Microsoft published an updated FAQ (May 3, 2010) for SQL Azure, available here

The FAQ is very thorough and is a “must read” for any organization planning a relational database migration or new cloud application

“This paper provides an architectural overview of SQL Azure Database, and describes how you can use SQL Azure to augment your existing on-premises data infrastructure or as your complete database solution”

Windows Azure Content Delivery Network (CDN) caches your Windows Azure Data Storage blobs at strategically placed locations around the world (18 at the time of this blog post). The purpose of the CDN is to provide maximum bandwidth for delivery of content to our applications and users. Building massively scalable applications requires squeezing every ounce of juice possible from the infrastructure and machinery. The CDN significantly improves retrieval performance for our most frequently used anonymously accessible read-only data.

The CDN works by caching the first request made to retrieve a blob from Windows Azure Data Storage using a specialized URL that maps to our data storage account. It then keeps the results of that query in that geographically localized cache so that subsequent requests to the same blob can be performed from the cache, which is much faster than the original trip to fetch the blob from the more geographically distant data center. Any blob requested through a special CDN URL will be served from the local cache until its Time To Live (TTL) has expired, in which case a fresh copy of the blob will be retrieved from data center blob storage with a fresh TTL. As the first request still requires retrieval from data center storage, frequently used blobs will receive the greatest performance boost. There is no performance advantage to serving infrequently used blobs through the CDN. Because the emphasized purpose of the CDN is to improve throughput, it is only available for anonymous access of public blob containers, thereby eliminating the overhead of authentication and authorization. At the time of this blog post, the CDN was still a Community Technology Preview feature. You can turn it on in the Data Storage configuration page of the Windows Azure Developer Portal.

To learn more about the CDN, please start with this article on the Windows Azure Team Blog located here.

I’ve assembled a short list of training materials and utilities that are helpful in learning the Windows Azure platform

• Windows Azure SDK v1.1 samples
  • http://www.microsoft.com/downloads/details.aspx?FamilyID=dba6a576-468d-4ef6-877e-b14e3c865d3a&displaylang=en
  • Windows Azure Samples: C:\Program Files\Windows Azure SDK\v1.1\Samples.zip
• Windows Azure platform AppFabric v1.0 Code Samples
  • http://www.microsoft.com/downloads/details.aspx?familyid=39856A03-1490-4283-908F-C8BF0BFAD8A5&displaylang=en
  • C:\Program Files (x86)\Windows Azure platform AppFabric SDK\V1.0\Samples
• Windows Azure Platform Training Kit
  • http://www.microsoft.com/downloads/details.aspx?FamilyID=413e88f8-5966-4a83-b309-53b7b77edf78&displaylang=en
• Windows Azure Management CmdLets
  • This set of PowerShell CmdLets allow you to write PowerShell  scripts to automate your Windows Azure deployments and maintenance.
  • http://code.msdn.microsoft.com/azurecmdlets
• Windows Azure Storage Explorer (Neudesic)
  • This tool allows you to explore Windows Azure Data Storage
  • http://azurestorageexplorer.codeplex.com/
• Windows Azure Service Management Tools
  • This tool allows you to explore Windows Azure Data Storage
  • http://code.msdn.microsoft.com/AzureManagementTools
• SQL Azure Migration Wizard
  • This tool allow you to analyze an existing database or script for promotion into the Cloud
  • http://sqlazuremw.codeplex.com/

Before we can begin using the Windows Azure AppFabric Access Control Service (ACS) to decouple our applications from security concerns and enable claims-based identities we need to understand the Resources contained in the Service Namespace and what role they play in the authentication and authorization infrastructure. This brief blog entry is meant to provide you with the basic understanding and vocabulary required to get started.

Service Namespace

The Service Namespace is an abstraction for the collection of ACS Resources including Token Policies, Scopes, Issuers, and Rules (which are described in more detail below).

The Service Namespace is comprised of a hierarchy of related entities. At the root of this hierarchy is the AppFabric Service Account Project. The Service Namespace can be broken into three constituent parts as shown in Figure 1, the Token Policy, the Scope, and the Issuer.

 
Figure 1 - Service Namespace Object Hierarchy

Token Policy

A Token Policy defines token expiration periods and digital signing keys. A Token Policy may be shared across Service Namespaces and is used by the ACS to sign the response tokens and to set their expiration periods.

