Writing ... or Just Practicing?

Random Disconnected Diatribes of a p&p Documentation Engineer

  • Writing ... or Just Practicing?

    Fire(wall)fighting Lync and Service Bus


    I once went to a security conference presentation where the speaker explained that blocking ports in your firewall was fine, but developers simply get round this limitation by making everything work over HTTP through port 80. And it seems, in most cases, he was correct. However, I sometimes encounter situations where something that should just work doesn't and I end with my head in the server cabinet, swearing profusely as I analyze my ISA Server logs to figure out what I need to do to fix it.

    I suppose my natural paranoia that requires firewall rules set up to block outbound traffic except for the standard required ports doesn't help. I even had to set up extra rules that allow traffic out to Team Foundation Server (TFS) over the various ports that we use here at MS. However, most stuff just works as it should. Until I installed Lync, that is.

    We use Lync for all of our conferencing, phone, sharing, and interactive online meetings. It's a great environment, and generally works well unless my wife is watching the latest YouTube viral video at the same time. The client (kind of) works OK over just HTTP through the "normal" ports. However, to get the best audio quality, it seems that you need to open some extra ports. There's several lists on MSDN, though most include all of the server ports as well. So I braved the server cabinet once again and came up with the following firewall configuration that works well for me:

    Access to Lync Server from Lync Client

    • Rule Type: Allow
    • Rule From value: Internal
    • Rule To value: a Domain Name Set containing:
      • *.your_Lync_server_domain
      • *.your_email_domain
    • Rule Protocols list:
      • IKE Client (pre-defined rule)
      • Port 3478 UDP, Send Receive
      • Ports 50000 to 59999 UDP, Send Receive
      • Ports 50000 to 59999 TCP, Outbound
      • HTTP (pre-defined rule - required only if not enabled in default client access rules)
      • HTTPS (pre-defined rule - required only if not enabled in default client access rules)

    Note that this configuration does not allow for some peer-to-peer connections that can reduce the load on the Lync server.

    So having fixed my Lync with the outside world (sorry), I start playing with an example application for our forthcoming guide "Integrating Applications with the Cloud". It uses Azure Service Bus Queues and Topics, which also need some packets to be able to escape though the firewall. I guess it was no surprise to find that this failed to work without some additional rules.

    Having perused the MSDN docs and some blog posts, it seems that there are several differences of opinion on this. The MSDN docs say that Server Bus Queues use ports 9350 - 9353, but the first time I ran the example it decided to use port 9354. In the end I opened 9350 - 9355 outbound for TCP, but the error messages you get tell you which port it tried to use so you'll know if you need additional ones open (you don't need to open any ports inbound - which is, of course, the whole reason for using Service Bus!). If you use Service Bus Relay, you need to open ports 808, 818, 819, and 828 for TCP outbound, though so far I haven't been able to confirm that this is all you need.

    If a request is blocked, the error message shows the port number that was used. You should not attempt to limit the IP address ranges in a firewall rule as these will change over time for the different Azure datacenters. A list of the current IP addresses for the datacenters is available on this blog. Here's the rule I set up:

    Access to Azure Service Bus Queues and Relay

    • Rule Type: Allow
    • Rule From value: Internal
    • Rule To value: External
    • Rule Protocols list:
      • Ports 9350-9355 TCP Outbound
      • Port 808 TCP Outbound
      • Ports 818-819 TCP Outbound
      • Port 828 TCP Outbound
      • HTTP (pre-defined rule - required only if not enabled in default client access rules)
      • HTTPS (pre-defined rule - required only if not enabled in default client access rules)

    So everything is looking good until I hit the part where I log in with Windows Live ID and ACS redirects me back to the Orders website running in the local Compute Emulator environment so I can place my order for a High Mass Directional Coil Type 176HS and a dozen Cycloalutanium Tube Connectors. At which point in blows up.

