Azure | Think first. Code later.

Archives For azure

Making Your Windows Azure SQL Database Even More Secure

August 20, 2012

The only secure computer is one that’s unplugged, locked in a safe, and buried 20 feet under the ground in a secret location… and I’m not event too sure about that one. – Dennis Huges, FBI

The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards – and even then I have my doubts. – Eugene Spafford, Purdue University Professor of Computer Science and Executive Director of CERIAS

As the above quotes indicate, and as you’re hopefully aware, simply by turning a computer on you open it up to risks. Connecting it to a network opens it up to even more risks. Connecting it to the internet opens it up to even greater risks still. Because of these risks it’s more important for you to consider the deployment topology of your applications and where the vulnerabilities lie. In this post I’ll talk about an enhancement made to Windows Azure SQL Database to give you finer grain control over who gain access your data.

When it comes to securing your Windows Azure SQL Databases, Microsoft has done some of the heavy lifting for you. Prior to the June update to the Windows Azure platform, you were able to secure your databases at the server level by specifying firewall rules. These rules filtered granted/denied connections based on the client’s IP address. The result was something like this:

You can configure these server levels rules in the portal. Alternatively, and much more to a DBA’s liking, you can also use some system views and stored procedures to view, create, update, and delete server firewall rules. These objects are available in your server’s master database. Here’s a rundown of what you can use:

System view sys.firewall_rules will display the server’s current firewall rules.
System extended stored procedure sys.sp_set_firewall_rule creates or updates a server-level firewall rule.
System extended stored procedure sys.sp_delete_firewall_rule deletes the specified server-level firewall rule.

While Windows Azure SQL Database server-level firewall rules were a good first step, they weren’t quite good enough. The problem is that server-level rules are an all-or-none proposition. If a client IP address has access to the server, then the client has access to any database on the server. Of course you can, and should, use SQL authentication to harden your databases, but that won’t prevent a decent hacker from trying to brute force his or her way into your database once server access is gained.

In the June update to the Windows Azure platform, Microsoft introduced another layer of security to SQL databases. This layer is the database firewall rule. With this level of security you can now filter traffic to specific databases on a given server based on client IP address. The result looks something like this:

In this scenario I’ve created a database-level firewall rule for database three. As a result, even if a client is able to access the server where database three resides, unless the client’s IP address is accounted for in the database-level firewall rules, the client will not be able to access the database.

Currently you cannot configure database-level firewall rules in the portal. However, just like server-level rules, you can take advantage of system views and stored procedures to view, create, update, and delete server firewall rules. These objects are available in your server’s master database. Here’s what you can use:

System view sys.database_firewall_rules will display the current firewall rules for databases on the server.
System extended stored procedure sys.sp_set_database_firewall_rule creates or updates a database-level firewall rule.
System extended stored procedure sys.sp_delete_database_firewall_rule deletes the specified database-level firewall rule.

In azure azure, cloud, cloud computing, microsoft, paas, sql database, windows azure

Converting an ASP.NET MVC Web App to a Windows Azure Service in Four Easy Steps

August 16, 2012

It seems I get 5-6 emails per week asking me how to move an existing ASP.NET MVC Web application to the Windows Azure environment. I have a short list of steps I’ve been copying and pasting into my responses, but I thought I’d take a couple of minutes to expand on those bullet points and make my answer a little more permanent by putting it on my blog.

Step 1 – Make sure you have the latest Windows Azure SDK for .NET installed. You can get it here: https://www.windowsazure.com/en-us/develop/net/.

Step 2 – Open your ASP.NET MVC project in Visual Studio. Here’s what mine looks like:

Step 3 – Add a Windows Azure Cloud Service to the solution

Here’s where we actually have to start doing some work.

First you’ll need to right-click on your solution and select Add and then select New Project

In the Add New Project dialog make sure the target framework is set to .NET Framework 4, select Cloud project types, then select Windows Azure Cloud Service, give the new project a name and click OK.

In the New Windows Azure Cloud Service dialog, don’t add any roles, just click OK.

You should end up with a solution that looks something like this:

You’ll want to make sure your Windows Azure Cloud Service project is set as the StartUp project for the solution. If the title of the Windows Azure Cloud Service project is bold in Solution Explorer you’re good to go. If it isn’t, simply right-click the project and select Set as StartUp Project.

Step 4 – Adding a Web Role

We’re almost done. The last thing we need to do is associate our current ASP.NET MVC application with the Windows Azure Cloud Service project.

Start by right-click the Windows Azure Cloud Service project and selecting Add, then select Web Role Project in solution…

In the Associated with Role Project dialog, select your ASP.NET MVC project and click OK.

