This is a continuation of the books I challenged myself to read to help my career - one a month, for year. You can read my first book review here, and the entire list is here. The book I chose for April 2012 was: Applied Architecture Patterns on the Microsoft Platform. I was traveling at the end of last month so I’m a bit late posting this review here.

Why I chose this book:

I actually know a few of the authors on this book, so when they told me about it I wanted to check it out. The premise of the book is exactly as it states in the title - to learn how to solve a problem using products from Microsoft.

What I learned:

I liked the book - a lot. They've arranged the content in a "Solution Decision Framework", that presents a few elements to help you identify a need and then propose alternate solutions to solve them, and then the rationale for the choice. But the payoff is that the authors then walk through the solution they implement and what they ran into doing it.

I really liked this approach. It's not a huge book, but one I've referred to again since I've read it. It's fairly comprehensive, and includes server-oriented products, not things like Microsoft Office or other client-side tools. In fact, I would LOVE to have a work like this for Open Source and other vendors as well - would make for a great library for a Systems Architect. This one is unashamedly aimed at the Microsoft products, and even if I didn't work here, I'd be fine with that. As I said, it would be interesting to see some books on other platforms like this, but I haven't run across something that presents other systems in quite this way.

And that brings up an interesting point - This book is aimed at folks who create solutions within an organization. It's not aimed at Administrators, DBA's, Developers or the like, although I think all of those audiences could benefit from reading it. The solutions are made up, and not to a huge level of depth - nor should they be. It's a great exercise in thinking these kinds of things through in a structured way.

The information is a bit dated, especially for Windows and SQL Azure. While the general concepts hold, the cloud platform from Microsoft is evolving so quickly that any printed book finds it hard to keep up with the improvements.

I do have one quibble with the text - the chapters are a bit uneven. This is always a danger with multiple authors, but it shows up in a couple of chapters. I winced at one of the chapters that tried to take a more conversational, humorous style. This kind of academic work doesn't lend itself to that style.

I recommend you get the book - and use it. I hope they keep it updated - I'll be a frequent customer. :)

 

We’ve all done it. We have a file we need to transfer to someone  - but it’s big. Really big. “Big”, in this case, is defined as “bigger than my corporate e-mail will let me send.” So of course we scout around, and find a free file share location. We plop it in, and send a link to the other person. Problem solved!

No, problem created. You see, many of these file-sharing sites have some…interesting…language in their terms. Sure, for a picture of aunt Sally riding that llama on the vacation, who cares if someone else steals it and puts it on an advertisement for a shipping company from Elbonia? But most of these offerings were not designed for a corporation with private or secure information - sometimes your private or secure information.

So what’s a company to do? You have to let people send files - they are just going to work around IT if you don’t - but you need a way to keep it secure, and maintain a chain of custody in some cases. There is a solution.

There’s a free Codeplex project called “BlobShare” that we have for you here. You pull it down, follow the instructions, and deploy it to Windows and SQL Azure. From there, you have a clean, safe, secure, controlled interface to let your folks share files.

There’s a full post on the inner-workings and the design of this code - and it’s just code. You can change it, use your own logo, restrict it further, loosen it up, whatever you like. That’s the point of Platform as a Service - control and ease.

http://blogs.msdn.com/b/vbertocci/archive/2011/10/31/blobshare-sample-acs-protected-file-sharing.aspx

<This is a non-technical post, at least mostly>

Back in January I wrote a post on switching to a stand-up desk arrangement. Since then folks have asked me if I stuck with it, how it worked out, and will I go back to sitting down to work. I thought I would post a few thoughts here on what I’ve done and what I’ve learned.

I’m still at the stand-up desk - but not working it quite the same way.

You can see the setup I created in that link above. I didn’t spend a lot of money, and I didn’t have to do that much re-arranging to make it work. The first day was fine - no problems at all. The second day…not so much. My feet and my back hurt. That continued for the first week after I started….

But then things got better. It wasn’t so bad. In fact, I went to a couple of meetings, and I found sitting down for a long time was uncomfortable. But the standing thing wasn’t perfect, so I added a pad to stand on as I mentioned in the post. That made a world of difference. But it still wasn’t perfect, so….

I added a barstool. I had a wooden one first, but just didn’t use it because it didn’t adjust correctly and it wasn’t very comfortable. So I bought this one:

And that’s been WAY better. Now, every hour or so, I sit down. If I get tired, I sit down. If I can’t move around because I’m trapped on a phone call, I sit down. It’s never for more than a few minutes or so, but I do take those breaks.

