Wednesday, January 26, 2011

Azure Sessions at So Cal Code Camp

This Saturday 1/29 I'll be presenting 2 Azure sessions at So Cal Code Camp at Cal State Fullerton in Orange County, CA.

Windows Azure in Action: Demo and Guided Tour
2:45pm, room UH 246
See the entire Windows Azure platform demonstrated! In this session, Windows Azure MVP and author David Pallmann will demonstrate each functional area of the platform live, including: Windows Azure Compute, Windows Azure Storage, Windows Azure CDN, Windows Azure DataMarket, SQL Azure Database, SQL Azure Reporting, SQL Azure Sync Service, AppFabric Cache, AppFabric Service Bus, and AppFabric Access Control Service. This is the way to get a real appreciation for what this large and ever-growing platform can do by seeing it in action.

Windows Azure in the Real World: Best Practices and Migration Tips
4:00 pm, room UH 246
Cloud computing with Windows Azure is exciting but it is vital to approach it correctly. In this session, Windows Azure MVP and author David Pallmann will share best practices and lessons learned from real-world use of Windows Azure. There will be a detailed discussion of application migration with examples. If you want to succeed in your adoption of Windows Azure, this is a chance to learn what works--and what doesn't--from the experiences of others.

Azure is well-represented at this code camp: there are plenty of Azure sessions being offered as well by others. I hope to see many of you there!

Tuesday, January 18, 2011

Speaking at San Diego .NET User Group on Windows Azure Best Practices

This Thursday January 20th I'll be speaking at the San Diego .NET User Group - Architecture SIG meeting. My topic will be "Windows Azure in the Real World: Best Practices and Migration Tips."

Architecture SIG Meeting - Special Date/Time
Thursday, January 20th (6 pm - 8:30 pm)

Windows Azure in the Real World: Best Practices and Migration Tips

Cloud computing with Windows Azure is exciting but it is vital to approach it correctly. In this talk, David Pallmann will share best practices and lessons learned from real-world use of Windows Azure, including application migration tips and stories from the trenches. If you want to succeed in your adoption of Windows Azure, this practical information will help you learn from the successes (and mistakes) of others.

Speaker: David Pallmann
David Pallmann is a Windows Azure MVP and author of the upcoming book, The Azure Handbook. He is GM of the App Dev practice at Neudesic, a national Microsoft SI partner, where he leads cloud technical readiness, IP, and business development.

When and Where
We'll be meeting on the 4th floor of the Microsoft La Jolla office. Pizza will be available at 6:00 PM. The meeting will start at 6:30.

9255 Towne Centre Dr San Diego, CA 92121 Map

Friday, January 14, 2011

Picking a Lane in Cloud Computing

Because cloud computing is big and varied, there are lots of ways to apply it—which requires you to ultimately make some important decisions. In this post we’ll explore what some of those decisions are, first with cloud computing generally, then specifically with the Windows Azure platform. This is an excerpt from my upcoming book, The Azure Handbook.

Choice is good, right? Yes and no: it’s good to have options but it also raises the specter that a wrong choice will take you to some place you don’t want to go. You might even be unaware that you have a choice in some area or that a decision needs to be made. While there’s some value in experimenting, you eventually need to make some rather binding decisions. Failure to get those decisions right early on could cost you wasted time, effort, and expense.

 SaaS, IaaS or PaaS? 
The first choice to make is the one that’s most talked about (talked about to death, perhaps): whether you’re going to run Software-as-a-Service, Platform-as-a-Service, or Infrastructure-as-a-Service. What’s at issue here is the level at which you use cloud computing.

SaaS: Someone else’s software in the cloud. If you’re simply going to use someone else’s cloud-hosted application (such as or Microsoft Exchange in the cloud), decision made: you’ll be using SaaS. If that’s you, read no further. The rest of this article is for those who want to run their own software applications in the cloud (to be sure, your SaaS software provider is using IaaS or PaaS themselves but that’s their worry, not yours.)