Issuer

An issuer is a party that will issue requests for tokens from the ACS. An Issuer may not be shared across Service Namespaces.

Scope

A Scope groups rules governing ACS token issuing behavior. A Scope contains exactly one internal RuleSet object which can be populated with multiple Rules. A Scope may not be shared across Service Namespaces.

Rule

A Rule defines a transformation between one or more input claims and one or more output claims. Rules cannot be shared across Service Namespaces. The Rule feature is one of the most powerful and innovative features of the Windows Azure ACS. 

RuleSet

A RuleSet is a collection of individual Rule objects. We do not directly create the RuleSet object; one is created automatically for us as part of a Scope.

Claim

The ACS Rules engine uses Rule objects to perform actions using incoming claims to create outgoing claims. A Claim is a statement that can be made about an entity. Applications and Services such as the ones that you will build specify what claims are necessary to perform a given operation.

Identity

Simply stated, an Identity is a collection of claims. Your ACS enabled application will accept identities from the ACS, an identity provider that your application implicitly trusts. The ACS will verify the claims made by your application users, and will transform those claims into ones usable by your application using the Rules defined in the Ruleset of the Scope that applies to your Service Namespace.

Before you begin your Windows Azure development experience in earnest, you should be aware that leaving development and test instances deployed and running in the cloud can be expensive. Be aware that you will be billed for deployed service instances, even if they are suspended, so it is important that you actually remove the instances when you are done using them. Microsoft has many options available for providing developers with their own “little patch” of the cloud fabric quilt; however, it is easy to exceed these limits if you are not careful or simply forget to remove them.

To give you some idea, my Windows Azure bill has been running over $500 per month for four hosted services and four storage services (plus a few extra instances in staging environments). This is for mostly idle instances (used for demo and training purposes). There are many variables in pricing outside the scope of this short blog post, so your costs could be much different. My purpose in drawing your attention to it here is to give you some financial sense as to why I view the information in this blog post important.

When developing Windows Azure cloud applications, you will want to make heavy use of the DevFabric and DevStorage. You should only deploy to the cloud when necessary to test your application in a way that cannot be easily done on your desktop. For example,  it is impossible to gain much knowledge about the scalability of the Windows Azure Platform from an application running solely on the desktop, or even to observe many of the features of the cloud fabric such as a simulated instance failure.

The Windows Azure Developer Portal allows us to install and remove application deployments. The portal is very straight forward and easy to operate, but the process requires operator interactivity. A deployment can take 30 minutes to get running once it has been uploaded and deployed, so there can also be the problem of a developer having to wait and monitor the deployments before taking subsequent steps. As developers, we want to automate steps of our deployment that are easily identified and highly repeatable. Good news! Windows Azure may be managed through the developer portal, but its RESTful API has been exposed for automation purposes. You can read more about the Windows Azure Service Management REST API here on the MSDN website.

Microsoft has built a set of PowerShell CmdLets, which leverage this RESTful API thus allowing us to script our deployments and service removals, making them rapid and repeatable. You can get the PowerShell CmdLets off of the MSDN site here and there is a great “getting started” blog post on the MSDN site here. Using the Windows Azure CmdLets I have been able to automate my deployments and service removals, potentially saving myself hundreds of dollars per month in unnecessary charges (I’ll let you know next month exactly how much I saved).

My first experience with the Windows Azure Service Management CmdLets wasn’t entirely painless. I wasn’t able to get the “New-Deployment” CmdLet to operate properly out-of-the-box, and I ended up spending numerous hours trying to diagnose why.  The traffic is encrypted over https and the Windows Azure error messages can often be deliberately vague for security reasons. Fiddler wasn’t of much use either, as Azure detected it’s man-in-the-middle certificate and refused to let me monitor the unencrypted https wire traffic. Failing to be able to watch the traffic, I attached a debugger to the Windows Azure Service Management CmdLet source code and monitored execution,. This allowed me to discover that the WCF Behavior interceptor which inspects outbound messages sent to the Windows Azure management endpoint and appends the required Version Number header to the request was unable to find the httpRequest property in the outbound message. The code assumed that this property would always be present (it didn’t check first) so an unhandled exception was being thrown causing the deployment to fail. I did not get to the bottom of why the header was missing (I’m hoping to find this out at a later time), but I revised the ClientOutputMessageInspector interceptor code to try to get the property first, and then add it if it did not exist. This seemed to fix the problem as I am now able to successfully deploy. My code revision follows. You can find the BeforeSendRequest method in the ServiceManagementHelper.cs, file, near line 206:

I’m interested in others have run into the same issue, or if it was local somehow to my experience. Please drop me a note and let me know.

