Windows Azure Cloud Service or Web Site: Where am I Deployed?

Recently, I came across someone trying to figure out where their code was deployed between Windows Azure Web Sites and Windows Azure Cloud Services. There are many things that you may want to wrap discovery code around between deploying to Cloud Services and Web Sites. One such example that comes to mind is use of LocalStorage in Cloud Services over writing directly to disk in Web Sites.

Non .NET Example with Environment Variables

In Non .NET Languages such as PHP or Node.js you may not have a standard configuration location or you may find the implementation of Environment  Variables more convenient. In a past article I outlined how to read App Settings from the App Settings section of the Windows Azure Management Portal, which explained that App Settings configured in such a way are exposed as Environment Variables.

Cloud Services also have a way to configure custom Environment Variables in the Service Definition (CSDEF) file which is packaged up with a Cloud Service Package (CSPKG). Considering both Cloud Services and Windows Azure Web Sites enable you to expose Environment Variables this is consistent way to share information in either deployment method.

Configuring Environment Variables in Web Sites Portal

Configuring Environment Variables in Cloud Services


Environment Variable in Action

PHP


Node.js


ASP.NET Example using Web.config

In ASP.NET there is the concept of a web.config file. This is an xml based file which is used for storing configuration settings which are specific to a deployment. It is easy to pivot on environment by providing transforms of the web.config file. Let’s assume we have 3 environments Local, WebSites and CloudService.

This will yield three configuration transforms which upon build will roll up to the base web.config:

  • web.local.config
  • web.websites.config
  • web.cloud.config

Creating an App Setting

An App Setting is a Key/Value pair configured in the <appsettings /> element within the web.config file.

Web.config

Application Configuration File

We’ll set this appsettings to a value appropriate for debugging.


Web.local.config

Configuration Transform

We will provide a replacement element for the appsettings for our local test environment.


Web.websites.config

Configuration Transform

We will provide a replacement element for the appsettings for Windows Azure Web Sites.


Web.cloud.config

Configuration Transform

We will provide a replacement element for the appsettings for a Windows Azure Cloud Service.


AppSetting in Action


Conclusion

Depending on your development language or your scenario [as the Environment Variable route would work for ASP.NET as well] you can quickly and easily setup a way to verify which Environment you are deployed to be it Local Test, Windows Azure Web Sites, Windows Azure Cloud Services or any other environment you may have.

Stay Cloudy my Friends…

How to Speed up Windows Azure Deployments

The most common question I get asked about Windows Azure [aside from cost] is “How do I speed up my Deployment”. In this post I’d like to address this question and hit on a few things that most people don’t really think about in terms of what it means to deploy to Windows Azure.

Upgrade Hosted Service instead of New Deployment

Many people aren’t aware of this functionality and it can save you some serious time. Upgrading your service doesn’t shut off the Guest VM thus being able to deploy new bits to an existing hosted service is quicker. Perform an In-Place Upgrade.

Gotchas

Cannot:

  • Change the Type of Role that is Deployed: Web, Worker or VM Role
  • Increase the Size or Number of Instances of your Service
  • Change Configuration Settings or Values
  • Add/Change the number of Input or Internal Endpoints or their Values
  • Add/Change Certificates deployed to your instance
  • Add/Change Local Resources for your instance

Windows Azure - In-Place Upgrade

Limit Your Startup Tasks or Move to a VM Role

Startup tasks are one of my favorite additions to the Windows Azure Deployment Model. They introduced the ability to add required functionality to the Guest OS which would have been rather tedious or almost impossible to set up using C# during the Role Startup [Read more about the Windows Azure Role Startup Life Cycle].

Even though I love startup tasks so much you need to learn when enough is enough. Even though there is a timeout for startup tasks, any lengthy execution of a startup task does effect the startup time of your role.

Introducing the VM Role

With the Role Startup Cycle being a continuous process [occurs every time the role is recycled or scaled out]. The VM Role takes the repetition out of the process as additional functionality or components can be pre-loaded/configured then the entire VM can be uploaded in order to replace the typical Windows Azure Guest OS.

Learn how to Create a VM Role and get rid of all of the overhead of countless installations of the same software in your critical business application.

Windows Server 2008 R2 with Hyper-V

VIP Swap to Avoid Downtime or Update Deployment

The benefit of the VIP [Virtual IP] SWAP is it allows a brand new service to be deployed [in the staging slot of your Windows Azure Environment] then Upgraded to the Production Slot to be accessed by the World. This provides the benefit of minimal downtime as the VIP Swap operation does an internal DNS Change within the Windows Azure Platform. If the deployment requires a to change the physical deployment of your application [which cannot be performed during an in-place upgrade] the VIP swap is a perfect scenario to deploy an enhancement to your application.

