Category Archives: Cloud Computing

Microsoft Azure Data Center Regions in Mainland China now in Production (that makes 12!), #AzureMap updated

Coming one month after a pair of new data center regions went into production in Japan, another set of Windows Microsoft Azure data center regions have moved into production – in mainland China this time. There was a press release detailing how this is done in partnership with 21Vianet, “the largest carrier-neutral internet data center services provider in China” (source).

The addition of these two new data center regions – in Beijing and Shanghai areas – increases Microsoft’s footprint for Azure data center regions to 12 – joining these 10: Asia Pacific East, Asia Pacific Southeast, Japan East, Japan West, Europe North, Europe West, US West, US East, US South Central, US North Central.

There are also 3 more in the works – one in Brazil and a pair in Australia. In addition there is a pair of US Government-specific Fedramp data center regions.

Microsoft Azure is New Brand

This all comes on the heels of Microsoft recognizing its cloud brand is bigger than just “Windows” and rebranding from Windows Azure to Microsoft Azure. With Linux VMs available, tons of services available over APIs, SDKs for PHP, Python, Ruby, Java, .NET, Node.js, iOS, Android, Windows 8, and Windows Phone, the platform has taken on a decidedly cross-technology feel, with a focus on features rather than on Windows.

Azure Map Updated

For the Azure Map I am maintaining, I updated the JSON meta data in the Azure Map project to promote these two data center regions to “Production” then re-generated and re-posted the GeoJSON and TopoJSON maps. All data is in GitHub. For more info, see these two posts:

The full interactive single-page Azure Map is here: http://azuremap.blob.core.windows.net/apps/bingmap-geojson-display.html

About these ads

Stupid Azure Trick #9 – Embrace SSL During Development when authenticating with Azure Active Directory

If you are developing applications that authenticate users or handle sensitive personal or business data, you should be using SSL for your whole site. That’s the most secure approach. Plain old HTTP is not gonna cut it, and flipping between HTTP and HTTPS exposes undesirable vulnerabilities.

So let’s suppose you are building a Windows Azure Web Site using ASP.NET MVC and you want to take advantage of Azure Active Directory for authentication. Maybe you create an Azure Active Directory account, add some users, now you are ready to use it for authentication within your application.

Using SSL during development will help you smoke out issues – one might be cross-protocol warnings – while also keeping your credentials secure on the wire (if you develop locally using AAD, logins still travel over public internet). It’s just good hygiene. But there is a nuisance factor because, by default, using SSL locally (in the latest tool stack for ASP.NET development) uses the SSL certificate that ships with IIS Express, and that’s not trusted by your web browser, so you get a warning every time. This tip today will show you how to easily fix that. (To skip all the context and get right to the main point, search for the word ‘core’ below.)

Certificate Store on Windows

The Certificate Storage on Windows (desktop and server) is a trusted location for storing digital certificates for all kinds of reasons, including those used by Web Browsers to trust whether or not to trust an SSL connection to a web site, or whether to give a warning.

Only certificates that live in a special location in your local Windows Certificate Store – or digital certificates signed by those certificates (or in a signing chain) – are allowed to be used without a warning. This special location is called Trusted Root Certification Authorities. If your certificate is not in there, or itself was not signed by a certificate in there, and so on, then the browsers will show the users a stern warning.

You can view the certificates in your Trusted Root Certification Authorities store by running certmgr.msc from a command program. Here’s what it looks like on my machine.

image

We’ll come back to this tool later.

Create a Simple ASP.NET MVC app that authenticates with Azure Active Directory

You can skip this section if you already know how to do this. This is a quick walkthrough showing how to use Visual Studio 2013 to create simple ASP.NET MVC application and connect it to an existing Azure Active Directory. (You can easily create an AAD either from the Windows Azure portal, or outside it. You can also substitute an Office 365 directory since that automatically uses AAD.)