Each instance of Windows Azure Service Role runs its own monitor to gather its own instance specific diagnostic data. The problem that immediately presents itself is knowing what exactly is being collected, where the data is being saved, and how to retrieve it for inspection. The purpose of this blog post is to illuminate these areas a little bit better.

So lets start at the beginning… When you create a new Windows Azure Web Role, Visual Studio will automatically add a boilerplate WebRole.cs file to your project. By default, the OnStart() method of the WebRole is overridden with an implementation that starts the Windows Azure Diagnostic Monitor. By default, Windows Azure will log its own diagnostics, IIS 7.0 logs, plus Windows Diagnostics.

The argument to the static Start method of the DiagnosticMonitor class is the Windows Azure Data Storage connection string located in the ServiceConfiguration.cscfg file.

When the value of the connection string is “UseDevelopmentStorage=true” then the Developer Fabric will use the local Development Storage to simulate storage in the cloud. Of course in staging or production, this string would point to the RESTful data storage endpoint and would contain your Windows Azure Data Storage AccountName and AccountKey.

We can inspect the “wad-control-container” of Blob storage to find the collected diagnostic information. run your favorite Windows Azure Storage exploration tool. In my example, I am using the Windows Azure Storage Explorer from the CodePlex site. You can use this tool to download the container and its contents to your local file-system for further analysis.

We can also augment the diagnostic data collected to include other data sources as well.

Let’s say you’re also interested in capturing failed IIS and ASP.NET requests. You can augment the data that Windows Azure is already capturing by adding a <traceFailedRequest> element to the <system.webServer/tracing> section. Of course you can control the paths of the page(s) to be tracked, and you can set the verbosity to an appropriate tracing level for your circumstance, including filtering the general areas of coverage such as Authentication, Security, etc. An example might look like this:

We can also collect Windows Event Logs by simply adding an XPath expression of the event sources to be captured of the WindowsEventLog.DataSources property located on the configuration object.

`

It is possible that a hardware or software defect might be causing mysterious or intermittent operating system failures. Fortunately, we can also configure our instances to collect full or partial crash dumps by calling the static EnableCollection method of the Microsoft.WindowsAzure.Diagnostics.CrashDumps type. Passing true to this method will capture complete crash dumps, passing false will collect partial dumps.

Although the path may be slightly more illuminated now, there are still many dark areas beyond our present location. In my opinion, there is still much work to be done  in tooling and making this data useable in “real world” scenarios. It is trivial to sift through a dozen or so entries from a single service instance, but it is nearly impossible to imagine the difficulty of finding what you are looking for in the potentially massive data collected by multiple simultaneous service instances running a busy high-volume application. There are several parties working to provide solutions in this space, but no clear leaders at this time.

Idempotency is the mathematical term used to describe a system that produces the same result when a formula or procedure is applied numerous times against the same target. In software systems, this translates to an ability to perform an operation more than one time with knowledge that the resulting state of the system will be consistent. Idempotency does not dictate the mechanism by which this consistency is to be achieved, only the fact that it must.

Queues are useful in Windows Azure for delivering work requests to worker roles. It is the primary architectural means by which web roles signal worker roles to begin asynchronous performance of work. When a worker role accepts a message from a queue, the queue hides that message from other workers for 30 seconds to reduce the probability that a message will be operated on by multiple simultaneous workers. This approach does much to greatly reduce the probability that redundant work will be performed by the system, but it does not prevent it!

If a message takes longer to process than is allowed by Windows Azure, then the message is made visible again for other workers to pick up and process. It is therefore possible for more than one worker to be working on the same work at the same time… the original recipient of the message, plus the new worker who picks it up when it becomes visible in the queue again. In addition, the typical pattern for failed or corrupted message receipt in a fault tolerant system is to retry message delivery. This can also lead to redundant work being performed.

The fact that multiple workers may work on the same message makes it essential for us to design our software for use in the cloud with idempotence in mind. An argument that idempotence will only matter once in hundreds of thousands of transactions is still very problematic if your system may be processing millions of transactions, or where the integrity of your data may be mission critical.

