azureQuery vs. Azure SDK for Node

 

One of our recent projects involved using JavaScript to access Windows Azure data and features.  When considering the overall design, we discussed client- or server-side execution models (where the “meat” of the code will execute).  In this post we hope to expose what we learned in this process to others.  Although quite a few JavaScript libraries exist for accessing parts of Azure, the two we’ll analyze here are azureQuery and Azure SDK for Node.

First, a little context about each library:

azureQuery Azure SDK
Publisher David Pallman – Neudesic Windows Azure – Microsoft
URL azureQuery Windows Azure Node.js Developer Center
Code URL azureQuery on CodePlex azure-sdk-for-node on GitHub
Initial Release July, 2012 September, 2011

 

Next, some characteristics of the libraries:

azureQuery Azure SDK
Execution Locale Client-side (browser) Server-side (node)
Fluent (chaining) language support? Yes No
Storage Support?

Blob

Yes Yes

Queue

*Not Yet Yes

Table

*Not Yet Yes
Service Bus Support? ^No Yes
Identity & Access Control? No No
* As of 9/12/12, azureQuery only provides access to Windows Azure Blob Storage ^ We are not clear whether azureQuery plans to support Service Bus integration.

 

The table above highlights that, in its current state, azureQuery is very limited in its support of Azure features.  Actually, that’s to be expected. azureQuery was first published in late July, 2012; Azure SDK for Node was 10 months old at that point. We expect azureQuery will deliver support more areas of Azure, especially as the level of developer contribution improves (David Pallman has a full-time job, after all!).

 

Which should you use?

So, which of these libraries should you use for projects now?  If you’re thinking, “That’s not even the right question!” you are right!  Decisions regarding which code runs client-side or server-side has a great deal more to do with application requirements, scale expectations, data change rates, etc.

However, it is pretty clear at this point that azureQuery is still in its infancy.  If your goal is to rapidly deliver a solution using Windows Azure (beyond Blobs), then you should use Azure SDK for Node.  This decision will change as azureQuery fulfills its (assumed) mission. If solution demands client-side execution (e.g., rich visualization of changing data), then we encourage you to invest in azureQuery and contribute to its advancement.

Windows Azure Management Portal in Firefox, Moonlight on Linux

 

We have Arch Linux running on a 7 year old Dell desktop. It’s an oldie, but a goodie.  The combination of Arch with LXDE makes for a good administrative machine – email, web browsing, bittorrents, etc.  We had tried using the Silverlight-based Windows Azure Management Portal on this machine – using Mono’s Moonlight as the the Silverlight for Linux – but found enough hiccups that we stopped wasting our time.  When Windows Azure began offering its HTML5-based management portal, our interest in managing our Azure systems from Linux was renewed.  Here’s a brief review of our experience:

Using Firefox 13.0.1 on Arch Linux, we opened http://windows.azure.com/. After signing in, we were left on what appeared to be a blank page.  On right-clicking the page, we learned that it was actually trying to use Silverlight, and the Moonlight implementation didn’t seem to be rendering correctly.  We wondered why we hadn’t been given a choice between Silverlight and HTML5 – we seem to remember that in Win7+ IE.

We uninstalled Moonlight in hopes that the portal’s page code would opt for HTML5 when no Silverlight support was detected. Unfortunately, the portal’s entry page just showed the familiar “To view this content, please install Silverlight….”

Disappointed, again.  The management portal doesn’t seem to detect the lack of Silverlight support and redirect to the HTML5 version.  The user is not presented a choice of which to use. And either the Moonlight implementation or the portal implementation in Silverlight don’t work correctly.

UPDATE: After tweeting that the portal wasn’t working in our config, we quickly received a response from @ScottGu saying that we need to use http://manage.windowsazure.com/ for the HTML5 portal. (Whether the tweet came from the real Scott Guthrie or a ghost tweeter, we don’t know). We were immediately pleased to find that the HTML5 portal worked very well in our non-Microsoft config! Kudos to Microsoft and the Windows Azure team for delivering cross-platform, cross-browser management tools – well done!

UPDATE 2: The portal link/button on WindowsAzure.com navigates to Windows.Azure.com (which requires Silverlight).  If you want to use the HTML5-based management portal, be sure to open http://manage.windowsazure.com/ directly.

Azure: Flex on IaaS, Keep PaaS Pure

I recently commented on Mary Jo Foley’s post Can Microsoft Save Windows Azure?  The key point of my post was that IaaS is good for Azure because it is good for adoption rate.

This change does raise concerns for software developers, however. On the topic of increasing IaaS in Azure, Mary Jo wrote:

This means that Microsoft will be, effectively, following in rival Amazon’s footsteps and adding more Infrastructure as a Service components to a platform that Microsoft has been touting as pure PaaS. [highlight added]

For software architects and developers, Microsoft PaaS approach with Azure has been a boon. Many non-developers would be surprised to know how much “infrastructure impact” creeps into system architectures and implementations. The (historically) pure PaaS Azure, however, provides us with the ability to implement highly available, scalable and performant systems with almost no infrastructure concerns.