File | New Project, choose as below:

image

Click OK.

image

Click Change Authentication.

image

Slect Organizational Accounts in the radio button on the left, and type in your AAD domain (could also be Office 365). Choose Single Sign On for Access Level for simple authentication, or choose Single Sign On, Read directory data if you also plan to use AAD for authorization (such as RBAC). Click OK.

After authenticating as a Global Administrator user on the specified domain, you will be back to your New ASP.NET Project dialog, though with a new value for Authentication setting.

image

Click OK. Now your project will be generated. If you display the Project Properties window for your project, as shown below, notice the configuration options for SSL. You also have both an SSL endpoint and a regular HTTP endpoint.

image

Simply hit F5 now to debug. The default configuration here will bring up the SSL endpoint. Let’s explore what happens below.

Web Browser, Please Protect Me!

Once you’ve started to debug, you won’t see your app directly, but rather you’ll see something like the following:

image

This is because of this entry in Web.config:

<system.web>

<authorization>
<deny users="?" />
</authorization>


</system.web>

This says, in a nutshell, only allow authenticated users access to my site, and if they are not authenticated already, send them to the configured AAD login screen.

(It is possible to selectively disable this for certain pages or areas, but we won’t cover that here. But you can see an example in you web.config that uses the location element.)

Also note that the login screen is using SSL. After logging in, we stay on SSL, and get the following warning:

image

Click the Continue to this websites (not recommended). link and you get your application page, but without the trusty padlock:

image

What does this mean – SSL without the padlock? It means your data is cryptographically secure on the wire (safe from snooping, because the channel is encrypted), but you are sending your data to a web site whose identity has not been independently verified.

The experience with Chrome and Firefox is similar:

Warning from Chrome – “The site’s security certificate is not trusted!”

Hit F5 from Visual Studio if Chrome is your default browser (or type the appropriate URL into Chrome while debugging from Visual Studio).

image

Warning from Firefox – “This Connection is Untrusted”

Hit F5 from Visual Studio if Firefox is your default browser (or type the appropriate URL into Firefox while debugging from Visual Studio).

image

Why Getting Rid of SSL Warnings is OKAYish Here

Before we get rid of the warning, let’s cover a couple of basics.

We get rid of the SSL warnings by telling Windows to trust the IIS Express certificate. In general, this is a Bad Idea, but in this narrow case it ought to be fine. Here’s the logic:

  1. Your IIS Express certificate is unique to your machine
  2. It only honors ports starting at 44300 (up to, I think, 44399)
  3. You can undo this
  4. You are a developer and Know What You Are Doing
  5. You would NEVER do this on an internet-facing production machine

We’ll use Internet Explorer to make the fix, but realize that since all browsers are using the same underlying Certificate Store on Windows, you only need to do this ONCE (in IE in our case) and the others will also automatically trust the certificate for SSL.

Getting Rid of SSL Warnings for *all* Browsers, Courtesy of IE

Here’s the core of the tip in this article, and it starts at the point after you’ve hit F5 in Visual Studio, and assumes IE is configured as the default browser (and, if not, simple load the page into IE before proceeding).

image

Simple click on Certificate error and you’ll see this popop:

image

Click on View certificates.

image

Click on Install Certificate.

image

Click Next (Current User is desired location).

image

Click Place all certificates in the following store and click browse:

image

Choose Trusted Root Certification Authorities. Click OK.

image

Click Next.

image

Click Finish.

There will be a Security Warning:

image

Now read it. If you are cool with it, click Yes.

Now if you run certmgr.msc again, you can see the new entry:

image

Undoing the Fix

To remove it again, simply select it, as show above, and hit the DELETE key. You’ll get a couple of warnings:

image

Click Yes.

Back to normal.

[This is part of a series of posts on #StupidAzureTricks, explained here.]

Talk: Meet Windows Azure, Your Next Data Center

Today I spoke at VirtG Boston’s annual Deep Dive Day. The title of my talk, Meet Windows Azure, Your Next Data Center, is probably descriptive enough to get the gist of it.