With one more exception - some days I’m physically tired, like when I’ve hiked on the weekends or something like that. In that case, I take more breaks. I bought some Ethernet-over-power adaptors to run my network out to the yard, and I sit out on the porch swing and work for a while. I need the connected wire since I use VoIP and need a fast connection.

 

I’ve also moved my office around a bit, and have a Windows Media PC (that and OneNote are Microsoft’s best-kept secrets) so I can watch Ted Talks, listen to  Windows Media Player Internet Radio, watch the University of Washington when they have Computer Science lessons and so on in the background. In fact, I hooked up my computer’s speakers to the pass-through of that Windows Media Center PC, with it’s good speakers. I have the video camera set up for Lync calls, and I use Mouse Without Borders to move the keyboard and screen on the other PC.

So I’m pretty happy with the setup. I’ve now heard three separate reports on the radio about how sitting is bad for you, so I feel vindicated in the choice. And I think I’ll work this way from now on, if I have the choice. 

For reasons I don't completely understand, I'm not allowed to call the following advice "Best Practices" - apparently there is some liability or something there. So let's say these are "really good ideas" for developing applications for Windows Azure. (Did you see how I worked it into the title anyway so the search engines find it? Always thinking. :) )

 

And of course these are by no means comprehensive - just a few notes I've made as I've been involved with projects. So here they are, in no particular order:

 

• Understand the platform - never stop learning, it changes all the time: SDK and Training Kit are the best resources. http://channel9.msdn.com/Blogs/pdc2008/ES03

It may sound pedantic, but it's just true. You need to learn how the platform works. The most issues I run into are things that are documented - most of the time very clearly.

 

• Follow standard best practices for your language

Windows Azure code does have some differences, but in large part it's just code. If you write Java to run on Azure, write good Java. Learn the best practices for your codeset and apply those - it will not only make your code faster and less error-prone, it will be cheaper to run.

 

• Keep a backup of your deployments

Things happen. Make sure you have your latest deployment checked into source code. If someone were to perhaps stop paying the bill and the Role is deleted, Microsoft does not have a secret backup of your application. Do not ask me how I know this.

 

• Batch up calls - fewer calls are usually more efficient (and cheaper) than lots of smaller calls.

This is typical for distributed computing environments - include the retry logic tip as well to ensure the call is successful.

 

• Use Cache and max out the instance wherever you can - you're paying for it, use it!

 

• Use the Windows Azure Diagnostics and monitor those counters accordingly: http://blogs.msdn.com/b/buckwoody/archive/2011/09/06/plan-for-diagnostics-in-cloud-computing-from-the-git-go.aspx

 

• Implement retry logic: http://www.davidaiken.com/tag/best-practices/

In a distributed computing environment, you may have a lag in time between operations. Make your code less brittle to failures for a given call, and ensure that you include retry logic.

 

• Use multiple instances: http://blogs.msdn.com/b/buckwoody/archive/2012/03/20/why-do-i-need-two-roles-in-windows-azure.aspx

This article is a must-read.

 

• Have a backup strategy

Microsoft keeps three copies of your data at all times in a datacenter, and backs up those three copies to another for safety. But that's at the latest moment - if you need point-in-time restore, make sure you code that into your architecture.

 

• Use affinity groups: http://blogs.msdn.com/b/buckwoody/archive/2011/11/28/windows-and-sql-azure-best-practices-affinity-groups.aspx

Affinity groups are a way of keeping your data and code together. This is usually a great idea from a performance standpoint, although there are applications that can break this rule for centralization or seldom-accessed data.

 

• Have a lights-out strategy

Anything that a human makes can fail. That includes entire datacenters, routers, the Internet. So make sure you know what to do if everything is unavailable. Perhaps that's just a notification system, a full fallback to an on-premises system, something. But plan.

 

• Security best practices are here: http://blogs.msdn.com/b/usisvde/archive/2012/03/07/windows-azure-security-best-practices-part-1-the-challenges-defense-in-depth.aspx and here http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=7253

 

• Denial of Service best practices here: http://blog.ehuna.org/2012/04/how_to_stop_a_denial_of_servic.html

 

• Blob Storage Best Practices: http://acloudyplace.com/2012/01/8-essential-best-practices-in-windows-azure-blob-storage/

Distributed Computing - and more importantly “-as-a-Service” models of computing have a different cost model. This is something that sounds obvious on the surface but it’s often forgotten during the design and coding phase of a project.

