Enabling Zend®Guard Extension in Windows Azure Web Sites

Zend®Guard enables you to encode and obfuscate your code to help protect against reverse engineering. It’s understandable that someone would want to help protect their hard work by encoding it, but in order to execute this encoded source on a server it is necessary to enable an extension to decode the source prior to execution.

Getting Started with ZendGuard

Using ZendGuard is out of the scope of this article, as there is plenty of documentation around the process on the Zend Guard User Guide. If you’d like to get the quick overview, watch this video below:

Zend Guard Basics by Zend Documentation

ZendGuard Setup in Web Sites (default runtime)

In order to enable ZendGuard in Windows Azure Web Sites you will need to acquire ZendLoader.dll from the ZendGuard Download page. The remaining steps we will configure php which is built into the Windows Azure Web Sites environment.

Installing a Zend Extension in Windows Azure Web Sites

Now that we have the ZendLoader assembly let’s make sure that it’s loaded into the extensions list in the default php.ini file. We can do this by selecting the configure tab in your Web Site and adding an App Setting.

image

There are a number of reserved App Settings in Windows Azure Web Sites to configure a number of different parts of the default runtime experience, in this particular case we’re going to use PHP_ZendExtensions to load ZendLoader.dll into the default PHP Runtime Zend Extension list.

Ensure you  download the proper ZendLoader.dll for your PHP Version.

As you can see in the image below, the an app setting is created with the key PHP_ZendExtensions and the value bin\ZendLoader.dll, which is a semi-colon delimited list of relative paths in this case the ZendLoader.dll will need to be placed in a bin directory off the root of the Web Site.

You can upload the DLL file via FTP, or download it directly to the bin directory in your Windows Azure Web Site by using KuduExec, which I’ll use to download the .user.ini file later in this article.

image

With the assembly in the PHP pipeline, we still need to do some custom configuration to the php.ini via the .user.ini file. I have created a .user.ini which captures all of the configuration settings available to ZendGuard as well as a command to turn off WinCache file caching which is required in order for ZendGuard to operate.

To demonstrate another feature of Windows Azure Web Sites, let’s use KuduExec to download the .user.ini file into our Windows Azure Web Site using curl.

KuduExec – The Windows Azure Web Sites Command Line

First things first, in order to use KuduExec you need to have it available on your local machine. KuduExec is written in Node.js which you will need installed and configured on your machine. To download KuduExec, use the following command to install it globally on your system.

npm install kuduexec -g

Now let’s look at how to connect to our command line in Windows Azure Web Sites:

kuduexec https://<deployment-user>@<dns-namespace>.scm.azurewebsites.net

Enter your Deployment Password to login to the Windows Azure Web Sites command line. You can download the .user.ini file from a Gist the following curl command:

curl -O https://gist.github.com/SyntaxC4/6084034/raw/cd8e1e27cbaa45db25f94be51968960bf71276bf/.user.ini

Note

Depending on your ZendGuard configuration, you may need to change some of the zend_loader settings.

Exit KuduExec by typing exit.

Refresh the PHP Configuration

By default, PHP is configured to refresh it’s settings from the php.ini file every 300 seconds (5 minutes), you can force this to refresh immediately by doing a Web Site reset.

You can confirm ZendGuard is configured by looking at the following sections of the phpinfo output:

image

image

Deploying your ZendGuard Encoded Application

There are many ways to upload content in Windows Azure Web Sites as described in this list of PHP Tutorials. After ZendGuard encodes the application code, the index.php file in my example looks like this:

image

The actual file is a simple echo of phpinfo()

image

Conclusion

In this example, I demonstrated how to configure ZendGuard with the built in PHP runtime in Windows Azure Web Sites. This will allow you to run your ZendGuard Encoded and Obfuscated code in a highly scalable hosting environment. It is also possible to set up ZendGuard using the Bring Your Own Runtime functionality, which I will explain in a future blog post upon request in the comments below.

PHP 5.5.0 for Windows Released!

php-med-transToday is an exciting day as we welcome the availability of PHP 5.5.0 [Release Announcement]. The team here at Microsoft has been busy preparing PHP 5.5.0 for Windows which has a number of updates which I will cover in this post.

