LDS, you will likely want at-rest encryption enabled so that users cannot get at any data without going through CM+.

The good thing about CM+MultiSite as opposed to CC/CQ is that it is almost administration free. There's a bit to install, a bit to synchronize sites, and then there will be some in order to set up your specific exclusions - and this can be as complex as your exclusion rules are, but generally fairly simple.

You may have a few full sites and some restricted sites. Full sites act as warm-standby disaster recovery sites for one another, doubling as well as on-line backups.

Neuma also guarantees that CM+ is the best ALM available (see www.neuma.com). It is the only ALM tool certified by ICM as CM-II compliant, and it is the only 4G CM/ALM tool available.

CMCrossroads is a TechWell community.

Through conferences, training, consulting, and online resources, TechWell helps you develop and deliver great software every day.