Saturday, April 30, 2011

Azure Storage Explorer 4.0.0.9 Refresh with Blob Security Features

An update to Azure Storage Explorer 4 is now available. The Refresh 9 (4.0.0.9) update provides expanded security support for blobs and containers.

Previous versions of Azure Storage Explorer allowed you to set a container's default access level at time of creation (Private, Public Blob, or Public Container) but you couldn't change the access level after the fact. Nor was there any support for Shared Access Signatures or Shared Access Policies. This release provides all of that. Simply click the new Security button in the Blob toolbar and a Blob & Container Security dialog will open.


There are three tabs on the Blob & Container Security dialog: Container Access, Shared Access Signatures, and Shared Access Policies.

To change a container's default access level, use the Container Access tab. Select the access level you wish and click Update Access Level.


On the Shared Access Signatures tab, you can generate custom URLs that override the default access for container and blobs with custom permission settings (read/write/delete/list) and a time window for validity. You can generate both ad-hoc Shared Access Signatures and policy-based Shared Access Signatures.

For ad-hoc Shared Access Signatures, specify the permissions and time window. You are limited to a maximum of 60 minutes. Click Generate Signature to generate the signature. Once generated, you can use action buttons to copy the signature URL to the clipboard or open it in a browser to test it.


Shared Access Signatures based on policies give you the option to change or revoke the privileges even after you have distributed Shared Access Signatures based on them. To generate a Shared Access Signature based on policy, select a policy on the Shared Access Signature tab and click Generate Signature.


The Shared Access Policies tab allows you to manage your shared access policies. Each policy has a name, permissions, and a validity time window. Unlike ad-hoc Shared Access Signatures, Shared Acccess Policies aren't limited to a 60-minute maximum time window.


What's next for Azure Storage Explorer? Probably a maintenance release to address issues and requested features.

Thursday, April 28, 2011

Michael S. Collier joins Neudesic

I’m very pleased to announce that Michael S. Collier has joined Neudesic in a national architect role. Like myself, Michael is a charter member of the Windows Azure MVP program and that’s what he’ll be focusing on, Windows Azure. He is also a Microsoft Certified Solution Developer and has been developing software professionally for 11 years. His industry expertise includes financial services and automotive insurance.

Michael has been highly involved in community and evangelism. He founded the Central Ohio Cloud Computing User Group (COCCUG) and has participated in both local and national conferences and events, including CodeMash and Cloud Connections. He is also a veteran trainer for the Windows Azure Boot Camp program.

You can follow Michael on Twitter at www.twitter.com/MichaelCollier and on his blog at www.MichaelSCollier.com. Also check out his recent video interview with David Nielsen.

Tuesday, April 12, 2011

Webcast: Windows Azure Storage Architecture

Tomorrow (Wed 4/13/11) I'll be giving the second in Neudesic's series of public webcasts on Windows Azure architecture. This month's webcast is on Windows Azure Storage.

In this webcast Windows Azure MVP and author David Pallmann will discuss the architecture of the Windows Azure Storage service, the area of the Windows Azure platform responsible for non-database storage; and related features including Windows Azure Drive and Local Storage. You’ll learn why the ratio of database-to-non-database storage tends to be different in the cloud, what the proper uses for blobs, queues, and tables are, pitfalls to avoid, and strengths you can leverage to your advantage. The session will include a tour of storage design patterns along with demonstrations.

REGISTER

Windows Azure Storage Architecture Webcast
Wed., April 13, 2011
10:00 AM - 11:00 AM Pacific Time

Sunday, April 10, 2011

Announcing Windows Azure Migration Scanner

I’m pleased to announce the availability of a new community tool to aid in migration of applications to Windows Azure: Windows Azure Migration Scanner, or WAMS. WAMS scans your source code and brings potential migration issues to your attention.

As anyone knows who has tried it, a migration of software from one environment to another usually involves accommodating some differences and this can mean a small or a large amount of work at times. Accordingly, you really want to know what you’re in for before you start. Indeed, knowing the scope may help you decide whether or not the migration is even worth doing at all. In a move to cloud computing, migration analysis is doubly important since the cloud is so different from the enterprise.

There are already some great technical and business tools out there for helping scope a migration to Windows Azure such as SQL Azure Migration Wizard, the Windows Azure TCO Tool, and Azure ROI Calculator. WAMS comes alongside these with one more form of insight that comes from scanning source code.

What WAMS does is scan your source files, looking for regular expression matches against a keyword rules base. For example, a rule like this one tells WAMS to raise an issue when it sees a reference to transparent data encryption in SQL Server scripts because SQL Azure does not have a matching feature. You can customize the rules file with your own rules, or use the default rules which are maintained in a central location online.

<category name="SQLAzure_TDE" filetypes=".sql" issuelevel="HIGH" ignorecase="true"
guidance="SQL Azure does not currently support transparent data encryption (TDE).">
  <keyword>ENCRYPTION KEY</keyword>
  <keyword>SET ENCRYPTION</keyword>
  <keyword>sys.dm_database_encryption_keys</keyword>
  <keyword>encryption_state</keyword>
</category>

This approach makes it simple to add rules for any text-based code, including scripts and configuration files. The rules mechanism is fairly powerful since you can specify not just text keywords but complete regular expressions.

WAMS can display its findings in a window, output them to a CSV file you can view in Excel, or both. Each issue reported describes the filename, line number, rule category, severity level, code line, and guidance text. Options allow you to consolidate duplicate issues into a short list.

WAMS is also supplied in the form of a command line tool you can use in scripts and builds. There’s an option to add a timestamp to the output file name.

WAMS has some limitations. In its first incarnation, its rules base only applies to C#, .SQL scripts, and .NET config files. As we regularly extend the rules base, we’ll get more breadth and depth in the types of source code included and the coverage of the rules (contact me if you’d like to help in that effort!). WAMS can also be fooled, since the contents of a string literal or a comment could conceivably contain a match to one of its rules. Still, we think WAMS is a useful tool: while it is unlikely to uncover all of your migration issues, it’s nonetheless valuable in bringing considerations to your attention you might have otherwise missed.

WAMS is the result of community collaboration. It resides on codeplex at http://wams.codeplex.com and the project includes an installable .msi, documentation, the keywords rules XML file, and source code.