azureQuery vs. Azure SDK for Node


One of our recent projects involved using JavaScript to access Windows Azure data and features.  When considering the overall design, we discussed client- or server-side execution models (where the “meat” of the code will execute).  In this post we hope to expose what we learned in this process to others.  Although quite a few JavaScript libraries exist for accessing parts of Azure, the two we’ll analyze here are azureQuery and Azure SDK for Node.

First, a little context about each library:

azureQuery Azure SDK
Publisher David Pallman – Neudesic Windows Azure – Microsoft
URL azureQuery Windows Azure Node.js Developer Center
Code URL azureQuery on CodePlex azure-sdk-for-node on GitHub
Initial Release July, 2012 September, 2011


Next, some characteristics of the libraries:

azureQuery Azure SDK
Execution Locale Client-side (browser) Server-side (node)
Fluent (chaining) language support? Yes No
Storage Support?


Yes Yes


*Not Yet Yes


*Not Yet Yes
Service Bus Support? ^No Yes
Identity & Access Control? No No
* As of 9/12/12, azureQuery only provides access to Windows Azure Blob Storage ^ We are not clear whether azureQuery plans to support Service Bus integration.


The table above highlights that, in its current state, azureQuery is very limited in its support of Azure features.  Actually, that’s to be expected. azureQuery was first published in late July, 2012; Azure SDK for Node was 10 months old at that point. We expect azureQuery will deliver support more areas of Azure, especially as the level of developer contribution improves (David Pallman has a full-time job, after all!).


Which should you use?

So, which of these libraries should you use for projects now?  If you’re thinking, “That’s not even the right question!” you are right!  Decisions regarding which code runs client-side or server-side has a great deal more to do with application requirements, scale expectations, data change rates, etc.

However, it is pretty clear at this point that azureQuery is still in its infancy.  If your goal is to rapidly deliver a solution using Windows Azure (beyond Blobs), then you should use Azure SDK for Node.  This decision will change as azureQuery fulfills its (assumed) mission. If solution demands client-side execution (e.g., rich visualization of changing data), then we encourage you to invest in azureQuery and contribute to its advancement.

Azure: Flex on IaaS, Keep PaaS Pure

I recently commented on Mary Jo Foley’s post Can Microsoft Save Windows Azure?  The key point of my post was that IaaS is good for Azure because it is good for adoption rate.

This change does raise concerns for software developers, however. On the topic of increasing IaaS in Azure, Mary Jo wrote:

This means that Microsoft will be, effectively, following in rival Amazon’s footsteps and adding more Infrastructure as a Service components to a platform that Microsoft has been touting as pure PaaS. [highlight added]

For software architects and developers, Microsoft PaaS approach with Azure has been a boon. Many non-developers would be surprised to know how much “infrastructure impact” creeps into system architectures and implementations. The (historically) pure PaaS Azure, however, provides us with the ability to implement highly available, scalable and performant systems with almost no infrastructure concerns.

Many consider Amazon to be the top cloud computing provider.  Amazon Web Services (AWS) provides a very good set of building blocks which (increasingly) work well together. From a developer’s perspective, however, these building blocks require too much “IaaS overhead.”   Determining which building blocks will be needed is the first hurdle. But then come the “which to use in what?” hurdles. Which distro and version of one of the Linuxes, which database type (SQL, NoSQL), how will the various systems communicate with each other, etc., etc., etc.

With Windows Azure, however, a developer can implement code on a developer workstation (using the Compute and Storage emulators).  When ready, the developer can deploy code to Azure directly from Visual Studio.  Relative to just about every other cloud provider, Azure developers start out much further down the road (= saves a lot of time).


In PaaS, Purity Matters

So how does Azure’s IaaS push impact developers?  Developers will be negatively impacted by letting IaaS pull in PaaS impurity.  In other words, if Microsoft muddies the existing Azure development platform (code interfaces), the level of “IaaS Overhead” increases.  As the level of IaaS Overhead increases, the time and cost benefits of PaaS erode.

Consider the Win32 days: Microsoft’s progressive push toward a standard set of API’s for Windows created a competitive advantage.  Although there were gaps (e.g., API’s supported on Windows NT, but not Windows 95), Win32 was far more pure than any other API at the time.  Companies that developed software for the myriad Unix systems encountered far more platform related costs than companies developing for Windows.  If Microsoft had tried to support Sun, IBM, HP and other Unix libraries, the advantages of Win32 would have vanished.

Hopefully Microsoft plans to keep the PaaS side of Azure pure, while letting the IaaS side flex.  Otherwise, they will undermine one of their most significant competitive advantages – a pure PaaS.

Periodic Table of Cloud Computing

David Pallmann, General Manager at Neudesic has published one of the best explanations of Cloud Computing in Windows Azure Design Patterns.  The title is a double misnomer – it isn’t just about Azure, and it is far more than Design Patterns.