In on-premises computing, we’re used to purchasing a server and all of the hardware infrastructure and software licenses needed not only for one project, but several. This is an up-front or “sunk” cost that we consume by running code the organization needs to perform its function. Using a direct connection over wires you’ve already paid for, we don’t often have to think about bandwidth, hits on the data store or the amount of compute we use - we just know more is better. In a pay-as-you-go model, however, each of these architecture decisions has a potential cost impact. The amount of data you store, the number of times you access it, and the amount you send back all come with a charge. The offset is that you don’t buy anything at all up-front, so that sunk cost is freed up. And financial professionals know that money now is worth more than money later. Saving that up-front cost allows you to invest it in other things.

It’s not just that you’re using things that now cost money - it’s that the design itself in distributed computing has a cost impact. That can be a really good thing, such as when you dynamically add capacity for paying customers. If you can tie back the cost of a series of clicks to what a user will pay to do so, you can set a profit margin that is easy to track.

Here’s a case in point: Assume you are using a large instance in Windows Azure to compute some data that you retrieve from a SQL Azure database. If you don’t monitor the path of the application, you may not know what you are really using. Since you’re paying by the size of the instance, it’s best to maximize it all the time. Recently I evaluated just this situation, and found that downsizing the instance and adding another one where needed, adding a caching function to the application, moving part of the data into Windows Azure tables not only increased the speed of the application, but reduced the cost and more closely tied the cost to the profit.

The key is this: from the very outset - the design - make sure you include metrics to measure for the cost/performance (sometimes these are the same) for your application. Windows Azure opens up awesome new ways of doing things, so make sure you study distributed systems architecture before you try and force in the application design you have on premises into your new application structure.

This is a continuation of the books I challenged myself to read to help my career - one a month, for year. You can read my first book review here, and the entire list is here. The book I chose for March 2012 was: The Information: A History, a Theory, a Flood by James Gleick. I was traveling at the end of last month so I’m a bit late posting this review here.

Why I chose this book:

My personal belief about computing is this: All computing technology is simply re-arranging data. We take data in, we manipulate it, and we send it back out. That’s computing. I had heard from some folks about this book and it’s treatment of data. I heard that it dealt with the basics of data - and the semantics of data, information and so on.

It also deals with the earliest forms of history of information, which fascinates me. It’s similar I was told, to GEB which a favorite book of mine as well, so that was a bonus.

Some folks I talked to liked it, some didn’t - so I thought I would check it out.

What I learned:

I liked the book. It was longer than I thought - took quite a while to read, even though I tend to read quickly. This is the kind of book you take your time with. It does in fact deal with the earliest forms of human interaction and the basics of data.

I learned, for instance, that the genesis of the binary communication system is based in the invention of telegraph (far-writing) codes, and that the earliest forms of communication were expensive. In fact, many ciphers were invented not to hide military secrets, but to compress information. A sort of early “lol-speak” to keep the cost of transmitting data low!

I think the comparison with GEB is a bit over-reaching. GEB is far more specific, fanciful and so on. In fact, this book felt more like something fro Richard Dawkins, and tended to wander around the subject quite a bit. I imagine the author doing his research and writing each chapter as a book that followed on from the last one. This is what possibly bothered those who tended not to like it, I think.

Towards the middle of the book, I think the author tended to be a bit too fragmented even for me. He began to delve into memes, biology and more - I think he might have been better off breaking that off into another work. The existentialism just seemed jarring.

All in all, I liked the book. I recommend it to any technical professional, specifically ones involved with data technology in specific. And isn’t that all of us? :)

Windows Azure allows you to write code in languages within the .NET stack, you can use Java, C++, PHP, NodeJS and others. Code is code - other than keeping things stateless, using a Web or Worker Role in Azure is not all that different from working with an on-premises system.

However….

Working in a scalable, component-based stateless architecture that can use federated security is not all that common for many developers. Some are used to owning the server, scaling up, and state-full paradigms that have a single security domain. Making the transition whilst trying to create a new software application or even port a previous one can be daunting. Sure, we have absolutely tons of free training, kits, videos, online books and more to learn on your own, but some things like architecture can be pivotal as you move along.

So the question is, should you just strike out on your own for a Cloud project, or get Microsoft Consulting Services or another partner to work with you on your first one? I use a few decision points to help guide the projects I assist in.

Note: I’m a huge fan of having help that ends up giving you training and leaves you in charge. If you do engage with someone to help you, make sure you keep this clear and take more and more ownership yourself as the project progresses.