    Windows Azure Tools are clever in that they map your local website to an unused port. So if you have IIS or some other software installed that's using ports 80 and 443, the redirection back from ACS fails because Azure mapped your website to port 444 (or higher). To fix this without having to mess around with the ACS configuration, you can open IIS Manager, right-click the Default Web Site, click Edit Bindings, and change them so that ports 80 and 443 are not used.

    Sometimes I get the feeling that the Known Issues doc will have more pages than the finished guide...

  • Writing ... or Just Practicing?

    There Is No Good News...


    Don't you hate it when someone says "Do you want the good news or the bad news?" and then, when asked for the good news, replies "There isn't any". I really do try so hard to avoid inflicting this on people I know, but sometimes it's inevitable. And usually it's when they've asked me to look at their computer which is "playing up", "running very slowly", or simply won't start at all. I really should look in the mirror sometime to see what I look like when smiling sweetly at the same time as gritting my teeth.

    So there I was, a few days earlier, sitting in front of a Packard Bell mini-tower that proudly wears its "Pentium 4 Inside" and "Designed for Windows XP" badges. According to the manufacturer's label on the back it's just over five years old, and it's even got a blue LED on the front so it looks reasonably respectable sitting alongside my more contemporary machines. But, inside, it's severely screwed up. You can tell that because the only program that will run is Internet Explorer; and it takes three minutes to struggle onto the screen. Any other .exe pops up the "Choose a program to open this file with" dialog, and all of the Control Panel applets just display an error message that Rundll can't be found.

    It looks like it's suffering from at least the W32.Sircam virus, or something similar, and no doubt others as well since none of the four different anti-virus software programs that have been installed during its lifetime are running now. And this was probably confirmed when the owner, a friend of my wife, revealed she'd had a phone call from "a foreign-sounding gentleman" who said he was "associated with Microsoft", had been alerted that her computer had a virus, and that he could repair it over the phone for only 65 pounds (to be pre-paid by credit card). Needless to say I advised her against taking up his offer.

    So what to do? I can't get Regedit or any of the utilities on my home-made rescue/repair CD to run. If I boot into safe mode I have no keyboard - neither I nor the computer owner has one with the old PS2 connector, and it doesn't recognize a USB one at boot time. So I can't use the boot menu options, and my original plan of simply stopping the boot loading of drivers and running some scans to remove malicious software is in tatters. Do I want to take the drive out and put it in one of my working machines to scan it? Probably not.

    Of course, a quick phone call to the owner reveals that it has all of her photos, letters, and other never-been-backed-up-and-irreplaceable files on it. And, as expected, she "didn't get any discs with it", and there seems to be no rescue mechanism installed either. Windows Explorer won't run, but I can get Internet Explorer to show the disk contents by typing "C:\" in the address bar. So at least I can rescue those valuable files onto a thumb drive.

    But as to the operating system, what do I suggest she do? With no rescue or O/S disk, I can't reinstall XP. I could suggest she buy a copy of Windows 7, but I have no idea if it will work on this machine and I can't run the Upgrade Advisor. A full version costs more than the machine is worth, and I don't know if an upgrade version will work (there is no Windows Key sticker on the machine, so I don't know how valid the installed O/S is). In either case, it's going to cost somewhere north of 70 pounds to buy Windows 7 and it may not work afterwards.

    In reality, the advice has to be to dispatch the machine to the great God of recycling and buy something more up to date. I can rescue the precious files, and there's nothing inside the box in terms of hardware that's worth saving. She'll end up with something that's much faster and responsive, more resilient to malware, nicer to use, and has a lot more capabilities. But it means finding 250 to 300 pounds that she probably didn't want to spend.

    Yet, only a couple of weeks ago, I was raving about how Windows 7 brought several old computers back to life. However, the problem machine was obviously a bargain basement version compared to the various Dell machines mentioned in that post. The beast I'm looking at here seems to use technology from the 2002 - 2003 era, even though it was built in 2006.