There seems to be a lot of blog posts and forum entries on the importance of writing idempotent services, but very little in the way of constructive feedback that I was able to find on how developers should go about achieving the objective of idempotency, and thus the purpose of this blog post.

One suggested technique for achieving idempotency that I read on several blogs and saw being discussed in forums while grokking material on this topic was to avoid the problem altogether. Many people suggested creating a table of message IDs and then forcing the workers verify the state of a message by consulting the table before processing an incoming message. Even one book author of SOA architectures put this idea forward. To my way of thinking, avoidance of idempotency does not make your software idempotent; such schemes are merely a pattern to avoid the problem rather than to design for it. This isn’t necessarily a bad way to go for some software systems, but be aware that pattern itself may contain its own set of flaws because an error could keep the table from being updated, and there is a time windows where the database table itself might hold inaccurate state information thereby allowing the two workers to still execute simultaneously. The old two-phase commit solution starts to raise its ugly head. Since such schemes could have problems, a better question to ask yourself is this… what is the sate of your data will be after the execution of a message received multiple times. Is your data consistent or inconsistent?

For a system to be truly idempotent we must be capable of processing the same message twice and after processing that message we must still be in a consistent state.

Let’s say that we want to update a customer’s address. Our service receives a message from some application with the new street address of our customer. We process the message and the address is changed in our database. If we receive this message again the work will be performed twice. No matter how inefficient or unsavory this may be, the resulting state of the customer’s address will be identical. In other words, our overly-simplified address change operation would be considered idempotent. If two messages for the same customer arrive carrying two separate addresses, the first one would succeed and so would the second one. Again, we would still be idempotent in the sense that our data was consistent; however, we have set ourselves up for a “last-in-wins” model. This is not necessarily a bad thing but we should be aware of it in our design.

Many businesses extend credit to their customers. No reasonable business would extend such credit without placing limits on it. Instead of the customer address example, let imagine that our messages are for new orders from our customers. If such a message were to be processed twice without any concern for idempotency, our customer might receive twice as much product as they ordered, and they may find themselves prematurely exceeding their credit limit on subsequent orders. This would clearly not be idempotent. So how do we get to where we want to go?

If the message contains the invoice number, then we might construct our business and database operations to perform the add operation in such a manner as to ensure that the data is never inserted into the table twice. We could perform the insertion into the invoice table as part of a transaction where the invoice number was not already present in the table. This would result in the insertion of one row into the table for the first receipt, but zero rows into the table on subsequent attempts. In other words our add operation would leave the data in a consistent state no matter how many times we replayed the message.

If the message was to perform an update of an existing invoice, then things get a little more sophisticated, but still very manageable. By using and comparing a timestamp column for equality with the value contained in the message we can perform the update where the row’s timestamp column is equal to the value contained in the message. If the incoming message caries an equivalent timestamp of the data at the time that it was issued to the sender, then this timestamp can be checked against the one in the database as parameter to the WHERE clause

UPDATE Invoice Set Amount=@Amount WHERE InvoiceNumber=12345 and tstamp = @tstamp

If the data has not been updated by another worker since it was issued, then the update operation will modify the matching invoice number row, but  if the message is duplicate, then the tstamp column will have a new value which will result in zero rows being updated (as no rows will satisfy the timestamp equality constraint). We can now process an infinite number of updates while remaining idempotent. Of course this technique would be a better approach for the simpler address change example that I provided above.

Clearly there is much more that can be said in this space, but that is all I have time for in this blog post. Look for additional advice and commentary in future posts.

Entity Framework derived types support inheritance and relationships, just as you’d expect from any Object Relational Mapper tool (ORM)

Windows Communication Foundation Data Services (Astoria) throws an exception if your derived entities have relationships. That means if a Contact, a Lead, and a Doctor all inherit from a Person… and derived entities have different needs to link to external data… too bad!… Suddenly we have Sales Leads having properties for writing medical prescriptions! Good grief! That’s not going to be pretty… so ugly in fact… we probably don’t even want to go there…. The official prescription for this from the MS forums and various blogs is to move those relationships into the base Person class and then refactor your database storage as necessary…. perhaps having separate and distinct tables for Doctor, Lead, and Contact. Wait-a-sec you say… you picked an ORM because you didn’t want your Object Model to be dictated by your Data Model… well… that’s true… but here you find yourself anyway…

This bit me in the butt big-time on a project I was working on. There was nothing in the documentation and or the services behavior to lead me to believe that this constraint would be present… (well… okay… other than the initials CTP </grin> but still…) Knowledge of the constraint happens way too far along on the development cycle. We did not realize the presence of this constraint until after my team had invested heavily in development of our ORM and database models. These models worked well so long as we were only unit testing them. It wasn’t until we tried to expose them through Astoria that the big bomb dropped in the room.