PaaS: Your Cloud Applications. This means running applications in the cloud that conform to your cloud provider’s platform model. In other words, they do things the cloud’s way (which is often different from in the enterprise). There are many benefits to running at this level, among them superb scale, availability, elasticity, and management. There’s a spectrum here that ranges from minimal conformance all the way to applications designed from the ground up to strongly leverage the cloud.

IaaS: Traditional Applications in the Cloud. This means running traditional applications in the cloud. Not all applications can run in the cloud, and you’re not leveraging the cloud very strongly by running at this level. If your application and data aren’t protected with redundancy there are some real dangers you could lose availability or data (in PaaS, the platform has these protections built into its services). IaaS appeals to some people because it’s more similar to traditional hosting and thus somewhat more familiar, or because they prefer to take control themselves.

Not sure which way to go? For running your own applications in the cloud, PaaS is the best choice for nearly everybody.

 Public, Private, or Hybrid Cloud? 
Public Cloud: Full Cloud Computing. Cloud computing in its fullest sense is provided by large technology providers such as Amazon, Google, and Microsoft who have both the infrastructure and the experience to support large communities well with dynamic scale and high reliability. We call this “public cloud”. When you use public cloud, you get the most benefits: no up-front costs, consumption-based pricing, capacity on tap, high availability, elasticity, and no requirement to make commitments.

Private Cloud: Under Your Control. And then there’s private cloud, not quite as firmly defined yet but very much on everyone's mind. Ever since cloud computing became a category there’s been ongoing demand in the market for “private clouds”. There’s more than one interpretation of just what this means or how it can be delivered; the general idea is to benefit from the cloud computing way of doing things but with a strong degree of privacy and direct control as compared to public clouds, where you are in a shared environment. Here are some of the ways private cloud is interpreted:

1) Hardware private cloud: a local cloud computing hardware appliance for your data center.
2) Software private cloud: a software emulation you run locally.
3) Dedicated private cloud: leasing a dedicated area of a cloud computing data center not shared with other tenants.
4) Network private cloud: ability to exercise network control over assets in the cloud such as joining them to your domain and making them subject to your policies. This last idea more properly belongs in our next category, Hybrid Cloud.

Hybrid Cloud. If you’re making use of public cloud, it often makes sense to connect your cloud and on-premise assets. Using VPN technology some cloud platforms allow you to link your virtual machines running in the cloud with local on-premise machines. You might do this for example if you had a cloud-hosted web site that needed to talk to an on-premise database server. If you want to be on more intimate terms, your cloud assets can become members of your domain.

In the Windows Azure platform, all 3 forms of cloud are available: public cloud, hardware private cloud, and hybrid cloud.

Not sure what you need? Public cloud is the best starting point for most organizations, it doesn’t commit you. Whether and when you look into private cloud or hybrid cloud is something best decided once you’ve tested the public cloud waters.

 Which Cloud Computing Platform to use? 
If you’ve decided to go with PaaS or IaaS, you need to choose a vendor and platform. The big players are Amazon, Microsoft, and Google.

Amazon Web Services offers an extensive set of cloud services. I think of them as mostly focused on IaaS but they also provide a growing set of PaaS services.

Microsoft’s Windows Azure Platform also offers an extensive set of cloud services. Windows Azure is very focused on PaaS but also offers some IaaS capability. One distinguishing feature of Windows Azure is the symmetry Microsoft offers between its enterprise technology stack and its cloud services.

Google provides some interesting cloud services such as AppEngine that are very automatic in how they scale, but they limit you to a smaller set of languages and application scenarios.

Here’s a comparison I recently put together on the services offered by these vendors. Keep in mind, the platforms advance rapidly and I’m only an authority on Windows Azure; so you should definitely research this decision carefully and make sure you’re using up-to-date information.

Not sure where to go? Figure out what's important to you and compare. I have my favorite, and it's Windows Azure.

 Services: Hosted Compute vs. Consuming Services 
Even after selecting a cloud computing platform and provider you have plenty of decisions left to make! Cloud computing providers provide oodles of services such as those listed in the previous section. Which ones will you use and for what purpose? Not everyone uses the cloud in the same way. Some organizations run public web sites, customer applications, or internal departmental applications in the cloud. Some use the cloud for data archiving, backup, or disaster recovery. Some use the cloud for overflow to back up their primary data center. Some use the cloud to federate security or communication across multiple organizations. Some start-ups and newer companies put all their IT in the cloud.

