Archives For cloud computing

Azure CLI Day 0 – Install

September 3, 2013


As you know, I’m a huge fan of Windows Azure. One of the features I’ve come to truly appreciate over the past two months is the cross platform command line tools we’ve created to enable you manage your Azure resources right from the terminal. While we’ve got some great documentation ( on the tool, I wanted to spend some time writing a series of short blog posts showing you how to get started using the tools to manage your cloud. In this initial installment, I’ll show you how to install the tools.

 A quick note, I’m using a MacBook Air with OS X (Mountain Lion) installed. I’m also using Google Chrome as my default browser. The steps to install the tools on Windows and Linux are slightly different.
The first thing you’ll need to do is download the tools by going to Depending on your OS, you’ll need to download the correct installer.
00 download
In my case, I download the version for Mac. Once downloaded double-click the installer to launch it.
01 install startAfter double-clicking Install Command Line Interface, click Continue on the Introduction screen.
02 install introduction
“Read” the license and click Continue.
03 install license
Agree to the license
04 install license agree
Click Install
05 install installation type
After the installation completed successfully, click Close.
06 install summary
To test the install, launch an instance of your platform’s command line (Bash, Terminal, Command Prompt, etc.), type azure and press Enter.
07 console

If you see something similar to the picture above the installation was successful and you’re almost ready to start managing your Windows Azure services from the command line.
In the next post I’ll show you how to download your Windows Azure account information.
Did you know you can try Windows Azure for free for 30 days? Just go to and sign up.

TL;DR – Download and install the new Windows Azure Training Kit. Now!

Yesterday Microsoft released the Windows Azure Training Kit 2013 Refresh (I know, the name really rolls of the tongue). In all seriousness though, this is a great resource for both developers and IT professionals who want to learn about the Windows Azure platform. The training kit includes the following:

  • 50+ hands-on labs
  • 25+ demos
  • 30+ presentation

The August 2013 refresh includes the following new and updated content:

  • New Lab: Going Live with Windows Azure Web Sites
  • New Lab: Automatically Scaling Web Applications on Windows Azure Web Sites
  • New Lab: Creating a Windows Azure Mobile Service with a Custom API
  • New Lab: Introduction to Windows Azure Active Directory
  • Updated: Introduction to Windows Azure Access Control
  • New Exercises: Getting Started with Windows Azure Storage
  • Updated: Windows Azure Service Bus Messaging

This is a great free resource for helping you get started with Azure.

Wait, what’s that you say? You think there should be something else in the kit? You’re in luck! The Windows Azure Training Kit is on GitHub. After you read the Contribution License Agreement (CLA) feel free to contribute. Happy forking!


In case you missed, last week the Windows Azure Mobile Services shipped support for HTML clients. Here’s a recap.

The HTML client provides a JavaScript library that developers can use when building both Websites and PhoneGap/Apache Cordova apps.  The new HTML client combined with Cross-origin Resource Sharing (CORS) support helps developers leverage the great Mobile Services functionality available to native application developers today including:

  • Turn-key structured storage for your HTML5/JS applications
  • Authentication using common popular social identity providers such as Microsoft Account, Facebook, Twitter and Google
  • Scheduled scripts for performing periodic tasks in the background
  • Server script for push Notifications to native Windows Store, Windows Phone, iOS and Android apps
  • Partner services from the Windows Azure Store including SendGrid for email, Twillio for text/SMS and pusher for push to browser based clients         

Besides enable this great features, the team has created HTML client tutorials for the following scenarios on the Mobile Services developer center:

Getting started Get started with Mobile Services
Data Get started with data
Validate and modify data using server scripts
Add paging to your queries
Authentication/User Management Get started with authentication
Use scripts to authorize users
Services Send email from Mobile Services with SendGrid
Schedule backend jobs in Mobile Services
Tools Automate mobile services with command line tools


Why don’t you take it for a spin. Visit and build your first HTML app using Mobile Services using the HTML Quick Start project in the Windows Azure portal.


