MyAdviceWriter ...

Business Software is in the business of data management. Creating, updating, deleting and using information in new ways as well as simplifying how it is collected and reported is key to what we do as technology professionals. With the advent of Cloud Computing being able to take advantage of relational data directly in the cloud using the same skills we’ve been using with solutions built on premise means we’ll spend less time on the good old learning curve. One great example where this is the case is SQL Azure, the relational database service from Microsoft.

If you’ve been working with SQL Server for any length of time you’ll know that at its base it is a relational database engine that talks on port 1433 and speaks a language called Tabular Data Stream (or TDS). Common tools for working with SQL Server on premise includes SQL Server Management Studio (SSMS), BCP, Integration Services, Visual Studio, and many more too numerous to name. What is interesting about SQL Azure is that it uses the same protocols and ports as SQL Server you run on premise, so all the same tools continue to work. In this post I’d like to show how to get started working with SQL Azure quickly, provisioning a server, creating a database and some schema, and then migrating data to it.

Provisioning a Server

First thing we need is a service running in a datacenter to host our databases from. This is a logical service that represents many physical machines. We provision a server by going to the Windows Azure management portal (http://windows.azure.com) and selecting the Database section. From there we select our subscription and then click the Create button in the ribbon.

This will provision a SQL Azure service in a specified data center. The management tool lets you select the data center and set administrative credentials. These credentials are whatever you want, but with a couple restrictions. For example it disallows certain usernames for the admin  account including SA, Root, Admin, Guest, etc. Next it requires a strong password which includes 3 of the 4 types of characters on the keyboard (Upper Case, Lower Case, Numbers, and/or Symbols). The last step is to set up some firewall rules which specify who can see the server. By default there are no rules included, you even need to check the box to allow Windows Azure Services to see the server. You should also add a rule for your development machine, but be aware that it’s looking at the external facing IP address. Fortunately when you click the Add button it includes your external facing IP address.

Once this is done you’ll see you have a new database service created. The server name is auto generated for you and is part of the *.database.windows.net domain. It includes a master database (which is used by the system, no charge to you), and you can add databases as needed. To create a database select your server and then click the “Create” button.

You’ll see a dialog that prompts you to decide the size of database and the name. You have options for Web and Business and sizes ranging from 1 GB to 150 GB.

After creating the database the ribbon provides  buttons which include functionality such as management of the schema and performance data from your database, as well as tools to import and export the data and schema. You can also drop the database and/or the server from the ribbon.

In the right pane you’ll find properties about your database. The pieces of information that are most useful include the allocated size, actual size, management URL (which is simply the generated name + .database.windows.net), and a link button to see examples of the connection strings you’ll use in your application to connect to SQL Azure.

So that’s it. I’ll go into the web based management tool in another post, but the key is that it is very easy to get up and started working with SQL Azure. In less than 5 minutes you can provision a service and be up and running with your database in the cloud.

Enjoy!
-mike

If you have an MSDN Subscription you get Azure benefits which you can use to develop in the cloud. In this post I’d like to share what’s involved in activating these.

As you can see there are some pretty hefty benefits available that you can start using immediately. To get going log into the MSDN Subscription site http://msdn.microsoft.com/subscriptions and log in to see your account.

After you select the MSDN Subscription you’re working with, click the link to Activate Windows Azure. It will navigate to the Azure account management page and begin the process of activation. Depending on the level of subscription you have you’ll see details on the amount of resources that are included with your benefits. All that will be required to activate them is a credit card.

Next enter your credit card info, and click to continue…Note that although the credit card is required for activation, a cap is applied to the account and your subscription will be suspended if your reach any of the usage limits for the duration of the billing cycle (month).

After validating the credit card your account is provisioned. To see information about your active subscriptions click on the Account link to see details. As the third screen shows my account has a $0 spending limit attached to it, so I will not be billed for the duration of my subscription unless I remove the cap. More on that in another post.

Happy Coding!

Yesterday in Bangalore at the GIDS conferences I did a session on working with Windows 8 and Notification Services. In it we talked about the live tiles that make up the new start screen in Windows 8 and how as a developer you have new ways to interact with your users thru the use of Toast, Tile, Badge and Raw notifications. We explored the 2 pieces of the puzzle that as developers we need to build, and showed how to make it all work.

The client app and the Cloud service make up the 2 parts of the equation, and the process is fairly simple. The client application developer registers their application with Windows Push Notification Service (WNS), then requests a channel to be notified on. It sends that channel to it’s Cloud partner who persists the channel and then uses that to send notifications thru WNS to the client. The result is a very rich interactive experience. There are many templates and formats for the notification to take, and as a developer all you need to do is select the one you want and send thru the appropriate values.