How much time do you have?

Usually the first thing I ask is about the timeline for the project. It doesn’t matter how skilled you are, if you have a short window to get things done it’s better to get help - especially if this is your first cloud project. Having someone that knows the platform well can save you amazing amounts of time. If you have longer, then start with the training in the link above and once you feel confident, jump in.

How complex is the project?

If there are a lot of moving parts, it’s best to engage a partner. The reason is that certain interactions - particularly things like Service Bus or Data Integration  - can be quite different than what you may have encountered before.

How many people do you have?

I have a “pizza rule” about projects I’ve used in my career - if it takes over two pizzas to feed everyone on the project, it’s too big and will fail. That being said, one developer and a one-week deadline does not a good project make, usually. It’s best to have at least one architect (or someone in that role) guiding the project along, and at least two developers to work on a cloud project. That’s a generalization of course, since I’ve seen great software on Azure with one developer writing code all by herself, but for more complex projects, more (to a point) is better. The nice thing about bringing on a partner is that you don’t have to hire them full time - they help you and then they go away.

How critical is the project?

There’s no shame in using some help. If the platform is new, if the project is large and complex, and if it is critical to the business, you should engage a partner. That’s regardless of Cloud or anything else - get some help. You don’t want to hit your company’s bottom line in a negative way, but you have to innovate and get them a competitive advantage. Do your research, make sure the partner is qualified to help you, and get it done.

Don’t let these questions scare you off. There are lots of projects you can implement on Windows and SQL Azure with nothing other than the Software Development Kit (SDK) that you get for free with Windows Azure. And assistance comes in many forms - sometimes just phone support, a friend you can ask. Microsoft Consulting Services or any of our great partners. You can get help on just the architecture piece or have them show you how to write the code. They’ll get involved as little or as much as you like.

Microsoft is working on a new Windows Azure service called “Trust Services”. Trust Services takes a certificate you upload and uses it to encrypt and decrypt sensitive data in the cloud. Of course, like any security service, there’s a bit more to it than that. I’ll give you a quick overview of how you can use this product to protect data you send to SQL Azure.

The primary issue with storing data in the cloud is that you are in an environment that isn’t under your control – in fact, that’s the benefit of being in a distributed computing environment in the first place. On premises you’re able to encrypt data you don’t want anyone else to see, using various methods such as passwords (not very strong) or certificates (stronger). When you use a certificate, it’s vital that you create (or procure) and protect it yourself.

When you store data remotely, regardless of IaaS, PaaS or SaaS, you don’t own the machines where the data lives. That means if you use a certificate from the cloud vendor to encrypt the data, you have to trust that the data won’t be accessed by the vendor. In some cases having a signed agreement with the vendor that they won’t access your data is sufficient, in other cases that doesn’t meet the requirements your system has for security.

With the new Trust Services service, the basic process is that you use a Portal to create a Trust Server using policies and other controls. You place a X.509 Certificate you create or procure in that server. Using the Software development Kit (SDK), the developer has access to an Application Layer Encryption Framework to set fields of data they want to encrypt. From there, the data can be stored in SQL Azure as a standard field – only it is encrypted before it ever arrives. The portion of the client software that decrypts the data uses the same service, so the authenticated user sees the data if they are allowed to do so. The data remains encrypted “at rest”. 

You can learn more about this product and check it out in the SQL Azure labs at Microsoft Codename "Trust Services"

Windows Azure as a Platform as a Service (PaaS) means that there are various components you can use in it to solve a problem:

1. Compute “Roles” - Computers running an OS and optionally IIS - you can have more than one "Instance" of a given Role
2. Storage - Blobs, Tables and Queues for Storage
3. Other Services - Things like the Service Bus, Azure Connection Services, SQL Azure and Caching

It’s important to understand that some of these services are Stateless and others maintain State. Stateless means (at least in this case) that a system might disappear from one physical location and appear elsewhere. You can think of this as a cashier at the front of a store. If you’re in line, a cashier might take his break, and another person might replace him. As long as the order proceeds, you as the customer aren’t really affected except for the few seconds it takes to change them out. The cashier function in this example is stateless.

The Compute Role Instances in Windows Azure are Stateless. To upgrade hardware, because of a fault or many other reasons, a Compute Role's Instance might stop on one physical server, and another will pick it up. This is done through the controlling fabric that Windows Azure uses to manage the systems.

