microsoft
/
AzureTipsAndTricks
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

deploy

This commit is contained in:
Michael Crump 2019-04-16 18:54:12 -07:00
Родитель 58107e7573
Коммит 9961bc696b
11 изменённых файлов: 43 добавлений и 43 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

Двоичные данные
.DS_Store поставляемый
Просмотреть файл

Двоичный файл не отображается.

12
blog/tip180.md
Просмотреть файл

@ -13,13 +13,13 @@ date: 2019-01-27 17:00:00
One of the more vexing problems for developers is securing access to other services used by their applications. Databases and other restricted resources need authentication, and your apps need to provide that, but how? Passwords within your code? (Un)encrypted configuration files? Certificate stores? Hardware? And who safeguards and manages these resources?
Addressing these concerns is the primary objective of [Azure Key Vault](https://azure.microsoft.com/en-us/services/key-vault/), a globally available service to store and manage three types of assets:
Addressing these concerns is the primary objective of [Azure Key Vault](https://azure.microsoft.com/en-us/services/key-vault?WT.mc_id=azure-azuretipsandtricks-micrum/), a globally available service to store and manage three types of assets:
- Secrets - sensitive strings like passwords and database connection strings. You might store your application's database password as a secret, for instance.
- Encryption keys - RSA or Elliptic Curve keys that you would use for cryptographic operations such as encrypting application data for transit or storage.
- Certificates - X.509 certificates that you may provision through Azure Key Vault or via other providers like DigiCert.
In this post, you're going to see how to create and manage a secret, but keys work in much the same way. Certificates are a little more complex, and in fact themselves used keys and secrets. Check out [Get started with Key Vault Certificates](https://docs.microsoft.com/en-us/azure/key-vault/certificate-scenarios) for more information specifically on certificates.
In this post, you're going to see how to create and manage a secret, but keys work in much the same way. Certificates are a little more complex, and in fact themselves used keys and secrets. Check out [Get started with Key Vault Certificates](https://docs.microsoft.com/en-us/azure/key-vault/certificate-scenarios?WT.mc_id=docs-azuretipsandtricks-micrum) for more information specifically on certificates.
#### Creating a Key Vault Account
@ -31,7 +31,7 @@ Access to the Key Vault is managed via policies to which principals (like users
<img :src="$withBase('/files/create-kv-policy.png')">
Indeed, across the three entities (keys, secrets, and certificates), there are 40 permissions that can be individually granted, thus supporting the [principle of least privilege](https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/implementing-least-privilege-administrative-models). For instance, a web API that is accessing SQL Server might have GET permission on the secrets store, but only members of the security team would have SET permission to modify the database password. That's a simplistic example, so [here's another scenario](https://docs.microsoft.com/en-us/azure/key-vault/key-vault-secure-your-key-vault#example) involving developers, the security team, and even auditors.
Indeed, across the three entities (keys, secrets, and certificates), there are 40 permissions that can be individually granted, thus supporting the [principle of least privilege](https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/implementing-least-privilege-administrative-models?WT.mc_id=docs-azuretipsandtricks-micrum). For instance, a web API that is accessing SQL Server might have GET permission on the secrets store, but only members of the security team would have SET permission to modify the database password. That's a simplistic example, so [here's another scenario](https://docs.microsoft.com/en-us/azure/key-vault/key-vault-secure-your-key-vault#example?WT.mc_id=docs-azuretipsandtricks-micrum) involving developers, the security team, and even auditors.
#### Adding a Secret
@ -43,7 +43,7 @@ Once the secret is created, you'll notice that there is a bit more depth to this
<img :src="$withBase('/files/kv-history.png')">
Although the Azure portal is a convenient visual approach to interact with Key Vault, for most scenarios you will want to have a repeatable and isolated process for managing Key Vault. Supporting that are the [Azure CLI](https://docs.microsoft.com/en-us/azure/key-vault/quick-create-cli) and [PowerShell cmdlets](https://docs.microsoft.com/en-us/azure/key-vault/quick-create-powershell) as well as [integration with Azure Resource Manager (ARM) templates](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-keyvault-parameter).
From the perspective of consuming secrets (as well as keys and certificates) from Key Vault within your applications, SDKs and libraries are available in [.NET](https://docs.microsoft.com/en-us/dotnet/api/microsoft.azure.keyvault?view=azure-dotnet), [Java](https://docs.microsoft.com/en-us/java/api/overview/azure/keyvault?view=azure-java-stable), [Node.js](https://docs.microsoft.com/en-us/javascript/api/overview/azure/key-vault?view=azure-node-latest), and [Python](https://docs.microsoft.com/en-us/python/api/overview/azure/key-vault?view=azure-python), and, of course,
you can use the [REST API](https://docs.microsoft.com/en-us/rest/api/keyvault/) from any programming environment that supports HTTP. We'll look at a small sample using the .NET SDK in the [next installment](tip181).
Although the Azure portal is a convenient visual approach to interact with Key Vault, for most scenarios you will want to have a repeatable and isolated process for managing Key Vault. Supporting that are the [Azure CLI](https://docs.microsoft.com/en-us/azure/key-vault/quick-create-cli?WT.mc_id=docs-azuretipsandtricks-micrum) and [PowerShell cmdlets](https://docs.microsoft.com/en-us/azure/key-vault/quick-create-powershell?WT.mc_id=docs-azuretipsandtricks-micrum) as well as [integration with Azure Resource Manager (ARM) templates](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-keyvault-parameter?WT.mc_id=docs-azuretipsandtricks-micrum).
From the perspective of consuming secrets (as well as keys and certificates) from Key Vault within your applications, SDKs and libraries are available in [.NET](https://docs.microsoft.com/en-us/dotnet/api/microsoft.azure.keyvault?view=azure-dotnet?WT.mc_id=docs-azuretipsandtricks-micrum), [Java](https://docs.microsoft.com/en-us/java/api/overview/azure/keyvault?view=azure-java-stable?WT.mc_id=docs-azuretipsandtricks-micrum), [Node.js](https://docs.microsoft.com/en-us/javascript/api/overview/azure/key-vault?view=azure-node-latest?WT.mc_id=docs-azuretipsandtricks-micrum), and [Python](https://docs.microsoft.com/en-us/python/api/overview/azure/key-vault?view=azure-python?WT.mc_id=docs-azuretipsandtricks-micrum), and, of course,
you can use the [REST API](https://docs.microsoft.com/en-us/rest/api/keyvault?WT.mc_id=docs-azuretipsandtricks-micrum/) from any programming environment that supports HTTP. We'll look at a small sample using the .NET SDK in the [next installment](tip181).