    Maybe this is the real issue. Most people I talk to still think of a computer as a "thing" that is the same no matter where it comes from or how much it costs. The same people would realize that a TV costing 100 pounds would be very unlikely to have a 48 inch high-definition screen and a full surround sound system, or that paying the price of a budget motorcar would get them a Ferrari.

    Perhaps the issue is that almost any computer you buy, even those at the bottom end of the price range, works just fine out of the box. It's only when you actually get to use it for real over a long period, or upgrade it in a few years' time, that you discover you bought something that was effectively out of date when it was new. Oh well, as they say, you get what you pay for...

  • Writing ... or Just Practicing?

    Gone OOF the Radar


    As I very rarely actually go anywhere, and even more rarely by train, I'm not an expert on the current digital device habits of rail travelers. However, the attraction of a nice comfy seat and table in some wonderful air-conditioned, piped music for free, even has a power socket railway carriage is that you can spend the time being productive. Laptop, tablet, mobile phone, and maybe even a portable printer - you might as well be in the office. The last time I took a long train journey (six years ago) I wrote a complete data access layer for a housing corporation website during the five hour trip.

    However, according to a recent study undertaken on behalf of the Department of Transport here in the UK, business travelers now spend only ten percent of the total railway journey time being productive. It seems that the rest of the trip is taken up with reading non-business stuff, looking out of the window, and people-watching. So how come, that last time I went by train, the guy opposite me spent all of the journey from Edinburgh to Leeds shouting into his mobile phone about a customer he'd just been to visit in Pitlochry? Imagine what it will be like when they allow mobile phones on airplanes.

    Mind you, next time you are on a 'plane, count how many people extract some hugely expensive laptop from their luggage and settle down over the keyboard. Then, on your way back from the toilet, take a surreptitious peek over their shoulder. You'll find that, rather than compiling their business reports or writing integration components for enterprise software systems, they're all reading trashy novels or watching a DVD.

    So is there really any reason for manufacturers to make the fancy laptops we now take for granted lighter, slimmer, faster, and work longer on a charge? By my reckoning, at 10% of journey time on any train trip here in the UK, the most they'll be used is about an hour. Any more than that and you'll have wet feet. Though I suppose you could argue that our intrepid traveler is going through the Channel Tunnel and on to some far-off Europland destination, so needs to read trashy novels and watch DVDs for a lot longer.

    Meanwhile, if all goes to plan, I'll actually be in Europland as you read this, but I can guarantee that I won't be laden with all the latest in technical sophistication. OK, so I'll have a mobile phone that has all the whizz-bang modern capabilities. However, after checking the cost of foreign data connections, bankruptcy avoidance mandates turning off that feature as soon as I get on the 'plane. Internet cafe? Probably not - the last time I used one in Cyprus I got home to find my server had been hacked.

    So instead I'll be lazing round the pool at a friend's villa enjoying some late-in-the-year sunshine, reading trashy novels printed on real paper, and watching DVDs on a 48 inch screen with 7.1 surround sound. Meanwhile my laptop can rest and recover from endless rewrites of Azure guidance, manipulating multitudes of Visio bendy arrows, and trying to connect to some distant Azure datacenter to run half-finished (and, in my case, mostly half-baked) sample code.

    Footnote: "OOF" in the title is not the album by Happy Flowers, slang for money, or the rude word they use in Hawaii. It's Microsoft-speak for "Out of Facility".

  • Writing ... or Just Practicing?

    Additional Integrational Hybridization


    For some unaccountable reason, my semi-coherent bluster a couple of weeks ago wandered across the topic of integration when discussing Windows Azure hybrid applications. Since then, I've been delving deeper into the whole area of hybrid application challenges as we fine-tune our thoughts on the third of our series of guides about designing and developing applications for Windows Azure. And it seems that we in the IT developer community are dragging our heels when it comes to inventing exciting new words.

    Yes, there are lots of new words entering the world's languages all the time, but in recent years these seem to be coming from the general public. Words such as "Graycation" (going on holiday with your grandparents), "Spinnish" (the language used by politicians and spin-doctors), and "Blamestorming" (having a meeting to decide whose fault it was) are useful, but reveal the shortcomings of the great unwashed who can only manage to munge two common words together.

