The document provides tips and lessons for using various Windows Azure services, including:
- Windows Azure Table Storage and how to model data for storage in tables
- Access Control Service (ACS) for claims-based authentication and common issues to address
- Windows Azure Diagnostics for collecting logging data across roles and storing in tables or blobs
- Best practices for deployment, environments, tools, and selling Azure's capabilities to customers
3. • Table Storage
• Access Control Service (ACS)
• Windows Azure Diagnostics
• Retry Logic
• Deployment
• Environments
• Tools
• Sell it!
4. • Non-relational data storage
• Massive scale (100TB per storage account)
• Single Key (Partition Key + Row Key)
• Range based partitioning
• Requires a different way of thinking
– Multiple entity types in a single table
– Group data into logical units – a partition
– More than 1 key data point? Create your own composite key.
5. Partition RowKey CourseName Comment Comment
Key Record Type Count
43040 0:dafce7ed-47ff-474a-a94c- Darby Creek 1
8b7d555394c1 CourseId
43040 1:dafce7ed-47ff-474a-a94c- Fast
8b7d555394c1:252057602167737 Timestamp greens!
1563:b3abfc42-4e66-4306-b39b-
c3972fde5ac7
43012 …. CommentId Timberview 5
43016 …. Buck Ridge 3
43016 ….. Great
sand!!
6. Select all the Course entities
public IEnumerable<Course> SelectAllCourses()
{
var tableClient = storageAccount.CreateCloudTableClient();
var ctx = tableClient.GetDataServiceContext();
var results = (from c in ctx.CreateQuery<Course>(tableName)
where c.RowKey.CompareTo("0:") >= 0 &&
c.RowKey.CompareTo("0;") < 0
select c).AsTableServiceQuery().ToList();
return results;
}
7. Plan for retries
public void Add (Course course, Comment comment)
{
var tableClient = storageAccount.CreateCloudTableClient();
var ctx = tableClient.GetDataServiceContext();
ctx.AddObject(tableName, course);
ctx.AddObject(tableName, comment);
ctx.SaveChangesWithRetries(SaveChangesOptions.Batch);
}
Handle entity group transactions too!
8. • Claims-based authentication service
• Leverages Windows Identity Foundation (WIF)
• No need to build your own identity management
solution. What’s your value-add?
• Multiple identity providers
– Facebook, Windows Live, Google, Yahoo!, ADFSv2
• Most demos and walkthroughs show how easy ACS is
to add . . . But there’s more.
9. • Install WIF runtime via a startup task
• DPAPI not supported – use your own certificate
• Change request validation
– Use ASP.NET 2 request validation
– Custom validator
10. • WIF relies on the web.config file
• URLs related to the site are set in the web.config . . .
can’t change
• Problematic for staging deployments – don’t know the
URL until deployed
• Add logic to WebRole’s OnStart() to update the WIF
settings in web.config
– Read in configuration settings from .cscfg
– Update and save the web.config
– Changing .cscfg settings can cause a role recycle . . . causing
web.confg to update
11. • Need claims not provided by Identity Provider?
– Claims vary by Identity Providers
– Windows Live ID – limited usefulness
– Claims Enrichment
– Custom implementation of ClaimsAuthenticationManager
– Retrieve additional info from data store
– Return as additional claims
13. • Ability to persist multiple diagnostic sources across
roles
– Log Files
– Event Logs
– Performance Counters
– IIS Logs
• Diagnostics data saved in table or blob storage
• Different storage account for diagnostic & app data
• Use multiple diagnostic storage accounts & rotate
– Easiest way to clean up large amounts of data in tables
15. • Set diagnostic information via configuration
• Special file – diagnostics.wadcfg
• File automatically saved to blob storage and accessible
from all instances
• Don’t get out of sync
• Diagnostics config in code overwrites what is in blob
storage
• Allows operations team, not dev, to control settings
16.
17. • Configure Remote Desktop early
• Requires an input endpoint
• Changing number of endpoints requires a delete and
redeploy
– Can’t perform a VIP swap
• Don’t want it on all the time? Change the settings in
.cscfg.
18. • Transient Fault Handling Application Block
• SQL Database, Windows Azure Storage, Service
Bus, and more
• Very extensible and flexible
19.
20. • Upload .cspkg & .cscfg files to Windows Azure portal
• Use Visual Studio
• Use Windows Azure PowerShell cmdlets
– Humans make mistakes . . . Not good at repetitive tasks
– Handle nearly everything via script
– Works great in development and for production!