10
blog/tip181.md
Просмотреть файл

@ -9,7 +9,7 @@ date: 2019-01-28 17:00:00
#### Taking a peek at Azure Key Vault Part 2 of 2
In the [previous post](tip180), you set up Key Vault and added a secret via the Azure portal. Now you'll see how to securely access that secret programmatically. Let's start by creating a ASP.NET Core API app in Visual Studio (or you can [grab the completed project here](https://github.com/mbcrump/azure-key-vault)):
In the [previous post](tip180), you set up Key Vault and added a secret via the Azure portal. Now you'll see how to securely access that secret programmatically. Let's start by creating a ASP.NET Core API app in Visual Studio (or you can [grab the completed project here](https://github.com/mbcrump/azure-key-vault?WT.mc_id=github-azuretipsandtricks-micrum)):
<img :src="$withBase('/files/new-api-app.png')">
@ -53,7 +53,7 @@ public async Task<IActionResult> Get()
}
```
It's the authentication process (the missing implementation of **authCallback** in the code above) that has historically been a bit tricky; however, with [Azure AD Managed Service Identity (MSI)](https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview) it's very straightforward.
It's the authentication process (the missing implementation of **authCallback** in the code above) that has historically been a bit tricky; however, with [Azure AD Managed Service Identity (MSI)](https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview?WT.mc_id=docs-azuretipsandtricks-micrum) it's very straightforward.
Initialize, **authCallback** (right after the initialization of the **secret** variable) as follows:
@ -64,7 +64,7 @@ Initialize, **authCallback** (right after the initialization of the **secret** v
This creates a callback method that uses the **AzureServiceTokenProvider** class to access Key Vault on behalf of the application, without explicit use of secrets or certificates.
During development, if you are signed in via the [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/?view=azure-cli-latest), the app will authenticate using that identity. Of course, that identity needs requisite (Get) access to secrets in Key Vault, but if it's the same user that set up the secret, it already has more permissions than needed.
During development, if you are signed in via the [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/?view=azure-cli-latest?WT.mc_id=docs-azuretipsandtricks-micrum), the app will authenticate using that identity. Of course, that identity needs requisite (Get) access to secrets in Key Vault, but if it's the same user that set up the secret, it already has more permissions than needed.
To set up the application to run within Azure, create a new API app in the Azure portal, and via the **Managed service identity** option under **Settings**, select **On** to register with Azure Active Directory. This creates a service principal that the API app can use to authenticate itself to other Azure services like Key Vault.
@ -78,7 +78,7 @@ Now, you can deploy the application and run it from Azure as well.
<img :src="$withBase('/files/browser-2.png')">
If you are building ASP.NET Core applications, you should also be aware of the Azure Key Vault configuration provider, which extends the [ASP.NET Core configuration provider](https://docs.microsoft.com/en-us/aspnet/core/security/key-vault-configuration?view=aspnetcore-2.1) to coalesce configuration data from multiple sources and expose it via dependency injection to your controllers.
If you are building ASP.NET Core applications, you should also be aware of the Azure Key Vault configuration provider, which extends the [ASP.NET Core configuration provider](https://docs.microsoft.com/en-us/aspnet/core/security/key-vault-configuration?view=aspnetcore-2.1?WT.mc_id=docs-azuretipsandtricks-micrum) to coalesce configuration data from multiple sources and expose it via dependency injection to your controllers.
In the **Program.cs** of your ASP.NET Core application, add the following call to **ConfigureAppConfiguration** to first get the name of the Key Vault from standard app properties and then use the **AddAzureKeyVault** extension method to gather all the names of the Key Vault secrets into the **IConfiguration** reference. Note, because the extension *enumerates* the secrets in Key Vault, you will need to grant the MSI List as well as Get permissions on the Key Vault instance.
@ -122,6 +122,6 @@ The complete body of the controller then becomes
}
```
For more on this subject, [Use Key Vault from App Service with Managed Service Identity](https://github.com/Azure-Samples/app-service-msi-keyvault-dotnet) on GitHub has a larger sample of using MSI to authenticate to Key Vault. Additionally, you can find [examples](https://docs.microsoft.com/en-us/azure/key-vault/key-vault-use-from-web-application) that cover manual application registration using client secrets and certificates; however, those techniques are no longer recommended whenever MSI can be used.
For more on this subject, [Use Key Vault from App Service with Managed Service Identity](https://github.com/Azure-Samples/app-service-msi-keyvault-dotnet?WT.mc_id=github-azuretipsandtricks-micrum) on GitHub has a larger sample of using MSI to authenticate to Key Vault. Additionally, you can find [examples](https://docs.microsoft.com/en-us/azure/key-vault/key-vault-use-from-web-application?WT.mc_id=docs-azuretipsandtricks-micrum) that cover manual application registration using client secrets and certificates; however, those techniques are no longer recommended whenever MSI can be used.
I hope this helps someone out there!

10
blog/tip182.md
Просмотреть файл

@ -10,7 +10,7 @@ date: 2019-02-03 17:00:00
Recently a question came up about how to securely connect existing VNETs. This got me thinking about how I have VMs deployed in their own VNETs.
Often when I set up a VM for a demo, Ill use the default settings, which creates a VNET for each VM. In this post, Ill walk you through how to set up a [hub-spoke network topology](https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/hub-spoke?toc=%2fazure%2fvirtual-network%2ftoc.json) to connect existing VNETs.
Often when I set up a VM for a demo, Ill use the default settings, which creates a VNET for each VM. In this post, Ill walk you through how to set up a [hub-spoke network topology](https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/hub-spoke?toc=%2fazure%2fvirtual-network%2ftoc.json?WT.mc_id=docs-azuretipsandtricks-micrum?WT.mc_id=docs-azuretipsandtricks-micrum) to connect existing VNETs.
#### My requirements
@ -26,12 +26,12 @@ Subscription 1:
* hub-vnet – the VNET with the Point-to-Site VPN configured
* vnet-gw – the VNET gateway
* win2016svr-east – VM inside the VNET with no public IP ([Windows Server 2016 DataCenter](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/Microsoft.WindowsServer?tab=Overview))
* win2016svr-east – VM inside the VNET with no public IP ([Windows Server 2016 DataCenter](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/Microsoft.WindowsServer?tab=Overview?WT.mc_id=azure-azuretipsandtricks-micrum))
* spoke2-vnet – second VNET with no gateway
o win10vm2-east – VM inside the VNET with no public IP ([Windows 10 image](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/microsoftwindowsdesktop.windows-10?tab=Overview))
o win10vm2-east – VM inside the VNET with no public IP ([Windows 10 image](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/microsoftwindowsdesktop.windows-10?tab=Overview?WT.mc_id=azure-azuretipsandtricks-micrum?WT.mc_id=azure-azuretipsandtricks-micrum))
Subscription 2:
* spoke1-vnet – VNET in another subscription (but same Azure Active Directory)
o win10vm-east – VM inside the VNET with no public IP ([Windows 10 image](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/microsoftwindowsdesktop.windows-10?tab=Overview))
o win10vm-east – VM inside the VNET with no public IP ([Windows 10 image](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/microsoftwindowsdesktop.windows-10?tab=Overview?WT.mc_id=azure-azuretipsandtricks-micrum?WT.mc_id=azure-azuretipsandtricks-micrum))
<img :src="$withBase('/files/peering1.png')">
@ -100,6 +100,6 @@ Once I have it reinstalled, I **connect the VPN**.
Thats all it takes to connect all three VNETs using VNET peering!
Read the full detail of how to [Implement a hub-spoke network topology in Azure](https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/hub-spoke?toc=%2fazure%2fvirtual-network%2ftoc.json) on the Azure Architecture site or watch [Virtual Network (vNet) Peering](https://channel9.msdn.com/Shows/Azure-Friday/Virtual-Network-vNet-Peering?term=vnet%20peering&lang-en=true) on Azure Friday.
Read the full detail of how to [Implement a hub-spoke network topology in Azure](https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/hub-spoke?toc=%2fazure%2fvirtual-network%2ftoc.json?WT.mc_id=docs-azuretipsandtricks-micrum?WT.mc_id=docs-azuretipsandtricks-micrum) on the Azure Architecture site or watch [Virtual Network (vNet) Peering](https://channel9.msdn.com/Shows/Azure-Friday/Virtual-Network-vNet-Peering?term=vnet%20peering&lang-en=true?WT.mc_id=ch9-azuretipsandtricks-micrum) on Azure Friday.

4
blog/tip183.md
Просмотреть файл

@ -13,13 +13,13 @@ With your personal finances, if youve ever wondered where all your money goes
Cloudyn is like Quicken on steroids for your cloud costs on Azure.
Note Cloudyn is related to, but separate from native [Azure Cost Management](https://azure.microsoft.com/services/cost-management')">. Cost Management has no onboarding, ~8-hour data latency, and is [integrated into the Azure portal](https://aka.ms/costmgmt). Cost Management is recommended for individiuals and organizations with Enterprise Aggreement (EA), pay-as-you-go, dev/test, and free/trial subscriptions. Cloud Solution Provider (CSP) customers should start with Cloudyn.
Note Cloudyn is related to, but separate from native [Azure Cost Management](https://azure.microsoft.com/services/cost-management?WT.mc_id=azure-azuretipsandtricks-micrum')">. Cost Management has no onboarding, ~8-hour data latency, and is [integrated into the Azure portal](https://aka.ms/costmgmt?WT.mc_id=akams-azuretipsandtricks-micrum?WT.mc_id=akams-azuretipsandtricks-micrum). Cost Management is recommended for individiuals and organizations with Enterprise Aggreement (EA), pay-as-you-go, dev/test, and free/trial subscriptions. Cloud Solution Provider (CSP) customers should start with Cloudyn.
##### How to set up Cloudyn
To use Cloudyn, first you need to register your subscription to get the billing information shared with the Cloudyn portal.
In the Azure Portal, select **Cost Management + Billing**, select [**Cost Management**](https://aka.ms/costmgmt) (if available), then **Cloudyn** and finally click the **Go to Cloudyn** button.
In the Azure Portal, select **Cost Management + Billing**, select [**Cost Management**](https://aka.ms/costmgmt?WT.mc_id=akams-azuretipsandtricks-micrum?WT.mc_id=akams-azuretipsandtricks-micrum) (if available), then **Cloudyn** and finally click the **Go to Cloudyn** button.
<img :src="$withBase('/files/costmanagement1.png')">

16
blog/tip185.md
Просмотреть файл

@ -1,4 +1,4 @@
---
---
type: post
title: "Tip 185 - Performance Testing on Cosmos DB"
excerpt: "Learn how to implement performance testing on Cosmos DB"
@ -9,7 +9,7 @@ date: 2019-03-10 17:00:00
#### Performance Testing on Cosmos DB
Although [Cosmos DB](https://azure.microsoft.com/en-us/services/cosmos-db) comes with global availability and guaranteed performance, it's still incumbent on the developer and architect to understand the implication of application and database design choices on performance. Central to the discussion of performance in Cosmos DB is the concept of a [request unit (RU)](https://docs.microsoft.com/en-us/azure/cosmos-db/request-units), which is canonically defined as the processing capacity (CPU, memory, and IOPS) to perform a GET (retrieve) on a 1-KB document with 10 properties. Requests to delete, insert, or update require more capacity and so result in a higher RU cost. For instance, an insert of that same 1-KB document would incur a cost of 5 RUs.
Although [Cosmos DB](https://azure.microsoft.com/en-us/services/cosmos-db?WT.mc_id=azure-azuretipsandtricks-micrum) comes with global availability and guaranteed performance, it's still incumbent on the developer and architect to understand the implication of application and database design choices on performance. Central to the discussion of performance in Cosmos DB is the concept of a [request unit (RU)](https://docs.microsoft.com/en-us/azure/cosmos-db/request-units?WT.mc_id=docs-azuretipsandtricks-micrum), which is canonically defined as the processing capacity (CPU, memory, and IOPS) to perform a GET (retrieve) on a 1-KB document with 10 properties. Requests to delete, insert, or update require more capacity and so result in a higher RU cost. For instance, an insert of that same 1-KB document would incur a cost of 5 RUs.
RUs are also the currency of scale in Cosmos DB and, given that the RU cost of a single operation is deterministic, it is possible to estimate the cost of anticipated operations as well as to monitor the actual cost of completed operations. Armed with this information, you will be able to better assess the performance and scalability of your data architecture from planning to implementation to monitoring the production system.
@ -23,7 +23,7 @@ Here we can see that a query-heavy app storing 50,000 documents (of which **samp
##### Development Insight
While developing your data access strategies, take a look at [Performance and scale testing with Azure Cosmos DB](https://docs.microsoft.com/en-us/azure/cosmos-db/performance-testing). It describes an [open-source benchmarking project](https://github.com/Azure/azure-cosmosdb-dotnet/tree/master/samples/documentdb-benchmark) that you can adapt to your own domain to get a more precise accounting of RUs and thus the expected performance of your application. The code uses the .NET SDK and specifically applies to inserts into a document database (versus tables or graphs), but the concepts in the code can be adapted to your specific data model and query profiles. A key part of the processing is accumulating the **RequestCharge** from each operation:
While developing your data access strategies, take a look at [Performance and scale testing with Azure Cosmos DB](https://docs.microsoft.com/en-us/azure/cosmos-db/performance-testing?WT.mc_id=docs-azuretipsandtricks-micrum). It describes an [open-source benchmarking project](https://github.com/Azure/azure-cosmosdb-dotnet/tree/master/samples/documentdb-benchmark?WT.mc_id=github-azuretipsandtricks-micrum) that you can adapt to your own domain to get a more precise accounting of RUs and thus the expected performance of your application. The code uses the .NET SDK and specifically applies to inserts into a document database (versus tables or graphs), but the concepts in the code can be adapted to your specific data model and query profiles. A key part of the processing is accumulating the **RequestCharge** from each operation:
```C#
ResourceResponse<Document> response = await client.CreateDocumentAsync(
@ -36,9 +36,9 @@ For the execution captured below, the exact cost of inserting 10,000 test docume
<img :src="$withBase('/files/benchmarkapp.png')">
It's important to note, too, that [partitioning](https://docs.microsoft.com/en-us/azure/cosmos-db/partition-data), [consistency levels](https://docs.microsoft.com/en-us/azure/cosmos-db/consistency-levels), and [indexing](https://docs.microsoft.com/en-us/azure/cosmos-db/indexing-policies) will also have an impact on performance, so you may want to establish a baseline benchmark application and judiciously modify various configuration options and settings to determine their effect on performance.
It's important to note, too, that [partitioning](https://docs.microsoft.com/en-us/azure/cosmos-db/partition-data?WT.mc_id=docs-azuretipsandtricks-micrum), [consistency levels](https://docs.microsoft.com/en-us/azure/cosmos-db/consistency-levels?WT.mc_id=docs-azuretipsandtricks-micrum), and [indexing](https://docs.microsoft.com/en-us/azure/cosmos-db/indexing-policies?WT.mc_id=docs-azuretipsandtricks-micrum) will also have an impact on performance, so you may want to establish a baseline benchmark application and judiciously modify various configuration options and settings to determine their effect on performance.
Also consider using the [Azure Cosmos DB Emulator](https://docs.microsoft.com/en-us/azure/cosmos-db/local-emulator) as the target of the performance testing application. It only supports document style databases and doesn't simulate different consistency levels, but it will provide insight into RU costs without incurring actual charges for running your performance tests against your Azure instance.
Also consider using the [Azure Cosmos DB Emulator](https://docs.microsoft.com/en-us/azure/cosmos-db/local-emulator?WT.mc_id=docs-azuretipsandtricks-micrum) as the target of the performance testing application. It only supports document style databases and doesn't simulate different consistency levels, but it will provide insight into RU costs without incurring actual charges for running your performance tests against your Azure instance.
##### Production Monitoring
For an operational database, the Azure portal Monitoring -> Metrics blade provides in-depth statistics on throughput, storage, availability, and latency. The Storage tab is of particular interest in that it lends insight into the partitioning of the data. Be sure to drill down into a specific database and collection to see the partition-specific metrics.
@ -48,8 +48,8 @@ In the snapshot captured here, partitions are relatively evenly distributed, whi
<img :src="$withBase('/files/partitions.png')">
As you use the insight from these metrics to resolve potential bottlenecks, take a look at the performance tips offered by Microsoft in the following links:
- [Performance tips for .NET SDK](https://docs.microsoft.com/en-us/azure/cosmos-db/performance-tips) (or [Java](https://docs.microsoft.com/en-us/azure/cosmos-db/performance-tips-async-java))
- [Cost-effective reads and writes](https://docs.microsoft.com/en-us/azure/cosmos-db/key-value-store-cost)
- [SQL data partitioning](https://docs.microsoft.com/en-us/azure/cosmos-db/sql-api-partition-data)
- [Performance tips for .NET SDK](https://docs.microsoft.com/en-us/azure/cosmos-db/performance-tips?WT.mc_id=docs-azuretipsandtricks-micrum) (or [Java](https://docs.microsoft.com/en-us/azure/cosmos-db/performance-tips?WT.mc_id=docs-azuretipsandtricks-micrum-async-java))
- [Cost-effective reads and writes](https://docs.microsoft.com/en-us/azure/cosmos-db/key-value-store-cost?WT.mc_id=docs-azuretipsandtricks-micrum)
- [SQL data partitioning](https://docs.microsoft.com/en-us/azure/cosmos-db/sql-api-partition-data?WT.mc_id=docs-azuretipsandtricks-micrum)

12
blog/tip186.md
Просмотреть файл

@ -1,4 +1,4 @@
---
---
type: post
title: "Tip 186 - Easily add real-time web functionality to applications with Azure SignalR Service"
excerpt: "Normally when we think of the web, we think of a mostly passive experience. Using SignalR, you can have a real-time, two-way conversation with someone over the web. And with Azure SignalR Service, you get a fully managed service that helps you build real-time experiences."
@ -9,9 +9,9 @@ date: 2019-03-11 17:00:00
#### Easily add real-time web functionality to applications with Azure SignalR Service
Hi, folks. Today I wanted to chat with you about real-time web functionality. Normally when we think of the web, we think of a mostly passive experience. When you bring up your mail web client and leave it for a while, your mail gets stale. You wont get your recent emails until you refresh the page, or, if youre lucky, your client has a timer that automatically refreshes the page for you. But it doesnt have to be this way. [SignalR](https://docs.microsoft.com/en-us/aspnet/core/signalr/introduction?view=aspnetcore-2.1) is a technology that can push new emails to you as soon as they arrive. Using SignalR, you can even have a real-time, two-way conversation with someone over the web. And with [Azure SignalR Service](https://azure.microsoft.com/en-us/services/signalr-service')">, you get a fully managed service that helps you build real-time experiences such as [chat](https://github.com/aspnet/SignalR-samples/tree/master/ChatSample), [stock tickers](https://github.com/aspnet/SignalR-samples/tree/master/StockTickR), live [whiteboard](https://github.com/aspnet/SignalR-samples/tree/master/WhiteBoard), and more.
Hi, folks. Today I wanted to chat with you about real-time web functionality. Normally when we think of the web, we think of a mostly passive experience. When you bring up your mail web client and leave it for a while, your mail gets stale. You wont get your recent emails until you refresh the page, or, if youre lucky, your client has a timer that automatically refreshes the page for you. But it doesnt have to be this way. [SignalR](https://docs.microsoft.com/en-us/aspnet/core/signalr/introduction?view=aspnetcore-2.1?WT.mc_id=docs-azuretipsandtricks-micrum) is a technology that can push new emails to you as soon as they arrive. Using SignalR, you can even have a real-time, two-way conversation with someone over the web. And with [Azure SignalR Service](https://azure.microsoft.com/en-us/services/signalr-service?WT.mc_id=azure-azuretipsandtricks-micrum')">, you get a fully managed service that helps you build real-time experiences such as [chat](https://github.com/aspnet/SignalR-samples/tree/master/ChatSample?WT.mc_id=github-azuretipsandtricks-micrum), [stock tickers](https://github.com/aspnet/SignalR-samples/tree/master/StockTickR?WT.mc_id=github-azuretipsandtricks-micrum), live [whiteboard](https://github.com/aspnet/SignalR-samples/tree/master/WhiteBoard?WT.mc_id=github-azuretipsandtricks-micrum), and more.
##### Real-time web functionality with SignalR
SignalR is built on ASP.NET Core, and the secret sauce behind the SignalR architecture is something called [Hubs](https://docs.microsoft.com/en-us/aspnet/core/signalr/hubs?view=aspnetcore-2.1). Hubs run on your server and route messages in and out to make sure they get to the intended web recipient in real time. When you develop a Hub in your middleware, there are two pieces of code that tie everything together.
SignalR is built on ASP.NET Core, and the secret sauce behind the SignalR architecture is something called [Hubs](https://docs.microsoft.com/en-us/aspnet/core/signalr/hubs?view=aspnetcore-2.1?WT.mc_id=docs-azuretipsandtricks-micrum). Hubs run on your server and route messages in and out to make sure they get to the intended web recipient in real time. When you develop a Hub in your middleware, there are two pieces of code that tie everything together.
```
services.AddSignalR();
@ -52,13 +52,13 @@ You should now develop your SignalR app in either VS Code or, as I do here, in V
<img :src="$withBase('/files/create_chat_app.png')">
There are lots of great [tutorials](https://docs.microsoft.com/en-us/aspnet/core/tutorials/signalr?view=aspnetcore-2.1&tabs=visual-studio), and even [completed samples](https://github.com/aspnet/AzureSignalR-samples/tree/master/samples/ChatRoomLocal), that will show you how to do this, so I wont waste your time with it. However, I do want to remind you to do three things before deploying your SignalR app to your SignalR Service.
There are lots of great [tutorials](https://docs.microsoft.com/en-us/aspnet/core/tutorials/signalr?view=aspnetcore-2.1&tabs=visual-studio?WT.mc_id=docs-azuretipsandtricks-micrum), and even [completed samples](https://github.com/aspnet/AzureSignalR-samples/tree/master/samples/ChatRoomLocal?WT.mc_id=github-azuretipsandtricks-micrum), that will show you how to do this, so I wont waste your time with it. However, I do want to remind you to do three things before deploying your SignalR app to your SignalR Service.
<img :src="$withBase('/files/manage_secret.png')">
1) The first thing youll want to do is store your secret key using the [Secret Manager](https://docs.microsoft.com/en-us/aspnet/core/security/app-secrets?view=aspnetcore-2.1&tabs=windows). Right- click your project in Solution Explorer and use the Manage User Secrets option.
1) The first thing youll want to do is store your secret key using the [Secret Manager](https://docs.microsoft.com/en-us/aspnet/core/security/app-secrets?view=aspnetcore-2.1&tabs=windows?WT.mc_id=docs-azuretipsandtricks-micrum). Right- click your project in Solution Explorer and use the Manage User Secrets option.
This will store your secret outside of your actual project for added security during development. When you get ready to move to test or production, you will want to use [Azure Key Vault](https://docs.microsoft.com/en-us/aspnet/core/security/key-vault-configuration?view=aspnetcore-2.1) instead.
This will store your secret outside of your actual project for added security during development. When you get ready to move to test or production, you will want to use [Azure Key Vault](https://docs.microsoft.com/en-us/aspnet/core/security/key-vault-configuration?view=aspnetcore-2.1?WT.mc_id=docs-azuretipsandtricks-micrum) instead.
2) Next, find your AddSignalR method and append AddAzureSignalR to it like this:

4
blog/tip187.md
Просмотреть файл

@ -9,7 +9,7 @@ date: 2019-03-17 17:00:00
#### Create a back end for your next native iOS application
Azure defines a number of services for app developers covering data storage, notifications, authentication, etc. Wouldn't it be great if there was a simple platform-as-a-service (PaaS) offering that tied all these together to quickly build a back end for your app? Good news. That offering already exists: the [Mobile Apps](https://azure.microsoft.com/services/app-service/mobile) feature in Azure App Service.
Azure defines a number of services for app developers covering data storage, notifications, authentication, etc. Wouldn't it be great if there was a simple platform-as-a-service (PaaS) offering that tied all these together to quickly build a back end for your app? Good news. That offering already exists: the [Mobile Apps](https://azure.microsoft.com/services/app-service/mobile?WT.mc_id=azure-azuretipsandtricks-micrum) feature in Azure App Service.
#### Start my app
From the Azure portal, select **Create a resource**, search for **Mobile**, and you'll find the **Mobile App** item. To create a new app, you'll need a unique name and you can select an app service plan. For development, there is a free tier that allows you to get started.
@ -58,5 +58,5 @@ A limitation of the Quickstart code is that it uses anonymous access. From the *
#### Go your own way
For detailed instructions on building your own Azure Mobile App, you can follow this [Quickstart](https://docs.microsoft.com/en-us/azure/app-service-mobile/app-service-mobile-ios-get-started). You can also find more details about [adding authentication and configuring your tables](https://docs.microsoft.com/en-us/azure/app-service-mobile/app-service-mobile-ios-get-started-users). Support for authentication is already in the MicrosoftAzureMobile.framework, so it only requires a few additional lines of code. The Mobile App can easily be extended with push notification support using [Azure Notification Hubs](https://docs.microsoft.com/azure/notification-hubs), but that warrants a separate blog post.
For detailed instructions on building your own Azure Mobile App, you can follow this [Quickstart](https://docs.microsoft.com/en-us/azure/app-service-mobile/app-service-mobile-ios-get-started?WT.mc_id=docs-azuretipsandtricks-micrum). You can also find more details about [adding authentication and configuring your tables](https://docs.microsoft.com/en-us/azure/app-service-mobile/app-service-mobile-ios-get-started?WT.mc_id=docs-azuretipsandtricks-micrum-users). Support for authentication is already in the MicrosoftAzureMobile.framework, so it only requires a few additional lines of code. The Mobile App can easily be extended with push notification support using [Azure Notification Hubs](https://docs.microsoft.com/azure/notification-hubs?WT.mc_id=docs-azuretipsandtricks-micrum), but that warrants a separate blog post.

6
blog/tip188.md
Просмотреть файл

@ -1,4 +1,4 @@
---
---
type: post
title: "Tip 188 - Work with Notification Hubs on your next Native iOS application"
excerpt: "Learn how to use Notification Hubs from a Native iOS app"
@ -9,7 +9,7 @@ date: 2019-03-18 17:00:00
#### Work with Notification Hubs on your next Native iOS application
[Azure Notification Hubs](https://docs.microsoft.com/azure/notification-hubs) provides an integrated back end capable of pushing notifications to all the major mobile platforms through their different cloud services. iOS apps use the [Apple Push Notification Service](https://developer.apple.com/documentation/usernotifications) (APNS), and Notification Hubs can push messages through this service either directly or via an [Azure Mobile App](https://azure.microsoft.com/services/app-service/mobile) back end. Notification Hubs allows you to push messages to millions of devices across platforms with a single API call. These can be to all users, or to particular segments of your customers using tags.
[Azure Notification Hubs](https://docs.microsoft.com/azure/notification-hubs?WT.mc_id=docs-azuretipsandtricks-micrum) provides an integrated back end capable of pushing notifications to all the major mobile platforms through their different cloud services. iOS apps use the [Apple Push Notification Service](https://developer.apple.com/documentation/usernotifications) (APNS), and Notification Hubs can push messages through this service either directly or via an [Azure Mobile App](https://azure.microsoft.com/services/app-service/mobile?WT.mc_id=azure-azuretipsandtricks-micrum) back end. Notification Hubs allows you to push messages to millions of devices across platforms with a single API call. These can be to all users, or to particular segments of your customers using tags.
#### Get certified
@ -84,6 +84,6 @@ On success, you'll see a list of device registrations and status of the sent mes
#### Pushing ahead
You've seen that it's very easy to create and use Notification Hubs as long as you work through each of the configuration steps so Notification Hubs has the right certificate and your app is configured correctly. Once that is done, you have a permanent communication channel between your app and your back-end service to keep your app alive. To explore further, you can [view documentation](https://docs.microsoft.com/azure/notification-hubs/notification-hubs-ios-apple-push-notification-apns-get-started) that will give you more details on targeting individuals and groups of users for a more personal experience.
You've seen that it's very easy to create and use Notification Hubs as long as you work through each of the configuration steps so Notification Hubs has the right certificate and your app is configured correctly. Once that is done, you have a permanent communication channel between your app and your back-end service to keep your app alive. To explore further, you can [view documentation](https://docs.microsoft.com/azure/notification-hubs?WT.mc_id=docs-azuretipsandtricks-micrum/notification-hubs-ios-apple-push-notification-apns-get-started) that will give you more details on targeting individuals and groups of users for a more personal experience.