The tools and technologies you need include 2 versions of Visual Studio, including Visual Studio 2010 with the Windows Azure SDK 1.6 installed, and Dev11 to build the Metro style client application on Windows 8. This Starting from scratch there are NuGet packages you could use, but a MUCH easier path is to use the Windows Azure Toolkit for Windows 8 hosted on http://watwindows8.codeplex.com. Nick Harris has a great blog post that talks thru the contents of the kit and details for installing, but the basic premise is that on a 32 GB developer tablet (small disk) I was able to install all the parts I needed to be able to make it work and still had 10 GB left over after installing everything.

Enjoy!

Access Control Services is one of the many services that are part of the Windows Azure Platform which handles an authentication conversation for you, allowing you an easy way to integrate cloud identity from providers like Yahoo, Google, Facebook and Live ID with your application. You need an active Azure Subscription (click here to try the 90 day Free Trial), add an ACS service namespace, then add a Secure Token Service (STS) reference to your  application (you’ll need the Windows Identity SDK and tools for Visual Studio to add the Federation Utility that does that last part – download here).

If you’ve seen an error that says ‘Unable to find assembly Microsoft.IdentityModel’ and wondered what’s the deal? In the documentation for working with a Secure Token Service (STS) you might have seen that this assembly is not part of the default deployment of your Windows Azure package, and that you’ll need to add the reference to your project and set the deployment behavior to deploy a local copy with the application…all good, right?

So you follow the instructions and still get the error. One reason for this is that you might be seeing an error caused by calling methods from the serviceRuntime which changes the appdomain of your webrole. In that case you should consider adding a Startup Task to load the WIF assembly in the Global Assembly Cache.

The basic logic is that in the startup of the web role you’ll need to inject a startup task to run the gacutil executable to do the installation. I created a startup folder in my web project to contain the scripts and files necessary, including a copy of gacutil.exe, a configuration file for it, and a batch file “IdentityGac.cmd” to contain the script commands needed.

I copied the gactuil.exe and config files from my C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\Bin\x64 directory, and put them in the Startup folder. Next I created a cmd file (in notepad) with the commands to install the assembly into the GAC. I found a post that discusses how to create a script to do the installation on http://blogs.infosupport.com/adding-assemblies-to-the-gac-in-windows-azure/ where it installs the Windows Identity files and then sets the windows update service to on demand, installs the SDK, then runs gacutil.

    @echo off
    sc config wuauserv start= demand
    wusa.exe "%~dp0Windows6.1-KB974405-x64.msu" /quiet /norestart
    sc config wuauserv start= disabled
    e:\approot\bin\startup\gacutil /if e:\Approot\bin\Microsoft.IdentityModel.dll

I add these files to the Startup folder, and then open the properties for the 3 files and set the build action to none and “Copy to Output Directory” to Copy Always. This ensures that these files will be present in the deployed instance for my startup task. Next we edit the startup tasks in the Service Definition file, adding a section for <Startup>, and a <Task… to run our script file.

<?xml version="1.0" encoding="utf-8"?>
<ServiceDefinition name="MplsKickSite.Azure" xmlns="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceDefinition">
  <WebRole name="MplsKickSite" vmsize="ExtraSmall">
    <Sites>
      <Site name="Web">
        <Bindings>
          <Binding name="Endpoint1" endpointName="Endpoint1" />
        </Bindings>
      </Site>
    </Sites>
    <Endpoints>
      <InputEndpoint name="Endpoint1" protocol="http" port="80" />
    </Endpoints>
    <Startup>
      <Task commandLine="Startup\IdentityGac.cmd" executionContext="elevated" taskType="simple">
      </Task>
    </Startup>
    <Imports>
      <Import moduleName="Diagnostics" />
      <Import moduleName="RemoteAccess" />
      <Import moduleName="RemoteForwarder" />
    </Imports>
  </WebRole>
</ServiceDefinition>

In Steve Marx’s post on Startup Task Tips & Tricks he suggests that when debugging a new startup task to set the taskType to background instead of simple so that it won’t prevent Remote Desktop from getting configured. If you’re interested to download the Startup folder I used I’ve uploaded a zip archive file with the files here.

Happy Coding!

Today I showed a work around for when you are showing ACS on a site that is running without setting up the SSL piece.