We can divide the services you might use from a cloud computing provider into 2 big categories: Hosted Compute and Everything Else.

Consuming Services: Using the Cloud from a Distance. Most cloud services are consumed: that is, your programs (wherever they reside) access them by making Internet calls. Cloud services for storage, database, security, and communication work this way. Since just about any platform can issue web calls, you’re free to make use of cloud services from any operating system and any category of software application (including desktop and mobile applications).

Hosted Compute: Running your Application in the Cloud. Then there’s Hosted Compute, where your software actually runs within the cloud computing data center. That’s different, because you live there and have to conform to the requirements of the environment.

It’s not that you have to pick one category over the other: most likely you’ll be using a combination of services. However, be aware that with Hosted Compute you’re using cloud computing at a much more intimate level and it puts more constraints on the design of your application.

 Design to Minimize or Maximize Use of the Cloud? 
You have some choice about how strongly your applications are designed for the cloud platform. There are various reasons why you might favor doing as little as possible or as much as possible in this area.

Driver: Expense. If you are migrating an existing application to the cloud and are sensitive to development costs you might choose to change as little as possible. You can change your application just enough to achieve minimal conformance to the cloud platform.

Driver: Portability. If you have concerns about being locked into a platform, you might choose to stress portability and write your software in such a way that it can run in the enterprise or in the cloud. This means limiting yourself to the “common ground” features that are the same between the enterprise and the cloud.

Driver: Feature Need. There may be a specific feature in the cloud that you need and can’t find elsewhere, such as a federated security service. In this scenario you might change your application design to accommodate this one feature need.

Driver: Commitment. You may have committed to cloud computing as a style of computing you want to embrace for strategic or cultural reasons. Here you will want to do everything the cloud way, including designing your applications to strongly leverage cloud services.

 Identity: Internet, Domain, or Custom? 
When your applications run in the enterprise, the default identity model may be obvious such as securing employee applications to your domain. When you put an application in the cloud, you have to decide which security model you want to use for identity. You have many choices in identity these days.

Internet Identities. Many people today have one or more Internet identities such as Facebook, Google, Yahoo, Windows Live, or Open ID.

Domain Identities. Even if your application is in the cloud you can still secure it to your domain. There are multiple approaches for this. One is to establish a hybrid cloud virtual network connection to your domain controller. Another is putting a federated identity server in your enterprises DMZ such as ADFS.

Custom Identities. You could maintain a custom membership database. However, consider that by supporting an existing identity scheme you eliminate the need for someone to create and remember yet another identity for your application.

Federated Identity. Federated identity allows you to support multiple identities simultaneously and to add new ones over time. Windows Azure provides the AppFabric Access Control Service for federated identity. Your program only needs to talk security one way and the service takes care of communicating with multiple identity providers.

The best way to handle security today is to use claims-based security and to decouple security implementation from your code. In the Windows Azure platform, technologies used in this area include Windows Identity Foundation, ADFS, and the Access Control Service.

 Data Storage: Relational or Cheap? 
In the enterprise, the king of storage is the relational database, augmented by other types of storage such as queues and file servers. In the cloud, you also have these facilities but the dynamics and costs are such that you may want to change out the equation. For example, in the Windows Azure Platform relational database capability is 66 times more expensive than basic table storage. If your data needs are not sophisticated, table storage may make sense.

Relational Database. A cloud-based relational database is going to give you the rich features you are used to having, which will make development or migration easier. But you may have size or scalability limits or it may be more expensive than other options.

Table Storage. Some cloud platforms offer cheap, big table storage at a fraction of the cost of a relational database and without its limits. In exchange for the lessened cost developers must do a lot more work themselves and live without advanced features like stored procedures, SQL, joins and user security. Not all developers are cut out for this.

Not sure where to go? Come up with a simple data task and have it implemented both ways, then compare notes.