It’s important to note that storage in Azure does maintain State. Your data will not simply disappear - it is maintained - in fact, it’s maintained three times in a single datacenter and all those copies are replicated to another for safety. Going back to our example, storage is similar to the cash register itself. Even though a cashier leaves, the record of your payment is maintained.

So if a Compute Role Instance can disappear and re-appear, the things running on that first Instance would stop working. If you wrote your code in a Stateless way, then another Role Instance simply re-starts that transaction and keeps working, just like the other cashier in the example.

But if you only have one Instance of a Role, then when the Role Instance is re-started, or when you need to upgrade your own code, you can face downtime, since there’s only one. That means you should deploy at least two of each Role Instance not only for scale to handle load, but so that the first “cashier” has someone to replace them when they disappear. It’s not just a good idea - to gain the Service Level Agreement (SLA) for our uptime in Azure it’s a requirement. We point this out right in the Management Portal when you deploy the application:

(Click to enlarge)

When you deploy a Role Instance you can also set the “Upgrade Domain”. Placing Roles on separate Upgrade Domains means that you have a continuous service whenever you upgrade using an in-place or VIP-Swap method (more on upgrades in another post) - the process looks like this for two Roles. This example covers the scenario for upgrade, so you have four roles total - One Web and one Worker running the "older" code, and one of each running the new code. In all those Roles you want at least two instances, and this example shows that you're covered for High Availability and upgrade paths:

The take-away is this - always plan for forward-facing Roles to have at least two copies. For Worker Roles that do background processing, there are ways to architect around this number, but it does affect the SLA if you have only one.

Windows Azure is a Platform as a Service – a PaaS – that runs code you write. That code doesn’t just mean the languages on the .NET platform – you can run code from multiple languages, including Java. In fact, you can develop for Windows and SQL Azure using not only Visual Studio but the Eclipse Integrated Development Environment (IDE) as well.

 Although not an exhaustive list, here are several links that deal with Java and Windows Azure:

Resource	Link
Running a Java Environment on Windows Azure	http://blogs.technet.com/b/port25/archive/2010/10/28/running-a-java-environment-on-windows-azure.aspx
Run Java with Jetty in Windows Azure	http://blogs.msdn.com/b/dachou/archive/2010/03/21/run-java-with-jetty-in-windows-azure.aspx
Using the plugin for Eclipse	http://blogs.msdn.com/b/craig/archive/2011/03/22/new-plugin-for-eclipse-to-get-java-developers-off-the-ground-with-windows-azure.aspx
Run Java with GlassFish in Windows Azure	http://blogs.msdn.com/b/dachou/archive/2011/01/17/run-java-with-glassfish-in-windows-azure.aspx
Improving experience for Java developers with Windows   Azure	http://blogs.msdn.com/b/interoperability/archive/2011/02/23/improving-experience-for-java-developers-with-windows-azure.aspx
Java Access to SQL Azure via the JDBC Driver for SQL   Server	http://blogs.msdn.com/b/brian_swan/archive/2011/03/29/java-access-to-sql-azure-via-the-jdbc-driver-for-sql-server.aspx
How to Get Started with Java, Tomcat on Windows Azure	http://blogs.msdn.com/b/usisvde/archive/2011/03/04/how-to-get-started-with-java-tomcat-on-windows-azure.aspx
Deploying Java Applications in Azure	http://blogs.msdn.com/b/mariok/archive/2011/01/05/deploying-java-applications-in-azure.aspx
Using the Windows Azure Storage Explorer in Eclipse	http://blogs.msdn.com/b/brian_swan/archive/2011/01/11/using-the-windows-azure-storage-explorer-in-eclipse.aspx
Windows Azure Tomcat Solution Accelerator	http://archive.msdn.microsoft.com/winazuretomcat
Deploying a Java application to Windows Azure with   Command-line Ant	http://java.interoperabilitybridges.com/articles/deploying-a-java-application-to-windows-azure-with-command-line-ant
Video: Open in the Cloud: Windows Azure and Java	http://channel9.msdn.com/Events/PDC/PDC10/CS10
AzureRunMe	http://azurerunme.codeplex.com/
Windows Azure SDK for Java	http://www.interoperabilitybridges.com/projects/windows-azure-sdk-for-java
AppFabric SDK for Java	http://www.interoperabilitybridges.com/projects/azure-java-sdk-for-net-services
Information Cards for Java	http://www.interoperabilitybridges.com/projects/information-card-for-java
Apache Stonehenge	http://www.interoperabilitybridges.com/projects/apache-stonehenge