Windows Azure TechEd Challenge – Final Cheat

Hey everyone! Another ambitious plan that didn’t quite get completed. Here we are in the early morning of the final day of TechEd North America and I didn’t get all the cheats posted. I want to get one more out so I’m going to tackle the fourth IT pro challenge, Active Directory

So there’s a bit of a catch with this one, and it’s a catch that caught a few folks I talked with yesterday. If you belong to an organization that’s on Office 365 (and as a Microsoft employee, I’m in this category), you will need to be a “domain admin” for the first part of this challenge. So if you’re doing this step, I would actually encourage you to do this challenge on a separate subscription. A free trial will work fine. Additionally, due to current limits we have in place, you can’t alter or delete an Azure Active Directory domain once it’s been created. So yet another good reason to put this on a separate subscription as well as not use a name that you may someday want to use in production. I know this limit seems silly, but we have our reasons. And this has been hashed out elsewhere, so for now let’s just focus on the challenge at hand.

For the first step in this challenge, we will create an active directory domain. We’ll log into our free trial subscription and click on the pyramid shape along the left to access the identity management section of the management portal. Next, we’ll click on the “+ New” to create a new domain. We’ll get a quick pop-up asking for a domain name and a few other details, but within a couple minutes we’ll have our Azure Active Directory created.

Next, we’re going to select that domain, and add a new user by clicking on the “Add User” option in the toolbar. In the resulting pop-up we’ll designate the type of user (I’m going to create a new one), the users name, the domain they’re in. On the next tab, you designate the profile. In this section we’ll need to make sure we set our user as a “global admin”. This option (in addition to other things), gives us the option of enabling 2-factor authentication which is a requirement for this challenge.

We’ll create a temporary password for my new user and email it to them (me in this case). After a few minutes, the password email should come through and we’re ready to set up the user. Meanwhile, let’s get the user added as an administrator on the subscription.

Back in the management portal, we’ll scroll down to the bottom of the left toolbar, and select “settings”. Then on the settings page, select “Administrators” (you should see you current Microsoft account listed), and select “Add” from the toolbar along the bottom. We’ll get the “Add a Co-Administrator” dialog which we just need to complete (using the email address of the domain user we just added).

Make sure you click the checkbox to add the user as an administrator to the subscription, then you should be all set up.

In the time it took us to create add the user as a co-admin to the subscription, we should have received the temporary password. So lets log out of the management portal and log back in using our new administrative user. When you go to sign-in, be sure to designate it as an organizational account and we’ll be prompted to change our temporary password.

Since this is the first time we’ve logged in with this new account, we’ll also be prompted to provide the additional information or two factor authentication. I went ahead and just had it use my mobile phone and just call me (you can have it text you instead).

 

You’ll get a call/text to verify the phone, then we’re ready to finally log in! We’ll get called again, this time to verify we want to log in. If all has gone well, we’ll see the management portal for our Windows Azure subscription along with the “Windows azure Tour” dialog wizard.

And that’s all there is to step 4. I still want to get 5 done, but that will likely have to wait until tomorrow afternoon when show is over and things have returned to a state of normal (after I dig through my backlog of email). So until then, good luck with the challenge and I hope to see you at the booth this morning!

Windows Azure TechEd Challenge – Wednesday Cheats (Part 1)!

Hey all! Sorry I missed yesterday’s update of the cheats. The booth was busy enough I ended up working double shifts and then I had some technical issues preventing me from getting the next update out (stupid failed power supply). So I didn’t manage to get to this. But I’m back this morning for another update and I’m preparing this from my “meeting” device, aka a Surface RT. One item that did come up yesterday was the realization that you can complete the entirety of the IT Pro Windows Azure Challenge from a Surface RT device! Really! So I’m going to walk through IT Pro challenges 3-5 entirely with my Surface RT!

IT Pro Challenge 3 – Create an image from a VM and redeploy with HA

So last time we created and configured a Server 2012 virtual machine and installed IIS into it. This time we need to capture that server as an image and deploy a second, load balanced copy taking advantage of high availability.

Now the first step is to create an image from our running virtual machine. The details steps for this are outlined in this MSDN article. For this we’ll need to RDP into the virtual machine we created in Challenge 2, then sysprep it. Since Surface RT includes a Remote Desktop app, I can do this without switching to a “normal workstation”.

Once we’ve issued the request to sysprep the virtual machine, we can log off and just watch the management portal until the virtual machine enters a stopped state.

*coffee time*

Now that the machine has stopped, we can capture a copy of it by selecting it like we did yesterday (select the row, don’t go into the detail view) and select “Capture” from the menu at the bottom of the page (which should now be enabled, if it isn’t make sure the machine has stopped). When clicking the capture option, you’ll get a pop-up like the one to the left. Fill it out and click on the check mark to complete this operation.

You’ll see the status of the virtual machine change to “Registering” as we capture the image. When complete, the virtual machine itself will disappear, and we’ll now see if under the list of images with the name we provided.