Overnight the Windows Azure Mobile Services team released official support for Android. Along with the SDK Microsoft has also written a number of tutorials to help you get started. The best place to start if you’ve never used Windows Azure Mobile Services before is the Getting started with Mobile Services tutorial. After you complete the initial walkthrough, there are a number of options you can look at depending on what your specific needs are:


Get started with data – Learn how you can use Mobile Services to store and retrieve data from an app.

Validate and modify data using server scripts – You can use server scripts to validate and modify data when you are inserting and updating it. This tutorial show you how to define and register server scripts with mobile services and how to modify your app to take advantage of the new behaviors you define through the scripts.

Adding paging to your queries – This tutorial shows how you can use paging to manage the amount of data that Mobile Services returns to your app.


Get started with authentication – Learn how to authenticate users in your app through a variety of identity providers, including Google, Facebook, Twitter, and Microsoft, and then leverage profile data to add features like greeting users by name.

Use scripts to authorize users – You can use scripts to authorize particular activities for authenticated users. This tutorial demonstrates how to create and register a script that filters data query results based on a userID, to ensure that users only access data that matches their userID values.


Get started with push – Push notifications let you deliver information to your app’s users through tile, badge, and toast notifications. This topic shows you how to use Mobile Services to send push notifications to an Android app. In this tutorial you add push notifications using the Apple Push Notification service (APNS).


Send email from Mobil Services with SendGrid – Learn how to add email functionality to your Mobile Service using the SendGrid email service. This topic demonstrates how to add server side scripts to send email using SendGrid.

Schedule backend jobs in Mobile Services – Learn how to use the Mobile Services job scheduler functionality to define server script code that is executed on a schedule that you define.


Automate mobile services with command-line tools – This topic shows how to use use the Windows Azure command-line tools to automate the creation and management of Windows Azure Mobile Services. It describes how to install the tools and how to perform common tasks including creating a new mobile service, creating a table, registering a script on a table operation, deleting a table, and deleting an existing mobile service.

This may have flown under your radar, but several weeks ago we (that’s the royal Microsoft WE) launched a new hub for Windows Azure on Channel 9. This hub serves as an index and entry point for all video content related to Windows Azure. Since the launch we have already made progress on building a video library to help developers get started learning Windows Azure. Introduction videos have been created for core services like Mobile Services, Web Sites, Cloud Services, and SQL Databases. This page also features three video series: Cloud Cover, Web Camps TV, and Subscribe!. Finally, this page highlights videos that have been recorded at events like BUILD and TechEd. I encourage you to check it out at

I think the introduction video series we created will be the most beneficial to you, especially if you’re new to Windows Azure. Below is a description of each series as well as direct links to each series.

Windows Azure Mobile Services Windows Azure Mobile Services
(14 videos)
This series is designed to help you learn about, and keep you up to date on, the latest from Windows Azure Mobile Services – a powerful turnkey backed for your Windows Store, Windows Phone 8 and iOS applications (Android coming soon).
Windows Azure Web Sites Windows Azure Web Sites
(4 videos)
Quickly and easily deploy sites to a highly scalable cloud environment that allows you to start small and scale as traffic grows. Use the languages and open source apps of your choice then deploy with FTP, Git and TFS. Easily integrate Windows Azure services like SQL Database, Caching, CDN and Storage. You can try out what you see in this series with 10 Web Sites for FREE!
Windows Azure Virtual Machines & Networking Windows Azure Virtual Machines & Networking
(4 videos)
Easily deploy and run Windows Server and Linux virtual machines. Migrate applications and infrastructure without changing existing code.
Windows Azure Storage & SQL Database Windows Azure Storage & SQL Database
(9 videos)
Windows Azure offers multiple services to help manage your data in the cloud. SQL Database, formerly known as SQL Azure Database, enables organizations to rapidly create, scale and extend applications into the cloud with familiar tools and the power of Microsoft SQL Server™ technology. Tables offer NoSQL capabilities at a low cost for applications with simple data access needs. Blobs provide inexpensive storage for data such as video, audio, and images.
Windows Azure Cloud Services Windows Azure Cloud Services
(8 videos)
This series is a mini online course that teaches you Windows Azure Cloud Services from beginning. We’ll start our cloud journey by setting up development environment, and then continue to explore some fundamental concepts of Windows Azure Cloud Services. The series builds a solid foundation for you to create highly-available, scalable applications and services using Windows Azure’s rich PaaS environment, and to deliver great SaaS solutions to customers anywhere around the world.
Windows Azure Media Services Windows Azure Media Services
(3 videos)
Create, manage, and distribute media in the cloud. With Windows Azure Media Services businesses can now quickly build a media distribution solution that can stream audio and video to Windows, iOS, Android, and other devices and platforms.
Windows Azure Service Bus Windows Azure Service Bus
(2 videos)
Applications and Services are increasingly connected and require integration across platform and network boundaries. Windows Azure Service Bus provides rich messaging and connectivity features for todays connected devices and continuous services. In this series learn about the latest improvements and features available and get in-depth guidance on how to implement rich messaging patterns with Windows Azure.