My slide deck follows.

2014-03-12 – Meet Windows Azure, Your Next Data Center – VirtG Virtualization Deep Dive Day

Stupid Azure Trick #8 – Take control of Management Certificate names

Examine your Windows Azure MANAGEMENT CERTIFICATES in the Windows Azure Portal (under “SETTINGS” in the left nav, then “MANAGEMENT CERTIFICATES” in the top nav). These are the certificates that control which people or which machines can programmatically manipulate your Windows Azure resources through the Service Management API.

Every time you initiate a Publish Profile file download (whether through the portal, with PowerShell, or through the CLI), a new certificate is generated and added to your list of management certificates. You cannot control these names – they are generated.

Upon examination, you may find that some certificates – like #1 shown below – have generated names. And also look at the several certificates immediately below #1 – they have similar names – also generated. These are hard to distinguish from each other.

SNAGHTML2f43f75e

But this is okay some of the time – it is convenient to let tools create these certificates for you since it saves time. It may be perfectly adequate on low security accounts – perhaps a developer’s individual dev-test account from MSDN, or an account only used to give demos with. But for a team account running production, you probably don’t want it to have 17 untraceable, indistinguishable certificates hanging off it.

Now look at the names for #2 and 3 shown above. They are custom names.

Managing Your Management Certificates Starts with Meaningful Names

While we can debate whether the custom names shown above are truly meaningful (this is a demo account), you can probably appreciate that seeing a certificate name like “BUILD SERVER” or “Person/Machine” (e.g., “Maura/DRAGNIPUR”) or “Foobar Contractor Agency” might be more useful than “Azdem123EIEIO” to a human.

Controlling Certificate Names

The Windows Azure Management Portal has some heuristics for deciding what to display for a certificate’s name, but the first one it considers is the Common Name, and will display its value if present. So the short answer: take control of the Common Name.

Here we show creating a Service Management certificate manually in two steps – first the PEM (for use locally) and second deriving a CER (for uploading to the portal).

openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout mycert.pem -out mycert.pem -subj "/CN=This Name Shows in the Portal"
openssl x509 -inform pem -in mycert.pem -outform der -out mycert.cer

Note the use of -subj "/CN=This Name Shows in the Portal" when generating a PEM in the first command. The specified text will appear as the description for this certificate within the Windows Azure Portal. OpenSSL is available on Linux and Mac systems by default. For Windows, you can install it directly, or – if you happen to use GitHub for Windows – it gets installed along with it.

For a pure Windows solution, use makecert to create a Management Certificate for Windows Azure.

Considerations

Once you assume responsibility for naming your own certificates, you are simultaneously also taking on generating them, deploying the certificates containing the private keys to the machines from which your Windows Azure resources will be managed using the Service Management API, and uploading the CER public keys to the portal. To make some parts of this easier – especially if you are distributing to a team – consider building your own publish settings file. Also, realize the same certificate can be used by more than one client, and the can also be applied to more than one subscription on Windows Azure; its a many-to-many relationship that’s allowed.

Resources

Create and Upload a Management Certificate for Windows Azure

X.509 Certificates

Build your own Publish Settings File

[This is part of a series of posts on #StupidAzureTricks, explained here.]

Talk: 7 Things Software Testing Professionals Should Know About the Public Cloud

Today I partnered with XBOSoft to present the webinar: 7 Things Software Testing Professionals Should Know About the Public Cloud.image

This is one of a series of webinars hosted by XBOSoft (@xbosoft) as part of their 2014 Webinar series from the XBOSoft Software Quality Knowledge Center. They are a global company (San Francisco, Amsterdam, Oslo & Beijing) focused on Software Quality Improvement. Check them out here: www.xbosoft.com.

The free Webinar was held on March 6, 2014.