<system.web>
  <!--Hack to get past request token on non-SSL site—>
  <httpRuntime requestValidationMode="2.0" />
  <pages validateRequest="false" controlRenderingCompatibilityVersion="4.0" 
         clientIDMode="AutoID"></pages>

          ...

Note that shutting off validation of requests is not recommended, as it opens exploits against your site. For a better way of approaching this, Sandrino Di Mattia does a great job of explaining the right way of how to deploy and use the access control service in an Azure deployed solution.

http://fabriccontroller.net/blog/a-few-tips-to-get-up-and-running-with-theazure-appfabric-access-control-service

Make sure you add a reference to Microsoft.IdentityModel v3.5.0.0 and then set the properties of the assembly to copy local with the deploy.

On another track we looked at how to explore the claims that are included as part of the returned identity. In the Azure event I also showed a page that shows the contents of the user identity and display information about the claims contained in the token returned from ACS. I created a page in a secure location, then added a simple data grid to the page (called GridView1 and then in the page load I pull the identity information from the authenticated user data. The code for the PageLoad is below:

        protected void Page_Load(object sender, EventArgs e)
        {

            try
            {
                // Cast the Thread.CurrentPrincipal
                IClaimsPrincipal icp = Thread.CurrentPrincipal as IClaimsPrincipal;

                // Access IClaimsIdentity which contains claims
                IClaimsIdentity claimsIdentity = (IClaimsIdentity)icp.Identity;

                // icp.Identity.Name;
                // txtAuthName.Text = claimsIdentity.Name;
                
                txtAuthType.Text = claimsIdentity.AuthenticationType;
                txtIsAuthenticated.Text = claimsIdentity.IsAuthenticated.ToString();


                var myClaims = from c in claimsIdentity.Claims
                               select new { c.ClaimType, c.Value };


                GridView1.DataSource = myClaims;
                GridView1.DataBind();


                // Enable secret content for administrators
                if (Thread.CurrentPrincipal.IsInRole("Administrator"))
                {
                    this.secretContent.Visible = true;
                }
            }
            catch (Exception ex)
            {
                txtAuthType.Text = ex.Message;
            }
        }

Enjoy!

I had a question after a Windows Azure Camp about what ports need to be opened and enabled at my work environment to enable working with Windows Azure. While the services work with REST there are a couple services that will benefit from adjusting the firewall to allow traffic between on-premise and the cloud. I found settings for Service Bus and SQL Server, and the settings are below…

Service Bus

-Minimal: Enable outbound http on port 80 and 443, authenticated against proxy server if any

-Optimal: Allow outbound on port 9350 to 9353, can limit to well known IP range

- 9350 unsecured TCP one-way client

- 9351 Secured TCB one-way (all listeners, secured clients)

- 9352 Secured TCP Rendezvous (all except one way)

- 9353 Direct Connect Probing Protocol (TCB listeners with direct connect)

SQL on-Premise via Windows Azure Connect

-In SSMS - Enable Remote Connections on SQL Server properties window

-In SQL Server Configuration Manager

- Disable or stop SQL Server Browser

- Enable TCP/IP in the SQL Server Network Configuration | Protocols for server

- Edit TCP/IP protocol properties and set TCP Dynamic Ports to Blank, and then specify TCP Port to 1433

- Restart SQL Service

-In Windows Firewall add the following rules

- Inbound Port 1433 (TCP) Allow the connection

- Apply to all profiles (Domain, Private and Public)

- Name the rule something significant

Enjoy!

One of the great things about Windows Azure is that it is a platform that is for the most part agnostic about what frameworks and languages you want to use. While I tend to do most of my demos in C# there is no reason we couldn’t use VB, PHP, Node.js, Java or any other language. In fact the developer story for the Microsoft Cloud is that if it runs on Windows it can run in Windows Azure. All you need is to configure the machine appropriately (more on that in another post). You can learn more about the tools by checking out the Tools section of the Windows Azure site.

For this CloudTip I got a request for how to do the encryption of the web.config but this time in VB. The logic is about the same, although I found that in VB I had to add a line to the configuration to save the new settings. The code for this in vb.net (adding to the global.asax file in the "Session_Start" subroutine…

Sub Session_Start(ByVal sender As Object, ByVal e As EventArgs)

    ' Code that runs when a new session is started 

    EncryptSection("appSettings")

End Sub

Private Sub EncryptSection(ByVal sSection As String)

    Dim config = System.Web.Configuration.WebConfigurationManager.OpenWebConfiguration(Context.Request.ApplicationPath)

    Dim configSection As ConfigurationSection = config.GetSection(sSection)

    If configSection.SectionInformation.IsProtected = False Then

        configSection.SectionInformation.ProtectSection("DataProtectionConfigurationProvider")

        config.Save()

    End If

End Sub

If you have questions about Cloud that would make a great Cloud Tip topic send them to me at my email or comment on the post.

