Application Security Testing: An Integral Part of DevOps
Wow, what a year. Cloud computing seems to have come out of no where, and is moving fast. Of course, like all overnight successes, this one took twenty years to really happen. But when Microsoft gets behind something, you can really see the momentum. The various cloud computing and product teams at Microsoft have been on overdrive, delivering features in a continual pace since the initial Microsoft Azure release. This isn't your mothers Windows. This isn't a new version every three years. This is the twitter of software, with new features, and options every few months. Just try to keep up.
We thought that after covering Microsoft Azure and cloud computing for a year we might want to recap what has happened to give you some perspective on how far Microsoft Azure has really come.
Many customers had already adopted version 1.0 of the SDK that was released at Microsoft PDC in November, 2009. The 1.1 release added support for Windows Azure Drives. This feature allows a role instance to mount a VHD that is stored in BLOB storage as a real local drive. This was a move to make it easier to migrate legacy applications to the cloud without having to rewrite all of the underlying file I/O code.
Version 1.1 also released the idea of Windows Azure Role Image support. When you deploy a role to Windows Azure, those instances of that role are running some form of Windows, but you don't pick which version of Windows. Instances are also not patched. Instead you deploy your instances with a Windows Azure OS image. This image is a prepacked specialized version of Windows, along with patches, and other software the Windows Azure environment needs to run. This includes the device drivers needed for Microsoft Azure Drive and the local agent that works with the Fabric Controller. When a new patch comes out, the Windows Azure team creates a new image, and makes that available to customers.
This mechanism is important to understand. This is how you KNOW that your code, and the instance it is running on, won't be changed or patched without your permission. You set the version of the Microsoft Azure OS you want to run, and it stays that way. You also have the option of choosing 'auto upgrade.' When you do this any new Microsoft Azure OS version will get copied down to your server, and it will get restarted with the new OS version. In this way Microsoft can release new features without breaking existing customers. This gives them the flexibility to release at a very rapid pace.
Four months passed, and in June of 2010 Microsoft released version 1.2. This version was more focused on the tooling developers needed and on what they call platform alignment. This was the first version that was compatible with the RTM version of Microsoft Visual Studio 2010, which had just shipped, as well as including .NET Framework 4 support.
One of the most popular features was the support for using IntelliTrace in Microsoft Azure. IntelliTrace was a feature that shipped with Microsoft Visual Studio 2010 Ultimate Edition, and allows for historical debugging. Think of it as the black box running on the server tracking your code. By attaching this black box to Microsoft Visual Studio you can replay what your code did, much like watching a show on a DVR. This became the first real way you could debug applications that were truly running in the cloud. Up until now you could only debug when running in the local cloud simulator, and could only trouble shoot in the cloud using tracing and log files.
The Microsoft Visual Studio tooling was upgraded to allow you to explore your cloud storage (in a read-only mode) from within the IDE, as well as be able to see the status of your running instances. The biggest new feature with tooling was the option to be able to deploy from within Visual Studio by configuring and using the publishing feature. This reduced the deployment barrier to almost nothing. This saved developers time from having to jump out of VS and login through the portal or other tools.
They also shipped a new feature for SQL Azure called Database Copy. This allows you to make a transactionally complete copy of your SQL Azure database. You can do this from the portal, or through SQL commands. This is an important feature for backup and recovery operations. The SQL Azure team also raised the maximum database size several times, eventually resting at 50GB per database.
We also saw the release of Windows Azure CDN, a global network of cache servers to make it easier for your users to access the files in your BLOB storage. I have talked with customers that just don't believe how fast and how cheap the CDN offering is compared to the entrenched competitors. Microsoft has had this network for internal use only for years. They just repackaged it and started letting customers use it. Until now CDNs were the prevue of expensive, super big scale operations like game developers trying to let the world download the latest demo. And it showed in the pricing where you would spend thousands of dollars in setup fees, pay $5/GB for storage, and high charges for bandwidth. Windows Azure CDN doesn't have contracts, and costs $0.15/GB for storage, plus a much more sane charge for bandwidth. There aren't any setup or monthly service fees.