At a high level, these are the 7 things discussed:

  1. Key cloud terminology & concepts
  2. SaaS tools are plentiful
  3. PaaS for environments
  4. IaaS for environments
  5. Understanding costs
  6. Public cloud platforms are global
  7. Considerations for cloud-native applications

The PowerPoint deck I used to walk through the topics is here:

7 Things Software Testing Pros Should Know About Public Cloud

Stupid Azure Trick #4 – C#, Node.js, and Python side-by-side – Three Simple Command Line Tools to Copy Files up to Windows Azure Blob Storage

Windows Azure has a cloud file storage service known as Blob Storage.

[Note: Windows Azure Storage is broader than just Blob Storage, but in this post I will ignore its sister services Table Storage (a NoSQL key/value store) and Queues (a reliable queuing service).]

Before we get into the tricks, it is useful to know a bit about Blog Storage.

The code below is very simple – it uploads a couple of files to Blob Storage. The files being uploaded are JSON, so it includes proper setting of the HTTP content-type and sets up caching. Then it lists a directory of the files up in that particular Blob Storage container (where a container is like a folder or subdirectory in a regular file system).

The code listed below will work nicely on a Windows Azure Dev-Test VM, or on your own desktop. Of course you need a Windows Azure Storage Account first, and the storage credentials. (New to Azure? Click here to access a free trial.) But once you do, the coding is straight-forward.

  • For C#: create a Windows Console application and add the NuGet packaged named “Windows Azure Storage”
  • For Node.js: run “npm install azure” (or “npm install azure – –global”)
  • For Python: run “pip install azure” to get the SDK
  • We don’t cover it here, but you could also use PowerShell or the CLI or the REST API directly.

Note: these are command line tools, so there isn’t a web project with config values for the storage keys. So in lieu of that I used a text file on the file system. Storage credentials should be stored safely, regardless of which computer they are used on, so beware my demonstration only using public data so my storage credentials in this case may not be as damaging, if lost, as some others.

Here’s the code. Enjoy!

Useful Links

Python

http://research.microsoft.com/en-us/projects/azure/an-intro-to-using-python-with-windows-azure.pdf

http://research.microsoft.com/en-us/projects/azure/windows-azure-for-linux-and-mac-users.pdf

http://www.windowsazure.com/en-us/develop/python/

SDK Source for Python: https://github.com/WindowsAzure/azure-sdk-for-python

Node.js

http://www.windowsazure.com/en-us/develop/nodejs/

SDK Source for Node.js: https://github.com/WindowsAzure/azure-sdk-for-node

http://www.windowsazure.com/en-us/documentation/articles/storage-nodejs-how-to-use-blob-storage/

C#/.NET

http://www.windowsazure.com/en-us/develop/net/

Storage SDK Source for .NET: https://github.com/WindowsAzure/azure-storage-net

Storage Client Library 3: http://msdn.microsoft.com/en-us/library/dn495001%28v=azure.10%29.aspx

[This is part of a series of posts on #StupidAzureTricks, explained here.]

Stupid Azure Trick #3 – Create a Dev Virtual Machine in Windows Azure

“Everyone” knows about using cloud services for running web applications and databases. For example, Windows Azure offers a bevy of integrated compute, storage, messaging, monitoring, networking, identity, and ALM services across its world-wide data centers.

But what about the idea of leveraging the cloud for software development and testing? Of course there is great productivity in using hosted services for a lot of the ancillary tasks in software development – source control, issue tracking, and so on. Example cloud solutions for source control would include two that I use regularly, GitHub and Team Foundation Service (TFS). But what about for hands-on software development – creating, running, testing, and iterating on code?

There are really two significant ways you can go here. One way – that I will not be drilling into – is to use a cloud-hosted web browser-based development environment. This is what’s going on with Monaco, which is a cloud-hosted version of Visual Studio that runs entirely in a web browser – but (very awesomely) integrates with Windows Azure. There are also third-parties playing in this space, such as Cloud 9.

