Boston Azure meeting to feature Microsoft’s Curt Devlin on Identity in the Cloud

Thursday February 25, 2010 at NERD in Cambridge, MA

The following is an update to the agenda for the upcoming Boston Azure User Group meeting this coming Thursday.

To RSVP for the meeting (helps you breeze through security and helps us have enough pizza on hand), for directions, and more details about the group, please check out http://BostonAzure.org.

To get on the Boston Azure email list, please visit http://bostonazure.org/Announcements/Subscribe.

[6:00-6:30 PM] Boston Azure Theater

The meeting activities begin at 6:00 PM with Boston Azure Theater, which is an informal viewing of some Azure-related video. This month will feature the first half of
Matthew Kerner‘s talk on Windows Azure Monitoring, Logging, and Management APIs from the November 2009 Microsoft PDC conference.

[6:30-7:00 PM] Upcoming Boston Azure Events and Firestarter

Around 6:30, Bill Wilder (that’s me) will first show off an interesting CodeProject contest, then will lead a discussion about the future of the Boston Azure user group and the upcoming All-Day-Saturday-May-8th event.

Curt Devlin will take the stage at 7:00 PM.

Before the meeting, if you want a little more context, you may wish to read Kim Cameron’s essay The Laws of Identity, which is an insightful analysis of challenges around Identity.

[7:00-8:15] Featured speaker: Curt Devlin of Microsoft

Abstract

The Azure platform presents new challenges for identity management. As developers and architects, we will still have to answer the same two perennial questions: 1) Who are you? 2) And what are you allowed to do? But the traditional on-premise approaches to authentication, authorization and identity lifecycle control are not adequate to meet these new challenges. The Geneva suite of technologies for claims-based identity management can be help because cloud computing can be thought of as a “special case” of federation, with many similar requirements. Together these two paradigms appear to be converging to create the perfect storm of paradigm shifts. However, even WIF, ADFS 2.0 and CardSpace 2.0, will only take us part way to a complete solution in the near term. This session will provide a simple recipe for claims-based identity management in Azure using Geneva, discuss some of the most important reasons why this is necessary, and finally some of the shortcomings we will still have to contend with on the road ahead. The aim is to educate, motivate, and caution.

About Curt Devlin

Curt Devlin is currently an architect in Microsoft DPE (Developer & Platform Evangelism) focusing on distributed solutions across many industries and customer segments. Curt is a Microsoft veteran of many technology wars, with more than 20 years of experience developing solutions on the Windows and .NET. platforms. He is also a dyed-in-the-wool New Englander with avid interests in sailing, skiing and nearly everything else.

Curt blogs as the philosophical architect, plus you can check out his MSDN articles Enterprise Authorization Strategy and SaaS Capacity Planning: Transaction Cost Analysis Revisited.

Curt’s blog post announcing his participation in this meeting: http://blogs.msdn.com/curtd/archive/2010/02/23/an-evening-with-identity-in-the-clouds-and-the-boston-azure-user-group.aspx

This was the third meeting of the Boston Azure User Group! (You can get on the group mailing list here.)

We watched a clip from the first day of PDC where Ray Ozzie and others talk Azure in the keynote …

Discussed idea of an Azure Firestarter event – possibly for May 8, 2010 – and this seems to flow nicely from our scheduled April meeting where Jason Haley is scheduled to talk about getting started programming in Azure, such as with the Azure SDK.