Now we’ll start by deploying the first virtual machine from this base image. Using the toolbar at the bottom, click the “+” sign then select Compute -> Virtual Machine -> From Gallery as illustrated below:

This will result in a dialog box where we can select to create a VM from “My Images” then define the size and location of our VM as we did when we initially deployed it. We’ll select to deploy this as a ‘stand alone’ machine, but this time we want to make sure we create an availability set. Availability sets are a way to tell the Windows Azure fabric to distribute virtual machines in such a way as to minimize the risk of downtime simultaneous downtime. Spreading it out over multiple physical locations within the datacenter for lack of a better explanation. You can enable remote powershell if you like (not necessary for the TechEd Challenge), but make sure you define it as part of an availability set.

Once the first machine has finished deploying, create a second, but this time instead of a “stand along” machine, we need to attach this one to the first.

And make sure it’s part of the same availability set. The new machine will be provisioned, and we’re almost there.

Once both machines are running, we can now set up load balanced endpoints. Endpoints in Windows Azure are important because they control what ports the outside world can connect to our virtual machines on. If you select one of the virtual machines and view the details (what we’ve been avoiding so far), and then click on “Endpoints”, we’ll see one, perhaps two endpoints already declared: RDP and remote powershell.

By defining these endpoints, we’ve told Windows Azure to allow traffic directly to this virtual machine on these ports and over a specific protocol.

To create an endpoint on our first server, select the “Add” option in the bottom toolbar and following the instructions in the dialog box. So let’s create a new endpoint (port 80 for argument’s sake) and make sure both machines have it and that Windows Azure will know to load balance the traffic. For the first server, I “add endpoint” then created one called “webdefault” and used port 80 for both the public and private ports. Once created, we should be able to open up a browser windows and enter in the address of our service and see the default IIS display screen.

Next we’ll select our second virtual machine, and create an endpoint on it. The only real difference is that this time we’ll select to “Load-Balance Traffic on an existing endpoint” as shown below.

Once both have been created. You’ve completed IT Pro Challenge 3 and are ready to receive your Windows Azure earbuds!

So I have to run to a session. But I’ll try to be back this afternoon with more cheats so you can get your Windows Azure swag. Until then!

Windows Azure TechEd Challenge – Monday Cheats!

For Microsoft’s TechEd North American event, we’re running at promotion at the booth. This promotion asks you to walk through a series of “tasks” and once the tasks have been validated by one of our booth staff members, you’re eligible to win a prize. Now we’ve had some great interest in this, but sadly many folks are still somewhat… intimidated by all the options that exist in the platform.

Now maybe I’m just an enabler, but I don’t like denying folks goodies. So to that end, I’m going to be producing a series of blog posts that will actually walk through these tasks in clear (and hopefully easily repeatable steps) for even the newest Windows Azure explorers.

As the first post in this series, I’m going to cover the first three tasks for both Developers and IT Pros. As a self-proclaimed “code money”, I’m going to let the developers go first.

Developer Challenge 1 – Active your MSDN Benefit Trial

Of course, I can’t make this walkthrough as detailed as I would have liked because I only have one MSDN subscription and I’ve already activated the MSDN benefits for it. But hopefully this will be enough to get you your free Windows Azure Water Bottle!

Start by going to
http://msdn.microsoft.com
and logging in using your Microsoft Account (formerly “Live ID”). Once logged in, you’ll see the main landing page and off to the right, you’ll see a link for “Access Benefits”. I’ve highlighted this in the following picture.

Now if you’re paying attention, you’ll also see that you can click on the “Activate Now” in the big banner. Alternatively, if this is all too difficult, just shortcut all of this and head to:
http://www.windowsazure.com/en-us/campaigns/car/

J I can’t make it much easier.

Once clicked, just follow the prompts to complete setting up your MSDN subscription. You’ll be asked for a credit card (we’ll put a spending limit on the account to prevent any surprise charges) and likely a phone number to help with activation (it’s a fraud prevent measure, sorry). But if all goes well, this should be a fairly painless process. And in about 5 minutes, you’ll hopefully have this task complete and be eligible for your first Windows Azure challenge prize! A well-deserved pat on the back.

Developer Challenge 2 – Create/deploy a Windows Server 2012 VM

Honestly, this one is super easy! And fortunately I can get really detailed on this one. Start by logging into the Windows Azure Management portal at
https://manage.windowsazure.com/
using the Microsoft Account that has your subscription. Once logged on, scroll to the bottom of the page and click on the big “+ New” link.

Once click, a menu will “slide up” from the bottom and you’ll navigate through this menu as follows: Compute -> Virtual Machine -> Quick Create (see screen shot).

This will result in a dialog box that will ask you to select the type of machine you’re wanting to deploy. There’s a couple things you’ll want to know:

• The DNS Name must be globally unique. This name is used by Windows Azure to help route requests directed at your machine to the proper datacenter, and then within the datacenter to the proper virtual machine. So can’t be a name that is already in use.
• Make sure you select the “Windows Server 2012″ Image (that’s what the task calls for)
• For the Size, select “extra small”. This size may not be very powerful, but minimizes the amount of your MSDN benefit you’ll use.
• Username needs to be something besides “admin”, so pick something that’s easy for you to remember but also fairly secure (sorry, I’m blurred mine. I’m paranoid that way).
• Use a STRONG password. You won’t want to try to validate your solution and find its been hacked because your password was “p4ssW0rd!”.
• Pick a Location that’s convenient. Only locations that can host Windows Azure Virtual Machines will be vislble.