The other way – the one I am going to drill into – is using a Windows Azure Virtual Machine for certain development duties.

[Making a case for when and why one might create a dev-test environment in the cloud will be left for another time…]

With great power comes great responsibility

Spiderman knows this, and you need to know it as well.

Virtual Machines in the cloud cost money while they are deployed. It is your great responsibility to turn them off when you don’t need them.

The pricing for “normal” virtual machines (as opposed to MSDN Pricing which is described below) is listed at http://www.windowsazure.com/en-us/pricing/details/virtual-machines/. For example, at the time of this writing, the price for a Windows Server VM ranges from $0.02 (two cents) to $1.60 per hour, while the price for a Windows Server VM with SQL Server ranges from $2.92 to $7.40 per hour. The $7.40/hour VM is an instance running on a VM with 8 cores and 56 GB of RAM.

NOTE: just before publication time, Windows Azure announced some even larger “compute-intensive” VMs, A8 and A9 sizes. The A9 costs $4.90 per hour and sports 16 cores, 112 GB of memory, and runs on a “40 Gbit/s InfiniBand network that includes remote direct memory access (RDMA) technology for maximum efficiency of parallel Message Passing Interface (MPI) applications. [...] Compute-intensive instances are optimal for running compute and network-intensive applications such as high-performance cluster applications, applications using modeling, simulation and analysis, and video encoding.” Nice! These are available for VMs in Cloud Services, and I would expect them to become available for all VMs in due course.

Some VMs cost more per hour (I’m looking at you BizTalk Server) and some costs are as yet unknown (such as for Oracle databases, which are in preview and production pricing has yet to be revealed).

VM prices vary for two reasons: (a) resources allocated (e.g., # of cores, how much RAM) and (b) licensing. For the same sized VM, one running SQL Server will cost more than one running Windows Server only. This is a feature – for example, you can rent a SQL Server license for 45 minutes if you like.

Of course, while inexpensive, and nearly inconsequential in small quantities, these prices can add up if you use a lot of VM hours. The good news is, you can release VM resources when you are not using them. You don’t incur VM costs when the VM is not occupying a VM, though there is a small storage cost that starts at $0.07 (seven cents) per GB per month.

Just don’t forget to free your resources before leaving for vacation.

Fortunately, VMs can easily be stopped in the portal, by using the Remove-AzureVM PowerShell cmdlet, by using the azure vm shutdown command from the cross-platform CLI, through management REST APIs, or using one of the language SDKs.

Example prices were expressed in terms of “per hour” but the pricing granularity is actually by the minute. In some clouds, usage granularity is hourly, or possibly “any part of the hour” meaning a VM deployed from, say, 7:50 to 8:10 would incur 120 minutes of billing (two hours), even though actual time was 20 minutes. In Azure, you would be billed 20 minutes. The billing granularity matters more when using VMs for focused tasks like developers and testers would tend to do.

Further, there’s a data transfer price for data leaving the data center.

You may be interested in Windows Azure Billing Alerts.

MSDN Pricing – A Big Cloudy Discount

If you have an MSDN account (not just for big companies, but also with startups) – as long as you claim your Azure benefits – magically, you are eligible for special MSDN Pricing. Check for the current MSDN discounted pricing, but as of this writing MSDN includes either $50, $100, or $150 of Azure credits per month, depending on your level of MSDN. Anyone on your team with an MSDN account will have their own Azure credits.

This means that your monthly bill will draw from this balance before you incur actual costs. You can also choose to configure the account to not allow overages, such that when your monthly allotment is exhausted, consumption stops. This way you know your credit card will not be charged. You can selectively re-enable it for the rest of the month. This is not a bad default setting to avoid runaway dev-test costs due to forgetting to turn off resources when you didn’t need them.

Beyond this, you get a huge discount on other VMs – no matter what the VM is, you never pay more than $0.06 per hour per small VM unit.