    Not so long ago it was the IT community that was in charge of creating exciting new words ("munge" as used in the previous paragraph is a classic). And we surely hold the trophy for turning abbreviations and acronyms into words - think "RAM", "GUI", "AMOLED", and "PCMCIA" (OK, so some aren't pronounceable even if they do sound like a Village People song). In fact, the Enterprise Library team here at p&p excelled recently with "WASABi". Supposedly it stands for Windows Azure Scaling Application Block integration, though why they want to associate it with rather pungent green stuff I'm not sure.

    But where there must be real opportunity for exciting and useful new words is when describing concepts in software architecture. And "integration" (as in WASABi) is a perfect example. Last week's vague meanderings into Enterprise Application Integration (EAI) revealed that - as far as hybrid Azure applications are concerned - it's not really integration that's the core challenge, it's the opposite. Rather than trying to figure out how to get disparate applications and components to work together, it's more about trying to get cohesive applications and components that already work together to still do so when there's a big lump of Internet in the middle.

    Hybrid application challenges are primarily concerned with making communication, service access, and business logic work across the new boundary you introduce when you evolve an existing on-premises application so that some parts run in the cloud, or when you design a new application with some parts in the cloud and other parts on-premises or hosted by external partners. You aren't integrating the bits, you're separating them. But "separation" doesn't seem to hit the spot.

    I wondered about "intragation" or even "extragation", but the alternative prefix on these doesn't work because "integrate" comes from the Latin word "integratus" meaning to renew or restore. Neither does it seem reasonable to use the real antonym "disintegrate" (unless, of course, your code blew up when you ran it). So, after much head-scratching, I've decided to propose an exciting new word as an addition to our IT glossary of terms:

    hybrigation (noun) [hi-bree-gay-shun] Making all the parts of a hybrid application work together across the on-premises, cloud, and partner domain boundaries.

    Though they probably won't allow me to use it in our new guide...

  • Writing ... or Just Practicing?

    Seven Heaven, or Wait for Eight?


    There's lots of comment at the moment about the "post-PC age". Seemingly everyone will just use some Internet tablet or device that installs the O/S and applications from the cloud, keeps all of the data in the cloud, and uses only services running in the cloud. No need for a fast processor, hard drive, or tons of memory because it's just a web browser and display for applications running somewhere else. The thin client for the 21st century.

    However plenty of people dispute this assertion, citing the need to run powerful and complicated applications and to store data locally. And, of course, to maintain control. If your whole life is held by some huge and faceless cloud-based corporation (not mentioning any names), what happens when they accidently lose your account? Or decide you are no longer welcome and remove you from their system? Supposedly it's already happened to people who have made some unwelcome comment about their provider, or been mistakenly charged with being a hacker and forcibly ejected.

    For most of these reasons, and others, I'm staying with my combination of PCs, servers, and various back-up devices. Yes I do keep a backup of my important data and photos in SkyDrive; though (no doubt due to my well-publicized paranoia) it's all in compressed PGP-encrypted files. But I reckon I've discovered not so much the "post-PC age", but a "same-PC age". Maybe this is as much a problem for PC suppliers as the flood of tablets and smartphones now swamping the world.

    The "same-PC age" is a simple concept. Instead of buying the latest, greatest, fastest new machine every couple of years, you just keep the old one. In the past this hasn't really been an option unless you were prepared to turn it on the day before you wanted to use it, and stop for coffee each time you paged down in a document. But recently it's become clear that older PCs can just keep on working.

    For example, my wife's four year old Dell XPS laptop with Vista was starting to show the signs of being ready for replacement with something a bit snappier. Yet a simple FDISK and a fresh install of Windows 7 brought it back to life so that it feels like a brand new machine. It's responsive, starts quickly, and handles everything she throws at it.