That’s all there is to it!

Developer Challenge 3 – Deploy an ASP.NET application and database

Ok, a bit trickier this time. We’re going to make you work for those ear buds! There’s multiple steps that need to be done to make this one work properly. So be prepared. The outline is…

• Install the Windows Azure SDK
• Create the Windows Azure Environment (where our Web Site will be hosted)
• Create an application to be deployed (in Visual Studio)
• Deploy the Application (requires importing our Windows Azure publishing profile)
• Adding a database & data model
• Created a data deployment script (used to update the cloud database)
• Publish our changes from Visual Studio to Windows azure

Now admittedly, these steps are enough for an entirely article. And fortunately, there’s already one written over on MSDN. You don’t need to complete the “o-auth” portions of that article for this task. But if you have an extra 15-20 minutes, I’d highly recommend you make the investment.

IT Pro Challenge 1 – Activate a Free Trial

Now enough developer stuff for today. Let’s look at the IT Pro side and get you setup for a free 1-month trial!

Like claiming MSDN benefits, this is super easy! Head over to
http://www.windowsazure.com
and click on the “Free Trial” link in the upper right (see image). If that’s too painful, then just click here! You’ll sign in with a Microsoft Account, provide the appropriate information (credit card, phone number, etc…) and the account will be setup pretty quickly. Again, there’s a spending cap in place so you should have to worry about any surprise bills.

With this step complete, you’ve qualified for your “Cloud Pro” badge.

IT Pro Challenge 2 – Create/deploy a Windows Server Virtual Machine with IIS and a data disk

Ok, the developers had it easy on this one. They only had to do one of three things you IT Pros are being asked for. But hey, they’re “just devs” (just kidding my fellow code monkeys). So lets start by creating the virtual machine just as I discussed in the Developer Challenge 2. Get this provisioned, go catch a TechEd Session, or maybe just get something to drink while you give your virtual machine 10-15 minutes to be built and started.

*insert commercial break here*

Hey there! Glad you could join us again! Time to remote into our virtual machine and get it customized. Lets get logged back into the management portal at
http://manage.windowsazure.com
and then select the “virtual machines’ group found in the left hand column. Then select the virtual machine we just deployed. Now be sure to select it, don’t click on the hour (I know, this is a bit confusing). I find the easiest way to do this is to not click on the server name, but instead on its status. This selects the row for me, without opening the server details screen.

Now the reason we want the row, is that when we select it, the “tool bar” across the bottom of the screen updates. What we’re most interested in is the “CONNECT” option. Click this button will open a new browser window and prompt us to open an RDP (remote desktop profile) file so we can connect to our virtual machine.

So click away! We’ll likely be prompted with an “unknown publisher” error, go ahead and click through that. Then when prompted for login credentials, use the admin user we defined when we created the virtual machine. This may require you to click on “other user” so you can enter in the machine name (as the domain) and userid for the administrator account you provided. After this, the connection should get secured and you may get prompted with a certificate error. Feel free to click through that one again as well.

Now the task calls for IIS, but in reality we’re not validating this. But you’re an IT pro, so I expect once you’re into an RDP session as an administrator, adding IIS should be a simple process. I’m a dev and I managed it. Here’s the short of it (providing you used the Server 2012 quick launch):

• Launch system manager by clicking on the icon in the bottom left corner
• Click on “add roles and features”
• Click “next” to get through the “before you begin” page
• Select a “role-based or feature based installation”
• Select “server roles” in the left menu
• Scroll down until you find “Web Server (IIS) and select it
• Confirm “add features” and click next (a few times)
• Finally, click “install”

The installation will run for a few minutes (depending on the size of the VM). So feel free to kick this off and go get a beverage refill.

Now we get to add a data disk to our virtual machine. This allows us to put more disks into the VM and keep them separated from the OS disk. Like before, we need to select the virtual machine without going into its detail view. But this time, instead of click on “connect”, we’re going to select the “attach” option as highlighted below.

In particular, we’re going to select “Attach empty disk”. We’ll then select a storage account for that disk (by default, it will be placed into the same location as your OS disk), a size (up to 1 terabyte), and a cache preference. For the sake of your challenge, these options don’t much matter. So set a few options, and click the check mark to finalize this.

Now that we’re created the disk and attached it to the VM, we just need to remote back into the machine, and add the new disk in via the manager. So once again we go back into Server Manager in our virtual machine, select File and Storage Services, then disk, and select our virtual machine. We’ll see our new drive in the list (I’ve highlighted mine in the screen shot below), then right-click on the drive and select “initialize”.

Add a volume if you so desire, but at this point we’re just trying to make sure there’s a disk so we can win our next piece of swag. Just be prepared to come by the booth with an RDP session open so you can show us that you have the disk attached to the VM. J

BTW, even though I created a 500gb disk, I won’t pay but a few pennies because the only thing stored on my new disk is the FAT info. Just don’t do a low level format or you’ll be paying for the full 500gb.