MSDN pricing only applies to resources used for Dev-Test – it is not licensed for production use, nor does it come with an SLA.

But that’s such a good deal, that anyone using Windows Azure for Dev-Test should take a hard look at this option if they don’t already have an MSDN account. But this post is all about creating a Dev-Test VM, so let’s get on with it.

Creating a Dev-Test Virtual Machine in Windows Azure

Let’s set up for C#, Python, and Node.js development.

First, log into your Windows Azure account at https://manage.windowsazure.com.

image

image

image

image

If the MSDN checkbox is disabled, you have logged into a Windows Azure account that is not associated with your MSDN account. Change to the correct account to proceed.

Select the MSDN checkbox to filter out any VM image not specific to MSDN subscribers, and see the list of available VM images change to the following:

image

Note the text on the descriptive text on the right-hand side, which I’ve included here since it provides some useful information.

The Visual Studio Professional 2013 developer desktop is an offering exclusive to MSDN subscribers. The image includes Visual Studio Professional 2013, SharePoint 2013 Trial, SQL Server 2012 Developer edition, Windows Azure SDK for .NET 2.2 and configuration scripts to quickly create a development environment for Web, SQL and SharePoint 2013 development.

To learn how to configure any development environment you can follow the links on the desktop.

We recommend a Large VM size for SQL and Web development and ExtraLarge VM size for SharePoint development.

Please see http://go.microsoft.com/fwlink/?LinkID=329862 for a detailed description of the image. Privacy note: This image has been preconfigured for Windows Azure, including enabling the Visual Studio Experience Improvement Program for Visual Studio, which can be disabled.”

Choose one of the Visual Studio images (I will choose Visual Studio Professional 2013) and go to the next page by clicking the arrow at the bottom-right.

image

Fill in the fields. The username and password will be needed later to RDP into the box. Click the arrow to go to the next page.

image

I kept most of the defaults, only changing the REGION to be “East US” to minimize latency to my current location. Click arrow to go to next page.

If I planned to use this for giving a talk in another geographic location, I may choose a different region. For example, I may choose “North Europe” (Dublin) if I was speaking in Ireland (which would be wonderful and I hope happens some day :-)).

image

No changes on this page, so click check-mark to finish.

image

The portal will “think” for a short time, then your new virtual machine – listed under the name you gave it (“vspro-demo” for me), with the corresponding cloud service that was created (“vspro-demo.cloudapp.net” for me) which also serves as its DNS name (that you’ll use to access it via RDP).

image

Once it finishes, you can select it and hit CONNECT. This will download a file that will launch the RDP client which will allow you to login.

image

I usually check off “Don’t ask me again…” because I know this connection is fine.

image

Note that here you will want to click “Use another account” so you can specify your VM-specific credentials.

image

Click OK then…

image

I usually check off “Don’t ask me again…” because I know this connection is fine.

Now I’m in!

image

Configuring your Dev-Test Machine on Windows Azure

When configuring a new machine, there are many tools you may want to install. For this exercise, I will keep it simple. (The following use my handy “which” function in PowerShell to find locations of commands in the path. If you add “which” to your environment, be sure to close your PowerShell shell and open a new one so that the new $PROFILE is processed. If you
choose to not install “which” then issue the same commands and you should just get errors instead.)

With a PowerShell shell, let’s investigate what we have on a new machine.

image

We can see that, in turn, that:

  • While PowerShell is installed (we are running in a PowerShell shell), there are no PowerShell cmdlets with “Azure” in the name.
  • Node.js is not found (no Node Package Manager (npm) and no Node runtime (node).
  • The cross-platform (xplat) Command Line Interface (CLI) is not installed. This has Node.js as a dependency.
  • No Python interpreter is installed.
  • The Web Platform Installer actually is installed, so let’s use that to add the other pieces to our development environment.

image

After filtering, in succession, (in search box at the top-right)…

.. on PowerShell:

image

Click the “Add” button to add the latest “Windows Azure PowerShell” release.