– Invoke from other deployment tools like Team Build
– Have a .cmd file that will execute the build and then kick off the
deployment
• Put deployment files in blob storage for quick access
later
21. • Use subscriptions to control access and billing.
• Get billing and subscription administrators set up . . . . Very difficult to change later (especially the
Live ID for account owner)
Development QA Production
CS CS CS CS
CS DB DB
Staging Staging Staging
CS CS CS
CS
CS DB
DB DB
Production Production Production
• Developers create & deploy services in ‘Development’ as needed. Co-admins
for the ‘Development’ subscription.
• QA teams have access to QA. They are co-admins for the QA subscription.
• Operations team is co-admins for ‘Production’.
22. Neudesic Azure Storage Explorer Cerebrata
Cloud Storage Studio
Diagnostics Manager
Management Cmdlets
http://azurestorageexplorer.codeplex.com/
23. • What are your pain points?
– Cost pressures
– Slow to deploy
– Scalability
– Security
• Scenarios
– Web Modernization
– Gaming
– Mobility
– Big Data
– Enterprise Application
Integration
25. • WIF: A Potentially Dangerous Request.Form Value Was Detected
– http://social.technet.microsoft.com/wiki/contents/articles/1725.windows-identity-foundation-wif-a-potentially-
dangerous-request-form-value-was-detected-from-the-client-wresult-t-requestsecurityto.aspx
• Install WIF Runtime via Startup Task
– http://stackoverflow.com/questions/8697596/azure-service-configuration-error
• Edit & Apply New WIF Config Settings w/o Redeploying
– http://blogs.msdn.com/b/vbertocci/archive/2011/05/31/edit-and-apply-new-wif-s-config-settings-in-your-
windows-azure-webrole-without-redeploying.aspx
• Publishing a ACS v2 Federated Identity Web Role
– http://blogs.msdn.com/b/davidmcg/archive/2011/04/05/publishing-a-acs-v2-federated-identity-web-role.aspx
• Windows Azure Active Directory Solutions For Developers
– http://social.technet.microsoft.com/wiki/contents/articles/3669.windows-azure-active-directory-solutions-for-
developers.aspx
• How to get most out of Windows Azure Tables
– http://blogs.msdn.com/b/windowsazurestorage/archive/2010/11/06/how-to-get-most-out-of-windows-azure-
tables.aspx
• Collecting Logging Data by Using Windows Azure Diagnostics
– http://msdn.microsoft.com/en-us/library/windowsazure/gg433048.aspx
Windows Azure National ArchitectWindows Azure MVPHelp customers nationwide with their Windows Azure projects. This can include architectural design sessions, training, development, evangelism, etc.Reach me via email, Twitter, or my blog.
Cover several areas of Windows Azure.Not going to go deep on any of these areas – assuming you have some working knowledge of Windows Azure.Question – ask. Leave time at end for Q & A too.Purpose – show you some things in Windows Azure that aren’t always like the happy path demo.This isn’t to say that Windows Azure is difficult – its not. Often there are a few extra things you need to do.
Range based system – using the Partition Key to help define the ranges.Can use unique Partition Key.Try to avoid prepend or append patterns w/ the Partition Key – one area always more active. Not an even distribution.Distribute load/keys evenly.
Example – one table that contains two different entities (Courses and Comments)RowKey – multiple values using a separatorRecord Type to distinguish Course vs. CommentCourseId to have a unique value for the courseComment entityReverse timestamp to take advantage of lexical sort order (default) of the table – most recent firstUnique CommentId value
CompareTo - Compares this instance with a specified object or String and returns an integer that indicates whether this instance precedes, follows, or appears in the same position in the sort order as the specified object or String
Request validation for all requests in ASP.NET 4.; Security feature – cross-site scripting attacks
WIF relies on settings in the web.config – which we typically can’t change easily w/ Azure apps
Show ACSClaimsAuthenticationManagerLogon w/ RegistrationLogoutWIF setting update in WebRolehttp://www.istockphoto.com/stock-photo-19150373-thumbs-up.php?refnum=5882518&source=sxchu04&muuid=sxc651f81d74d3fe87ac55b5d6d01045
Diagnosticconfig code persisted to a file in blob storageAbility to remotely configure diagnostics – API for updating the config file in blob storageRole instance recycles – changes the config file back to what the code states, not what you’ve previously updated
Sometimes easiest way to diagnose a problem – RDP into the server instance.
Retry Policy – how often to retryRetry Strategy – what triggers a retry action
Windows Azure National ArchitectWindows Azure MVPHelp customers nationwide with their Windows Azure projects. This can include architectural design sessions, training, development, evangelism, etc.Reach me via email, Twitter, or my blog.