Microsoft also wanted to make it easy for developers to try the cloud, and launched two offerings. The first is that MSDN subscribers could receive lots of free Microsoft Azure resources just by signing up. The second is something called the introductory account. These let any developer sign up for an account, and receive 25 hours of compute time, plus other free resources, per month. This is the perfect amount of free time to kick the tires and try things out.
There has been a lot of marketing in the industry around Private Clouds. This is the concept that you would get all of the benefits of the cloud, but not sharing those resources by running them for yourself. Microsoft sees a future in this market, and released into beta a product called Windows Azure Appliance. This is in partnership with HP, Dell, Fujitsu and eBay. The Appliance will be a ready to go package with the servers, networking and power hardware, and the Windows Azure software to turn key your own private cloud. Microsoft expects a lot of hosting providers will invest in the Appliance to build their own clouds to sell to customers. Perhaps these different clouds will offer specialties, for example special features for the healthcare or finance industry.
About this time Microsoft launched a massive 'We're all in' campaign, telling the world that they made a big bet on cloud computing. They talked about how they invested $2.5 billion dollars building out the data centers, and that every product team is focusing on how to leverage the cloud with their product.
This change reminded me of when Microsoft woke up to the Internet. They definitely missed the start of the Internet, and Bill Gates worked hard (with a famous internal memo) to turn the ship, and get the whole company thinking about the Internet. This time Microsoft didn't miss the boat, and they engaged the whole company on cloud computing before it was too late.
Then four months later, in October, at the PDC 2010, Microsoft released version 1.3. This was a major release, and was big enough to get a 2.0 version number in my opinion. Briefly, here are some of the features that they either released or announced would be released shortly:
- VM Role: Microsoft announced a new role (to be added to the existing web and worker roles). The VM Role lets you build your own image and run it in Microsoft Azure. This was a move to make it easier to migrate legacy applications that aren't exactly cloud friendly.
- Remote Desktop: Normally you could not directly access the servers running your code in Microsoft Azure, and in a pure Platform-as-a-Service this is the way. Microsoft released this feature to make it easier to troubleshoot issues during migrations, and should only be used in a development/testing scenario, and not in a production scenario.
- Extra Small Instances: The small instance size is one dedicated CPU core with about 2GB of RAM. The new extra small instance gives you about half of a small instance, running on a shared core and is charged at $.05 per hour. This is great for low load scenarios, or just plain testing.
- Brand new portal: The new portal is based on Silverlight and brings together all of the admin portals into one tool. It is much easier to navigate and work with your cloud resources. I do miss the giant cubes of jelly that visualized your service containers though.
- Co-Admins: You can now have additional Live IDs identified as co-admins, giving them access to your resources through the new portal. This bypassed the limit of one technical admin account in the past.
- Support for Windows Server 2008 R2 and IIS 7.5 (with full IIS support)
- Startup tasks and admin mode: This feature lets you define tasks that must be run during the startup phase of the server giving you a chance to customize the server image before you code is wired up and launched.
- Windows Azure AppFabric Caching: This makes a distributed cache available to your role instances running in Microsoft Azure. This helps with sharing server state across your instances (perhaps ASP.NET session state) and for sharing cached data in a highly available way.
- SQL Azure Reporting: This provides SQL Server Reporting Services as a service to provide reports and report support in your Microsoft Azure applications.
- Windows Azure Connect: This was code-named Sydney, and provide a virtual private network between your cloud servers and your on-premises servers.
- Windows Azure Marketplace: The Marketplace has two stores. One is a listing of cloud ready applications, and the second is a data marketplace where you can buy and sell data in an easy to consume way.
- TFS in Microsoft Azure: They announced they are working on a version of Team Foundation Server that they will host in the cloud for customers. No timeline for RTW has been given.
- Significant enhancements to the ACS and Service Bus features of Windows Azure AppFabric
- SQL Azure Data Sync: Will provide a secure way for SQL Azure databases and SQL Server databases to be easily synced.
This is a long list, and these are just the major features that were released or announced. There were many, many more released on a smaller scale. This shows a huge effort from Microsoft to really move Microsoft Azure forward at a very fast pace, and to out innovate the other players in the market.