Many consider Amazon to be the top cloud computing provider.  Amazon Web Services (AWS) provides a very good set of building blocks which (increasingly) work well together. From a developer’s perspective, however, these building blocks require too much “IaaS overhead.”   Determining which building blocks will be needed is the first hurdle. But then come the “which to use in what?” hurdles. Which distro and version of one of the Linuxes, which database type (SQL, NoSQL), how will the various systems communicate with each other, etc., etc., etc.

With Windows Azure, however, a developer can implement code on a developer workstation (using the Compute and Storage emulators).  When ready, the developer can deploy code to Azure directly from Visual Studio.  Relative to just about every other cloud provider, Azure developers start out much further down the road (= saves a lot of time).

 

In PaaS, Purity Matters

So how does Azure’s IaaS push impact developers?  Developers will be negatively impacted by letting IaaS pull in PaaS impurity.  In other words, if Microsoft muddies the existing Azure development platform (code interfaces), the level of “IaaS Overhead” increases.  As the level of IaaS Overhead increases, the time and cost benefits of PaaS erode.

Consider the Win32 days: Microsoft’s progressive push toward a standard set of API’s for Windows created a competitive advantage.  Although there were gaps (e.g., API’s supported on Windows NT, but not Windows 95), Win32 was far more pure than any other API at the time.  Companies that developed software for the myriad Unix systems encountered far more platform related costs than companies developing for Windows.  If Microsoft had tried to support Sun, IBM, HP and other Unix libraries, the advantages of Win32 would have vanished.

Hopefully Microsoft plans to keep the PaaS side of Azure pure, while letting the IaaS side flex.  Otherwise, they will undermine one of their most significant competitive advantages – a pure PaaS.

Periodic Table of Cloud Computing

David Pallmann, General Manager at Neudesic has published one of the best explanations of Cloud Computing in Windows Azure Design Patterns.  The title is a double misnomer – it isn’t just about Azure, and it is far more than Design Patterns.

Pallmann’s Periodic Table of Cloud Patterns is one of the best tools for visually capturing the various components and facets of Cloud Computing.  He uses these elements very effectively to touch on Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS) before delving into Windows Azure’s PaaS offerings.

Although the slides cover Windows Azure, Pallmann’s points are easily abstracted to Cloud Computing in general.  And he provides a very solid foundation for digging into areas such as:

 

  • Claims-based Security
  • Service Bus (resilient queue)
  • Storage – Blobs, Tables, Queues
  • Database – SQL Azure
  • Compute Instance Types

 

Overall an excellent presentation for Cloud Computing and well worth reviewing!

Is More IaaS Good For Azure?

Mary Jo Foley recently posted Can Microsoft Save Windows Azure? on RedmondMag.com.  Obviously the title is geared more toward grabbing your attention, but the article has some good content.

One paragraph caught my attention in particular:

Starting around March this year, Microsoft is slated to make some very noticeable changes to Windows Azure. That’s when the company will begin testing with customers its persistent virtual machine that will allow users to run Windows Server, Linux(!), SharePoint and SQL Server on Windows Azure — functionality for which many customers have been clamoring. This means that Microsoft will be, effectively, following in rival Amazon’s footsteps and adding more Infrastructure as a Service components to a platform that Microsoft has been touting as pure PaaS. [highlight added]

Why is Microsoft pushing more IaaS into Azure?  In a word: Adoption.  Microsoft needs to increase the Azure adoption rate.  Far more people in IT organizations know how to participate in IaaS than PaaS.  They already know to install and configure Windows Server, SharePoint and even some of the myriad Linuxes.  Many already contract out their power and internet access to hosting companies, etc.  Running a VM on Azure (or RackSpace, Amazon, etc.) is a natural next-step.

Stepping into PaaS, however, is a much larger step.  Designing and implementing software for any platform always requires more time, and almost always involves more people.  By way of analogy, consider two word processing applications: Microsoft Word and Apple Pages.  Pages only works on Apple operating systems.  To run Pages on the Windows operating system (if Apple so desired) would require a great deal of time and cost.  Microsoft has developed Word for both Windows and Apple operating systems – at great expense of time and money.

So, companies IaaS uptake tends to be faster than PaaS.  In fact, some companies will only engage in IaaS and SaaS, but that’s a separate story. In order for Azure’s adoption rate to continue, it needs to open the door for more IaaS adopters.

ACS v2 Protocols & Tokens Matrix

Version 2 of Windows Azure’s Access Control Service (ACS) was released recently.  There seems to be some confusion flying about when it comes to which security tokens are provided by protocols or ACS mechanisms.  Here’s a quick matrix which we hope will clarify the situation:

  SWT SAML 1.1 SAML 2.0
OAuth 2.0

   
OAuth WRAP

   
SAML (SAMLP)    

WS-Federation

WS-Trust

So you can acquire a SAML 2.0 token using a SAML protocol (aka, SAMLP), but not SWT or SAML 1.1 tokens.