.. on Cross-platform:

image

Click the “Add” button to add the latest “Windows Azure Cross-platform Command Line Tools” release.

and .. on Python:

image

Click the “Add” button to add the latest “Windows Azure SDK for Python” release.

image

Click the “Add” button to add the latest “Python Tools 2.0 for Visual Studio 2013” release. This includes some really cool python tooling for Visual Studio, though we won’t discuss it further in this post.

Now click the “Install” button to start the installation.

image

You can accept all the licensing with one click.

The installation will download and install the items you selected, including any dependencies.

image

image

image

(compiling Python distribution as part of the installation…)

image

image

image

Installation is complete.

Verifying the Installation

Open a new PowerShell Window to explore once again.

image

Note that we ran the “get-help azure” command through a filter (the Measure-Object cmdlet, which was used to count lines) since output would otherwise not have fit on one screen (there are a couple of hundred Azure cmdlets in the list). Of npm, node, azure, and python, only azure (via azure.cmd, the entry point to the CLI) shows up in our path. This is okay, since we can now run azure at the command line and it knows where to find Node.js.

image

As for python, that is now installed at c:\python27\python.exe. We can either add c:\python to our path, or invoke it explicitly using the full path. For our simple example, we’ll just invoke it explicitly. To see that the Windows Azure SDK for Python is installed, we can use pip, a Python package manager, to list the installed packages.

image

We can see that “azure (0.7.1)” is installed.

Done. Now go write some Python, Node, or C# code!

Useful Links

[This is part of a series of posts on #StupidAzureTricks, explained here.]

Stupid Azure Trick #2 – How do I create a new Organizational Account on Windows Azure Active Directory without any existing accounts or EA?

Suppose your company is ready to create a corporate production environment using Windows Azure. If you are an enterprise of sufficient size, you will want to do this through your company’s Enterprise Agreement (commonly called an “EA”). But suppose you are a smaller company, or a 100% cloud company, and you want to do it the “right” way – but are not ready for an EA. How do you do it?

Microsoft Account is for Personal Use

First, while technically possible, there are reasons to not create production Windows Azure resources for your organization using a Microsoft Account (née Live Id (and many variants of Passport Account before that – it’s been around!)). The reason to avoid a Microsoft Account is that this is decidedly non-corporate – Microsoft accounts are intended for use by individuals. As a consequence, they are based on arbitrary email addresses and offer no way for an organization to manage them centrally. Even using your company email address as your login for a Microsoft Account is not a sufficiently manageable arrangement since you can continue to log into the associated Microsoft Account even after the email address no longer corresponds to a valid company email account.

Though you can get it done from a technical point of view – your Windows Azure assets can be deployed in production for sure from a Microsoft Account – there is a better way.

WAAD Organizational Account is for Organizations

Windows Azure Active Directory (WAAD) accounts are intended for use by organizations and are known as Organizational Accounts. And an “organization” in the context could be your company, school, non-profit, or any other entity from which centralized management of user accounts is beneficial.

Easily Create an Organizational Account from Windows Azure Portal

In the Windows Azure portal it is pretty easy to create additional Windows Azure Active Directory accounts all day long:

image

But the catch with that approach is that in order to create a new WAAD Organizational Account you need to be already logged into the Windows Azure Portal. So you already need an Azure Account. Though I have many accounts on Windows Azure, I wanted to understand the workflow to create a brand new Windows Azure setup without ever using an existing Windows Azure Account or a Microsoft Id…

In other words, what if I want to start from scratch?

Create Organization Account from Scratch

To create a new Organizational Account without already being logged into the portal, took some searching around and trying a few things, but turns out that one accomplish this by starting at https://account.windowsazure.com/organization.