IMPORTANT

With the release of PHP 5.5.0, the PHP Community has also announced that PHP 5.3 will go into “Security Only” maintenance, which will last for a period of 1 Year, at which time PHP 5.3 will enter End of Life (EOL).

What’s New in PHP 5.5.0

The most notable change to PHP 5.5.0 is the inclusion of Opcache extension which is to be bundled into the language. There are a number of other enhancements including:

Language Bundled Opcache Extension

As anyone who develops PHP code knows, an opcode is important to speed up the execution of the script. This is done by caching compiled interpreted PHP code, so that the compiler doesn’t need to be used on each request. If a compiled version of the requested script is cached, the compiler is bypassed and sent directly to the executor. The Opcache extension was contributed by Zend, and is based on their Optimizer+ extension.

Good news for those running PHP on Windows is that Opcache is supported on Windows and performs quite well over the current version of WinCache. You can see some performance numbers below with the new Opcache support in PHP 5.5.0.

Zend contributed Opcache under the PHP LICENSE and the source code is available on GitHub.

What’s New in PHP on Windows

Over the past several years, Microsoft has been heavily investing in PHP on Windows working towards better support for PHP in IIS. In recent years, additional work to ensure that PHP not only work on Windows Azure, but to ensure that PHP is a first class citizen on the platform.

Microsoft Contributors to PHP

Microsoft has two contributors to the PHP project who are within the top 10 committers within the last 12 months. Pierre Joye, one of the two contributors mentioned above, has the most all time contributions to the project with over 6000 commits according to Ohloh.net.

There is a great deal of collaboration between the PHP community and the Microsoft Open Source Technology Center (OSTC) (which is responsible for Q&A and PHP builds for Windows) in order to ensuring extensions are updated amongst other works.

Performance Improvement for PHP on Windows

There have been some major improvements surrounding performance of PHP on Windows. The improvements include moving to the VC11 compiler as well as the new Opcache extension explained above.

Moving PHP Core and Extensions to VC11

There have been a number of improvements which have come out of moving the PHP source and dependencies to be compiled under the latest VC11 compiler. Taking advantage of Profile Guided Optimizations (PGOs) which is a runtime compilation optimization which leverages profile data collected by running performance centric usage scenarios to build an optimized version of an application. You can read more information regarding PGO from the C++ Compiler team blog, I would suggest Profile Guided Optimization: Under the hood and Build faster and high performing native applications using PGO. To better understand how the PHP binaries took advantage of PGO, read Speed up Windows PHP Performance using Profile Guided Optimization (PGO).

Looking at the Numbers…

The team is seeing some significant performance numbers captured in the below tables. The following performance metrics were captured from a machine with the following configuration:

Dell R710
CPU – Intel Quad core @ 2.26Ghz (x2) L5520
Memory – 12GB RAM
HD – 147GB SAS RAID 1
NIC – 1Gbps Intel
Windows Server 2012

Note: Performance metrics are in Transactions per Second (TPS)

PHP Performance on IIS

As you can see, there is a range of 7-15% increase in performance over PHP 5.4 with no caching enabled in IIS against some of the industry leading CMS applications. Opcache significantly increases performance over PHP 5.4 with WinCache, anywhere between 25-152% increase in performance on IIS against the same applications.

PHP-PERF-IIS75

PHP Performance on Apache 2.4

If you are leveraging Apache 2.4 on Windows, you may see an 8-19% increase in performance over PHP 5.4 with no caching enabled. When testing with Opcache enabled over PHP 5.4 with APC caching in Apache, you may see performance gains of between 12-119% on Apache 2.4.

PHP-PERF-APACHE24

Wrapping Up

It’s exciting to see the PHP language continue to grow and evolve as well as the collaboration between the PHP community and Microsoft to continue to advance the support of PHP on Windows and Windows Azure.

Installing CakePHP from the Windows Azure App Gallery

In my previous post Application Frameworks now part of the Windows Azure Web Sites Gallery I introduced the concept of ready to install application frameworks which can be provisioned as part of a new Windows Azure Web Site. The benefits include having a ready to go starting point for building out your application with a tested and fully capable package which includes common Application Settings as well as the proper configuration for IIS.

Today, I’m happy to announce a new addition to the App Frameworks section of the Windows Azure App Gallery, CakePHP. Let’s take a look at the steps to get CakePHP running in Windows Azure Web Sites using the new Gallery item.

