Paul Mehner's Blog

  • It’s Deja Vu All Over Again… Timing… Timing… Timing… Azure Storage Keys and Your Computer's Clock

    The demo code for my upcoming book on Windows Azure storage inexplicably

    began reporting that “The remote server returned an error: (403) Forbidden” on

    every operation. Investigating the problem using the integrated Visual Studio

    2012 Server Explorer to view objects in cloud storage was also problematic…

    Visual Studio reported that the “current storage account key is invalid”, and

    instructed me to create a new one. The new storage account key also failed, and

    so did associating a new …

    Read More...
  • Comodo SSL Certificate Breach’s Potential Impact on Security Token Services and their Identity Providers

    Recently, Iranian crackers used a username and password to make certificate requests from the Comodo Certificate Authority. These requests were successful and certificates were issued for 9 domains which are published on the Comodo Fraud Incident Report page: http://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html  This issue is of particular importance to me because SSL is the primary mechanism by which integrity and confidentiality are assured for security Security Tokens and …

    Read More...
  • Programmatically Adding Google or Yahoo as an Identity Provider to the Windows Azure AppFabric Labs v2.0 Access Control Service

    This blog post assumes that the reader knows the basics of Identity Providers and Security Token Services. Its purpose is to illustrate how to programmatically add Google or Yahoo as an Identity Provider because there isn’t much information available on how to do this. For further information about using the ManagementServices proxy, I suggest downloading the Codeplex ACS Management examples from http://acs.codeplex.com/releases/view/57595 We manage the Windows Azure AppFabric Access Control …

    Read More...
  • Scaling Up Or Scaling Out In The Cloud

    Windows Azure provides us the ability to scale our application up by specifying how many CPU cores we want in our service instances, or to scale out by specifying how many single-core instances we require. Both strategies can be used to accomplish our scaling objectives for the same price (8 1-Core machines @ 12 cents/hour or 1 8-core machine @ 96 cents/hour), but in smaller deployment scenarios (under 8 CPU cores) there are a couple of advantages that clearly favor selecting a greater number …

    Read More...
  • Installing Windows Azure SDK v1.3 Breaks Support for Visual Studio 2008

    Be aware that installing the November 2010 Windows Azure SDK v1.3 will break support for cloud projects running under Visual Studio 2008. To the best of my knowledge this was not widely announced (in fact, I learned about this fact during installation of the SDK). If you have Visual Studio 2008 Windows Azure projects, you’ll want to ensure that you have Visual Studio 2010 and a plan for migrating your projects prior to installing this new SDK. When running the SDK setup on a machine with …

    Read More...
  • Using The AsyncEnumerator To Improve Throughput of I/O-Bound Windows Azure Worker Roles

    The Windows Azure Worker Role is a perfect place to put code that you want to run continuously in the background to process work as it becomes available. The information presented here would also be useful in web roles as well. If you’re writing cloud applications, its likely you are targeting high levels of performance and scalability. It is reasonable to expect that you want to get the most out of your investment in cloud computing, and making the best use of your purchased resources will …

    Read More...
  • Updated FAQ for SQL Azure

    Microsoft published an updated FAQ (May 3, 2010) for SQL Azure, available here The FAQ is very thorough and is a “must read” for any organization planning a relational database migration or new cloud application “This paper provides an architectural overview of SQL Azure Database, and describes how you can use SQL Azure to augment your existing on-premises data infrastructure or as your complete database solution”

    Read More...
  • Improving Windows Azure Storage Throughput Using the Content Delivery Network

    Windows Azure Content Delivery Network (CDN) caches your Windows Azure Data Storage blobs at strategically placed locations around the world (18 at the time of this blog post). The purpose of the CDN is to provide maximum bandwidth for delivery of content to our applications and users. Building massively scalable applications requires squeezing every ounce of juice possible from the infrastructure and machinery. The CDN significantly improves retrieval performance for our most frequently used …

    Read More...
  • Learning Windows Azure platform Resources

    I’ve assembled a short list of training materials and utilities that are helpful in learning the Windows Azure platform Windows Azure SDK v1.1 samples http://www.microsoft.com/downloads/details.aspx?FamilyID=dba6a576-468d-4ef6-877e-b14e3c865d3a&displaylang=en Windows Azure Samples: C:\Program Files\Windows Azure SDK\v1.1\Samples.zip Windows Azure platform AppFabric v1.0 Code Samples http://www.microsoft.com/downloads/details.aspx?familyid=39856 …

    Read More...
  • Understanding Windows Azure platform AppFabric Access Control Service Resources

    Before we can begin using the Windows Azure AppFabric Access Control Service (ACS) to decouple our applications from security concerns and enable claims-based identities we need to understand the Resources contained in the Service Namespace and what role they play in the authentication and authorization infrastructure. This brief blog entry is meant to provide you with the basic understanding and vocabulary required to get started. Service Namespace The Service Namespace is an abstraction for …

    Read More...