    Even better, a friend's six year old Dell laptop (a huge and ugly beast that originally ran XP) was equally transformed by FDISK and Windows 7 into something that is a pleasure to use. My friend tells me that it's faster now than it was with XP, though I suspect he's being a little optimistic. Of course, it doesn't support Aero, but he never had that anyway so it's no loss. What he is mourning is the lack of scroll support for the trackpad - it seems there's no driver for it that works in Windows 7.

    Update: After some experimentation, it turns out that the latest ALPS driver from the Dell website does work with Windows 7.

    I suppose that's the problem. Dell is hardly likely to create Windows 7 drivers for a machine that was designed to run XP. It would be like expecting Ford to provide a fuel pipe to connect up a 3 litre BMW engine you shoe-horned into your Focus. And, anyway, my friend is less concerned now after I pointed out that there are Page Up and Page Down keys on the keyboard. I suspect that, until the hard drive dies or he graduates to a tablet, the laptop will continue to serve its "same-PC age" functions.

    But the biggest "same-PC age" issue I have at the moment is with my working-day laptop. When I'm not trapped in front of the workstation and huge screens upstairs in the office I use a rather nice, four-year-old Dell Latitude laptop for everything work-related. Its fast, has a wonderful LCD-backlit matte screen, loads of disk space, a superb keyboard, excellent battery life, and still looks prettier than any other laptop out there (including the Apple ones). It runs every piece of complex software I need for my day job, including acting as my office telephone.

    But it won't be long before I'm forced to do something about the O/S. Amazingly it's still running the original installation of Vista, but pretty soon company policy will remove Vista from the list of supported operating systems on the corporate VPN. At that point I'll need to make the decision on either Windows 7 or Windows [whatever Windows 8 will be called]. Ah, I hear you say, why not just do the same as with the other machines and hit it with the FDISK/Win7 thing now?

    Well I'd love to, but there's a major problem here. To be allowed onto the company network in Windows 7, I have to enable Bit Locker. Yes, it's great idea, but the machine doesn't have a TPM module so it seems I'd need to plug in a thumb drive every time I log on. As the policies applied by the domain force the password-enabled screensaver after 10 minutes, this will be regularly throughout every day. If I leave the thumb drive plugged in I'm sure to break it and the socket at some point as I wander aimlessly around seeking guidance-creation inspiration. If I take it out every time, there's almost no doubt I'll spend the first hour of every day searching for it, or lose it altogether. Either way, I'm destined to regular cycles of FDISK and reinstall. Can I buy a plug-in TPM module I wonder?

    Anyway, in preparation, I ran the Windows 7 Upgrade Advisor. It says all of my applications will work without problems! Great! However, it also listed all the devices and drivers that won't work in Windows 7. OK, the built-in camera never did work from new, but as I never use it that's not a problem. But when I ordered the machine I specified a built-in smart card reader and fingerprint reader. It even came with a proximity card reader. It's true I never managed to get the terrible clunky device setup software to recognize any of these devices (I assumed it was a Vista issue), and when I did find a driver for the smart card reader it just told me that my corporate smart card was "not a recognized format" so I've been using a separate plug-in card reader instead. And a separate plug-in fingerprint reader because the built-in one seems to be there only for decoration rather than for any functional reason.

    So I suppose I shouldn't expect Windows 7 to work with any of these devices either. But I can't make up my mind which is the most annoying outcome of all this investigative effort. Is it that I'll end up junking an otherwise fully-usable machine that cost a lot of money (over 1500 pounds or 2000 dollars)? Or that I'll spend my remaining working days hunting for lost thumb drives and then reinstalling everything? Or, maybe most annoying of all, it reminded me that I paid good money for features that never worked?

    If you'd bought a typical consumer device with all the bells and whistles and discovered that several of them didn't actually bell or whistle, you'd soon be back at the store with the box under your arm. How come we computer users accept that only part of the hugely expensive kit we buy will actually work? Perhaps, after all, there is a case for the ubiquitous Internet tablet or device that "just works"...

Page 1 of 1 (5 items)