 Master Data Management: Here or There? 
Great, you’ve got your application and data running in the cloud—but where is the master system of record for your data, in the cloud or back in the enterprise?

Master Data in the Cloud. If your data’s master copy will be in the cloud, you need to ensure you are using a trustworthy means of storage that will protect your data. For example, in Windows Azure there is the Windows Azure Storage Service and the SQL Azure Database service, both of which protect your data through redundancy.

Master Data on Premise. If the master copy of data is on-premise, you need to think about how your cloud applications get to it: do they access it directly (through a web service or VPN connection) or do they have their own copy of the data in the cloud? If the latter, then some sort of synchronization is going to be necessary, either ongoing or periodic. Your cloud platform may provide synchronization services or you may need to adapt or create tools, scripts, or programs for this purpose.

 Service Access: REST or Platform Libraries? 
Now you’re consuming cloud services, which most often use the REST protocol for access; this means your applications issue web requests to use the service. In addition to the usual development platform choices you have about language and tools, your platform may let you choose between REST web calls vs. using a provided library. For example, in Windows Azure Storage you can access the service with REST or a .NET storage library.

REST Interface. Using REST is very popular today, and has the benefit that just about any operating system and development platform can be used since the only requirement is the ability to make web calls. However, REST also requires you to work at the web I/O level, where you need to implement creating web requests, encoding and encrypting data, interpreting web responses, handling errors and performing retries. It can be quite a bit of work.

Platform Library. A platform library in contrast is easy to work with, and if one is available for your favorite development environment and language (such as C#/.NET and Visual Studio, or Java and Eclipse) you may find a radical improvement in productivity using this approach. It may provide built-in error handling and retry logic. However, this approach does limit you to a particular platform and you are trusting the library (usually a wrapper around a native REST interface) that you may not have source code to.

Here’s an example of the difference. A call to Windows Azure Storage service to store data looks like this, and you can use REST or a .NET library to generate it.


Request Headers:
x-ms-version: 2010-09-19
x-ms-date: Sun, 2 Jan 2011 22:00:35 GMT
Content-Type: text/plain; charset=UTF-8
x-ms-blob-type: BlockBlob
x-ms-meta-m1: v1
x-ms-meta-m2: v2
Authorization: SharedKey myaccount: 4rvSHg2S6LhRuGn713bqFXRM3E08QDGbPWOhOdWO2V+DoLhbmvc2rSwIO/wwMqzxlZUh0C+Wwy0LoDj1da4wQB==
Content-Length: 13

Request Body:
Hello, Cloud!

If you used your own code to generate this REST request in C#, it would look something like this (not shown: additional code to sign and send the request):

// Create or update a blob.
// Return true on success, false if not found, throw exception on error.

public bool PutBlob(string container, string blob, string content)
    HttpWebResponse response;

        SortedList headers = new SortedList();
        headers.Add("x-ms-blob-type", "BlockBlob");

        response = CreateRESTRequest("PUT", container + "/" + blob, content, headers)
            .GetResponse() as HttpWebResponse;
        return true;
    catch (WebException ex)
        if (ex.Status == WebExceptionStatus.ProtocolError &&
            ex.Response != null &&
            (int)(ex.Response as HttpWebResponse).StatusCode == 409)
            return false;


For comparison, here’s how this is done using the .NET StorageClient library, also using C# code:

// Put (create or update) a blob.
// Return true on success, false if unable to create, throw exception on error.

public bool PutBlob(string containerName, string blobName, string content)
        CloudBlobContainer container = BlobClient.GetContainerReference(containerName);
        CloudBlob blob = container.GetBlobReference(blobName);
        return true;
    catch (StorageClientException ex)
        if ((int)ex.StatusCode == 404)
            return false;


Not sure which way to go? Your developers likely have strong opinions--or will after a little bit of experimentation.

 Closing Thoughts 
Well, there you have it. These are some of the decisions you’ll need to make on your journey into cloud computing. For some of these decisions the right way to go for your organization may be obvious. When it isn’t, do some experimentation and read up on the experiences of others.