The flow looks like this:

image

Note that later, once your new WAAD account has been established a few steps from now, you will receive a welcome email at the email you provided on this screen that will look something like this:

image

But back to the sign-up workflow… you will next click “check availability” then:

image

Click “Send text message” then type in the verification code:

image

Click “Verify code” then:

image

Click “continue” then:

image

after spinning you are invited to sign into Windows Azure:

image

After logging in…

image

After that spins a bit then asks you to sign up for the Windows Azure Free Trial:

image

Fill it in:

image

Click “Save” then fill in credit card details (not shown :-):

image

image

Then click “Sign up” to complete the process.

Tada! You are ready to go:

image

Now you can begin…

  • Adding users to your WAAD Organizational Account
  • Provisioning Windows Azure resources to the Subscription owned your Organizational Account

You can also configure your Organizational Account with a custom domain name (such as devpartners.com instead of devp.onmicrosoft.com) if desired.

But those are details for another time.

Office 365 Accounts are WAAD Organizational Accounts

Just so you know, Office 365’s directory service uses WAAD under the hood, and any Office 365 account is also a WAAD Organizational Account.

So most of the steps listed above (the ones associated with creating a WAAD Organizational Account) are not needed. You can create an Office 365 Account for your organization then jump directly to creating a Windows Azure account (or Free Trial).

Useful Links

[This is part of a series of posts on #StupidAzureTricks, explained here.]

Stupid Azure Trick #1 – Rename Your Windows Azure Subscription

As a consultant, I have access to a number of my clients’ Windows Azure Subscriptions. When you have many subscriptions to sort through, it is not very helpful if they have subscription names like Subscription-1 or Free Trial – especially when you have multiple of them by these names!

But fear not, you are not stuck with the name. You can change it to something more useful.

BACKGROUND:  How does a “subscription” fit into Windows Azure? When you log into Windows Azure, you log into an “account” where an account is tied to some login credential. Once logged in, that account can see zero, one, or more subscriptions. A subscription can have cloud resources allocated against it, such as virtual machines and web sites and databases. In the simplest case (e.g., not under an enterprise agreement), the subscription is also the unit of billing, typically tied to a credit card and possibly attached to an MSDN account or free trial.

How to Change the Name of Your Windows Azure Subscription

  1. Navigate to https://manage.windowsazure.com and sign in.
  2. Once signed in, in the top-right corner, click on your account name, and then “View my bill” from the drop-down menu:
    image
  3. This will take you to https://account.windowsazure.com/Subscriptions – and of course you could have navigated here directly, but I wanted to start from the more familiar portal experience.
    image
  4. In this example, the subscription we will rename is currently called “Free Trial” – click on that to bring up the details page specific to that subscription.
    image
  5. Scroll down the page a bit until you see “Edit subscription details” along the right-hand side:
    image
  6. Click on “Edit subscription details” to pop up a page that will allow you to change the subscription name or its service administrator:
    image
  7. Change the name to something more descriptive. Here I change my to “DevPartners Production” which indicates this subscription holds assets for DevPartners (which is my company), and these are Production assets (not Dev, Test, UAT, Play, Disposable, Demo, etc.). Some companies might prefer separate accounts for indvidual applications or teams.
    image
  8. Click the check mark, and you’ll see that your Windows Azure Subscription is now helpfully named:
    image

It only takes seconds to make this change, but think of all the mistakes and misunderstanding it could help prevent.

[This is part of a series of posts on #StupidAzureTricks, explained here.]

 

Stupid Azure Tricks are coming your way

I am writing a series of posts on Stupid Azure Tricks. The name is, of course, tongue-in-cheek, inspired by David Letterman‘s segments on Stupid Pet Tricks and Stupid Human Tricks.

A subtle difference is that Stupid Azure Tricks are actually useful tricks, but perhaps not widely known, sometimes the type of thing you’d only do once in a while (so hard to remember), and occasionally just something that’s interesting or cool (like this one).

The first one will be published tomorrow, the others will follow sporadically (though I’m going to try for once a week on Fridays for the first few). Click here to list the current list of Stupid Azure Tricks.