Having the service tier force a rigid database implementation upon a team is the tail wagging the dog. Also... developer teams often do not have control over what a DBA may require in the database, and WCF Data Services should not be so brittle and constrictive as to disallow common use-case scenarios like practical and real-world use of inheritance. There is nothing complex about this business use-case… in fact I would say it is quite representative of the norm.

My friend Julie Lerman (author of Programming Entity Framework on O’Reilly Press) created a suggestion for this basic “feature” on the Microsoft Connect site. If you agree with its importance… please take a second to click the link and vote on it:

https://connect.microsoft.com/data/feedback/details/532592/derived-entites-should-be-allowed-to-have-relationships-in-wcf-data-services

Another item to be aware of regarding inheritance with Entity Framework: two derived types cannot share the same primary key. That means that the a Sales Lead cannot also be a Contact… thus forcing duplication of the Person and all the data related to that person (duplicate addresses, duplicate phone numbers, duplicate emails, etc.). There are no warnings in the designer of this snake in the grass… you’ll know the first time you attempt to retrieve data in the database where these conditions occur (a Person existing in more than one of the derived database tables). You can save the data this way… you can just never retrieve it after the fact! Again… this appears to be a very naïve constraint.

When running the WCF / Windows Azure samples (see my previous blog entry) you may get an error indicating that the Polling Duplex Binding Element cannot be loaded if you have Silverlight v3.0 installed (The type 'System.ServiceModel.Configuration.PollingDuplexElement, System.ServiceModel.PollingDuplex' registered for extension 'pollingDuplex' could not be loaded).

Replace the reference in the WcfSamples project from the v2.0 Silverlight Duplex Polling assembly C:\Program Files (x86)\Microsoft SDKs\Silverlight\v2.0\Libraries\Server\System.ServiceModel.PollingDuplex.dll with the v3.0 version: C:\Program Files (x86)\Microsoft SDKs\Silverlight\v3.0\Libraries\Server\System.ServiceModel.PollingDuplex.dll

Set the Copy Local property to true.

Code samples demonstrating how to host WCF Services under Windows Azure can be found on the MSDN site at:

http://code.msdn.microsoft.com/wcfazure

The protocols for authenticating the sender of an email have always been very weak. For the most part its an “honor” system, which is why spammers have such an easy time sending email with forged “from” addresses. We’ve needed effective email security for two decades now and one of the impediments to this has been the availability of digital certificates for email at an affordable price (e.g. free). In addition to providing us with the ability to authenticate a message’s sender, certificates also afford us confidentiality and integrity because they can be used to encrypt our message’s content and ensure that those same contents are not altered during transport.

Recently StartSSL began offering free trusted certificates which can be used for email and other purposes. The following set of instructions will show you how to get one of these certificates and configure Outlook 2007 to digitally sign your outgoing email.

NOTE: At this time, only Windows 7 will trust these certificates out-of-the-box; however, recipients who are running on Vista or XP can install the update for Windows Root Certificates (http://support.microsoft.com/kb/931125) to gain the same trust capability.

1. Use a web browser other than IE8… (I used Mozilla Firefox v3.5).  IE8 on Windows 7 wouldn’t allow me to create the certificate.
2. Go to the StartSSL website at http://www.startssl.com/?app=1 (this is not an advertisement for these folks… you can get your certificate from any certificate provider, but this firm is currently offering them for free).
3. Click on the Sign-Up button
4. Accurately provide your name, address, country, phone number and email. StartSSL may invalidate your certificate if you don’t answer all the questions accurately. This is for everyone’s protection!
5. Click on continue
6. Receive a verification code via email; copy and past it into the verification form.
7. Select a “High Grade” certificate.
8. After the certificate has been generated, press “Install”.
9. From the Mozilla Tools menu select Options to get this dialog:
   
    
   
10. From the Mozilla Options dialog, select the Advanced Toolbar ribbon item.
11. From the Advanced Toolbar ribbon item, select the Encryption tab.
12. Click on “View Certificates” button to get the Certificate Manager dialog:
    
    
13. Find and highlight the SmartCom Free Certificate Member under SmartCom Ltd.
14. Click on the “Backup…” button.
    
    
    
15. Provide a password to protect your certificate file with. IMPORTANT: You will need to remember this password as you will not be able to use your exported certificate without it and there is no “recover password” capability. 
    