Your ASP.NET MVC application should now appear as a Role in your Windows Azure Cloud Service project.

Run your application and note the URL.

If everything was done correctly, your URL should be http://127.0.0.1:81/. If it is your running in the Windows Azure Compute Emulator, which means you were successful!

If you’ve made it this far you know that there were really only two steps involved in the process, and those weren’t even that difficult. Keep in mind that just because it’s easy to convert your ASP.NET MVC application to a Windows Azure Cloud Service does not mean that it will just work in the Windows Azure environment. There are a number of things to consider when moving to the Windows Azure Platform as a Service (PAAS) model. For example, the Windows Azure environment is stateless, you need to understand the consequences of putting your application in a truly stateless environment. Questions to ask include:

How does your application manage session? If you’re using an in-process session state provider you’ll need to change your provider. Luckily there are a number of providers available to you that leverage a number of Windows Azure technologies from table storage to distributed caching.
How does your application store persistent data? If you’re using local disk you’ll need to make some changes as Windows Azure disks are volatile. These means that any data you write to disk is not guaranteed to be there if the virtual machine is rebooted.

Of course there are number of other things to consider from third party components required by your application, to dependencies on other systems and services that do not reside in the Windows Azure data centers, to geopolitical regulations regarding where data can and cannot reside. The point of this post was to help you get started taking your existing application to the cloud.

Now for a few bonus points:

*Bonus – you may have noticed I’m using the release candidate of Visual Studio 2012. The steps above also work with Visual Studio 2010.

*Double Bonus – these steps work for versions 3 and 4 of ASP.NET MVC.

*Triple Bonus – these steps also work for ASP.NET Web Forms applications.

*Quadruple Bonus – these steps also work for ASP.NET web sites hosting WCF services.

In azure azure, cloud, cloud computing, microsoft, paas, windows azure

Windows Azure Lesson Learned – Billing

August 14, 2012

Having worked with the Windows Azure Platform since 2008 it’s easy to forget some of the initial hurdles I ran into and assume that others won’t have the same challenges. Of course, any time you assume anything you risk being wrong. Rather than assume you won’t run into the issues I did, I thought it would be good to review some of the lessons I’ve learned over the years and share what I’ve learned. Lesson number one is all about billing.

Question, under which scenario will Microsoft bill me for Windows Azure compute instances?

Scenario A: My service is deployed, running and ready to receive requests

Scenario B: My service is deployed, stopped and will not receive requests

When Windows Azure became commercially available in early 2010 my initial assumption was that I would only be charged in scenario A above. So, I deployed several services, tested them out, and then stopped them, assuming I could start them up again on demand and only pay for when they were actually running. Of course, my downfall was the fact that I made an assumption. Imagine my surprise when I received a bill for $75 at the end of the month for services that I had running for no more than 10 hours. After doing some digging into the pricing documents I realized that Microsoft charges based on deployment not on status.

If we take the technology out of the equation and apply an analogy it might make a bit more sense. Let’s say I’m traveling and need a place to stay for three nights. The logical thing to do would be to reserve a hotel room for my trip. When I reserve my hotel room I’m not just booking it for the time I’ll be in the room, I’m reserving it for the entire three days. This means I can come and go when I please during the length of my stay. Similarly with Windows Azure, if I deploy a service, regardless of whether or not it’s running, I have at least one reserved virtual machine in Microsoft’s data center, which means I will incur charges based on the size of the instance(s) deployed.

So, the answer to the question is that Microsoft will bill me under both scenarios A and B.

The moral of the story is that while operationally it’s important to know what you have running in Windows Azure, financially it’s important to know what you have deployed to Windows Azure.

In cloud computing azure, cloud, cloud computing, microsoft, windows azure

Think you know Windows Azure? Think again!

July 30, 2012

On August 21, 2012, I and several of my RBA colleagues will be presenting at the Denver Azure User Group. We’ll be covering the new features available in Windows Azure. Below is short description of the session:

In June Microsoft changed the game in cloud computing by releasing previews of new Windows Azure services which simplify building applications that span cloud and on-premises servers.
Key highlights include of the release include:

New Windows Azure Virtual Machine capabilities, including Windows Server and Linux support.
Virtual networking between Windows Azure and your on-premises infrastructure.
Windows Azure Web Sites for website and Web application development.
Improved developer productivity with added support for Python and a new Eclipse plugin for Java.
Improved application services.
A new Windows Azure Management Portal for easier application management and monitoring.

