Whilst this article is somewhat late in coming, I wanted to take the opportunity of setting up a blog to discuss the latest status of Microsoft's .NET Core roadmap, and what this means for enterprise developers.
.NET Core has been a long time in the making. First publicly announced on 12th November 2014, .NET Core was a bold reimagining of .NET for an open source, cross-platform world. The desire was to move away from .NET Framework - tied to Windows - and replace it with a runtime that could be deployed to multiple operating systems. Undertaking both open source and cross-platform made this a very difficult job, and it must have been nerve-racking for those trying to convince some of the more traditional executives at Microsoft that this was a viable and worthwhile undertaking.
I first started taking signficant note of .NET Core when I stumbled Steve Sanderson's talk from NDC Oslo 2017, entitled "Web Apps can�t really do that, can they?". This was the first time the world had seen what would become Blazor, and I was immediately hooked. Up until this point, .NET Core seemed like an interesting experiment, but one that offered me nothing I needed, so I mentally put it into the 'Later' bucket. However, Blazor was something I saw a huge amount of potential in, and suddenly I needed to upgrade the priority on learning about .NET Core to 'Now'.
What I discovered was a very different environment from what had gone before. Open community stand-ups on all of the major streaming platforms, source code on GitHub, and invitations to make contributions were very different from the Microsoft of old.
As I learned more about this new world, I realised that there was a lot of benefit in getting to understand .NET Core, as it was clear at that point that it was going to be the future of .NET, and it was coming fast. I watched with excitement as Blazor was developed and eagerly awaited each new preview of .NET Core 3.0, all the while researching what was there - and what was not. Just as important as the promise of a new technology is the understanding of its limitations, and there were some that we needed to be mindful of.
For years I had been writing risk assessments on the web platform I was responsible for creating, and a lot of those assessments made reference to the security benefits of being on a platform that was patched as part of the operating system. Security vulnerabilities are a reality of our industry, and it is important to be able to take benefit from security updates that are made to the frameworks with which we work - and with as little manual intervention as possible. Manual intervention is always a problem - the more people need to do to get patches applied, the less likely it is to happen. In an enterprise setting, being able to rely on your frameworks is of huge benefit to the company and to your partners, as it gives confidence that theor brand will not be negatively impacted by any security vulnerabilities that could impact their customers.
This was a problem for .NET Core. Because of the desire to keep .NET Core cross-platform and able to iterate quickly, it was not patched through Windows Update, Microsoft Update or WSUS. Suddenly, I was faced with a problem - it became someone's responsibility to manually identify when security patches needed to be applied to .NET Core, and roll them out to our servers. This was less of an issue for those in the cloud under most circumstances, but that wasn't us.
Suddenly, and with limited fanfare, this issue has been resolved. One day I stumbled across a blog post that changed everything. https://devblogs.microsoft.com/dotnet/net-core-updates-coming-to-microsoft-update/
Whilst this news has not received much attention in the mainstream industry press, I consider this to be a hugely important and beneficial change. I for one would like to commend the team for having achieved this - and thank them personally. This has made my life much easier - and will benefit enterprise developers greatly. Now there really can be no hurdle introduced by security teams at any company - .NET Core (or .NET, as it has problematically been renamed) is what we should all be running our applications upon.
Having said that, it is important to note that migration from .NET Framework to .NET Core is not easy. Migration will take dedication and you will still find hiccups along the way. NotSupportedException is something you will struggle with on occasion - but that is a blog for another day. However, migration to .NET Core is a path every company should now be considering.
.NET Framework is not going anywhere. It will be supported for the next 10 years, and if your application only needs to run on Windows, then it may feel like you have no need to move. I do agree to some extent - but it is important to realise that you cannot avoid migration completely. .NET Core is where all of the innovation is happening, and it is where all of the developers will want to be. Whilst you do not need to panic, you do need to be preparing your migration strategy. People are going to ask what that strategy is, and you need to have an answer.
Come on in, the water is lovely.