16. WARNING: You should safeguard the certificate backup file by copying it off to a memory stick or DVD then storing it in a safe place and deleting the file from your computer’s hard drive. Anyone possessing this certificate file could potentially forge electronic correspondences in your name! You should not delete this file from your hard drive until after completing the rest of these instructions.
    
17. Run Outlook 2007.
18. Select Tools / Trust Center from the menu.
19. Select the E-Mail Security tab.
20. Check the Add digital signature to outgoing messages and the Send clear text signed messages when sending signed messages.
21. Click the Import/Export Digital ID button to get the Import/Export Digital ID dialog:
    
     
    
22. Click the “Browse” button and locate the digital signature file that you previously exported from the browser.
23. Provide the password that you used for exporting the digital signature and a friendly Digital ID name to identify it with (I suggest your email address or your name).
    
    
    
24. Press OK on the Import/Export Digital ID Dialog and you will be returned to the Trust Center Dialog. Press the “Settings…” button:
    
    
    
    
25. You will be taken to the “Change Security Settings” Dialog. Click on the “Choose” button to select a signing certificate:
    
    
    
26. Select the appropriate certificate from the “Windows Security” dialog box.
    
    
    
27. OPTIONAL: If you have more than one certificate, you can press on the “Click here to view certificate” link. Look for the “Subject” property on the Details tab of the Certificate Details dialog:
    
    
    
    
28. Press OK and you will receive the Importing a new private exchange key dialog:
    
    
    
    
29. I suggest keeping the default of Medium security; however, you can move the security up to High and this will require you to type in a password for each email that you want to digitally sign… this can be a pain, but it does help to reduce the likelihood that your digital signature might be used without your permission by a person at your keyboard or by a piece of malware. Press OK after you have made your selection, and them press OK again to close the Trust Center dialog.
30. Now that the configuration has been complete, you may send emails just as you normally used to. The only difference is that they will now be digitally signed:
    
     
31. When an email that has been digitally signed arrives, it will have a small icon just to the left of the paperclip (attachment) icon:
    
     
    
32. When you open a digitally signed email, you can see the certificate marker
    
     
    
33. To see an authentication of the certificate dialog, click on the certificate icon (circled). If the certificate is valid, this dialog will show you the message “Valid and Trusted” and the name of the person that sent the email to you. The actual certificate can be further inspected by clicking on the “Details…” button. You should keep the “Warn me about errors in digitally signed email before message opens” checkbox checked.
    
    
    
34. The details button will display the following dialog:
    
    
    
35. By making use of digital signatures in our emails we can significantly improve the trustworthiness of emails received through the Internet. Ultimately (assuming an eventual widespread adoption) this will significantly reduce spam and phishing attacks.

The setup and cleanup scripts that ship with the Windows Identity Framework SDK sample code do not properly operate under Windows 7. This is due to a check for the OS type that is used to determine if the scripts should use the netsh command or the older httpcfg command.

To correct this problem, simply modify both scripts and add “/c:6.1” to the findstr command. Do this for both the SamplesPreReqCleanup.bat and the SamplesPreReqSetup.bat files located in the Utilities folder as the Setup script calls the Cleanup script.

I really like Microsoft OneNote. It only stands to reason then that I would love the online Google Notebook application. Of course I do!… What’s not to love?! Nearly everyone that I know who has used the application loves it. If didn’t have a chance to add the application before it went away… you really missed out on an incredible productivity and organization booster…

Unfortunately, on January 14 of this year, Google pulled further development of it’s Notebook application stating that those using the application could continue, but that there would be no further enhancements and support for the browser extensions, which had concluded with the Google Toolbar 5.0 release http://googlenotebookblog.blogspot.com/2009/01/stopping-development-on-google-notebook.html). That wasn’t too bad by itself, but with the release of IE8… the ability to use the Browser Extension Object in the 5.0 toolbar that allowed me to right click and send material from my web browser directly to one of my Google Notebooks also went away… the 5.0 Toolbar won’t run under IE8! This was a terrible setback! I researched my options… but there really weren’t any good replacements that met my needs. I tried Zoho and Delicious as potential substitutes but nothing worked for me quite the way that I wanted. I am certain there are many people out there that find themselves in a similar situation and are absolutely beside themselves with dismay over why Google would kill such a great application. Others, who felt as I did even started a petition to bring Google Notebooks back (http://www.petitiononline.com/gnoteb/petition.html) I hope they are successful!