A good way to be sure you’re making the right decisions is to get help from a knowledgeable consulting company who knows what to look for and the right questions to ask. At Neudesic we’ve teamed up with Microsoft to provide free cloud computing assessments. And of course this is yet another decision.☺

Monday, January 10, 2011

Cloud Camp LA and Cloud Camp San Diego

I'm looking forward to Cloud Camp LA the evening of Tuesday 1/11/11. This event is sold out, so if you're just hearing about it now it's too late to get in. However, not too far away is Cloud Camp San Diego on 2/09/11.

I attended the first Cloud Camp LA in 2009 and it was interesting for several reasons. First, it was a chance to interact with not just Windows Azure people but also people who use other cloud platforms such as Amazon. Second, the conference is run in an "unconference" format where there are no pre-determined sessions or speakers. Instead, the people who show up decide on the spot what they want to talk about and who will facilitate discussions. I was skeptical of this idea going in but it actually worked well. However, you do need to set proper expectations. The impromptu format means you will not have the structured presentations with slides and demos a prepared session would have. What you do get are interesting discussions, and a chance to share with others / learn from others.

Monday, January 3, 2011

Taking a Fresh Look at Windows Azure

In this post I'll take you through an updated tour of the Windows Azure platform. It's 2011, and the Windows Azure platform is coming up on the first anniversary of its commercial release. Much has been added in the last year, especially with the end-of-year 1.3 update. This will give you a good overview of what's in the platform now. Note, a few of these services are still awaiting release. This is an excerpt from my upcoming book, The Azure Handbook.


The Windows Azure area of the platform includes many core services you will use nearly every time you make use of the cloud, such as application hosting and basic storage. Currently, Windows Azure provides these services:

• Compute Service: application hosting
• Storage Service: non-database storage
• CDN Service: content delivery network
• Windows Azure Connect: virtual network
• DataMarket: marketplace for buying or selling reference data

Windows Azure Compute Service

The Compute service allows you to host your applications in a cloud data center, providing virtual machines on which to execute and a controlled, managed environment. Windows Azure Compute is different from all of the other platform services: your application doesn’t merely consume the service, it runs in the service.

The most common type of applications to host in the cloud are Internet-oriented, such as web sites and web services, but it’s possible to host other kinds of applications such as batch processes. You choose the size of virtual machine and the number of instances, which can be freely changed.

Here’s an example of how you might use the Windows Azure Compute Service. Let’s say you have a public-facing ASP.NET web site that you currently host in your enterprise’s perimeter network (DMZ). You determine that moving the application to the Windows Azure platform has some desirable benefits such as reduced cost. You update your application code to be compatible with the Windows Azure Compute Service, requiring only minor changes. You initially update and test the solution locally using the Windows Azure Simulation Environment. When you are ready for formal testing, you deploy the solution to a staging area of the Windows Azure data center nearest you. When you are satisfied the application is ready, you promote it to a production area of the data center and take it live.

Windows Azure Storage Service

The Storage service provides you with persistent non-database storage. This storage is external to your farm of VM instances (which can come and go). Data you store is safely stored with triple redundancy, and synchronization and failover are completely automatic and not visible to you.

Windows Azure Storage provides you with 3 kinds of storage: blobs, queues, and tables. Each of these has an enterprise counterpart: blobs are similar to files, queues are similar to enterprise queues, and tables are similar to database tables but lack relational database features. In each case however there are important differences to be aware of. All 3 types of storage can scale to a huge level; for example a blob can be as large as a 1 terabyte in size and a table can hold billions of records.

Windows Azure Storage Types
Storage TypeDescriptionExample use
Blob StorageSimilar to file storageStore images for your web site
Queue StorageSimilar to enterprise queuesStore orders in need of fulfillment
Table StorageSimilar to database tablesStore contact records

Blobs can be made accessible as Internet URLs which makes it possible for them to be referenced by web sites or Silverlight applications. This is useful for dynamic content such as images, video, and downloadable files. This use of blobs can be augmented with the Windows Azure CDN service for global high-performance caching based on user locale.