To do a VIP Swap you must have at lease an application deployed to the Staging Slot. [Note: A deployment cannot be VIP swapped from Production to an empty Staging Slot.]

Windows Azure - VIP Swap

 

Windows Azure Accelerator for Web Roles

Although this functionality is not officially supported by Microsoft it provides the ability to quickly deploy or update multiple websites deployed to Windows Azure. If you overload your Web Roles by adding multiple Websites using the full IIS features in Windows Azure, this is definitely a no brainer.

image

The Windows Azure Accelerator for Web Roles deploys websites to a Windows Azure Storage account which is frequently polled by a Worker Process [overridden Run method in the RoleEntryPoint] in your Web Role. When changes are found in the Storage Account, the Worker Process pulls the new bits into the Directory in which the website is set up in IIS within your Windows Azure Web Role.

Keep in mind that the Windows Azure Accelerator for Web Roles is a solution that is deployed to the Web Role Instance, which means regardless of if you have an application deployed through it you will be playing for your instance to be deployed. The full time deployment of this Accelerator does give the advantage of a deployment time of mere seconds.

Conclusion

Hopefully this post has helped you understand how to potentially increase deployment times in Windows Azure.

Happy Clouding!

Dealing with Windows Azure SDK1.3 MachineKey issue causing inconsistent Hash/Encryption with Powershell [Work in Progress]

There has been a rise in the number of Encryption questions on the Windows Azure Forums. First off, I’d have to applaud those who are playing the safety card in the cloud and encrypting their data.

With the recent FBI Take over of Instapaper’s Servers due to an unrelated raid, looming in the minds of Business and Technical Decision makers are thought of how secure their systems may be in a similar scenario. Fortunately instapaper had encrypted their users passwords, however other potentially sensitive data like email addresses, and bookmark information were not encrypted which may have exposed a number of their user base.

[NOTE: This post is currently a work in progress, but I wanted to share what I was working on. Currently this work around for the SDK 1.3 Machine Key issue is subject to a Race Condition which is described in more detail in my previous post: Windows Azure Role Startup Life-Cycle]

Known Issue: Windows Azure Machine Key is replaced on Deployment

To better understand the Machine Key Element in the web.config file check out the documentation on MSDN Library. You can also Generate a Machine Key using an online tool provided by ASPNetResources.com.

The reason behind this blog post is due to a known issue which was introduced in the Windows Azure SDK 1.3 which will replace the Machine Key in your web.config file in deployment. There is a work around for this issue that is posted within the Windows Azure Documentation on MSDN, however, their solution does have a security warning attached [See Below], which this solution is trying to mitigate.

Security Note

Elevated privileges are required to use IIS 7.0 Managed Configuration API for any purpose, such as programmatic configuration of sites.

The role entry point must run with elevated privileges for this workaround to function correctly. The steps below configure the role for elevated execution privilege. This configuration applies only to the role entry point process. It does not apply to the site itself. Note that the role entry point process remains runs with elevated privileges indefinitely. Exercise caution.

Avoiding an Indefinite Elevation of Privileges with Startup Tasks

Startup Tasks which were also introduced in Windows Azure SDK 1.3 are a very powerful tool in a Windows Azure Developers Arsenal.

Startup Task allow the execution of any Command Shell executable file, including msi, bat, cmd, and Powershell (ps1). The purpose is to modify the base Operating System provided to work for the Application that is being deployed.

Each individual startup task allows for a different elevation of privileges to be applied.

Scripting a Machine Key into the web.config of each Website within IIS with Powershell

Powershell is a powerful  scripting language which allows Access to IIS by using it’s WebAdministration Module. Below you will find a reusable script that will replace the machinekey in the web.config file located in the ‘siteroot’ in a Windows Azure Deployment.

This script could potentially be cleaned up by someone that has more experience with Powershell, but it definitely achieves the goal that has been set out.

Slight Script Assumption

As you can see, this script iterates over all of the sites within IIS, meaning each site will effectively get the same Machinekey within their individual web.config files. It’s up to you if this is acceptable behavior or not for your particular scenario. This might not be a desired case for a Multi-Tenant Application.

The powershell above is only one part of the equation. The secondary piece is where we actually call this powershell script, which can be handed off to a Command Script (.cmd) to be used as our startup task.