For those of you that were lucky enough to add the Notebook application but still miss the convenience and formatting of the context menu… here is what I do now… send the text to your Google Bookmarks application… then go to your Google Notebooks… the Bookmarks will listed as another Notebook (Yeah!!) and you can then move items from your Bookmarks into an appropriate Notebook. It takes an extra step, but it works good enough to get what I need done. Realizing that Bookmarks were just a scaled down version of Notebook… it really does boggle the mind as to why it went away…

This hasn’t been too bad, but it does demonstrates one of the worst fears of customers in relying upon “Software As A Service”… If a vendor changes their business model (or vanishes entirely) they can leave you high and dry. If the application is mission critical… they could have a very significant impact on your profits and even your survival.

Microsoft provides an MMC SnapIn for managing Azure Services as C# source code and a set of scripts. The tool allows the management and configuration of .NET Access Control Services, .NET Service Bus, and .NET Workflow Services [now on hold until .net 4.0 matures]. The download can be found here:

http://code.msdn.microsoft.com/AzureManagementTools

When following the Readme.docx instructions for compiling and installing the AzureServicesManagement Tools on Vista, the installation will fail. The error message will be swallowed and you won’t be told what failed because the script will continue execution past the error. Placing pause statements into the “build.cmd” script when an error occurs will help you to see what is going on:

Now when we run StartHere.cmd again, we can see the error… but we are still confused… here is what you will see:

To save you from pulling your hair out following this rabbit down the proverbial rabbit hole, the most important step that we need to accomplish is getting the compiled assemblies into the GAC. Visual Studio must run with elevated permissions because the AzureServices.Management project has two post build steps that run the InstallUtil utility. You will see this error if you open Visual Studio without Elevation and try to compile the solution directly:

To get the solution compiled and the assemblies you need registered in the GAC on Vista, run Visual Studio 2008 in Elevated mode.

Open the AzureServicesManagement.sln file from the Elevated (Administrator) Visual Studio 2008.

Compile the solution. This will cause the post build step to run the InstallUtil tool to install the compiled MMC SnapIn DLL into the GAC.

Exit Visual Studio and run the StartHere.cmd file as instructed in the Readme.docx instructions. The error will still occur, but it can be ignored because you have already registered the assemblies in the GAC. I did not verify where the “Debug|MCD” configuration was coming from as it seemed unnecessary to establish this work-around; however, if someone wants to take this a bit further, its my assumption is that the Microsoft supplied ConfigurationWizard.exe located in the Assets\Dependency folder is setting the configuration to the non-existent “Debug|MCD” value.

Add an additional PAUSE to the Install.cmd file in the scripts folder if you want to read the output of InstallUtil to ensure proper GAC registration (or simply check the InstallUtil.InstallLog file located in the bin/Debug folder).

You should now be able to use the AzureServicesManagement Tools as described in the Readme document by double clicking on the AzureServicesMMC.msc file in the AzureManagementTools directory.

I have vague memories of watching the Apollo moon mission in 1969 at age 6. I remember my father sitting with me on the sofa and telling me how history was being made as we watched Neil Armstrong take his first step on the moon. Later, we watched in high anticipation during the radio silence awaiting re-entry followed by the splashdown at sea of the space capsule. So here I am, a dad myself, sitting in front of my computer watching live streaming video on the internet with my two kids telling them much the same thing. In case you just "tuned in"… the fun is just beginning at NASA as pictures and other data begin arriving from the Phoenix Mars Lander which just touched down this evening (May 25). Although such an event can feel like background news because it doesn't seem nearly as extraordinary by today's technological standards or cinematic simulations. Sometimes we just have to slap ourselves a bit though and remember that this is really another planet we just landed on… and it is truly anything but ordinary. The information gained from Mars' geology and atmosphere will almost certainly prove invaluable as we study and compare our own planet in hopes of preserving its hospitability for humans many millennia from now. The very first pictures are up at: http://www.nasa.gov/mission_pages/phoenix/main/index.html