Tuesday, January 31, 2012

MakeCert Error: Too many parameters

I was just reading this MSDN post on creating a self-signed certificate for use with ADFS: http://msdn.microsoft.com/en-us/library/bfsktky3.aspx

The command I need, looks like the following:

Makecert -r 
-pe 
-n CN="www.example.com" 
-b 05/10/2010 
-e 12/22/2011 
-eku 1.3.6.1.5.5.7.3.1 
-ss my 
-sr localmachine 
-sky exchange 
-sp "Microsoft RSA SChannel Cryptographic Provider" 
-sy 12  

If you copy the sample command from the MSDN page above and run it via the command-line, you'll get error "Too many parameters". It turns out the dash used in the MSDN post above is actually character: \u2013 (DASH-EN) and not minus \u002D and it's the minus character that the tool is expecting.

So to make this work, simply replace the hyphen with the minus sign when keying in the command as defined above. In the above sample, I have replaced the incorrect character with the correct one so feel free to just copy and paste it.

I learned this from here http://social.msdn.microsoft.com/Forums/en-US/wcf/thread/1e41910f-2f89-439c-93a6-57e5c391d7ca/

Thanks to Carlos Figueira for finding this.

Wednesday, January 11, 2012

My Microsoft Windows Azure 2012 wish-list

UPDATE: Also I'd like to see a version of the Service Bus that's compiled against the .NET Framework v3.5 as not all consumers are able to move to .NET 4 right now.

I have come up with my Microsoft Windows Azure wish-list for 2012 below (hope the Azure product group read this :)
  1. Auto scale compute instances (I know third-party tools exist) 
  2. Allow for scheduled suspended instances that do not eat compute time and also allow for auto scaling out/in schedules without having to delete services from Azure 
  3. Load balancing (F5) for compute instances not round robin 
  4. Ability to configure topic/subscriptions rules via the Azure Management Portal 
  5. Access Control Service support (or any type of federated security support) for SQL Azure for alternate additional security
  6. Out of the box storage editor for managing blobs, tables and queues (I know 3rd party tools exist and you can do this in Visual Studio) 
  7. Developer fabric for Service Bus and Service Bus queues and topics (this would be awesome)
  8. Portal support for VM roles i.e. uploading VHD's (I know command-line tools exist) 
  9. Out of the box support for viewing Service Bus queues and topics and verifying Service Bus endpoints without retrieving the ATOM service bus feed (I know open source code exists) 
  10. Access Control Service support for storage, tables, blobs, and queues 
  11. Support for Hadoop/Big Data on Azure or any type of high performance computing perhaps a instance that targets or VM role to support Windows Server HPC 2008
  12. An easy DR strategy for all Azure services i.e. compute, storage etc.
  13. Managed Service Management API
  14. Give MSDN subscription holders 12 month usage

There in no particular order, not asking much am I!

Thursday, January 05, 2012

VM Role custom VHD instance in Azure Compute - avoid the gotchas!


Background on the VM Role for Windows Azure
Even though I have a ultimate MSDN account which means I have 1500 hrs of free compute time on Azure, I'm using the free 3 month trial anyone can get regardless of whether you have an MSDN account or not.

I got this account (let me correct that) I received this Azure account from a colleague due to sickness and haven't given it back! since then I have been exploring many of the new features within Azure using this account. The thing that has caught my attention, is that, many people within the community is referring to the VM Role as IaaS or Microsoft's attempt at IaaS (which it is *not*).

Steve Plank DPE in Microsoft Reading UK has a very good post on this subject here just to clear up any confusion: (Windows Azure VMRole != IaaS) http://blogs.msdn.com/b/plankytronixx/archive/2010/10/29/windows-azure-vmrole-iaas.aspx

Remember, once your custom VM Role instance is deployed and you are running code on that image, the PaaS model works in the exact same way as a out-of-the-box Azure OS image does when using either Web Role or a Worker Role compute instance. Meaning that on reboot the image could be rebuilt and deployed in another rack or sector and any data you might have written to that particular instance will have been lost.

VM Role compliments the Worker and Web roles in Azure compute. All these services still fall under the standard PaaS compute model in Azure. It just so happens that you are in control of the actual image (OS image) that gets deployed to the instances you have specified. The image currently (as of Jan 2012) has to be Windows Server 2008 R2 Standard or Windows Server 2008 R2 Enterprise edition. In terms of licencing the OS, this is covered as part of the compute costs when you actually deploy your application to run on the custom image.

Today (Jan 2012) the VM Role feature is in beta and if you attempt to upload a custom VM VHD to Azure without being in the beta, it will fail - don't learn this the hard way like I did! instead simply request to be in the beta programme from the Azure Management Portal. You can do this by logging onto the Azure portal management web site: http://windows.azure.com/ then clicking Home. Then right at the top click Beta Programmes. You should then see the VM Role feature, simply click the check box then click Apply or OK. Once you do this you will normally be accepted within 1 day or so.

My Azure 3 month trial account has now been disabled so I can't show screen shots until I sign up using my MSDN account which I haven't done yet. Finding this beta programme link isn't hard though.

Types of VM technologies supported
Notice I keep saying VM Role VHD instance. Yes you are correct, Azure today only supports Hyper-V virtual images. I am unaware of any technology that will create these images other than a physical Windows Server machine running Hyper-V. I do happen to have a couple lying around so creating them wasn't an issue for me but I can see it being a problem for folks that do not have hardware lying around to use. I'm interested to hear any potential solutions around this. My desktop vitalisation technology of choice today is Oracle VirtualBox. VirtualBox can mount and run VHD's but I'm unaware of being able to actually create them using VirtualBox.

Uploading a VM Role image to Windows Azure
This post talks you through the entire process of creating a VHD and deploying to Azure, it's very good: http://msdn.microsoft.com/en-us/gg502178 This article also shows you how to target that custom image in Visual Studio.

The syntax is slightly wrong for the upload of a VHD image though. It is actually quite strange with the odd quotes and hyphens etc. Just to be clear, today, there is no support for uploading a VHD using the portal, you need to use the Azure SDK tool csupload. I am unaware of a RESTful API to do this, no doubt there is.

An example of it's usage is as follows:

 csupload Add-VMImage -Connection "SubscriptionId=xxxxxxxx-388a-4304-90c7-d239c3843624; 
CertificateThumbprint=xxxxxxxxxxxxxxxxxxxxA115BE5D35A45D4E18F7" 
-Description "Base image Windows Server 2008 R2" 
-LiteralPath "\\\nodes\baseimage.vhd" 
-Name baseimage.vhd -Location "North Europe"
  

You'll need to run that command from an administrative Azure command-prompt.

Of course you need to use you're own Windows Azure Subscription ID and x.509 certificate thumbprint. Note, regarding certificates, even if you have the correct thumbprint, you will need the actual certificate installed in the certificate store from where you run this upload command.

The tool is quite clever in that it compresses the VM image before upload. The web site link above covers this process in quite nice detail and where you go from here.

Be patient though, this process takes a while to run - of course depending on your upload speed.

So why would I ever use a VM Role?
This has been talked about so much already in the community but I though I'd add my view on the subject.

There are many cases where you simply need custom code running within the standard image that would otherwise not be possible or installable as a start up custom task (the process of running custom installers when the instance is booted and comes out of sys-prep mode).

One example is performance testing. It could be that you setup a core base image with a tool such as LoadUI for performing performance testing in the cloud saving the need to run this testing on on-premise hardware. This could also include configuration for performance counters.

There are many other scenarios similar to the above. But remember, treat any data being written locally as transient data.