In order to run powershell script files within Windows Azure you *MUST* change the ExecutionPolicy, I suggest using RemoteSigned. Next -Command is referencing the Powershell Script and accepts the Arguments for the Decryption Type, DecryptionKey, Validation Type, and ValidationKey  which are the necessary values for the attributes in the machinekey element.

Then to setup the startup task add the following to the Service Definition File within the WebRole Definition.

When dealing with Startup Tasks it is important you set them up properly within your Web Project File [Read: How to Resolve Cannot Find File Error for Windows Azure Startup Tasks in Visual Studio].

How to Resolve ‘error: Cannot find file named ‘approot\bin\startup.cmd’’ for Windows Azure Startup Tasks in Visual Studio

A number of people have been coming across an issue when attempting to create Startup Tasks in their Windows Azure Deployments. Typically I’ve been packaging my deployments with the CSPack Utility which is part of the Windows Azure Tools for Visual Studio. [Read: Installing PHP in Windows Azure Leveraging Full IIS Support: Part 3]

You can resolve this issue by selecting your startup script file in the Solution Explorer, and Navigating to the Properties [Alt + Enter]. The Second Item down on the List is “Copy to Output Directory” this needs to be set to either “Copy Always” or “Copy if Newer”.

image

In the example above, my startup script is named PowershellRun, but this could be renamed to match the startup script name in the title startup.cmd.

Happy Clouding!

Talking PHP on Windows Azure

A while back I had the opportunity to talk to Richard Campbell and Carl Franklin of DotNetRocks. The Show focuses on how to run PHP applications on Windows Azure.

Check out DotNetRocks: Episode 651.

One of the things that I talk about during the show is the PHP SDK for Windows Azure. What I forgot to mention was all the hard work Fellow MVP Maarten Balliauw has put into the Development and Maintenance of the PHP SDK for Windows Azure.

If you’d like to find out how to install PHP to run on Windows Azure read my 3 part blog series:

Other great resources for PHP on Windows Azure:

If you’d like to see me continue some investigation of PHP running on Windows Azure, Please contact me on twitter.

Continuous Integration in the Cloud

At the recent At the Movies Event put on by ObjectSharp, I demonstrated how to automate deployment of Windows Azure Applications in a TFS Build using a custom TFS Workflow Activity. Automated Deployment to Windows Azure is useful functionality as it replaces a rather tedious repetitive task from our daily routine.

There are a number of ways to automate the Deployment Process to Windows Azure. In this entry I’ll outline how you can use TFS Builds or Powershell to Automate Windows Azure Deployments.

Using TFS Build Activities to Deploy to Windows Azure

To begin Automating Windows Azure Deployments today, download the Deploy To Azure open source project on CodePlex. To understand how to use the Deploy to Azure Activities on Codeplex, read .

Deploying a Windows Azure Applications is considered Management Functionality, this means it is required to upload a Management Certificate to your Windows Azure Account. This Management Certificate [can be Self Signed and] is used to Authenticate access to your Windows Azure Portal  Remotely [Read: How to Create and Export a Certificate].

Once you have your Management Certificate uploaded to the Windows Azure Portal, you will be able to use the Certificate to interact with the Windows Azure Service Management API. If you wish to build your own set of TFS Build Activities like the ones mentioned above Microsoft has created some Sample Code which is a .NET Wrapper of the Management API.

Using Powershell to Deploy to Windows Azure

If you’re an IT Pro or a Developer that is into scripting, it is possible to use powershell to deploy to Windows Azure. Ryan Dunn while he was in the Technical Evangelist role at Microsoft [recently moved to Cumulux] created a set of Commands in the Azure Management Tools Snap-in which allow you to leverage the Windows Azure Service Management API using Powershell. Since Ryan’s Departure Wade Wegner has taken over the project and has been maintaining the updates to the CommandLets with each change of the Windows Azure SDK.

Powershell is very powerful and I can see it becoming a very important part of Windows Azure Development. Just to give the Windows Azure Commandlets a try a created a re-usable powershell script that will deploy an application to Windows Azure. [This script needs to be executed from the same directory as the ServiceConfiguration.cscfg file, or modified to accept the path of the Service Configuration file as an argument.]

As you can see the New-Deployment command will only upload your deployment, it is necessary to execute a second command Set-DeploymentStatus in order to Start your Application after it’s been deployed to the Cloud.

Conclusion

Automating deployment of your applications into Windows Azure is a great way to take repetitive time intensive tasks our of your day to day schedule. Whether using TFS or another Source Code Repository and Automated build agent automated deployment is available to you.