Free Windows Azure water bottle unlocked!

Next time

So this concludes the Monday TechEd North America 2013 edition of our challenge. Tomorrow I’m going to try and publish another step for each of these so you can get your really sweet remote control mini-Coopers! But for now, you have no excuse not to get a water bottle, some earbuds, and a nice “atta boy”.

Enjoy!

IaaS – The changing face of Windows Azure

I need to preface this post by saying I should not be considered, by any stretch of imagination, a “network guy”. I know JUST enough to plug in an Ethernet cable, not to fall for the old “the token fell out of the network ring” gag, and know how to tracert connectivity issues. Thanks mainly to my past overindulgence in online role playing games.

In June of 2012, we announced that we would be adding Infrastructure as a Service (IaaS) features to the Windows Azure Platform. While many believe that Platform as a Service (PaaS) is still the ultimate “sweet spot” with regards to cost/benefit ratios, the reality is that PaaS adoption is… well… challenging. After 25+ years of buying, installing, configuring, and maintaining hardware, nearly everyone in the IT industry tends to think of terms of servers, both physical and virtual. So the idea of having applications and data float around within a datacenter and not tied to specific locations is just alien for many. This created a barrier to the adoption of PaaS, a barrier that we are hoping our IaaS services will help bridge (not sure about “bridging barriers” as a metaphor since I always visualize barriers as those concrete fence things on the side of highway construction sites for but we’ll just go with it).

Unfortunately, there’s still a lot of confusion about what our IaaS solution is and how to work with this. Over the last few months, I’ve run into this several times with partners so I wanted to pull together some of my learnings into a single blog post. As much for my own personal reference as for me to be able to easily share it with all of you.

Some terminology

So I’d like to start by explaining a few terms as they are used within the Windows Azure Platform…

Cloud Service – This is a collection of virtual machines (either PaaS role instances or IaaS virtual machines) representing an isolation boundary that contains computational workloads. A Cloud Service can contain either PaaS compute instances, or IaaS Virtual Machines, but not both. (UPDATE 4/16/2013: A IaaS VM hosting Cloud Service will only appear in the cloud service tab of the management portal after at second VM has been added to it. Once visible, it will remain so until it is deleted).

Availability Set – For PaaS solutions, the Windows Azure Fabric already knows to distribute the same workload across different physical hardware within the datacenter. But for IaaS, I need to tell it to do this with the specific virtual machines I’m creating. We do this by placing the virtual machines into an availability set.

Virtual Network – Because addressability to the PaaS or IaaS instances within Cloud Services is limited to only those ports that you declare (by configuring endpoints), it’s sometimes helpful to have a way to create bridges between those boundaries or even between them and on-premises networks. This is where Windows Azure Virtual Networks come into play.

The reason these items are important is that in Windows Azure you’re going to use them to define your solution. Each piece represents a way to group, or arrange resources and how they can be addressed.

You control the infrastructure, mostly…

Platform as a Service, or PaaS, handles a lot for you (no surprise as that’s part of the value proposition). But in Infrastructure as a Service, IaaS, you take on some of that responsibility. The problem is that we are used to taking care of traditional datacenter deployments and either a) don’t understand what IaaS still does for us and b) just aren’t sure how this cloud stuff is supposed to be used. So we, through no fault of our own try to do things the way we always have. And who could really blame us?

So let’s start with what Windows Azure IaaS still does for you. It obviously handles the physical hardware and hypervisor management. This includes provisioning the locations for our Virtual Machines, getting them deployed, and of course moving them around the data center in the case of a hardware failure or host OS (the server that’s hosting our virtual machine) upgrades. The Azure Fabric, our secret sauce as it were, also controls basic datacenter firewall configuration (what ports are exposed to the internet), load balancing, and addressability/visibility isolation (that Cloud Service thing I was talking about). This covers everything right up to the virtual machine itself. But that’s not where it stops. To help secure Windows Azure, we control how all the virtual machines talk to our network. This means that the Azure Fabric also has control of the virtual NIC that is installed into your VM’s!

Now the reason this is important is that there are some things you’d normally try to do if you were creating a network in a traditional datacenter. Like possibly providing fixed IP’s to the servers so you can easily do name resolution. Fixed IPs in a cloud environment is generally a bad idea. Especially so if that cloud is built on the concept of having the flexibility to move stuff around the datacenter for you if it needs too. And if this happens in Windows Azure, it’s pretty much assured that the virtual NIC will get torn down and rebuilt and in the process lose any customizations you made to it. This is also a frequent cause for folks losing the ability to connect to their VMs (something that’s usually fixable by re-sizing/kicking the VM via the management portal). It also highlights one key, but not often thought of feature that Windows Azure provides for you, server name resolution.

Virtual Machine Name Resolution

The link I just dropped does a pretty good job of explaining what’s available to you with Windows Azure. You can either let Windows Azure do it for you and leverage the names you provided for the virtual machines when you created them, or you can use Virtual Networking to bring your own DNS. Both work well, so it’s really a matter of selecting the right option. The primary constraint is that the Windows Azure provided name resolution will only work for virtual machines (be they IaaS machines or PaaS role instances) hosted in Windows Azure. If you need to provide name resolution between cloud and on-premises, you’re going to want to likely use your own DNS server.