Thanks!

In Windows Azure and especially with SQL Azure we need to store passwords to access things. I wanted to show how you can encrypt the web.config file by adding code to the global.asax file. The cool part of this is that using this technique you can secure application specific settings like connection strings and other data in the unlikely event that someone is able to get a copy of the configuration file (like by copying it to a thumb drive from the host machine or something similar).

The basic logic is to create a variable that points to a configuration section, then checking that the section is protected (i.e. encrypted). If it isn't, then call the ProtectSection method to encrypt the contents. The server uses the local DPAPI (Data Protection API) to encrypt the configuration section with a machine specific key, so only that machine can decrypt the contents. The code to add to the global.asax.cs file in the Application Start event for this is:

protected void Session_Start(object sender, EventArgs e) 
{ 
    EncryptSection("appSettings"); 
} 
     
private void EncryptSection(string sSection)
{
    Configuration config = System.Web.Configuration
                             .WebConfigurationManager
                             .OpenWebConfiguration
                             (Context.Request.ApplicationPath);

    ConfigurationSection configSection =
        config.GetSection(sSection);

    if (!configSection.SectionInformation.IsProtected)
    {
        configSection.SectionInformation.ProtectSection
        ("DataProtectionConfigurationProvider");
        config.Save();
    }
}

Happy Coding!

Suppose you have an existing application that you want to migrate to the cloud. There are many things to look at, from the data to the architecture to considering how you plan to scale beyond one instance. For simple web sites which don’t use a lot of data or stateful information the migration to the cloud can be pretty easy with the installation of the Visual Studio Tools for Windows Azure.

The current release of the tools (as of March 2012) is v1.6 which adds a command to the context menu when you right click on a web project. The SDK is installed using the Web Platform Installer (aka WebPI) which checks for previous versions of the tools and any other prerequisites and the consolidates the install into a single step.

After installing the tools when you open a Web Project, whether ASP.NET Web Forms, MVC, or similar, right clicking the project file gives you the command to add an Azure Deployment Project. You could achieve something similar by simply adding a Cloud Project to your solution and then right clicking on the “Roles” folder and adding the existing site to the project.

This adds a Cloud project to the solution and then adds the current Web project as a standard Web Role in the deployment. The key assets added include a Service Definition file and a couple Service Configuration files (one for running locally and one for running in the cloud).

The Service Definition file includes markup which describes how the Cloud Service will be deployed, including the public ports that are enrolled in the load balancer, any startup tasks and plugins that you want to run, as well as any other custom configuration that should be part of the deployment.

For example the Service Definition we created for the Kick Start event in Minneapolis looked like this:

<?xml version="1.0" encoding="utf-8"?>
<ServiceDefinition name="MplsKickSite.Azure" xmlns="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceDefinition">
  <WebRole name="MplsKickSite" vmsize="Small">
    <Sites>
      <Site name="Web">
        <Bindings>
          <Binding name="Endpoint1" endpointName="Endpoint1" />
        </Bindings>
      </Site>
    </Sites>
    <Endpoints>
      <InputEndpoint name="Endpoint1" protocol="http" port="80" />
    </Endpoints>
    <Imports>
      <Import moduleName="Diagnostics" />
    </Imports>
  </WebRole>
</ServiceDefinition>

In this code we’ve got a single web role being deployed that will run on port 80. It is running a small instance (1 dedicated core), and will have remote desktop enabled. The Service Configuration contains additional settings including the OS Family for the instance (1 = Windows Server 2008 SP2 and 2 = Server 2008 R2) and number of instances to run (in this case 3).

