Talk: Pragmatic Azure at Boston Code Camp 21

Today I was delighted to speak at Boston Code Camp 21… Yes, that’s 21 code camps over the past 10+ years put on by the Boston dev community. There is a long list of volunteers , speakers, and sponsors.

My talk was: “Pragmatic Azure – What can the Azure Cloud do for me?” and the abstract is included below and the deck is here:

ABSTRACT

Pragmatic Azure – What can the Azure Cloud do for me?

Session Details – Boston Code Camp 21 – June 2014

Submitted by: Bill Wilder
Time: 10:20 AM – 11:30 AM, Saturday, June 21, 2014
Location: One Mem Drive, Commons (enter on 11)
Tags: Azure

A whirlwind introduction to the Microsoft Azure public cloud platform followed by a bunch of pragmatic ways to use it. From simple Web Sites to web-scale Cloud Services, from on-the-cheap dev-test environments to auto-scaling production services, Windows Azure covers the spectrum. What’s the story with designing for failure? What happens if I need to scale? How do I manage costs? These and more questions will be addressed.

Presented by Azure MVP Bill Wilder, it is based on real-world insights from an Azure-focused consultant who’s been working with the platform since the day it was announced in 2008. Some of the topics will be drawn from Bill’s Cloud Architecture Patterns book (O’Reilly Media, 2012).

Talk: Top Azure Features Every ASP.NET Developer Should Know About at Groupe Azure Montréal

Last week I was delighted to speak to the très agréable folks at the Groupe Azure Montréal.

My talk was: “Top Azure Features Every ASP.NET Developer Should Know About” and the abstract (in both French and English) is included below. Had a great time hanging out in advance of the event with both Alexandre Brisebois and Guy Barrette who were superb hosts and helped me and Maura get the most of our short trip to their fine city.

Here is a link to the slide deck (in PowerPoint): 2014-04-28 – April 28 – Groupe Azure Montréal – Top Azure Features Every ASP.NET Developer Should Know About.pptx

The sample code I spent the most time on can be found here: 

ABSTRACT

Lundi le 28 Avril 2014, nous sommes heureux d’accueillir Bill Wilder, auteur du livre « Cloud Architecture Patterns: Using Microsoft Azure », pour une présentation qui nous fera découvrir les meilleures facettes de la plateforme Microsoft Azure tout en mettent l’emphase sur le développement ASP.NET.

Bill adore partager et apprendre sur une multitude de sujets. Profitez-en pour lui poser vos questions à propos des patterns, des meilleur pratiques et des technologies qui en tour le cloud.

Inscrivez-vous sur notre page Meetup http://www.meetup.com/dotnetmontreal/events/135071842/

NOTE: Cette présentation sera en anglais

Sujet: Top Azure Features Every ASP.NET Developer Should Know About

Let’s face it: as technologists, “the cloud” is in the future for all of us, and resistance is futile. For many of us who predominantly develop on Microsoft technologies, adopting the Microsoft Azure cloud platform will be a natural progression.

How to get started? In this talk we will cover some easy ways to get started with the cloud, progressing from simple ideas to more ambitious ones as we go. Similar to how learning a new programming paradigm tends to stretch the mind (e.g., a C# developer learning functional programming with F#), you will also see that learning how to develop for the cloud will inform and shape how you go about developing day to day – even if not (yet) for the cloud.

Some of the topics we will cover (in varying depths) include devops, dev-test, non-.NET tool stacks, federated identity, semantic logging, and cloud-friendly architecture patterns – all while touching on a variety of Azure features and services on the way.

Conférencier: Bill Wilder, MVP Azure, Boston USA

Bill Wilder (Principal Cloud Architect for Development Partners Software Corporation) is a hands-on developer, architect, consultant, trainer, speaker, writer, and community leader focused on helping companies and individuals succeed with the cloud using the Microsoft Azure Platform. Bill began working with Microsoft Azure when it was unveiled at the Microsoft PDC in 2008 and subsequently founded Boston Azure, the first/oldest Microsoft Azure user group in the world in October 2009. Bill is recognized by Microsoft as a Microsoft Azure MVP and an Azure Insider, and is the author of the book Cloud Architecture Patterns, published by O’Reilly in September 2012. Bill can be found blogging at blog.codingoutloud.com and on Twitter at @codingoutloud. You can also check out the Boston Azure cloud user group at www.bostonazure.org and @bostonazure.

Talk: Guest Lecture at BU Cloud Computing Class

A couple of nights ago, I gave a guest lecture at Dino Konstantopoulos’ BU MET CS755 Cloud Computing class to a small group whose ability to stay awake and alert until 9:00 PM was impressive. My deck is attached.

For any of that class (or anyone else reading this), if interested in more Azure goodness, check out Boston Azure – www.bostonazure.org – a local user group that has now been meeting regularly (mostly at NERD) for around 4 1/2 years to learn about Azure, the cloud, architecting applications for the cloud, and more.

My book is available on Amazon: Cloud Architecture Patterns.

Slides from the talk: 2014-04-17 – April 17 – Building Cloud-Native Applications – Bill Wilder (blog.codingoutloud.com) – BU MET CS755

Stupid Azure Trick #10 – Use SSL on MSDN Visual Studio Azure VMs

If you are trying to Embrace SSL During Development when authenticating with Azure Active Directory, you may run into a little glitch if you do so on one of those handy MSDN Dev/Test VMs in Azure.

The glitch is that when running SSL on the MSDN VM the digital certificate for the SSL cert isn’t quite right. Here is a description of what you might see, followed by a workaround (until fixed at the source in the VM image).

The Problem

Visual Studio 2013 uses IIS Express by default and offers a very simple experience for HTTPS locally:

  • Create a web application
  • Look at the properties for ‘WebApplication1′ and you’ll see an option SSL Enabled — by default it is false, but change it to true
  • By setting SSL Enabled to true, you will now have a value forSSL URL which is something like https://localhost:44300 or above (ports 44300-44399 are reserved for this I think, and next new project gets next available – check out C:\Users\YOURACCOUNT\Documents\IISExpress\config\applicationhost.config to see the bindings that were set up)
  • Hit F5 to run, and if you can navigate to the HTTPS URL and you get the “hey, this cert isn’t trusted!” warning, but otherwise works fine — at least on the desktop. The behavior is different in the MSDN Visual Studio Azure VMs (NOTE: these are very specific VMs, described here – for those of you interested in taking advantage of those specially licensed VM resources associated with MSDN accounts).

Using MSDN Visual Studio Azure VMs, this developer experience does not quite work out of the box. SSL Enabled is true automatically when creating an ASP.NET app that uses Azure Active Directory for org authentication. If you create a new web app, then simply click Change Authentication and select Organizational Accounts, set one up, and then proceed as normal, then hit F5. When your app runs, it will try to authenticate over HTTPS, and it fails as in the scenario above if running on one of these MSDN Visual Studio Azure VMs.

The Solution

Follow these steps:

  1. RDP into your MSDN Visual Studio Azure VM
  2. Paste the following into a PowerShell Window and run them:
  3. $thumb = (dir Cert:\LocalMachine\my | Where-Object Subject -eq ‘CN=localhost’ | Select-Object Thumbprint –First 1).Thumbprint
  4. if ($thumb –ne $null) { del Cert:\LocalMachine\my\${thumb} }
    control /name Microsoft.ProgramsAndFeatures

    The above code will work in the default state of these VMs at this time which assumes only a single certificate with Subject of ‘CN=localhost’ is present in the certificate store.

  5. Right-click on IIS Express and select Repair.
  6. Celebrate your now functioning local F5-ready SSL experience.

 

[This is part of a series of posts on #StupidAzureTricks, explained here.]

Speak to the Lonely Cloud Data Center Workers

A professional reality is looming: fear of obsolescence. Like so many of you, I worry about becoming obsolete (I work in cloud software which moves VERY FAST and getting faster), so I figured it was time to do something for a small (and shrinking) set of people supporting my profession. For these people, their job has groan increasingly difficult: I refer, of course, to the fine people who work inside of cloud data centers. The job is so difficult primarily because it is boring.

This is not because cloud data centers are not advancing – in fact that is the root of the problem – there are so few data center workers because of the growing efficiencies in cloud data centers simply means fewer people are needed to run them.

You may be wondering how you can help. It is very simple – remotely connect into a server on the data center of your choice, and just talk to the nice people in that data center through the speaker on the computer your’ve remoted into. But first you’ll need to enable the audio service on the operating system, since it is off by default in the cloud. But turning it on is fairly simple. This short video shows you how.

What will YOU say to the lonely cloud data center people? 

 

 

 

Microsoft Azure Data Center Regions in Mainland China now in Production (that makes 12!), #AzureMap updated

Coming one month after a pair of new data center regions went into production in Japan, another set of Windows Microsoft Azure data center regions have moved into production – in mainland China this time. There was a press release detailing how this is done in partnership with 21Vianet, “the largest carrier-neutral internet data center services provider in China” (source).

The addition of these two new data center regions – in Beijing and Shanghai areas – increases Microsoft’s footprint for Azure data center regions to 12 – joining these 10: Asia Pacific East, Asia Pacific Southeast, Japan East, Japan West, Europe North, Europe West, US West, US East, US South Central, US North Central.

There are also 3 more in the works – one in Brazil and a pair in Australia. In addition there is a pair of US Government-specific Fedramp data center regions.

Microsoft Azure is New Brand

This all comes on the heels of Microsoft recognizing its cloud brand is bigger than just “Windows” and rebranding from Windows Azure to Microsoft Azure. With Linux VMs available, tons of services available over APIs, SDKs for PHP, Python, Ruby, Java, .NET, Node.js, iOS, Android, Windows 8, and Windows Phone, the platform has taken on a decidedly cross-technology feel, with a focus on features rather than on Windows.

Azure Map Updated

For the Azure Map I am maintaining, I updated the JSON meta data in the Azure Map project to promote these two data center regions to “Production” then re-generated and re-posted the GeoJSON and TopoJSON maps. All data is in GitHub. For more info, see these two posts:

The full interactive single-page Azure Map is here: http://azuremap.blob.core.windows.net/apps/bingmap-geojson-display.html

Stupid Azure Trick #9 – Embrace SSL During Development when authenticating with Azure Active Directory

If you are developing applications that authenticate users or handle sensitive personal or business data, you should be using SSL for your whole site. That’s the most secure approach. Plain old HTTP is not gonna cut it, and flipping between HTTP and HTTPS exposes undesirable vulnerabilities.

So let’s suppose you are building a Windows Azure Web Site using ASP.NET MVC and you want to take advantage of Azure Active Directory for authentication. Maybe you create an Azure Active Directory account, add some users, now you are ready to use it for authentication within your application.

Using SSL during development will help you smoke out issues – one might be cross-protocol warnings – while also keeping your credentials secure on the wire (if you develop locally using AAD, logins still travel over public internet). It’s just good hygiene. But there is a nuisance factor because, by default, using SSL locally (in the latest tool stack for ASP.NET development) uses the SSL certificate that ships with IIS Express, and that’s not trusted by your web browser, so you get a warning every time. This tip today will show you how to easily fix that. (To skip all the context and get right to the main point, search for the word ‘core’ below.)

Certificate Store on Windows

The Certificate Storage on Windows (desktop and server) is a trusted location for storing digital certificates for all kinds of reasons, including those used by Web Browsers to trust whether or not to trust an SSL connection to a web site, or whether to give a warning.

Only certificates that live in a special location in your local Windows Certificate Store – or digital certificates signed by those certificates (or in a signing chain) – are allowed to be used without a warning. This special location is called Trusted Root Certification Authorities. If your certificate is not in there, or itself was not signed by a certificate in there, and so on, then the browsers will show the users a stern warning.

You can view the certificates in your Trusted Root Certification Authorities store by running certmgr.msc from a command program. Here’s what it looks like on my machine.

image

We’ll come back to this tool later.

