My last 4 or 5 weeks have been consumed with what seemed like a never ending deluge of technology. I was asked to give technical presentations on ClickOnce, SQL Server Integration Services and SQL Mobile. The mobile stuff was fine as I've used various versions over the years and am fairly familiar with the product team but the latest SQL Server 2005 bits and Beta 2 bits of Whidbey are a considerable step forward in functionality and stability. Integration Services (IS) wasn’t too bad either as its predecessor DTS, was used heavily in a project I worked on some years back - that has also come a long way!
ClickOnce was brand new to me. I didn’t even know what it was! After several weeks of research, lots of code sample and, more importantly, deploying lots of 'hello world' apps I felt reasonably comfortable (with the welcome back-up of Sean Puffett) to stand at the sharp end of a conference and expound its virtues. Phew! Job done I thought, until I got roped into capturing my understanding for MSDN Flash. After a bit more hard graft, here is my article... actually there was one bit I left out of the article, and here is probably the right place to put it in. ClickOnce is designed to underline the SmartClient message from Microsoft, but we (Microsoft) have a fairly large hole in that message around mobile device solutions. Mobile device based solutions are absolutely the sweet spot for the SmartClient story because of the challenges thin client solutions face: network intermittency, user experience challenges etc. Deployment is one of the weaker areas for all mobile platforms: Windows Mobile uses the older CAB file technology and has only just achieved SMS 2003 support (don’t get me wrong, these are all good things, but still way behind desktop capabilities), non MS platforms are often less well catered for! ClickOnce would be an absolutely wonderful additional to the deployment arsenal for Windows Mobile, but it looks as if we wont get it in the CF 2.0 time frame. I would imagine the security model is likely to be the biggest blocker (no evidence based security in CF 2.0) stopping the port BUT I’m sure it will come, in one form or another and at some point in the future... pretty please, product group, make it sooner rather than later!
<stepping down from the soap box… and back onto the article>
SmartClient applications are about combining the simplified deployment and servicing of web applications with the rich user experience and developer productivity of “thick” client applications. Mike pointed to the Updater Application Block as a set of best practise technology that a developer can plug into their applications today to get HTTP deployment and update of their SmartClient applications.
In Visual Studio 2005, this technology is taken to the next level with “ClickOnce” deployment. ClickOnce provides a simple mechanism for packaging and publishing an application and its components from within Visual Studio 2005 using wizard guided steps to create an initial package and select a deployment point (web server, file server and so on). Each published version of the application contains an Application Manifest (*.manifest) file describing individual component versions and settings in XML. A single Deployment Manifest (*.application) file, again containing XML describing the revision history, is created in the deployment directory and is the install point for clients. When a client machine opens the central Application Manifest file the version information is compared against the latest local Deployment Manifest file and new components are downloaded automatically.
There are two ‘modes’ of operation supported by ClickOnce:
- ‘Launched’ applications must be launched by visiting a web URL and have a minimum impact on the local machine. Version checking occurs every time the application is launched.
- ‘Installed’ is the more interesting option because a start menu short cut is created and the application provides an uninstall option and the ability to “rollback” installations to previous good configuration – a great feature for pilot deployments.
In both cases the application is placed in an isolated storage area that is partitioned by user.
Publishing new application components is simply a case of selecting the publish option from the project settings. The next time that the application checks the server the new version will be downloaded and run.
If you’re going to install an application from a URL then security is likely to be at the front of your thinking. A ClickOnce application executes in a secure context with permissions controlled your security policy with the added flexibility for the application to request privilege elevation from the user. Application delivery is protected from tampering by X509 certificates.
An offline application can be configured to delay startup until updates are checked or to download updates in the background whilst it is running. If you need ultimate control then ClickOnce comes with its very own API in the namespace System.Deployment containing all the classes and methods needed to control when updates are checked, how they are downloaded and installed, and even when the application should restart itself.
Where does ClickOnce fit in the big scheme of things? It’s not intended as a replacement for full blown MSI packages, SMS 2003 or other enterprise management tools. Instead, ClickOnce is design to bring the SmartClient development choice to IT departments that today build web applets because of their management and deployment benefits. With its rich programming model, ClickOnce is certain to find its way into a much wider range of products to simplify the update process.
When you have access to Visual Studio 2005, after you have created your first “hello world” application, take 5 minutes to try out ClickOnce and see what you think – just right click the solution and select Publish.
For more information: