The Windows Azure SDK 1.4 refresh is available which adds in Web Deploy integration. This allows the developers to increase their productivity by using web deploy rather than having to repackage and redeploy the application. It is available for down load here and click the “Get Tools & SDK” button. Further information on this release can be found here
If you are an MSDN subscriber (Ultimate or Premium) you now get more Windows Azure resources. Professional subscribers are now also included in the promotion.
See here for more details. If you have already taken up this offer and you are an MSDN Premium subscriber then you will automatically be upgraded to the MSDN Ultimate offer.
In order to activate your benefits
Sign-in to your MSDN benefits page Click on the Windows Azure Platform link from My Account and follow the steps to activate Windows Azure (for limited free access). You'll need your credit card or follow the Steps to set up invoicing for Windows Azure to sign up. If you use more than the amount of services included with your MSDN subscription, you will be billed to your card for these overages. You can visit the Microsoft Online Services Customer Portal to look up your usage at any time. Go to the Windows Azure Developer Portal to access your Windows Azure subscription
The first production version of the windows Azure caching service and a new production version of the Access Control service have been released. The following link provides the necessary information
http://blogs.msdn.com/b/windowsazureappfabric/archive/2011/04/11/announcing-the-commercial-release-of-windows-azure-appfabric-caching-and-access-control.aspx
In conjunction the Windows Azure Platform Training Kit and the Identity Developer Training Kit have both also been updated.
The Windows Azure Platform Training Kits adds some new labs:
Authenticating Users in a Windows Phone 7 App via ACS, OData Services and Windows Azure lab Windows Azure Traffic Manager lab Introduction to SQL Azure Reporting Services lab
The Azure SDK has been released and is available here
The changes are as follows:
- Resolved an issue that caused full IIS fail when the web.config file was set to read-only.
- Resolved an issue that caused full IIS packages to double in size when packaged.
- Resolved an issue that caused a full IIS web role to recycle when the diagnostics store was full.
- Resolved an IIS log file permission Issue which caused diagnostics to be unable to transfer IIS logs to Windows Azure storage.
- Resolved an issue preventing csupload to run on x86 platforms.
- User errors in the web.config are now more easily diagnosable.
- Enhancements to improve the stability and robustness of Remote Desktop to Windows Azure Roles.
One of the changes fixes the issue I blogged in CommunicationObjectFaultedException after checking an Azure project in to TFS
The simple answer is that each REST call made to the Azure Storage Service is counted as a single transaction. This means that each time you query your table or check the size of a queue or upload a blob you will call the Azure Storage REST api and it will be classed as a transaction. It also means that if you are doing a full table query and you start to get continuation tokens you will get multiple transactions.
For a fuller description see the following blog post:
http://blogs.msdn.com/b/windowsazurestorage/archive/2010/07/09/understanding-windows-azure-storage-billing-bandwidth-transactions-and-capacity.aspx
Following on from my previous blog on “Creating your own identity provider …” The following changes can be made to add in your own claims.
Firstly in the App_Data\CustomSecurityTokenService.cs file of your identity provider web site I changed the following code
outputIdentity.Claims.Add( new Claim( System.IdentityModel.Claims.ClaimTypes.Name, principal.Identity.Name ) );
if (principal.Identity.Name.Equals("Steve") == true)
{
outputIdentity.Claims.Add(new Claim(ClaimTypes.Role, "Administrator"));
outputIdentity.Claims.Add(new Claim("http://schemas.BlackMarble/Identity/Claims/Business",
"Black Marble"));
}
else
{
outputIdentity.Claims.Add(new Claim(ClaimTypes.Role, "User"));
}
The first parameter of the Claim constructor needs to be in the format of a namespace and I added this one up as it was an internal name we are using.
The second parameter of the Claim constructor is the value you want to pass through.
Next go to the appfabric portal and add in the following rule to your STS provider. You need to make sure that the schema string you have in your code matches the Input Claim Type you added in your rule.
Now you should be passing through the Business claim to your website. To get access to the claim use the following code:
using System.Threading;
using Microsoft.IdentityModel.Claims;
IClaimsPrincipal principal = (IClaimsPrincipal)Thread.CurrentPrincipal;
var business = "";
foreach (Claim claim in principal.Identities[0].Claims)
{
if (claim.ClaimType.Equals("http://schemas.BlackMarble/Identity/Claims/Business"))
{
business = claim.Value;
break;
}
}
if (!String.IsNullOrEmpty(business))
{
// we have a claim value for School so lets display it
BusinessLabel.Text = business;
}
else
{
BusinessLabel.Text = "No business claim found";
}
Again, note that the claim type namespace is the same as you specified previously.
The following claims are passed through to my website:
A question I regularly get asked is whether there is any support in Azure for preventing Denial of Service (DOS) attacks or at least reducing the impact of the DOS attack. In a white paper written by Microsoft called “Security Best Practices For Developing Windows Azure Applications“ in June 2010 the following statement was made:
“Windows Azure’s load balancing will partially mitigate Denial of Service attacks from the Internet and internal networks. This mitigation is done in conjunction with the developer defining an appropriate Service Definition VM instance count scale-out. On the Internet, Windows Azure VMs are only accessible through public Virtual IP Addresses (VIPs). VIP traffic is routed through Windows Azure’s load-balancing infrastructure. Windows Azure monitors and detects internally initiated Denial of Service attacks and removes offending VMs/accounts from the network. As a further protection, the root host OS that controls guest VMs in the cloud is not directly addressable internally by other tenants on the Windows Azure network and the root host OS is not externally addressable.”
The following table shows the types of protection that are available (or planned)
Threat |
Layer where mitigation is implemented |
Nature of mitigation provided
(if specific to Windows Azure) |
Application/Service-layer mitigation required |
Is this issue higher risk or more complex in cloud deployments? |
Denial of Service |
|
|
|
|
Denial of Service attacks via network bandwidth saturation (packet flooding) |
Platform |
Load balancing & throttling in network infrastructure |
None Required |
No |
Identification of botnets and malicious network traffic |
Infrastructure |
Windows Azure Live Services monitors and investigates |
None Required |
Yes |
Deep packet inspection for network attacks with known signatures |
Platform (Not yet implemented) |
|
None Required |
Yes |
Flooding of Web Role local storage or blob/table storage |
Platform |
Quotas, ACLs, Reduced privilege execution and flood monitoring protection |
None Required |
Yes |
Request flooding at the customer code/app level |
Web Role (Needs coding) |
|
Implement application-level request throttling if necessary |
No |
My understanding is that there is support within Azure to stop someone from launching DOS attacks within Azure itself. It is difficult to stop a DOS attack on your site but there are things that can be done to minimise their impact. Bandwidth throttling and Load balancing are built in to the platform, but the developer has to code around issues at an application level for example implementing a back off policy when trying to access resources that are affected by DOS.
Microsoft released on Thursday the latest CTP for Windows Azure AppFabric. Details of the release can be found here, in the AppFabric Team blog and in Wade Wegner’s blog
The CTP contains changes to the Caching service and the AppFabric portal is now in Silverlight. The changes are as follows:
- New Silverlight-based LABS portal, bringing consistency with the production Windows Azure portal.
- Ability to select either a 128MB or 256MB cache size.
- Ability to dynamically upgrade or downgrade your cache size.
- Improved diagnostics with client side tracing and client request tracking capabilities.
- Overall performance improvements.
You can access the CTP by signing in to the AppFabric labs at http://portal.appfabriclabs.com/
When using the following code from a worker role the trace information shows that there are one worker role instance and zero web role instances
public override void Run()
{
while (true)
{
Thread.Sleep(10000);
Trace.WriteLine(string.Format("WorkerRole Instances {0}",
RoleEnvironment.Roles["WorkerRole1"].Instances.Count),
"Information");
Trace.WriteLine(string.Format("WebRole Instances {0}",
RoleEnvironment.Roles["WebRole1"].Instances.Count),
"Information");
}
}
This is because an internal endpoint is required on the role in order for the role environment to be able to retrieve the instance count. So add a new end point to the webrole and set it as internal. Running the code again, then shows both roles with 1 instance running.
See the Role.Instances MSDN topic:
http://msdn.microsoft.com/en-us/library/microsoft.windowsazure.serviceruntime.role.instances.aspx
The Windows Azure Training Kit January update is available at:
http://msdn.microsoft.com/en-us/windowsazure/wazplatformtrainingcourse.aspx
The January 2011 update of the training kit includes the following updates:
- [New demo script] Windows Azure Connect
- [New demo script] Web and Worker Role Enhancements
- [New demo script] Windows Azure Virtual Machine Roles
- [New demo script] Rafiki
- [New lab] Windows Phone 7 and The Cloud
- [Improved] Visual Studio code snippets installation
- [Fixes] Several bug fixes in demos and labs