This matrix also draws attention to other issues:

  • SWT tokens are the most protocol agnostic. ACS supports rendering SWT tokens from all protocols except SAMLP.
  • SAML 1.1 are the most protocol specific.  If your application requires SAML 1.1, ACS has already made your protocol decision for you. (From a security token perspective, WS-Federation is a more complex special case of WS-Trust)

What Happens When an Azure Role Starts?

 

Cory Fowler (SyntaxC4) has a good post on Windows Azure Role Startup Life Cycle. Notable aspects of the post include:

  • Synchronous and Asynchronous Startup TaskType and problems to watch for
  • A good, step-by-step diagram of how the Azure Fabric Controller turns the Cloud Service Package (.cspkg) and Cloud Service Configuration (.cscfg) files into a running role instance
  • Suggestions on avoiding Role Startup race conditions

Azure 1.4 SDK and Tools

Yesterday (3/9/11) Microsoft announced updates for the Windows Azure SDK and Tools (VSCloudService.exe).  As the download page indicates, this SDK release’s primary purpose is to address stability issues.  Other improvements include:

  • Azure Management Portal – Improved responsiveness
  • Azure Connect – Multi-admin support and installation for non-English Windows
  • Azure Content Delivery Network (CDN) – Provides for delivery of secure content via HTTPS

Be aware also that the 1.4 SDK installer automatically uninstalls previous versions.  So, if you need 1.3 for a while still, you’ll need to keep it safe.

Download the SDK & tools here.

When Free Is Not Enough

Beginning today, Microsoft is offering developers free access to Windows Azure through the end of June.  The offer includes compute time, storage space, SQL Azure database and AppFabric features for Access Control and Service Bus.  See the announcement for details.

This offer should be very appealing to many, many developers and ISVs.  Interestingly, it is not a compelling offer for us.  Why not?  Well, I think the answer is worth passing on.

Microsoft’s free Azure offer is not valuable to those already developing on Azure.  Two perspectives on this fact are:

  • Microsoft has carefully crafted the offer in order to keep paying customers paying
  • Cloud computing is so cheap that the transition cost to “free” is too expensive

I don’t see much value in arguing one way or another about the first point.  Our speculation on this point is no more (or less) valuable than anyone else’s.  We are living proof of the second point, however.  Our monthly Azure expenses are so low, that it’s not work the effort to temporarily switch to “free” and switch back when it runs out.  In this case, the opportunity cost (of lost development work, etc.) is far higher than “free.”

Sometimes free just isn’t enough!

What’s New in Azure Guest OS 2.2?

This Azure Guest OS release come two months after the previous (v. 2.1).  Does this release provide minor changes, or does it include patches for substantial security issues?  Let’s dig and find out.

Microsoft announced Windows Azure Guest OS 2.2 (Release 201101-01) which contains 11 specified security patches.  More specifically, this Azure Guest OS is comprised of:

  • Windows Server 2008 R2, plus
  • All security patches through December, 2010, and
  • 2 updates to previous security patches

The 11 specified patches specified in the bulletin fall in to a few vulnerability categories.  9 of the patches were included in December’s Security Bulletin; the 3 marked with ‘*’ are patch updates.  The bulletin IDs, ‘MS10-…’ gives away that they originated in 2010.

Vulnerability Bulletins
Elevation of Privilege MS10-092, MS10-098, MS10-100
Remote Code Execution MS10-077*, MS10-091, MS10-095, MS10-096
Denial of Service MS10-101, MS10-102
IE Cumulative Updates MS10-090*
ASP.NET, Information Disclosure MS10-070*

MS10-070 & MS10-077 were originally released last year in September and October, respectively.  MS10-090 was originally released in December, 2010, but was update in early January, 2011.

Even though most of these were in December’s Security Bulletin, we should take a look at the criticality and exploitability ratings for each (relative to Windows Server 2008 R2 for x64 only; impacts to Itanium-based systems my differ slightly)

Bulletin Severity Rating Exploitability Rating
MS10-090 Critical Consistent Exploit Code Likely
MS10-091 Critical Consistent Exploit Code Likely
MS10-092 Important Consistent Exploit Code Likely
MS10-095 Important Consistent Exploit Code Likely
MS10-096 Important Consistent Exploit Code Likely
MS10-098 Important Consistent Exploit Code Likely
MS10-100 Important Consistent Exploit Code Likely
MS10-101 Important Functioning exploit code unlikely
MS10-102 Important Functioning exploit code unlikely

So, I think it’s safe to assess that this new Azure Guest OS includes some very significant security patches.  Agree? Don’t agree?  Leave a comment for us below.