Create a Simple ASP.NET MVC app that authenticates with Azure Active Directory

You can skip this section if you already know how to do this. This is a quick walkthrough showing how to use Visual Studio 2013 to create simple ASP.NET MVC application and connect it to an existing Azure Active Directory. (You can easily create an AAD either from the Windows Azure portal, or outside it. You can also substitute an Office 365 directory since that automatically uses AAD.)

File | New Project, choose as below:

image

Click OK.

image

Click Change Authentication.

image

Slect Organizational Accounts in the radio button on the left, and type in your AAD domain (could also be Office 365). Choose Single Sign On for Access Level for simple authentication, or choose Single Sign On, Read directory data if you also plan to use AAD for authorization (such as RBAC). Click OK.

After authenticating as a Global Administrator user on the specified domain, you will be back to your New ASP.NET Project dialog, though with a new value for Authentication setting.

image

Click OK. Now your project will be generated. If you display the Project Properties window for your project, as shown below, notice the configuration options for SSL. You also have both an SSL endpoint and a regular HTTP endpoint.

image

Simply hit F5 now to debug. The default configuration here will bring up the SSL endpoint. Let’s explore what happens below.

Web Browser, Please Protect Me!

Once you’ve started to debug, you won’t see your app directly, but rather you’ll see something like the following:

image

This is because of this entry in Web.config:

<system.web>

<authorization>
<deny users="?" />
</authorization>


</system.web>

This says, in a nutshell, only allow authenticated users access to my site, and if they are not authenticated already, send them to the configured AAD login screen.

(It is possible to selectively disable this for certain pages or areas, but we won’t cover that here. But you can see an example in you web.config that uses the location element.)

Also note that the login screen is using SSL. After logging in, we stay on SSL, and get the following warning:

image

Click the Continue to this websites (not recommended). link and you get your application page, but without the trusty padlock:

image

What does this mean – SSL without the padlock? It means your data is cryptographically secure on the wire (safe from snooping, because the channel is encrypted), but you are sending your data to a web site whose identity has not been independently verified.

The experience with Chrome and Firefox is similar:

Warning from Chrome – “The site’s security certificate is not trusted!”

Hit F5 from Visual Studio if Chrome is your default browser (or type the appropriate URL into Chrome while debugging from Visual Studio).

image

Warning from Firefox – “This Connection is Untrusted”

Hit F5 from Visual Studio if Firefox is your default browser (or type the appropriate URL into Firefox while debugging from Visual Studio).

image

Why Getting Rid of SSL Warnings is OKAYish Here

Before we get rid of the warning, let’s cover a couple of basics.

We get rid of the SSL warnings by telling Windows to trust the IIS Express certificate. In general, this is a Bad Idea, but in this narrow case it ought to be fine. Here’s the logic:

  1. Your IIS Express certificate is unique to your machine
  2. It only honors ports starting at 44300 (up to, I think, 44399)
  3. You can undo this
  4. You are a developer and Know What You Are Doing
  5. You would NEVER do this on an internet-facing production machine

We’ll use Internet Explorer to make the fix, but realize that since all browsers are using the same underlying Certificate Store on Windows, you only need to do this ONCE (in IE in our case) and the others will also automatically trust the certificate for SSL.

Getting Rid of SSL Warnings for *all* Browsers, Courtesy of IE

Here’s the core of the tip in this article, and it starts at the point after you’ve hit F5 in Visual Studio, and assumes IE is configured as the default browser (and, if not, simple load the page into IE before proceeding).

image

Simple click on Certificate error and you’ll see this popop:

image

Click on View certificates.

image

Click on Install Certificate.

image

Click Next (Current User is desired location).

image

Click Place all certificates in the following store and click browse:

image

Choose Trusted Root Certification Authorities. Click OK.

image

Click Next.

image

Click Finish.

There will be a Security Warning:

image

Now read it. If you are cool with it, click Yes.

Now if you run certmgr.msc again, you can see the new entry:

image

Undoing the Fix

To remove it again, simply select it, as show above, and hit the DELETE key. You’ll get a couple of warnings:

image

Click Yes.

Back to normal.

[This is part of a series of posts on #StupidAzureTricks, explained here.]