In this session we’ll introduce you to these new Windows Azure services and show you how you can use them to bring your applications to the cloud.

You can find it our more details about the event and register here: https://clicktoattend.microsoft.com/en-us/Pages/EventDetails.aspx?EventID=161339

I hope to see you there!

In cloud computing azure, cloud, cloud computing, microsoft, windows azure

Cloud.Compile() for the Week of July 1, 2012

July 6, 2012

(A bit of slow week this week due to the July 4th holiday in the States)

{Analysis}

Apprenda

Why Enterprises Will Have at Least 2 Private PaaS’

Cloud Foundry

Future-proofing Your Apps: Cloud Foundry and Node.js

Eucalyptus

Seven Practical Steps to Help You Run Your On-premise Cloud Like a Business

Google

Another great year for App Engine at Google I/O

Microsoft

Rackspace

Cloudonomics – The Video

In compile apprenda, azure, cloud, cloud computing, cloud foundry, compile, eucalyptus, goolge, iaas, microsoft, paas, rackspace, saas

Cloud.Compile() for the Week of June 24, 2012

June 29, 2012

Amazon

Eucalyptus

Google

Microsoft

Rackspace

In compile amazon, app engine, aws, azure, cloud computing, compile, compute engine, eucalyptus, goolge, openstack, windows azure

Creating a Windows Azure Cloud Service with Visual Studio 2012 RC

June 28, 2012

If you’re like me you’re always playing with the latest and greatest development tools from Microsoft. So, naturally, when the release candidate of Visual Studio 2012 was released I downloaded and installed it and started kicking the tires to see what had changed and improved since the last version. Of course I was a bit disappointed that I couldn’t do any Windows Azure development, but there was enough new stuff to keep me occupied for a while.

Once the June 2012 version of the Windows Azure SDK was released with support for the Visual Studio 2012 Release Candidate I quickly downloaded and installed it and started doing some Windows Azure development. However, I ran into a minor road bump that you might hit as well so I just wanted to give you a head’s up.

The first thing I did was to click FILE then New Project. I then expanded the C# templates and selected Cloud when I was greeted with this screen.

Huh? I just installed the Windows Azure SDK for .NET and Visual Studio 2012 RC, right? Yes, I did. The issue is with the selected version of the .NET Framework. By default .NET Framework 4.5 is selected.

Windows Azure currently does not support the .NET Framework 4.5. Once I selected the the .NET Framework 4.0 the Windows Azure Cloud Service project template appeared and I was on my way.

You can get the release candidate (RC) of Visual Studio 2012 here.
You can get the Windows Azure SDK for Visual Studio 2012 RC here.

In azure azure, cloud, cloud computing, microsoft, visual studio 2012, windows azure

Upgrading Your Windows Azure Projects to Version 1.7

June 27, 2012

With prior versions of the Windows Azure SDK for .NET any time you opened a Windows Azure Cloud Service project after upgrading the Windows Azure SDK for .NET on your development machine, Visual Studio would automatically start the Visual Studio Conversion Wizard to upgrade the project. The June 2012 version of the SDK does not perform this automatic conversion for you. If you want to convert your Windows Azure Cloud Service projects from an older version of the SDK to the latest release here’ s what you’ll need to do:

Step 0: Install the latest version of the Windows Azure SDK for .NET. You can get it here.

Step 1: Open the solution that contains your Windows Azure project in Visual Studio.

Step 2: Right click on the Azure project (not the web and/or worker role projects) you want to upgraded and click Properties.

Step 3: You should see the following screen that lets you know your running an older version of the Windows Azure SDK. In my case I was running the November 2011 release, but your scenario may be different. Click the Upgrade… button.

Step 4: Your Windows Azure project will be unloaded and the Visual Studio Conversion Wizard will start. Click Next.

Step 5: Create a backup of the project, if you want to, and click Next.

Step 6: A summary page will display. Click Finish.

Step 7: After the conversion is complete click Close.

Step 8: To verify the conversion, right click on the Windows Azure project and click Properties (like in step 2 above). The Windows Azure Tools version should now read June 2012.

Hope this helps!

In azure azure, cloud, cloud computing, iaas, microsoft, paas

Capturing a Windows Azure Virtual Machine Image for Reuse

June 26, 2012

If you follow this blog or Windows Azure news in general you already aware that one of the new features available with the June 2012 release of the Windows Azure Platform is Virtual Machines. Windows Azure Virtual Machines enable you to easily deploy and run Windows Server and Linux virtual machines in minutes. One of the great features available with Windows Azure virtual machines is the ability to custom your VM and then capture the image so that you can create new VM’s based on your own specific needs. In this post I’ll show you how to do just that.

