Dev Center - Windows Store apps
Are you a startup?
Get BizSpark cloud access
Get up to $4,700 of cloud benefits
Don’t have MSDN?
Here’s cloud access
Kevin Ashley - Norcal
David Chou - Socal
Warren Wilbee - West Region
Wes Yanaga - Norcal
msdev offers free developer videos and training.
While writing the series of posts, I kept running into more best practices. So here are a few more items you should consider in securing your Windows Azure application.
Here are some tools, coding tips, and best practices:
In Windows Azure Security Best Practices -- Part 1: The Challenges, Defense in Depth, I described the threat landscape and introduces the plan for your application to employ defense in depth.
In this part, I explain that security with Windows Azure is a shared responsibility, and Windows Azure provides your application with security features than you may have employed in your on premises application. But then, it also exposes other vulnerabilities that you should consider. And in the end, you should be proactive in your application development to secure your application.
This section is meant to provide an overview of what Windows Azure provides. For more in depth information, see Global Foundation Services Online Security. The Global Foundation Services team delivers trustworthy, available online services that create a competitive advantage for you and for Microsoft’s Windows Azure.
Every conversation I have with developers about moving their application to the cloud revolve around two main issues.
And also, often unstated, “How do I make my user experience as easy as for users as it is for on-premise applications?”
This post describes the threat landscape and introduces the plan for your application to employ defense in depth in partnership with Windows Azure.
Claims-based identity is a simple but powerful way of handling identity and access for your web sites and web services, whether you work on-premises or you are targeting the cloud. You can create more secure applications by reducing custom implementations and using a single simplified identity model based on claims.
Windows Identity Foundation (WIF) is a set of .NET Framework classes. It is a framework for implementing claims-based identity in your applications.
Several Windows Azure services help you extend your application security into the cloud.
Three services can help you in providing identity mapping between various providers, connections between an on premises data center, and abilities for applications (where ever they reside) to send messages to each other:
Windows Azure Toolkit for Windows 8 helps you create Windows 8 Metro Style applications that can harness the power of Windows Azure. The idea is to connect your Windows application to data in the cloud.
So which security threats are mitigated by the Windows Azure environment and which security threats must be mitigated by the developer?
The paper, Security Best Practices for Developing Windows Azure Applications, describes what you should consider as key threats that your an application running on the Windows Azure. And it shows specifically where Azure provides the mitigation and those you need to call APIs and those which you need to handle yourself. (It does not address regulatory compliance issues.)
When you are building out your cloud application, security should be front and center in your Windows Azure planning and execution.
In this part, I explore how you can examine the architecture of your application. The pattern and practices teams provide the idea of a Security Frame as a way to look at your application to determine treats and your responses, before you even begin coding.
I also describe how you can use the The Microsoft Security Development Lifecycle (SDL) in a prescribed way that you can adapt in your organization to address security in every process of your application’s lifecycle.
In a series of blog posts, I’ll provide a look into how you can secure your application in Windows Azure. This six-part series describes the threats, how you can respond, what processes you can put into place for the lifecycle of your application, and prescribes a way for you to implement best practices around the requirements of your application. I’ll also show ways for you to incorporate user identity and some of services Azure provides that will enable your users to access your cloud applications in new says.
Are you interested in experiencing the next great app platform opportunity, Windows 8? Do you want to learn how to get started building apps for this new platform?
We are inviting the Silicon Valley startup community to a full-day, knockout, deep dive event taking place on our Silicon Valley Campus April 4.
Developers and designers alike will take the stage to show you how to take advantage of this new platform opportunity.
Microsoft has announced plans to release an additional limited preview of an Apache Hadoop-based service for Windows Azure in the first half of 2012.
Since the first limited preview released in December, customers such as Webtrends and the University of Dundee are using the Hadoop-based service to glean simple, actionable insights from complex data sets hosted in the cloud.
Customers interested in signing up for the latest preview should visit http://www.hadooponazure.com.
Hybrid applications and environments combine software running on public cloud platforms, such as Windows Azure, with software running on premises. Developers and customers using this model get both the cloud benefits of low cost, ubiquity, scale, etc. along with the control, flexibility, security, etc. of their on-premises platforms.
There’s a steady flow of helpful materials on using Windows Azure in hybrid solutions being published by the Azure team, Microsoft’s technical evangelists, and the community of developers using Windows Azure. Recently I noticed some posts that I think are especially helpful.