The key here again is to not hardcode IP address. Pick the appropriate solution and let it do the work for you.

Load Balanced Servers

The next big task is how to load balance virtual machines in IaaS. For the most part, this isn’t really any different than how you’d do it for PaaS Cloud Services, create the VM, and “attach” it to an existing Virtual Machine (this places both virtual machines within the same cloud service). Then, as long as both machines are watching the same ports, the traffic will be balanced between the two by the Windows Azure Fabric.

If you’re using the portal to create the VM, you’ll need to make sure you use the “create from gallery” option and not quick create. Then as you progress through the wizard, you’ll hit the step where it asks you if you want to join the new virtual machine to an existing virtual machine or leave it as standalone.

Now once they are both part of the same cloud service, we simply edit the available endpoints. In the management portal, you’ll select a Virtual Machine, and either add or edit the endpoint using the tools menu across the bottom. Then you set the endpoint attributes manually (if it’s a new endpoint that’s not already load balanced), or choose to load balance it with a previously defined endpoint. Easy-peasy. J

High Availability

Now that we have load balanced endpoints, the next step is to make sure that if one of our load balanced virtual machines goes offline (say a host OS upgrade or hardware failure), that the service doesn’t become entirely unavailable. In Windows Azure Cloud Services, the Fabric would automatically distribute the running instances across multiple fault domains. To put it simply, fault domains try to help ensure that workloads are spread across multiple pieces of hardware, this way if there is a hardware failure on a ‘rack’, it won’t take down both machines. When working with IaaS, we still have this as an option but we need to tell the Azure Fabric that we want to take advantage of this by placing our virtual machines into an Availability Set so the Azure Fabric knows it should distribute them.

You configure a virtual machine that’s already deployed to join it to an Availability Set, or we can assign a new one to a set when we create/deploy it (providing we’re not using Quick Create which you hopefully aren’t anyways because you can’t place a quick create VM into an existing cloud service). Both options work equally well and we can create multiple Availability Sets within a Cloud Service.

Virtual Networks

So you might ask, this is all find and dandy if the virtual machines are deployed as part of a single cloud service. But I can’t combine PaaS and IaaS into a single cloud service, and I also can’t do direct machine addressing if the machine I’m connecting to exists in another cloud service, or even on-premises. So how do I fix that? The answer is Windows Azure Virtual Networks.

In Windows Azure, the Cloud Service is an isolation boundary, fronted by a gatekeeper layer that serves as a combination load balancer and NAT. The items inside the cloud service can address each other directly and any communication that comes in from outside of the cloud service boundary has to come through the gatekeeper. Think of the cloud service as a private network branch. This is good because it provides a certain level of network security, but bad in that we now have challenges if we’re trying to communication across the boundary.

Virtual Network allows you to join resources across cloud service boundaries, or by leveraging an on-premises VPN gateway to join cloud services and on-premises services. Acting as a bridge across the isolation boundaries and enabling direct addressability (providing there’s appropriate domain resolution) without the need to publically expose the individual servers/instances to the internet.

Bringing it all together

So if we bring this all together, we now have a way to create complex solutions that mix and match different compute resources (we cannot currently join things like Service Bus, Azure Storage, etc… via Virtual Network). One such example might be the following diagram…

A single Windows Azure Virtual Network that combines an on-premises server, a PaaS Cloud Service, and both singular and load balanced virtual machines. Now I can’t really speculate on where this could go next, but I think we have a fairly solid starting point for some exciting scenarios. And if we do for IaaS what we’ve done for the PaaS offering over the last few years… continuing to improve the tooling, expanding the feature set, and generally just make things more awesome, I think there’s a very bright future here.

But enough chest thumping/flag waving. Like many topics here, I created this to help me better understand these capabilities and hopefully some of you may benefit from it as well. If not, I’ll at least share with you a few links I found handy:

Mike Washam – Windows Azure Virtual Machines

MSDN – Windows Azure Name Resolution

WindowsAzure.com – Load Balancing Virtual Machines

WindowsAzure.com – Manage the Availability of Virtual Machines

Until next time!

Windows Azure Web Sites – Quotas, Scaling, and Pricing

It hasn’t been easy making the transition from a consultant to someone that for lack of a better explanation is a cross between pre-sales and technical support. But I’ve come to love two aspects of this job. First off, I get to talk to many different people and I’m constantly learning as much from their questions as I’m helping teach them about the platform. Secondly, when not talking with partners about the platform, I’m digging up answers to questions. This gives me the perfect excuse… er… reason to dig into some of the features and learn more about them. I had to do this as a consultant, but the issue there is that since I’d be asked to do this by paying clients, they would own the results. But now I do this work on behalf of Microsoft, it’s much easier to share these findings with the community (providing it doesn’t violate non-disclosure agreements of course). And since this blog has always been a way for me to document things so I can refer back to them, it’s a perfect opportunity to start sharing this research.