Setup CakePHP on Windows Azure Web Sites

To follow along with the example below, sign up for a Windows Azure Free Trial.

In order to provision a Web Site from the Windows Azure App Gallery we must first sign into the Windows Azure Management Portal. Once you’ve logged into the portal you will see the command bar at the bottom of the browse, click New.

drawer-waws-new

This will open the drawer and enable you to select from a variety of different services which you can provision, for this example we’re interested in Web Sites. Select ComputeWeb Sites > Gallery.

drawer-waws-fromgallery

The gallery modal will pop up and allow you to select from a number of well-known open source CMS, Frameworks and other tools.  Select App Frameworks > CakePHP or scroll through the list to find CakePHP.

At the time of writing this article the CakePHP version in the Gallery was 2.3.6.

windowsazure-websites-gallery-appframework

Once CakePHP is selected, click the next arrow at the bottom of the screen to advance to the Configuration page in the wizard.

websites-configure-cakephp

In order to configure a secure deployment of CakePHP, the Cake Foundation suggests including a Security Salt and Cipher Seed. The Web Sites team has conveniently surfaced those settings to the Configuration page, which will get injected into the proper configuration setting in the app/Config/core.php file.

During the configuration, you can select an existing MySQL Database or create a new MySQL Database with your new site. If you needed to create a new MySQL Database, you will receive this screen which will ask for the database name, a region to deploy the database in [Note: It’s a good practice to deploy your database in the same region as your application to reduce latency], you will also need to accept the terms from our partner ClearDB who supplies the MySQL Databases in Windows Azure.

websites-mysql-cakephp-database

That’s it! After clicking the checkmark to complete the wizard your new Web Site will start to provision which includes a configured version of CakePHP which is a great starter point to your next CakePHP Application.

windowsazure-website-site-listing

Once the Status changes to Running, you’re ready to view your new site. You can do this as simply as clicking the BROWSE icon in the Command Bar.

drawer-waws-browse

Congratulations, you have yourself a brand new CakePHP Installation in Windows Azure Web Sites.

WindowsAzure-WebSites-CakePHP

CakePHP is setup, Now what do I do?

Now that the CakePHP Framework is in place it’s time to start building an application. To do so, you’re going to need the source on your local machine.

Download your Web Site files with Git

With Windows Azure Web Sites you can deploy using many source control repositories, this includes Git. However, Git isn’t enabled by default when you create a site from the gallery, so lets find out how to enable Git Deployment (and in our case, a remote repository to clone from).

If you click into the details of your new Web Site in the Windows Azure Portal, you will see a Quick Glance section on the DASHBOARD. Click on Set up deployment from source control to create a new repository in your Windows Azure Web Site.

 

websites-set-up-source-control

Like I said above, there are many options for source control systems, select Local Git Repository then the next arrow to continue.

websites-setup-source-control-git

It may take a few seconds for your repository to be created, so this notification will keep you amused in the meantime.

websites-create-git-repo

Once the repository is created, the portal should redirect to the DEPLOYMENTS tab. Copy the Git URL, you’ll need this to clone your repository on your local machine.

websites-copy-git-url

On your local machine, open Git Bash or your favourite Git command line utility, type the following pasting the git url you copied above in place of <git-url> below, then hit enter.

git clone <git-url>

local-clone-website-repo

You now have a local git repository of your CakePHP Application.

You may have noticed both the Vendor and Plugins directories are missing, this is because they are empty and Git does not track empty folders. Simply create the folder locally and place a file in the directories in order to upload third party code or plugins, respectively.

Download your Web Site files with FTP

To download your Web Site files with FTP you will need your favourite FTP tool, this could be a number of different tools including the command line. Here are the steps you will need to take to configure FTP downloads from your site, I’ll leave the actual downloading up to you.

On the DASHBOARD screen in the portal under the Quick Glance section, you will need to set (or reset, incase you forgot) your deployment credentials. Click on the link which allows you to set the deployment credentials.

websites-setup-deployment-credentials

Fill out the form providing your username, password and confirm password.

websites-set-deployment-credentials

Once you’ve set your credentials, scroll a down the Quick Glance section until you find your FTP or FTPS Host Name.

websites-ftp-links

Notice that your FTP User is a combination of the web site name and the user name provided above, the password is the password which was created when you set your deployment credentials.