Be sure to stay tuned to the Windows Azure Hub on Channel 9 for new content!

Prior to June Windows Azure had been strictly a Platform-as-a-Service, or PaaS, environment which presented numerous challenges to those interested in running their existing applications in Microsoft’s data centers. In working with a number of clients I often found that the effort and cost required to make existing applications capable of running in a PaaS environment outweighed the cost savings of running in the Windows Azure data centers. As a result, many customers decided keep their apps on-premises.

With the June update to the Windows Azure platform Microsoft introduced its Infrastructure-as-a-Service or IaaS offering called Windows Azure Virtual Machines. Here’s an overview of the offering

Windows Azure Virtual Machine enables you to create a server in the cloud that you can control and manage. After you create a virtual machine in Windows Azure, you can delete and re-create it whenever you need to, and you can access the virtual machine just like any other server. You can use a virtual machine in Windows Azure to deploy the Windows Server 2008 R2 or multiple distributions of Linux operating systems. The virtual hard disk (VHD) that you deploy in a virtual machine can contain customized settings and your applications, which provides a robust platform for developing or migrating your application solutions. You can create multiple virtual machines and then load-balance traffic between them, and you can connect virtual machines to other Windows Azure cloud services running web roles and worker roles.


Windows Azure Virtual Machines allows customers to essentially “uplift” their existing applications to the Windows Azure environment using virtual hard disks that they have complete control over. This means many applications don’t have to be rewritten; they can simply be moved to the Windows Azure environment as is.

I decided to play around with this concept and host my own web application on Windows Azure Virtual Machine. The first thing I did was to go into the portal and create the virtual machine (vm) selecting the release candidate of Windows Server 2012 as the operating system. Once the vm was up and running I used remote desktop to gain access to the server and enable the Web Server role, which includes things like IIS. Once the role was enabled I tried navigating to the server in my browser only to be greeted with this:


Well, that was obviously not what I was hoping for. My first thought was that I needed to update the firewall on the server to allow traffic in on port 80. I returned to my remote desktop session and popped open the firewall only to discover that inbound rules were already in place for tcp traffic coming in on ports 80 (http) and 443 (https). What to do, what to do? I spent about an hour fiddling with the server with the same result, so I decided to walk away and attack the problem later.

Later that evening it dawned on me that the issue wasn’t with the server, it was with the server’s configuration in Windows Azure. I quickly navigated to, selected my virtual machine and clicked on ENDPOINTS. Here’s what I saw:


See the problem? I only had one endpoint configured to allow inbound remote desktop traffic. If I wanted to allow traffic over port 80 (http) I needed to created another endpoint. Here’s what I did.

First, I clicked the ADD ENDPOINT button at the bottom of the page


Then I selected Add endpoint and click the arrow on the bottom left of the page


Next I gave my endpoint a name, specified the protocol (you’ll want to use TCP), then specified the port. Since I want to server all http requests off of the default port I used port 80.


I then waited for the endpoint to be configured


I then used by browser to navigate to the server again where I was greeted with this



Hope it helps.