Today’s topic is Windows Azure Web Sites quotas and pricing. Currently we (Microsoft) doesn’t IMHO do a very good job of making this information real clear. Some of it is available over on the pricing page, but for the rest you’ve got to dig it out of blog posts or from the Web Site dashboard’s usage overview details in the management portal. So I decided it was time to consolidate a few things.

Usage Quotas

A key aspect of the use of any service is to understand the limits. And nowhere is this truer then the often complex/confusing world of cloud computing services. But when someone slaps a “free” in front of a service, we tend to forget this. Well here I am to remind you. Windows Azure Web Sites has several dials that we need to be aware of when selecting the level/scale of Windows Azure Web Sites (Free, Shared, and Reserved).

File System/Storage: This is the total amount of space you have to store your site and content. There’s no timeframe on this one. If you reach the quota limit, you simply can’t write any new content to the system.

Egress Bandwidth: This is the amount of content that is served up by your web site. If you exceed this quota, your site will be temporarily suspended (no further requests) until the quota timeframe (1 day) resets.

CPU Time: This is the amount of time that is spent processing requests for your web site. Like the bandwidth quota, if you exceed the quota, your site will be temporarily suspended until the quota timeframe resets. There are two quota timeframes, a 5 minute limit, and a daily limit.

Memory: is the amount of RAM that the site can use at one shot (there’s no timeframe). If you exceed the quota, a long running or abusive process will be terminated. And if this occurs often enough, your site may be suspended. Which is pretty good encouragement to rethink that process.

Database: There’s also up to 20mb for database support for your related database (MySQL or Windows Azure SQL Database currently). I can’t find any details but I’m hoping/guessing this will work much like the File Storage quota.

Now for the real meat of this. What are the quotas for each tier? For that I’ve created the following table.

Quota Resource	Free Tier	Shared Tier (per web site)	Reserved Tier (up to 100 sites)
File Storage	1024mb for all sites	1024mb	10gb
Egrees Bandwidth	165mb/day per datacenter, 5gb per region	Pay as you go, not included in base price	Pay as you go, not included in base price
CPU Time	1hr/day, 2.5 minutes of every 5	4hrs/day, 2.5 minutes of every 5	N/A
Memory	1024mb/hr	512mb/hr	N/A
Database	20mb	20mb	N/A

Now there’s an important but slightly confusing “but” to the free tier. At that level, you get a daily limit egress bandwidth quota per sub-region (aka datacenter), but there’s also a regional (US, EU, Asia) limit (5GB). The regional limit is the sum total off all web sites you’re hosting that is shared with any other services. So if you’re also using Blob storage to serve up images from your site that will count against your “free” 5 GB. But when you move to the shared/reserved tier, there’s no limit, but you pay for every gigabyte that leaves the datacenter.

Monitoring Usage

Now the next logical question is how you monitor the resources your sites are using. Fortunately, the most recent update to Windows Azure portal has a dashboard that provides a quick glance as how much you’re using of each quota. This displays just below usage grid on the “Dashboard” panel of the web site.

At a glance you can tell where you on any quotas which also makes it convenient for you to predict your usage. Run some common scenarios and see what they do to your numbers and extrapolate from there.

You can also configure the site for diagnostics (again via the management portal). This allows you to take the various performance indicators and save them to Windows Azure Storage. From there you can download the files and set up automated monitors to alert you to problems. Just keep in mind that turning this on will consume resources and incur additional charges.

Fortunately, there’s a pretty good article we’ve published on Monitoring Windows Azure Web Sites.

Scaling & Pricing

Now that we’ve covered your usage quotas and how to monitor your usage, it’s important to understand how we can scale the capacity of our web sites and the impact this has on pricing.

Scaling our web site is pretty straight forward. We go can go from the Free Tier, to Shared, to Reserved using the management portal. Select the web site, click on the level, and then save to “scale” your site. But before you do that, you will want to understand the pricing impacts.

At the Free tier, we get up to 10 web sites. When we move a web site to shared, we will pay $0.02 per hour for each web site (at general availability). Now that this point, I can mix and match free (10 per sub-region/datacenter) and shared (100 per sub-region/datacenter) web sites. But things get a bit trickier when we move to reserved. A reserved web site is a dedicated virtual machine for your needs. When you move a web site within a region to the reserved tier, all web sites in that same sub-region/datacenter (up to the limit of 100) will also be moved to reserved.

Now this might seem a bit confusing until you realize that at the reserved tier, you’re paying for the virtual machine and not an individual web site. So it makes sense to have all your sites hosted on that instance, maximizing your investment. Furthermore, if you are running enough shared tier web sites, it may be more cost effective to run them as reserved.

Back to scaling, if you scale back down to the free or shared tiers, the other sites will revert back to their old states. For example, let’s assume you have two web sites one at the free tier, one at the shared tier. I scale the free web site up to reserved and now both sites are reserved. If I scale the original free tier site back to free, the other site returns to shared. If I opted to scale the original shared site back to shared or free, then the original free site returns to its previous free tier. So it’s important when dealing with reserved sites that you remember what tier they were at previously.