Enjoy developing with CakePHP!

New Windows Azure SDK for PHP Feature: RunPHP (on Windows)

If you are developing PHP on Windows for use on Windows Azure, there is a fancy new feature which may catch your attention. First things first, let’s run through the basics of installing the Windows Azure SDK for PHP in order to set up your environment to get ready for PHP development for Windows Azure.

This new feature is part of the Windows Azure PowerShell and Windows Azure Emulators components which is downloadable through the Web Platform Installer.

Install Windows Azure PowerShell and Windows Azure Emulators for PHP

  1. Open Web Platform Installer via the Windows Azure PowerShell and Windows Azure Emulators deep link.
  2. Click Run.

    image

  3. Accept UAC prompt.

    image

  4. Click Install.

    clip_image001

  5. Click I Accept.

    clip_image001[6]

  6. Go to the kitchen and grab a cup of coffee.

    clip_image001[9]

  7. Click Finish.

    image

How To: Use RunPHP to test a PHP Application on Windows

In order to understand how to use runphp, let’s quickly build a sample PHP application to show off the functionality of runphp.

Now that we have a simple application set up, let’s open a command prompt to use runphp. I will use Windows PowerShell to execute commands, in order to use runphp, PowerShell will need to be run as Administrator.

To run PowerShell as Administrator, right click on the PowerShell icon and select Run as Administrator.

Navigate to the path which contains your application, then execute the command runphp.

image

There are a number of things going on when executing RunPHP, let’s enumerate the high level steps:

  1. Copies an apphost.config file to the current directory
  2. Runs appcmd.exe from IIS Express
    1. Creates a new Website based on the current directory
    2. Configures a HTTP Handler to map *.php files to php-cgi.exe interpreter
  3. Starts IIS Express and binds the website to an open port.

To view and test your website, open a browser visit the localhost address with the appropriate port which the website was bound to during the runphp process.

http://localhost:8080

Once you finish testing, you can shut down IIS Express by opening the PowerShell window and pressing the ‘Q’ key.

Now that you’ve finishing testing your application on your local machine, you can deploy to Windows Azure Web Sites.

Fix for WordPress Plugin Update Issues on Windows Azure Web Sites

Good News!

In a recent service update to Windows Azure Web Sites, the Windows Azure Web Sites team has updated the version of Wincache for PHP 5.3 sites to WinCache 1.3.4, which resolves this issue!

Screen Shot 2013-04-04 at 8.58.48 AM

Screen Shot 2013-04-04 at 8.58.19 AM

A while back I posted an article called Workaround for deleted folder still exists in Windows Azure Web Sites, which talks about how to get around an issue specifically with WordPress plugin upgrading. Recently, on twitter there have been a few people running into this issue, so I thought I would go into a little bit more detail on the issue and how to work around it, permanently.

The Cause of the WP Plugin Issue

In order to dig to the root of the problem, let’s take a few steps back here and get a little bit better of an understanding of the different pieces at play.

PHP

PHP is an interpreted language, simply put it is not compiled into machine code, but instead read and executed step-by-step by an interpreter in this instance, the PHP runtime.

This means that every line would need to be read, interpreted and executed on each request. Which in computer science we understand is not very efficient. For this reason PHP can employ caching to avoid parsing every instruction on each request, instead it stores a certain amount of interpreted instructions in shared memory.

IIS

It’s no secret that Windows Azure Web Sites leverages IIS as it’s Web Server. IIS uses FastCGI to interact with the PHP Interpreter. With the Web Server being able to interact with an interpreter, we have the means to serve up PHP code on IIS. As stated above, PHP can leverage a cache in order to avoid parsing each line of a script, enter WinCache.

WinCache

WinCache is installed and enabled by default for PHP Runtimes maintained by the Windows Azure Web Sites team.

WinCache is a caching system which can be enabled for PHP application which run on Windows  leveraging IIS. This is done by Installing WinCache, then adding a reference to php_wincache.dll from within your php.ini file.

 

By default, Windows Azure Web Sites has PHP 5.3 installed with WinCache 1.1.

Now that we have a better understanding of the different pieces involved, let’s take a closer look at the issue at hand.

There is a bug in WinCache 1.1 [Bug #59352] which causes a lock on a folder which isn’t released until IIS is restarted, which is why this workaround is effective at fixing the issue.

