This is the last in a series of three blog posts exploring characteristics of development projects to consider when choosing a Software Configuration Management system. 
 
Process Automation and Enforcement 
Most software projects have a defined process. Some are lightweight and may just require that code reviews be done before a significant change is delivered to the project. Others are extensive and with detailed traceability requirements, limits on what is allowed in different phases of the project, strict rules based on security requirements, etc. 
 

Teams can follow process checklists to manually ensure proper procedures are followed but this can be tedious and error prone. The degree to which the process can be automated and enforced by the tools involved can greatly increase the ease of adhering to the process and can avoid costly mistakes, especially if the process is essential to meeting regulatory requirements. 
 
Security 
Different software projects can have dramatically different security requirements. Open source projects are open to all but still need to limit who can deliver a change to a stream that will be used to build a release. A commercial product might have a patented algorithm or a critical encryption implementation that should only be accessible the subset of the team responsible for it and the build and release team. It may be necessary to encrypt data traveling over a network connection. It may be important to restrict who has access to data that was copied out of the SCM repository to a client disk. The ability for an SCM system to meet and enforce the specific security requirements of a project is usually a non-negotiable prerequisite. 
 
Classified Development 
Many military and government projects have stringent requirements that span security, process enforcement, and traceability. They are often developed on isolated networks. They may require smart-card based authentication. 
 
Some classified projects are layered on a non-classified product or use a non-classified project as a base that can be modified. This is a classic parallel development pattern but introduces significant challenges. How do you ensure that the classified code never leaks into the non-classified project contexts? How do you meet the last requirement but also support merging changes from the non-classified projects into the classified contexts? The degree to which the SCM tool provides solutions to these (and many more) challenges can greatly impact the cost of development and level of confidence that the project requirements are met. 

Subcontracting 
Many projects involve contracting at least portions of the project to an external organization. The contractors may work on-site or off-site. There are often additional security requirements that must be managed. Mechanisms to automate and enforce the development process often increase in importance because the contractors frequently function in relatively isolated environments and may unwittingly bypass important rules if not enforced by the SCM system. 
 
Scalability 
The size of the software development team and the size of the software code base affect the load placed on the SCM system. A project with hundreds or thousands of developers or with hundreds or thousands of components with frequent builds occurring can place a tremendous load on the system. It’s important not only to understand the current size of a project but also to predict what it is likely to look like as it evolves over the years. Choosing an SCM system that is flexible and powerful enough to scale to the estimated needs of at least the next few years can avoid having to risk changing an important part of the development team’s infrastructure at some inconvenient point in the future, which can be a very disruptive undertaking. 
 
“SCM Strata” 
As is evident from the topics above, there are a wide range of reasons why an SCM system is highly valuable or essential for software projects. Each project must be evaluated to determine its key characteristics and the requirements on the tools used to implement the project. Choosing an overly complex tool can introduce unnecessary cost. Choosing an inadequate tool can drive costs higher, introduce a painful migration to a better suited tool at some point in the project, or even lead to project failure.  
 
SCM systems vary widely in their capabilities. One can think of the various tools as occupying different “strata.” Basic tools are in the lowest stratum. The most sophisticated tools are in the highest stratum (but can usually meet the needs of lower strata). Many tools exist in the middle strata. A project’s characteristics and requirements will determine the stratum that is most appropriate. The more characteristics discussed in this chapter that a project would benefit from, the higher that places the project. The more stringent the requirements on the project, the higher that drives it in the strata, too. Make sure to choose an appropriate SCM system for your needs.

Comment wrap
Further Reading
article-img
Secure DevOps | April 13, 2021
Choosing a Software Configuration Management System Part 2
This is the second in a series of blog posts exploring characteristics of development projects to consider when choosing a Software Configuration Management system. Including Build and Release Traceability, Change Traceability, Project Lifecycle Traceability and Distributed Teams.
article-img
Secure DevOps | April 7, 2021
Choosing a Software Configuration Management System
This is the first in a series of blog posts exploring characteristics of development projects to consider when choosing a Software Configuration Management system. A Software Configuration Management (SCM) system is an essential part of almost any effective software development project. It can provide solutions to different challenges faced by the many roles in a development team. These roles include software engineers/developers, project leaders, release engineers, process engineers, engineering managers, and even engineering executives.    Although all software development projects share many common characteristics, the differences between the projects often dictate the degree of sophistication needed in the underlying development tools. Characteristics that drive the need for a highly sophisticated SCM system can include projects with numerous developers, project teams spread across many different physical locations, projects dealing with a huge software system, projects needing tightly controlled security, projects with complex process automation and enforcement requirements, and projects subject to critical regulatory requirements. If you think of increasing sophistication represented by a series of layers, or strata, each of the aforementioned characteristics can push a project into higher strata. Many SCM systems can satisfy the needs in the lower strata.  Few are powerful enough and flexible enough to handle the higher strata. HCL VersionVault is without doubt, the most flexible SCM system in the world. It supports a wide variety of deployment models for local or globally distributed teams; provides a simple process model as well a highly customizable option; includes a wide variety of powerful graphical user interfaces (GUIs) in addition to a comprehensive command line interface (CLI); provides unique build tools that generate a detailed audit trail and enable high-speed parallel builds; and integrates with a wide variety of other tools including Eclipse, Microsoft Visual Studio, Cadence Virtuoso, workflow and lifecycle management/engineering tools, etc. POSSIBLE PROJECT NEEDS TO CONSIDER An SCM...
article-img
Secure DevOps | December 7, 2020
VersionVault brings SCM/DM capabilities to EDA World – with Cadence Virtuoso Integration
HCL VersionVault is a secure enterprise solution for version control and configuration management. With HCL VersionVault  - Cadence Virtuoso Integration, VersionVault  brings its enterprise configuration management capabilities to analog and mixed signal designers. This integration enables designers to take advantage of core capabilities of VersionVault, without leaving their familiar design environment. This integration allows custom chip designers to complete VersionVault actions from within Cadence Virtuoso.  Salient Features: VersionVault Cadence integration offers advanced sets of capabilities which makes it a right fit for IC designers. Figure 1: Integration Capabilities  Instant Workspace Creation With Dynamic views, irrespective of size of design libraries (running into GBs), designers can create their workspaces based on a desired configuration instantaneously. No client side downloading of content is needed.  Rich Graphical & Command-line support Integration supports all prominent design management use cases from Cadence Virtuoso's graphical interfaces i.e. Library Manager, Cell View Editors. Integration does provide a dedicated command-line interface as well for all major design management operations.  Library Manager: Figure 2: DM Operations via Context Menu's in LM Cell View Editors: Figure 3: DM Operations via CVE Command Line Figure 4: Command Line Interface Interactive Graphical Schematic Diff Schematic diff tool enables designers to graphically browse-through and review changes made across versions of the same schematic design. This tool will provide means to the designers to navigate through any addition, deletion or modification which may have taken place between the schematic versions being compared. During the navigation, the tool will also highlight the deltas on the schematic editor in case they happen to be part of any visible design component.  Figure 5: Graphical Schematic Diff Hierarchical Design Management The Hierarchy Manager GUI provides a powerful mechanism for examining and traversing a design hierarchy. On the specification tab, designer can specify various descent controls supported with advanced...
Close