The tiers are not our only option for scaling our web sites. We also have a slider labelled instance count if we are running a Shared or Reserved site. When running at the shared tier, this slider will change the number of processing threads that are servicing the web site allowing us between 1 and 6 threads. Of course, it we increase the threads, there’s a greater risk of hitting our cpu usage quota. But this adjustment could come in real handy if we’re experiencing a short term spike in traffic. Running at the reserved tier, the slider increases the number of virtual machine instances we (and subsequently our cost). This option allows us to run up to 10 reserved instances.

Also at the reserved tier, we can increase the size of our virtual machine. By default, our reserved instance will be a “small” giving us a single cpu core and 1.75 GB of memory at a cost of $0.12/hr. We can increase the size to “Medium” and even “Large” with each size increase doubling our resources and the price per hour ($0.24 and $0.48 respectively). This cost will be per virtual machine instance, so if I have opted to run 3 instances, take my cost per hour for the size and multiple it by 3.

So what’s next?

This pretty much hits the limits of what we can do with scaling web sites. But fortunately we’re running on a platform that’s built for scale. So it’s just a hop, skip, and jump from Web Sites to Windows Azure Cloud Services (Platform as a Service) or Windows Azure Virtual Machines (Infrastructure as a service). But that’s an article for another day. J

BUILD 2012 – Not just for Windows anymore

Last week marked the second BUILD conference. In 2011, BUILD replaced the Microsoft PDC conference in an event that was so heavily Windows 8 focused that it was even host at buildwindows.com. While the URL didn’t change for 2012, the focus sure did as this event also marked the latest round of big release news for Windows Azure. In this post (which I’m publishing directly from MS Word 2013 btw), I’m going to give a quick rundown of the Windows Azure related announcements. Think of this as your Cliff Notes version of the conference.

Windows Azure Service Bus for Windows Server – V1 Released

Previously released as a beta/preview back in June, this on-premise flavor of the Windows Azure Service bus is now fully released and available for download. Admittedly, it’s strictly for brokered messaging for now. But it’s still a substantial step towards providing feature parity between public and private cloud solutions. Now we just need to hope that shops that opt to run this will run it as internal SaaS and not set up multiple silos. Don’t get me wrong. It’s nice to know we have the flexibility to do silos, but I’m hoping we learn from what we’ve seen in the public cloud and don’t fall back to old patterns.

One thing to keep in mind with this… It’s now possible for multiple versions of the Service Bus API to be running within an organization. To date, the public service has only had two major API versions. But going forward, we may need to be able to juggle even more. And while there will be a push to keep the hosted and on-premises versions at similar versions, there’s nothing requiring someone hosting it on-premises to always upgrade to the latest version. So as solution developers/architects, we’ll want to be prepared for be accommodating here.

Windows Azure Mobile Services – Windows Phone 8 Support

With Windows Phone 8 being formally launched the day before the BUILD conference, it only makes sense that we’d seen related announcements. And a key one of those was the addition of Windows Phone 8 support to Windows Azure Mobile Services. This announcement makes Windows Phone 8, the 3^rd supported platform (Windows Store & iOS apps) for Mobile Services. This added to an announcement earlier in the month which expanded support for items like sending email, and different identity providers. So the Mobile Services team is definitely burning the midnight oil to get new features out to this great platform.

New Windows Azure Storage Scalability Targets

New scale targets have been announced for storage accounts created after June 7^th 2012. This change has been enabled by the new “flat network” topology that’s being deployed into the Windows Azure Datacenters. In a nutshell, it allows the tps scale targets to be increased by 4x and the upper limit of a storage account to be raised to 200tb (2x). This new topology will continue to be rolled out through the end of the year but will only affect storage accounts created after the 07/12/2012 as mentioned above. These scale target improvements (which BTW are separate from the published Azure Storage SLA) will really help reduce the amount of ‘sharding’ that needs to be done for those with higher throughput requirements.

New 1.8 SDK – Windows Server 2012, .NET 4.5, and new Storage Client

BUILD also marked the launch of the new 1.8 Windows Azure SDK. This release is IMHO the most significant update to the SDK since the 1.3 version was launched almost 2 years ago. You could write a blog post any one of the key features, but since they are all so closely related and this is supposed to be a highlight post, I’m going to bundle it up.

The new SDK introduces the new “OS Family 3″ to Windows Azure Cloud Services giving us support for Windows Server 2012. Now when you combine this with the added support for .NET 4.5 and IIS 8, we can start taking advantage of technology like Web Sockets. Unfortunately Web Sockets are not enabled by default so there is some work you’ll need to do to take advantage of it. You may also need to tweak the internal Windows Firewall. A few older Guest OS’s were also depreciated so you may want to refer to the latest update of the compatibility matrix.

The single biggest, and subsequently most confusing piece of this release has to do with the new 2.0 Storage Client. Now this update includes some great features including support for a preview release of the storage client toolkit for Windows Runtime (Windows Store) apps. However, there are some SIGNIFICANT changes to the client, so I’d recommend you review the list of Breaking Changes and Known Issues before you decide to start converting over. Fortunately, all the new features are in a new set of namespaces (Windows.AzureStorage.StorageClient has become simply Windows.Azurestorage.Storage). So this does allow you to mix and match old functionality with the new. But forewarned is forearmed as they say. So read up before you just dive into the new client headlong.