Here’s an example of how you might use the Windows Azure Storage service. You have a cloud-hosted web site that needs to serve up images of real estate properties. You principally keep property information in a database but put property images in Windows Azure blob storage. Your web pages reference the images from blob storage.

Windows Azure CDN Service

The Content Delivery Network (CDN) Service provides high performance distri-bution of content through a global network of edge servers and caching. The CDN currently has about 24 edge servers worldwide currently and is being regularly expanded.

A scenario for which you might consider using the CDN is a web site that serves up images, audio, or video that is accessed across a large geography. For example, a hotel chain web site could use the CDN for images and videos of its properties and amenities.

As of this writing, the CDN service currently serves up blob storage only but additional capabilities are on the way. At the PDC 2010 conference, Microsoft announced new CDN features planned for 2011 including dynamic content caching, secure SSL/TLS channels, and expansion of the edge server network. Dynamic content caching in particular is of interest because it will allow your application to create content on the fly that can be distributed through the CDN, a feature found in many other CDN services.

Windows Azure Connect

Windows Azure Connect provides virtual networking capability, allowing you to link your cloud and on-premise IT assets with VPN technology. You can also join your virtual machines in the cloud to your domain, making them subject to its policies. Many scenarios that might otherwise be a poor fit for cloud computing become feasible with virtual networking.

Here’s an example of how you might use Windows Azure Connect. Suppose you have a web application that you want to host in the cloud, but the application depends on a database server you cannot move off-premise. Using Windows Azure Connect, the web site in the cloud can still access the database server on-premise, without compromising security.

This service is not yet released commercially but is available for technical preview.

Windows Azure Marketplace DataMarket

The Windows Azure Marketplace is an online marketplace where you can find (or advertise) partners, solutions, and data. In the case of data, the marketplace is also a platform service you can access called DataMarket. You can explore DataMarket interactively at

The DataMarket service allows you to subscribe to reference data. The cost of this data varies and some data is free of charge. There are open-ended subscriptions and subscriptions limited to a certain number of transactions. You can also sell your own reference data through the DataMarket service. You are in control of the data, pricing, and terms.

The data you subscribe to is accessed in a standard way using OData, a standard based on AtomPub, HTTP, and JSON. Because the data is standardized, it is easy to mash up and feed to visualization programs.

Here’s an example of how you might use the DataMarket service. Suppose you generate marketing campaign materials on a regular basis and wish to customize the content for a neighborhood’s predominant income level and language. You subscribe to demographic data from the DataMarket service that lets you retrieve this information based on postal code.


The SQL Azure area of the platform includes services for working with relational data. Currently, SQL Azure provides these services:

• SQL Azure Database: relational database
• SQL Azure Reporting: database reporting
• SQL Azure Data Sync: database synchronization
• SQL Azure OData Service: data access service

SQL Azure Database

The SQL Azure Database provides core database functionality. SQL Azure is very similar to SQL Server to work with and leverages the same skills, tools, and pro-gramming model, including SQL Server Management Studio, T-SQL, and stored procedures.

With SQL Azure, physical management is taken care of for you: you don’t have to configure and manage a cluster of database servers, and your data is protected through replicated copies.

Here’s an example of how you might use SQL Azure Database. You have a locally-hosted web site and SQL Server database and conclude it makes better sense in the cloud. You convert the web site to a Windows Azure Compute service and the database to a SQL Azure database. Now both the application and its database are in the cloud side-by-side.

SQL Azure Reporting

SQL Azure Reporting provides reporting services for SQL Azure databases in the same way that SQL Server Reporting Services does for SQL Server databases. Like SSRS, you create reports in Business Intelligence Development Studio and they can be visualized in web pages.

Here’s an example of how you might use SQL Azure Reporting. You’ve tradition-ally been using SQL Server databases and SQL Server Reporting Services but are now starting to also use SQL Azure databases in the cloud. For reporting against your SQL Azure databases, the SQL Azure Reporting service is the logical choice.

This service is not yet released commercially but is available for technical preview.

SQL Azure Data Sync Service

The SQL Azure Data Sync service synchronizes databases, bi-directionally. One use for this service is to synchronize between an on-premise SQL Server database and an in-cloud SQL Azure database. Another use is to keep multiple SQL Azure databases in sync, even if they are in different data center locations.