How to Resolve the Plugin Updating Issue

The resolution is fairly simple. The bug has been fixed in a newer release of WinCache (version 1.3 which works with PHP 5.4).

Recently, PHP 5.4 was enabled in Windows Azure Web Sites making the fix as simple as following these steps to Enable PHP 5.4 in Windows Azure Web Sites.

Happy Coding!

Continuous Deployment in Windows Azure Web Sites

Automation of tasks is one thing that I am an advocate of in my development projects. Getting functionality that is repeatable with a low risk of human error for a one time cost is a sound business decision and as a developer, keeps your hands on rolling more code for a greater percentage of your work day. It’s a Win-Win scenario.

The Windows Azure Web Sites team along side the Kudu team have added Continuous Deployment functionality in Windows Azure Web Sites with support for three familiar social source code repositories: CodePlex, GitHub and BitBucket. The team has also added support for Contiguous Integration using Team Foundation Service [a new Cloud Based offering of Team Foundation Server].

Windows Azure Web Sites now allows Continuous Deployment from Private Repositories from both GitHub and BitBucket.

In this post:

  1. Create a Windows Azure Web Site
    1. Enable Git Deployment
  2. Associate a Source Code Repository
    1. Associate a GitHub Repository to Windows Azure Web Sites
    2. Associate a BitBucket Repository to Windows Azure Web Sites

Create a Windows Azure Web Site

To avoid reinventing the wheel, you can follow instructions outlined on the Windows Azure Develop Center on how to Create a Windows Azure Web Site and Enable Git Deployment.

NOTE: If you do not need a MySQL database, or have decided to go with another database option, choose Quick Create from the Web Site menu instead of Create with Database.

Associate a Source Code Repository

In order to facilitate the Continuous Deployment it’s necessary to have a centralized location to pull the website code from, in this particular blog entry we’re going to use GitHub and BitBucket.

Initializing a Git Repository will redirect the Management Portal to the DEPLOYMENTS tab.

Now that Git has been enabled use the collapsible menus to select how you would like to deploy code to the new Windows Azure Web Site.

Associate a GitHub Repository to Windows Azure Web Sites

GitHub-Deployment-Accordion

Expand the item labeled Deploy from my GitHub repository.

GitHub-Deployment-Steps

Click on Authorize Windows Azure. This will open a window to federate with GitHub, you will need to approve the ability for Windows Azure to access your GitHub account.

GitHub-Authentication

Once access has been granted, the browser will redirected back to the Management Portal to a screen to select either a Public or Private repository.

GitHub-Select-Repository

After selecting the repository to be published, click on the check mark to start the deployment process.

If your repository is empty, push to GitHub to trigger deployment to Windows Azure.

GitHub-First-Deployment

Each subsequent push to GitHub will trigger a service hook and begin a deployment of the latest bits to the Web Site. Now that the deployment has been pulled into the Web Site, clicking on Browse in the Taskbar Drawer will launch the web application.

GitHub-Published-Custom-WordPress-Site

Associate a BitBucket Repository to Windows Azure Web Sites

BitBucket-Deployment-Accordion

Just like associating a GitHub account to a Windows Azure Web Site, expand the Deploy from my BitBucket repository. Authorize Windows Azure to access a BitBucket account by federating authentication through BitBucket.

BitBucket-Deployment-Steps

After clicking on Authorize Windows Azure, a prompt to authenticate with BitBucket.

BitBucket-Authentication

After signing into BitBucket a prompt to select the Public or Private repository to deploy to Windows Azure Web Sites.

BitBucket-Select-Repository

Unlike GitHub, BitBucket will require you push a change to the repository before the Service Hook will deploy code to the Windows Azure Web Site.

image

Once a push has been made to the private BitBucket repository, the deployment will be pushed to the Web Site.

image

In the taskbar drawer at the bottom of the browser viewport, click the Browse Button.

image

A new window will open and the site will display the web files which were pulled into the Web Site.

Conclusion

Continuous Deployment is a great way to introduce new features or functionality to your customers in an automated fashion. With the new support for Private Repositories, Windows Azure Web Sites can help delivery stunning web sites which utilize either open source projects from public repositories, or provide clients with a customized solution from a private repository.

Stay Cloud my Friends…