4
blog/tip189.md
Просмотреть файл

@ -1,4 +1,4 @@
---
---
type: post
title: "Tip 189 - Guided tour of Azure Machine Learning Studio"
excerpt: "If it makes the tool more approachable, you could think of Azure ML Studio as the low bar for machine learning that makes it easy for everyone to get into AI. I like to think of it more simply as a playroom where I do experiments with machine learning that no else needs to see."
@ -15,7 +15,7 @@ In a world where there are WYSIWIG editors for practically everything, have you
If it makes the tool more approachable, you could think of Azure ML Studio as the low bar for machine learning that makes it easy for everyone to get into AI. I like to think of it more simply as a playroom where I do experiments with machine learning that no else needs to see.
ML Studio has a completely [free tier](https://azure.microsoft.com/en-us/pricing/details/machine-learning-studio')"> that gives you two hours of compute a month so you arent racking up a bill while you are trying things out. Youll want to take advantage of that.
ML Studio has a completely [free tier](https://azure.microsoft.com/en-us/pricing/details/machine-learning-studio?WT.mc_id=azure-azuretipsandtricks-micrum')"> that gives you two hours of compute a month so you arent racking up a bill while you are trying things out. Youll want to take advantage of that.
<img :src="$withBase('/files/mlstudio_dash.png')">

8
blog/tip190.md
Просмотреть файл

@ -1,4 +1,4 @@
---
---
type: post
title: "Tip 190 - Multi-Factor Authentication on Azure in a Nutshell"
excerpt: "Multi-Factor Authentication on Azure in a Nutshell"
@ -9,7 +9,7 @@ date: 2019-03-25 17:00:00
#### Multi-Factor Authentication on Azure in a Nutshell
In another Tips and Tricks post, we added Azure Active Directory authentication to an existing App Service Web App. Today, well make sure Multi-Factor Authentication (MFA) is on for that user. There are various services in Azure when it comes to [Multi-Factor Authentication](https://azure.microsoft.com/en-us/services/multi-factor-authentication), so lets first see whats available. Keep in mind, I want it to be FREE.
In another Tips and Tricks post, we added Azure Active Directory authentication to an existing App Service Web App. Today, well make sure Multi-Factor Authentication (MFA) is on for that user. There are various services in Azure when it comes to [Multi-Factor Authentication](https://azure.microsoft.com/en-us/services/multi-factor-authentication?WT.mc_id=azure-azuretipsandtricks-micrum), so lets first see whats available. Keep in mind, I want it to be FREE.
If you take a look at the documentation on how it works, the following MFA offerings are listed:
* **Azure Active Directory Premium** – Licenses for full-featured, on-premises, or cloud-hosted MFA services.
@ -23,9 +23,9 @@ pay-as-you-go Azure account.
So why didnt I use Azure Active Directory Premium, MFA for Office 365, or MFA for Azure Active Directory Global Administrators?
First, I didnt want to pay for Azure Active Directory Premium. Also, I didnt use MFA for Office 365 because it is for accounts connected to an Office 365 account, which I didnt have. Finally, Azure Active Directory Global Administrators MFA is a [two-step verification for Azure Active Directory users](https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates) and not a Microsoft account. There are ways to turn [two-step verification on for Microsoft accounts](https://support.microsoft.com/en-us/help/12408/microsoft-account-about-two-step-verification) that are done outside of Azure, which I didnt want to do.
First, I didnt want to pay for Azure Active Directory Premium. Also, I didnt use MFA for Office 365 because it is for accounts connected to an Office 365 account, which I didnt have. Finally, Azure Active Directory Global Administrators MFA is a [two-step verification for Azure Active Directory users](https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates?WT.mc_id=docs-azuretipsandtricks-micrum) and not a Microsoft account. There are ways to turn [two-step verification on for Microsoft accounts](https://support.microsoft.com/en-us/help/12408/microsoft-account-about-two-step-verification?WT.mc_id=support-azuretipsandtricks-micrum) that are done outside of Azure, which I didnt want to do.
While researching why I couldnt enable MFA for my Microsoft account user, I found a newer feature that also provides MFA called Baseline Protection. The nice thing about using [Baseline Protection](https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/baseline-protection) is it works well for Microsoft accounts and Azure Active Directory accounts.
While researching why I couldnt enable MFA for my Microsoft account user, I found a newer feature that also provides MFA called Baseline Protection. The nice thing about using [Baseline Protection](https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/baseline-protection?WT.mc_id=docs-azuretipsandtricks-micrum) is it works well for Microsoft accounts and Azure Active Directory accounts.
#### How I turned on Multi-Factor Authentication using Baseline Policy
Go to the Azure portal and navigate to **Azure Active Directory**, and then click **Conditional access** under **Security**. Since Im using my own pay-as-you-go subscription, this is the default directory.