Having worked with the Windows Azure Platform since 2008 it’s easy to forget some of the initial hurdles I ran into and assume that others won’t have the same challenges. Of course, any time you assume anything you risk being wrong. Rather than assume you won’t run into the issues I did, I thought it would be good to review some of the lessons I’ve learned over the years and share what I’ve learned. In the first lesson I wrote about Windows Azure billing. In this lesson, I’ll look at running multiple web sites with Windows Azure.

Many people I talk to who are interested in using Windows Azure to host their web sites, but don’t know much about the platform tell me something like this:

“Well, we’ve looked at using Windows Azure, but the annual cost to host our four web sites is way more than we’re paying with our current hosting provider.”

To which I reply:

“OK. Let’s take a look at how you determined your Windows Azure cost.”

We’ll spend some time white boarding the solution they’ve put together, and it typically looks something like this:


In this case, we have a company that has four web sites. The company thinks that they need to run each web site in it’s own web role, and that they need to have at least two instances of each web role to get guaranteed SLA’s from Microsoft. The math to determine monthly costs from the company’s perspective is pretty simple:



















In fact, if we use the Windows Azure pricing calculator, we get the same thing:


At nearly $700/month it’s hard to argue against the client’s case that Windows Azure is just too expensive. It’s at this point in the conversation I’ll ask this question:

“Did you know you can run multiple web sites in a single web role?”

I’ll then take to the whiteboard and draw something along these lines:


I’ll then do the math:












As well as verify using the Windows Azure pricing calculator


This will usually raise some eyebrows. The Windows Azure champions at the client will say:

“See! I told you we could save money! Let’s do it now!”

That statement is usually tempered by someone else in the room who will respond with:

Well, that’s nice and all, but we don’t want traffic from our marketing site affecting performance of our other sites.”

Based on the last requirement of not letting the marketing site affecting the other sites, we can use a deployment that looks like this:


The math:












As well as verify using the Windows Azure pricing calculator


What’s the point of all this? Simple, Windows Azure isn’t a one size fits all solution. You can mold the platform to your needs rather than having to retrofit an exiting solution to the demands of the platform. As a result, it’s very easy to slice and dice your applications to get the performance and scalability your business needs while keeping costs in line.

The only secure computer is one that’s unplugged, locked in a safe, and buried 20 feet under the ground in a secret location… and I’m not event too sure about that one. – Dennis Huges, FBI

The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards – and even then I have my doubts. – Eugene Spafford, Purdue University Professor of Computer Science and Executive Director of CERIAS

As the above quotes indicate, and as you’re hopefully aware, simply by turning a computer on you open it up to risks. Connecting it to a network opens it up to even more risks. Connecting it to the internet opens it up to even greater risks still. Because of these risks it’s more important for you to consider the deployment topology of your applications and where the vulnerabilities lie. In this post I’ll talk about an enhancement made to Windows Azure SQL Database to give you finer grain control over who gain access your data.

When it comes to securing your Windows Azure SQL Databases, Microsoft has done some of the heavy lifting for you. Prior to the June update to the Windows Azure platform, you were able to secure your databases at the server level by specifying firewall rules. These rules filtered granted/denied connections based on the client’s IP address. The result was something like this:



You can configure these server levels rules in the portal. Alternatively, and much more to a DBA’s liking, you can also use some system views and stored procedures to view, create, update, and delete server firewall rules. These objects are available in your server’s master database. Here’s a rundown of what you can use:

  • System view sys.firewall_rules will display the server’s current firewall rules.
  • System extended stored procedure sys.sp_set_firewall_rule creates or updates a server-level firewall rule.
  • System extended stored procedure sys.sp_delete_firewall_rule deletes the specified server-level firewall rule.

While Windows Azure SQL Database server-level firewall rules were a good first step, they weren’t quite good enough. The problem is that server-level rules are an all-or-none proposition. If a client IP address has access to the server, then the client has access to any database on the server. Of course you can, and should, use SQL authentication to harden your databases, but that won’t prevent a decent hacker from trying to brute force his or her way into your database once server access is gained.