<?xml version="1.0" encoding="utf-8"?>
<ServiceConfiguration serviceName="MplsKickSite.Azure" xmlns="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceConfiguration" 
    osFamily="2" osVersion="*">
  <Role name="MplsKickSite">
    <Instances count="3" />
    <ConfigurationSettings>
      <Setting name="Microsoft.WindowsAzure.Plugins.Diagnostics.ConnectionString" value="UseDevelopmentStorage=true" />
      <Setting name="Microsoft.WindowsAzure.Plugins.RemoteAccess.Enabled" value="true" />
      <Setting name="Microsoft.WindowsAzure.Plugins.RemoteAccess.AccountUsername" value="...
      <Setting name="Microsoft.WindowsAzure.Plugins.RemoteAccess.AccountEncryptedPassword" value="...
      <Setting name="Microsoft.WindowsAzure.Plugins.RemoteAccess.AccountExpiration" value="...
      <Setting name="Microsoft.WindowsAzure.Plugins.RemoteForwarder.Enabled" value="true" />
      <Setting name="QueueName" value="createthumbnail" />
      <Setting name="myStorageAcct" value="UseDevelopmentStorage=true" />
    </ConfigurationSettings>
    <Certificates>
      <Certificate name="Microsoft.WindowsAzure.Plugins.RemoteAccess.PasswordEncryption" thumbprint="...
    </Certificates>
  </Role>
 </ServiceConfiguration>

Pressing F5 will run the Cloud Service in the local emulator (assuming we’re running Visual Studio as Administrator so it can communication cross process to the running services…an error message tells you if you’re not). The nice thing about this approach is it supports attaching to the local debugger and using the rich set of features such as breakpoints, local and watch variables, and all the rest of the goodness we’ve come to expect in Visual Studio debugging.

Once we’re satisfied that the application works and we are ready to go to the Cloud, you can right click on the Azure Deployment project and either click “Package” to create a deployment package which you can manually upload the the Windows Azure Management portal, or you can select Publish to automate it directly from Visual Studio. This runs a wizard with 3 basic steps to collect the necessary information and complete the deployment. You select the subscription you want to use, name the hosted service, optionally enable remote desktop and web deploy, and then click complete.

Note that if you enable Web Deploy, because this is only supported for a single instance development environment where you require the ability to publish changes to a web site quickly, the publishing process will change your configured number of instances to 1 despite having set it to 3 in the configuration files. That’s because if you have more than 1 instance deployed the load balancer will distribute the incoming web requests round robin, and if you change one of the instances with a web deploy you’ll have an inconsistent state. You can always change the number of instances from the management portal, but you should be aware of what you’re doing.

What happens next is the deployment process takes place. This includes validating that the hosted service is provisioned for you, uploading certificates if needed, then uploading your deployment package and configuration files to Windows Azure storage, and then deploying and starting your instances. It will also add the service deployment to the Server Explorer window (CTRL + ALT + S). From there you can see the status of your service instances, download the profile or intellitrace files if you’ve enabled that option (under advanced features during the publish).

For more information on how to do this, or if you’d like to see a webcast on how this is done, check out the first webcast in the Cloud Computing Soup to Nuts series (http://bit.ly/s2nCloud).

Enjoy!

Yesterday in Minneapolis we delivered the first Windows Azure Kick Start event of the series we’re running this spring to help developers learn and understand how to use the new tools and techniques for building cloud based applications. As part of that event we wrote a lot of code as a demonstration of how this stuff comes together and I’ve uploaded it to www.benkotips.com in case you’re interested in the download. The solution includes several projects including:

• MplsKickSite - An existing ASP.NET web site that we migrated to Windows Azure, implementing the RoleEntryPoint interface and adding references to the Microsoft.WindowsAzure.StorageClient for working with storage, and Microsoft.WindowsAzure.ServiceRuntime to give us instance information. We also added cloud identity to the site using Access Control Services to secure a data entry page with data hosted in a SQL Azure database
• WPFUpload which is a Windows application which includes logic to support drag and drop to upload files into Windows Azure Blob Storage, and if they are images to add work to a queue to create thumbnail images
• UploadDataLib which is a class library that implements Windows Azure Table Storage logic for working with the images uploaded by WPFUpload and the ThumbMaker worker role projects.
• ThumbMaker which is a worker role class that demonstrated working with Tables and Queues and the System.Drawing library to create thumbnail images and brand them with a custom logo message
• PhoneApp1 which demonstrates how to use a Windows Phone Silverlight user control to handle the login conversation with ACS
• NugetPhone which is a second example of ACS in use with devices, except that instead of spending 10 minutes to write the code like we did with PhoneApp1 we use the Nuget package manager to include a package (Install-Package Phone.Identity.AccessControl.BasePage) to perform the authentication for us and make the 4 code changes to implement the logic…2 minutes to demo

The decks and recordings of similar sessions are available on the Soup to Nuts Cloud Computing page of my site (http://bit.ly/s2nCloud). You can download the solution and project files and run every thing with the Compute and Storage Emulator, but you’ll need an active subscription to deploy to the cloud. If you don’t have Azure benefits you can activate from an MSDN Subscription you can always give the 90 day Free Trial a try.

Enjoy!