Ben Day spoke on Windows Azure storage. Some quick notes / points from his talk:

• Relational databases have a schema – all rows in a table have same columns, structure is defined before pouring in any data, data is not repeated (third-normal form breaks out data to appear only once – no redundancy)
• … database will manage transactions across tables
• … though mixed with replication can provide performance challenges
• This changes for Azure Table Storage!
• … though Azure Table Storage can scale way better – horizontally (“out”) whereas traditional SQL RDBMs tend to scale best vertically (“up”) – to larger boxes – which is more limiting and tends to be more expensive.
• Do we need to rethink what needs to be transactional? Can we use a simplified transactional model – such as just within one table – or one instance of one table…
• … compensating transactions are another approach
• Securely storing data
  • Encrypt (compute is cheap)
  • If you encrypt a key, it won’t work for indexing
  • Search is harder if you encrypt
• String columns have a 64KB size limit for Table Storage – so reference larger objects in a Blob
• Unit testability
  • Abstract away you r persistent store, such as with Repository pattern – so you can unit test
  • Encapsulate business logic, such as with Service Layer and Domain Model patterns
  • Extract logic from UI using MVP (Model View Presenter)
  • Use Mock objects
• Ben will come back to finish the story!

Around 23 attended.

Meeting #1 of Boston Azure User Group!

Keynote speaker: Brian Lambert of Microsoft

Meeting was held Thursday October 22, 2009 at Microsoft NERD in Cambridge, MA

Mike Werner (Microsoft evangelist for Azure in the Northeast) introduced the user group at this innaugural meeting, plugged the upcoming Microsoft PDC, then introduced Bill Wilder, the guy who started the Boston Azure User Group.

Bill Wilder provided an overview of the group (powerpoint slides):

• All meetings will have Windows Azure focus
• Any technology or business concept – cloud models, Microsoft dev technologies, tools, and so forth – is fair game, but must be presented with appropriate Azure slant: they need to be related back to Azure or else they are not appropriate for Boston Azure User Group meetings

Brian Lambert spoke on how to build applications for Windows Azure.

Bill’s raw notes from Brian’s talk:

• Can call unmanaged DLLs through Full Trust
• “Fabric Controller worries about the “shape” of your app”

Worker Roles

• Background processing – utility computing
• May communicate with outside services
• Not externally visible to client
• Queues ~ how we communicate to a Worker Role ~ since both Worker Roles and Web Roles can talk to storage (like Queues), this is a good medium

There are public and private containers in blog storage. Public is the only accessible to clients (w/o keys that is).

Partitioned for scale

Blobs = ? “cloud files”

• Up to 50 GB / blob + 8k of metadata

Azure Dev Workflow:

• Add some Web Role(s)
• Add 0+ Worker roles
• Add Service  Configuration
• Add Service Package
• Upload to Windows Azure Management Portal
• Deploy to Windows Azure Fabric Controller
• Provision / Run the roles and storage needs; monitors the health

Sticky Storage ?

….

Azure Tools + Azure SDK

….

For “dev” + “test” + “etc.” – may want to use REAL azure accounts – not just the “other account” you have in your main production account

….

Need to handle the “at least one worker role will work on it” contract – your application needs to be designed for this…

“poison message” – due to bug or oversight or bad data, a message from the queue will NEVER be successfully handled. App needs to handle this currently.

Queue timeouts can have different values – could be, say, different for different message types.

….

Worker Role => a class that inherits from WorkerRoleMain (what was this class name??)

Fabric occassionally calls GetHealthStatus() which returns a RoleStatus. If you tell the Fabric you are Unhealthy, the Fabric may slay you? Maybe your NIC card is flakey, so your performance to external web services is too slow?

….

Public container for blob – for actual image (full size) linked to from the thumb.

“Fiddler is your friend when you’re working … watch your requests.”

Dev Fabric + Cloud Storage is an excellent mode to run in for effective debugging – can watch the message traffic with Fiddler.

“There is no debugging in the cloud. There’s logging.”

RoleManager can also write to “local storage” [[more interesting access / features coming soon!]] – then can go to Portal and use “configuration” button to update your config file to “copy logs” (did they move it?)

===========

can even bring web site up with http://localhost:8020 

WorkerRole is very simple to just run it in a process

Use Test Running to fire up a WorkerRole

• Tight dev cycle
• Can also now run a performance profile

Tricks: log in “real fabric”, write to console in “dev fabric”