ASP.NET MVC 4, ASP.NET Web API, ASP.NET Web Pages v2 (Razor) - all with contributions have been made available under the Apache 2.0 license.
You can find the source on CodePlex and all the details on Scott Guthrie's blog.
“We will also for the first time allow developers outside of Microsoft to submit patches and code contributions that the Microsoft development team will review for potential inclusion in the products,” Guthrie says. “We announced a similar open development approach with the Windows Azure SDK last December, and have found it to be a great way to build an even tighter feedback loop with developers – and ultimately deliver even better products as a result.”
You can now browse, sync and build the source tree of ASP.NET MVC, Web API, and Razor here.
My colleagues are now pooling their blogs into single feed to provide up-to-date news for readers interested in the latest in cloud. US Cloud Connection site is now live with has added the ability to aggregate the Azure-related blog posts. My colleagues will provide details on the latest offerings and let you know about events across the US.
Be sure to check out the contributions of Bruno Terkaly, Sanjay Jain, Zhiming Xue, Adam Hoffman, and myself.
Evaluations of the release to manufacturing version (RTM) version of SQL Server 2012 will allow you to test your application for compatibility. The fully functional trial software will automatically expire after six months. Get it from the SQL Server 2012 download site.
General availability of SQL Server through retail channels and MSDN is expected to be April 1.
For more information about how to test your applications, see Guide for How to Test Your Application for Compatibility with SQL Server 2012.
A virtual machine for you to try out the new Visual Studio 11 Beta ALM is now available. It includes hands-on-labs / demo scripts.
Brian Keller explains in his post Visual Studio 11 Application Lifecycle Management Virtual Machine and Hands-on-Labs / Demo Scripts that you can use the virtual machine to roll up your sleeves and start learning about the many capabilities we announced at TechEd North America last year.
Brian Keller writes, “You can download and install the beta of Visual Studio 11 (and Team Foundation Server 11, .NET Framework 4.5, etc.) and even use it in production with our “go live” support. But if you would like a fast way to understand what is new for application lifecycle management in this release, this virtual machine is pre-configured with all of the necessary software and sample data for you.”
The Windows Azure team has announced additional savings to compute and storage customers. In addition to the SQL storage reductions announced last month, the new plan offers an Extra Small Compute at 2 cents per hour.
With these changes, a 24x7 Extra Small Compute instance with a 100MB SQL Azure DB costs less than $20 per month. The price of compute and storage continues to be consistent across all datacenters.
You are invited to attend a two-day workshop for developers, database administrators, and technical decision makers on SQL Server 2012. The training will help you understand how to build enterprise grade solutions which exploit key improvements in SQL Server 2012.
Microsoft SQL Server 2012 has released to manufacturing. SQL Server 2012 helps address challenges of increasing data volumes by rapidly turning data into actionable business insights.
Microsoft’s modern data platform SQL Server 2012 is launching today, with evaluations available and general availability starting April 1.
Thousands of customers have evaluated SQL Server 2012 and are using it to manage any data, any size, anywhere.
Microsoft’s data platform enables customers to unlock simple, actionable insights from their most complex data.
Earlier this month Microsoft significantly reduced the cost of SQL Azure. SQL Azureis a great way to move your applications to the cloud.
Two recent blog posts provide a good starting point for learning about how you can migrate to SQL Azure:
Windows 8 DevCamps enable developers to build beautiful Metro style apps and publish them to the Windows Store.
There are over 100 events worldwide now available on the devcamps.ms/windows site. Registration is open now.
Microsoft has just released the SQL SERVER 2012 Sneak Peek Campaign. This campaign allows you to give your customers an early look at the powerful capabilities of SQL Server 2012 from unlocking data insights to building solutions and extending into the cloud.
You are cordially invited to be a part of the Virtual Launch Event for Microsoft SQL Server 2012. Attendance is free and open to both partners and customers. All you need to do is register here.
Hear from Microsoft executives about new functionality being released. If you are unable to attend the event, the Virtual Launch Event will remain available on-demand for 90 days.
Mostly hosted on University campuses across the West Region, these DevCamps provide both student and professional developers the opportunity to choose a technology and start learning and building applications for it. Camps covering the web, phone, and cloud platforms will be presented simultaneously.
Developer Camps (DevCamps for short) are free, fun, no-fluff events for developers, by developers. Attendees learn from experts in a low-key, interactive way and then get hands-on time to apply what they’ve learned.