Step 0: Create a Windows Azure Virtual Machine. See this post for instructions how to do so.

Step 1: Log in to the new Windows Azure management portal at http://manage.windowsazure.com.

Step 2: Click VIRTUAL MACHINES.

Step 3: Select the virtual machine you want to creatable a reusable image of.

Step 4: Click CONNECT at the bottom of the page and login to the RDP session with the credentials you specified as part of the virtual machine creation process.

Step 5: Once the RDP session has started we need to SysPrep the machine. Open a command prompt as an administrator and enter the following command cd %windir%\system32\sysprep to change to the sysprep directory.

Step 6: Enter sysprep.exe to launch the SysPrep utility.

Step 7: Select Enter System Out-of-Box Experience (OOBE) for the System Cleanup Action and ensure the Generalize checkbox is checked. Also select Shutdown for Shutdown Options.

Step 8: Wait until the virtual machine has stopped running.

Step 9: Click the CAPTURE button at the bottom of the page.

Step 10: Enter a name for your image, click the I have sysprepped this virtual machine checkbox and click the checkmark on the bottom right of the page.

Step 11: Once the image is created you can see it by click the IMAGES link at the top of the page.

Step 12: To create a new VM based on your custom image click the NEW button at the bottom of the page.

Step 13: Click VIRTUAL MACHINE.

Step 14: Click FROM GALLERY.

Step 15: Click MY IMAGES and you should see your new image on the page. Select it and continue to configure the virtual machine as you would any other Windows Azure virtual machine.

I also created a screencast that walks you through the steps above. To view it, just click on the image below.

Happy clouding!

In azure azure, cloud, cloud computing, iaas, microsoft, paas, windows azure

Continuous Delivery with Windows Azure and TFS

June 25, 2012

One of the new features that comes with Windows Azure Web Sites is the ability to publish your web site using Team Foundation Services. Team Foundation Services is Microsoft’s TFS offering in the cloud. Team Foundation Services allows you to keep your source code and work items in the cloud. With Team Foundation Services your can work with your current tools, and languages, manage source code on- and off- line, and implement builds and continuous unit testging. In short, everything you love about TFS, but now it’s in the cloud. In this post I’ll show you how to link your new Windows Azure Web Site to a Team Foundation Services account to set up automatic deployments.

The first thing you’ll need to do, if you don’t have one already, is sign up for a Team Foundation Services account at http://tfspreview.com and create a project. Be sure to make note of the URL of your TFS account. It will be something like https://youraccount.tfspreview.com.

Next you’ll need to do, if you haven’t already done so, is to enable the new Windows Azure Web Sites features for you Azure subscription. You can do so by logging into http://account.windowsazure.com.

Once Windows Azure Web Sites are enabled for your subscription, log in to the management portal at http://manage.windowsazure.com

Click on the +NEW button on the bottom of the page

Click on WEB SITE

Click QUICK CREATE

Enter a URL for your web site, select a REGION (aka data center) where you want the web site to run, and select the SUBSCRIPTION you want to associated with the web site. Then click the CREATE WEB SITE button on the bottom of the page. (Note: during the preview period on the East US region supports Windows Azure web sites.)

Wait for your web site to have a STATUS of running. It took two minutes for the site I created along with this blog post get up and running, but your mileage may vary.

Once the site is running click on the NAME of the site. This will bring you to the site’s DASHBOARD. On the right hand side of the dashboard there is a *quick glance* section. Click on the *Set up TFS publishing* link.

Enter your TFS account name at the Authorize TFS connection prompt and click the Authorize Now link.

Click the Accept button to link your TFS account to the Windows Azure Web Site.

Select the TFS project to publish.

Make note of the TFS URL, and view instructions, if you need them, on how to check in code from Visual Studio 2012 or Visual Studio 2010.

At this point, you’re ready to start developing as you normally would in Visual Studio. I would recommend creating a simple web project (ASP.NET or ASP.NET MVC 2/3/4). Make any changes you wish and check into TFS. Once you check in, your Windows Azure Web Site will pick up the change and deploy.

Once the deployment is active, go back to the Windows Azure management portal and go to the DASHBOARD for your site by clicking the DASHBOARD link on the top of the page. On the right hand site of the page is the SITE URL for your web site.

Click on the link and you will be redirected to your site.

I also created a screencast of this process. Just click on the picture below to start watching.

In azure alm, azure, cloud, cloud computing, microsoft, team foundation server, team foundation services, tfs, windows azure

Archives For azure

Search

Keep the Cash

About Me