Here’s an example of how you might use the SQL Azure Data Sync service. You need to create a data warehouse that consolidates information that is sourced from multiple SQL Server databases belonging to multiple branch offices. You decide SQL Azure is a good neutral place to put the data warehouse. Using SQL Azure Data Sync you keep the data warehouse in sync with its source databases.

This service is not yet released commercially but is available for technical preview.

SQL Azure OData Service

The SQL Azure OData service is a data access service: it allows applications to query and update SQL Azure databases. You can use the OData service instead of developing and hosting your own web service for data access.

OData is an emerging protocol that allows both querying and updating of data over the web; it is highly interoperable because it is based on the HTTP, REST, AtomPub, and JSON standards. OData can be easily consumed by web sites, desktop applications, and mobile devices.

Here’s an example of how you might use the SQL Azure OData service. Let’s say you have data in a SQL Azure database that you wish to access from both a web site and a mobile device. You consider that you could create and host a custom web service in the cloud for data access but realize you can avoid that work by using the SQL Azure OData service instead.

This service is not yet released commercially but is available for technical preview.


The AppFabric area of the platform includes services that facilitate enterprise-grade performance caching, communication, and federated security. Currently, AppFabric provides these services:

• AppFabric Cache Service: distributed memory cache
• AppFabric Service Bus: publish-subscribe communication
• AppFabric Access Control Service: federated security

AppFabric Cache Service

The Cache service is a distributed memory cache. Using it, applications can improve performance by keeping session state or application data in memory. This service is a cloud analogue to Windows Server AppFabric Caching for the enterprise (code-named Velocity) and has the same programming model.

Here’s an example of using the AppFabric Cache service. An online store must retrieve product information as it is used by customers, but in practice some products are more popular than others. Using the Cache service to keep frequently-accessed products in memory improves performance significantly.

This service is not yet released commercially but is available for technical preview.

AppFabric Service Bus

The Service Bus uses the cloud as a relay for communication, supporting publish-subscribe conversations that can have multiple senders and receivers. Uses for the service bus range from general communication between programs to connecting up software components that normally have no way of reaching each other. The Service Bus supports traditional client-server style communication as well as multicasting.

The Service Bus is adept at traversing firewalls, NATs, and proxies which makes it particularly useful for business-to-business scenarios. All communication looks like outgoing port 80 browser traffic so IT departments don’t need to perform any special configuration such as opening up a port; it just works. The Service Bus can be secured with the AppFabric Access Control Service.

Here’s an example of how you might use the Service Bus. You and your supply chain partners want to share information about forecasted and actual production activity with each other. Using the Service Bus, each party can publish event notification messages to all of the other parties.

Access Control Service

The Access Control Service is a federated security service. It allows you to support a diverse and expanding number of identity schemes without having to implement them individually in your code. For example, your web site could allow users to sign in with their preferred Google, Yahoo!, Facebook, or Live ID identities. The ACS also supports domain security through federated identity servers such as ADFS, allowing cloud-hosted applications to authenticate enterprise users.

The ACS uses claims-based security and supports modern security protocols and artifacts such as SAML and SWT. Windows applications typically use Windows Identity Foundation to interact with the ACS. The ACS decouples your application code from the implementation of a particular identity system. Instead, your application just talks to the ACS and the ACS in turn talks to one or more identity providers. This approach allows you to change or expand identify providers without having to change your application code. You use rules to normalize the claims from different identity providers into one scheme your application expects.

Here’s an example of how you might use the ACS. Your manufacturing company has corporate clients across the country who need to interact with your online ordering, support, and repair systems—but you don’t want the burden of administering each of their employees as users. With the ACS, each client can authenticate using their preferred, existing identity scheme. One customer authenticates with their Active Directory, another uses IBM Tivoli, another uses Yahoo! identities. Claims from these identity providers are normalized into one scheme which is all your applications have to support.

As you can see, the Windows Azure platform has come a long way in a short time--and there's plenty more innovation ahead.