Application Security Testing: An Integral Part of DevOps
Being able to explore your cloud storage is handy, especially during development, but the new integrated deployment tool is one of my favorite new features. Once configured, this tool makes it easy for you to deploy your application to the cloud. You no longer have to do a local build, export it to a package, and then upload it by hand through the Azure portal. This tool is built using the service management API that you already have access to. The tool will also help you setup the certificates needed to use the service management API.
Part of the challenge in setting up the certificates for management API calls was that most developers have trouble remembering the complex command line needed to create them. This tool makes that all much easier.
To configure Microsoft Visual Studio to automate your deployments you have to take a few steps. Return to the Server Explorer window, and right click on "Windows Azure Compute," and select "Add slot..." Microsoft Visual Studio expects you to add each slot from each hosted service separately. Each hosted service you have created has two slots, production and staging. In this example we are going to only configure the production slot. You would follow the same steps to setup the staging slot.
Since you probably haven't configured a slot yet the window that comes up will be empty. This window displays the slots you have configured Microsoft Visual Studio to know how to talk to.
You will need to right click on "Windows Azure Accounts" and select "new". When you do the window to help you setup cloud authentication credentials will appear.
The next few steps will focus on filling out this form. Open the drop down in step 1. This is a list of the certificates installed on your computer. If you have already created a certificate for use with Microsoft Azure you can select it here. I am going to create a new certificate by selecting 'create' at the bottom of the list. You can use commercially signed certificates or self-signed certificates. I always use self-signed certificates because in this case we are only using the certificate to authenticate with Azure Service Management service, and a customer won't ever see it.
When you select 'create' you will be asked to provide a name for the certificate. You should choose something that is self-explanatory.
Next, click on the link in the window that says 'Copy the full path' near step 2. This will copy the path of the certificate you have selected or created to the clipboard. Then click the second link in step 2, 'Developer Portal.' This will open your browser to the Azure portal where you are going to upload the certificate.
One of the few things the management service can't do is deploy a management certificate. You have to do this by hand through the portal. Once you have logged in, click on the 'Account' tab in the middle of the top menu. You will see a link that says 'Manage My API Certificates' near the top. Click on it. The portal will now list for you the certificates you have deployed to your Azure account. From here you want to paste in the path to the certificate that Microsoft Visual Studio created for you, and then click upload. The certificate will be uploaded and registered with Azure.
Once it is uploaded, your certificate will appear in the list on the portal. You can have up to five certificates active at any time. You can come back to this screen on the portal to deactivate any certificate at any time, perhaps after it falls into the hands of an international villain.
The last bit of data you need is your subscription id. This was created for you when you created your Microsoft Azure account and accepted the terms of service. This subscription ID is your account number for Azure, and you will need it for any billing or tech support issues. Visual Studio needs it so it knows which account to connect to with the certificate we just uploaded when it is deploying code on your behalf. You can find your subscription id by looking at the bottom of the account page you were just on. You will need to copy and paste it into step 3 on our form in Visual Studio.
The last step is to give this set of credentials a name for easy recall, and then click 'OK.' What we have done is configured the portal and Visual Studio with the proper credentials to connect and deploy code on our behalf. The following screenshot is how the form will look when it is completed.
Once you click OK you will be returned to the 'Add Slot' window. It should now refresh with your new configuration. If it doesn't, right click on 'Windows Azure Accounts' and choose 'refresh'. In this case I will be selecting the production slot for my Furniture Shop Demo hosted service. This window will automatically show the hosted services you have created in the portal (or through scripts). If you haven't created one yet, this will remain empty.
You can come back to this window and add the staging slot as well, or any number of other Azure accounts that you might have. For example you might have an MSDN account with Azure, as well as a paid production account to run your real world applications.
Once everything is setup the Server Explorer window should be updated to show you the status of your service accounts. I am going to finish showing you how to use the integrated deployment feature, and come back to showing you how to manage your services from the Server Explorer window. In the following screenshot you can see we have the Furniture Shop Demo hosted account, and that the production slot is empty.
Azure is sad when we have an empty slot, so let's find a sample application to fill it with. You can use any application you want at this point. I am going to create an empty ASP.NET 4 web application. If you want something meatier you might want to check out the Microsoft Azure platform training kit. You can download it at http://www.microsoft.com/downloads/details.aspx?FamilyID=413E88F8-5966-4A83-B309-53B7B77EDF78&displaylang=en.
Once you have an application loaded, and you have tested it against the local devFabric, it is time to deploy it to the cloud. Before version 1.2 of the SDK we would have to do a publish, take the created files and upload them to the portal by hand. Now it is all integrated into a few simple steps. Now when you select 'Publish' from your Azure project (not the solution file) a window will come up.
You can continue to deploy your app the old way if that works for you. Perhaps you have a lot of scripts that already automate your deployments. In that case, select "Create Service Package Only." For those of you interested in the integrated deployment, choose the second radio button, "Deploy your Cloud Service to Windows Azure."
You will also need to select the credentials you would like Visual Studio to use to connect to the cloud and deploy your code. Select the proper entry for each of the three drop downs, credentials, slot, and storage account.
You need to provide a storage account because when you are deploying a cloud app through the service management API (which Visual Studio is using behind the scenes) the code isn't uploaded directly. It is uploaded to a private BLOB container in your storage account, and copied from there to the Azure Fabric Controller for deployment.
You will also need to provide a label for your deployment. This can be anything you want, but is usually a build number or version number. In this case I chose "FurnApp v1."
I also recommend, at least for this example, to check the box that will turn on IntelliTrace. Once you have completed the form you can click OK. You can see what my form looked like in the following screen shot.
Your code will be compiled and a cloud service package will be built. It will be copied to your BLOB container, and the service management API will be called with your credentials to setup the new applications. While all of this is happening a new window will pop up at the bottom of Microsoft Visual Studio. It is the Microsoft Azure Acitivity Log window, and shows you a list of actions that are happening behind the scenes. This might be a deployment, a service status change, or the downloading of logs. In the example screenshot below you can see that Azure is busily deploying our package to production.
The green bar will move as the bits are copied to storage, deployed to the cloud, and then started up. This can take some time depending on your package, and configuration, sometimes up to 20 minutes. While this is happening you can do other work in Microsoft Visual Studio. Once the status says completed you can browse to your newly deployed application.