For more details on some of the known issues with this SDK and the workarounds, refer to the October 2012 release notes and you can learn about all the changes to the Visual Studio tools by checking out “What’s New in the Windows Azure Tools“.

HDInsight – Hadoop on Windows Azure

Technically, this was released the week before BUILD, but I’m going to touch on it none the less. A preview of HDInsight has been launched that allows you to help test out the new Apache™ Hadoop® on Windows Azure service. This will feature support for common frameworks such as Pig and Hive and it also includes a local developer installation of the HDInsight Server and SDK for writing jobs with .NET and Visual Studio.

It’s exciting to see Microsoft embracing these highly popular open source initiatives. So if you’d doing anything with big data, you may want to run over and check out the blog post for additional details.

Windows Azure – coming to China

Doug Hauger also announced that Microsoft has reached an agreement (Memorandum of Understanding, aka an agreement to start negotiations) which will license Windows Azure technologies to 21Vianet. This will in turn allow them to offer Windows Azure in China from local datacenters. While not yet a fully “done deal”, it’s a significant first step. So here’s hoping the discussions are concluded quickly and that this is just the first of many such deals we’ll see struck in the coming year. So all you Aussies, hold out hope! J

Other news

This was just the beginning. The Windows Azure team ran down a slew of other slightly less high-profile but equally important announcements on the team blog. Items like a preview of the Windows Azure Store, GA (general availability) for the Windows Azure dedicated, distributed in-memory cache feature launched back in June with the 1.7 SDK, and finally the launch of the Visual Studio Team Foundation Service which has been in preview for the last year.

In closing…

All in all, it was a GREAT week in the cloud. Or as James Staten put it on ZDNet, “You’re running out of excuses to not try Microsoft Windows Azure“. And this has just been the highlights. If you’d like to learn more, I highly recommend you run over and check out the session recordings from BUILD 2012 or talk to your local Microsoft representative.

PS – Don’t forget to snag your own copy of the great new Windows Azure poster!

Joining Microsoft

Seven years ago, I set out to take charge of my career. I’d spent the last 13 years working as an FTE for various employers both large and small. And realized that for the last 5-6 years, I’d basically been coasting along with the currents. If I wanted to go anywhere, I needed to take control and find a direction.

With that decision, I set out to pursue a position with a consulting firm. It figured it would provide me with challenges that would help me grow.  Fortunately, just as I made this decision, my brother had a coworker leave to go to work for a local firm. I shared my info and within a few days got a call. Even more fortunately, they had an immediate need for someone with my exact skills (knowing both the mainframe and .NET worlds). Things moved very rapidly and in less than a month, I joined Sogeti USA as a Senior Consultant.

I haven’t regretted that decision for a moment. Working at Sogeti has been a great experience. It has had its up and downs like any job. But taken on the whole, I’ve really liked it here. I have a management team that I feel honestly cares about me and my career growth. I work with some great people both locally and globally. And most of all, they provided me with the opportunity to seek out new ventures for myself and the company. In my seven years here, I’ve gone from being a local code-slinging, heads down delivery resource to a national thought leader with the organization, helping steer its future.

So it was a very difficult decision for me to leave this behind. Colleagues I’ve come to consider friends and even family.

Now over the last 3 years, I’ve been focused on this “cloud thing”. I went really deep on a technology I feel would help carry my career for the next 5-10yrs and in doing so I achieved some items I never really set out for. I gained the attention and made friends with some REALLY smart people at Microsoft. I’m talking the kinds of people that just when you think you know what you’re talking about show you that you don’t know jack. I also became a Microsoft MVP for Windows Azure. And nobody was as surprised about this as I was.

Over these years, I’ve also learned of opportunities to work even closer with Windows Azure. But the opportunities never felt right, especially with two kids I would really like to see graduate from the same school system they’ve been in since kindergarten. That was until back in June of this year when a position was posted on the Windows Azure ISV Incubation team. I thought long and hard on this, even talked to former Microsoft employees and family. And after weeks of reflection I applied and was ultimately offer the position.

So starting Monday I’m going to join Microsoft as a Technical Evangelist in the US central region. I’m both excited and nervous about this change. Sogeti is a great company to work with and I wouldn’t hesitate to go back for a moment. But I feel that at this time I’ll truly be able to pursue my passion around cloud and maybe in some small way help steer the platform into the bright future I see ahead of it. Not a short term one of “wins” and industry hype. But one that is helping organizations of all sizes build the next generation of applications and solutions.

I’ll still be based in Minneapolis, and still active online and at local/regional events. I do have to set aside my MVP status (which I’d just received for the 3rd time). But honestly, that pales by comparison to stepping away from my role at Sogeti. And I’ll never forget that Sogeti has been the place that most helped me grow and get to where I’m at. So this next new step in my life wouldn’t have been possible without them.

So today, as I look at my surroundings, is a day for mixed emotions. I have hope and excitement about the future. But sadness at the ending, well.. the changing of a great partnership.