In the June update to the Windows Azure platform, Microsoft introduced another layer of security to SQL databases. This layer is the database firewall rule. With this level of security you can now filter traffic to specific databases on a given server based on client IP address. The result looks something like this:


In this scenario I’ve created a database-level firewall rule for database three. As a result, even if a client is able to access the server where database three resides, unless the client’s IP address is accounted for in the database-level firewall rules, the client will not be able to access the database.

Currently you cannot configure database-level firewall rules in the portal. However, just like server-level rules, you can take advantage of system views and stored procedures to view, create, update, and delete server firewall rules. These objects are available in your server’s master database. Here’s what you can use:

  • System view sys.database_firewall_rules will display the current firewall rules for databases on the server.
  • System extended stored procedure sys.sp_set_database_firewall_rule creates or updates a database-level firewall rule.
  • System extended stored procedure sys.sp_delete_database_firewall_rule deletes the specified database-level firewall rule.




Cloud Foundry



It seems I get 5-6 emails per week asking me how to move an existing ASP.NET MVC Web application to the Windows Azure environment. I have a short list of steps I’ve been copying and pasting into my responses, but I thought I’d take a couple of minutes to expand on those bullet points and make my answer a little more permanent by putting it on my blog.

Step 1 – Make sure you have the latest Windows Azure SDK for .NET installed. You can get it here:

Step 2 – Open your ASP.NET MVC project in Visual Studio. Here’s what mine looks like:


Step 3 – Add a Windows Azure Cloud Service to the solution

Here’s where we actually have to start doing some work.

First you’ll need to right-click on your solution and select Add and then select New Project


In the Add New Project dialog make sure the target framework is set to .NET Framework 4, select Cloud project types, then select Windows Azure Cloud Service, give the new project a name and click OK.


In the New Windows Azure Cloud Service dialog, don’t add any roles, just click OK.


You should end up with a solution that looks something like this:


You’ll want to make sure your Windows Azure Cloud Service project is set as the StartUp project for the solution. If the title of the Windows Azure Cloud Service project is bold in Solution Explorer you’re good to go. If it isn’t, simply right-click the project and select Set as StartUp Project.


Step 4 – Adding a Web Role

We’re almost done. The last thing we need to do is associate our current ASP.NET MVC application with the Windows Azure Cloud Service project.

Start by right-click the Windows Azure Cloud Service project and selecting Add, then select Web Role Project in solution…


In the Associated with Role Project dialog, select your ASP.NET MVC project and click OK.


Your ASP.NET MVC application should now appear as a Role in your Windows Azure Cloud Service project.


Run your application and note the URL.


If everything was done correctly, your URL should be If it is your running in the Windows Azure Compute Emulator, which means you were successful!

If you’ve made it this far you know that there were really only two steps involved in the process, and those weren’t even that difficult. Keep in mind that just because it’s easy to convert your ASP.NET MVC application to a Windows Azure Cloud Service does not mean that it will just work in the Windows Azure environment. There are a number of things to consider when moving to the Windows Azure Platform as a Service (PAAS) model. For example, the Windows Azure environment is stateless, you need to understand the consequences of putting your application in a truly stateless environment. Questions to ask include:

  • How does your application manage session? If you’re using an in-process session state provider you’ll need to change your provider. Luckily there are a number of providers available to you that leverage a number of Windows Azure technologies from table storage to distributed caching.
  • How does your application store persistent data? If you’re using local disk you’ll need to make some changes as Windows Azure disks are volatile. These means that any data you write to disk is not guaranteed to be there if the virtual machine is rebooted.

Of course there are number of other things to consider from third party components required by your application, to dependencies on other systems and services that do not reside in the Windows Azure data centers, to geopolitical regulations regarding where data can and cannot reside. The point of this post was to help you get started taking your existing application to the cloud.

Now for a few bonus points:

*Bonus – you may have noticed I’m using the release candidate of Visual Studio 2012. The steps above also work with Visual Studio 2010.

*Double Bonus – these steps work for versions 3 and 4 of ASP.NET MVC.

*Triple Bonus – these steps also work for ASP.NET Web Forms applications.

*Quadruple Bonus – these steps also work for ASP.NET web sites hosting WCF services.