Pallmann’s Periodic Table of Cloud Patterns is one of the best tools for visually capturing the various components and facets of Cloud Computing.  He uses these elements very effectively to touch on Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS) before delving into Windows Azure’s PaaS offerings.

Although the slides cover Windows Azure, Pallmann’s points are easily abstracted to Cloud Computing in general.  And he provides a very solid foundation for digging into areas such as:


  • Claims-based Security
  • Service Bus (resilient queue)
  • Storage – Blobs, Tables, Queues
  • Database – SQL Azure
  • Compute Instance Types


Overall an excellent presentation for Cloud Computing and well worth reviewing!

Is More IaaS Good For Azure?

Mary Jo Foley recently posted Can Microsoft Save Windows Azure? on  Obviously the title is geared more toward grabbing your attention, but the article has some good content.

One paragraph caught my attention in particular:

Starting around March this year, Microsoft is slated to make some very noticeable changes to Windows Azure. That’s when the company will begin testing with customers its persistent virtual machine that will allow users to run Windows Server, Linux(!), SharePoint and SQL Server on Windows Azure — functionality for which many customers have been clamoring. This means that Microsoft will be, effectively, following in rival Amazon’s footsteps and adding more Infrastructure as a Service components to a platform that Microsoft has been touting as pure PaaS. [highlight added]

Why is Microsoft pushing more IaaS into Azure?  In a word: Adoption.  Microsoft needs to increase the Azure adoption rate.  Far more people in IT organizations know how to participate in IaaS than PaaS.  They already know to install and configure Windows Server, SharePoint and even some of the myriad Linuxes.  Many already contract out their power and internet access to hosting companies, etc.  Running a VM on Azure (or RackSpace, Amazon, etc.) is a natural next-step.

Stepping into PaaS, however, is a much larger step.  Designing and implementing software for any platform always requires more time, and almost always involves more people.  By way of analogy, consider two word processing applications: Microsoft Word and Apple Pages.  Pages only works on Apple operating systems.  To run Pages on the Windows operating system (if Apple so desired) would require a great deal of time and cost.  Microsoft has developed Word for both Windows and Apple operating systems – at great expense of time and money.

So, companies IaaS uptake tends to be faster than PaaS.  In fact, some companies will only engage in IaaS and SaaS, but that’s a separate story. In order for Azure’s adoption rate to continue, it needs to open the door for more IaaS adopters.

“A Pass on PaaS”–Strategy That Won’t Last


Today I noticed a @CloudBlogs tweet along the lines of “Taking a Pass on PaaS.”  My first thought was, “That’s not a good idea!” Then I thought, “This must be a reverse psychology tweet crafted to make you take a look.”  So, in I went; hook, line & sinker.

To my surprise, however, the tweet was true (forward psychology?). William Louth’s article actually proposes that it is foolish to build on Platform-as-a-Service.  To wit:

…it is becoming clearer to me that for the time being it is much wiser for customers and vendors to Pass on PaaS….

Mr. Louth goes on to recommend that customers and vendors should

…focus on consuming and building AWS like cloud services that scale, perform and are themselves far more resilient than any of todays technologies, frameworks, libraries, components and most importantly operational processes.

The article doesn’t seem to specify what “AWS-like cloud services” means.  At the very beginning of the article, the author indicates that Amazon’s ElastiCache launch may have triggered him to write the article, so maybe readers are expected to use ElastiCache as a prototype for “AWS-like cloud services.”

Furthermore, the author seems to confuse PaaS with some specific implementations he has in mind.  In particular, he refers to “containers”

Coming from a CORBA/J2EE/JavaEE background I can very well understand the allure of a container like approach (or glorified process launcher aka CloudFoundry) to architecting and deploying a new cloud application or service. But the problem I have with this is that I’m not convinced that an integrated container is the best option and should be the interaction point for services. [Emphases added]

The author seems to be saying that PaaS is (or is based upon) a “container like approach.”  This characterization is far afield of PaaS, and the explanation by different colored telephone booths is more confusing than clarifying.



To be clear, Mr. Louth is not completely off-base. The problem is that he has too broadly painted all PaaS as unwise.  We can all agree that PaaS is no panacea, but neither is it unfit (technologically or in current implementations).  Mr. Louth’s article argues that solutions built on’s Force PaaS are misguided or foolish.

Although not anathema to Infrastructure-as-a-Service (IaaS), Platform-as-a-Service is geared toward abstracting infrastructure.  Among other benefits, this approach provides for:

  • Shorter delivery time-frames
    • Requiring fewer developers
      • Less monitoring and maintenance
        • All reducing overall costs

NIST provides a fairly good definition of PaaS:

Cloud Platform as a Service (PaaS). The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly application hosting environment configurations.


IaaS providers – such as Amazon Web Services or OpenStack – and PaaS providers – such as or Microsoft Azure – offer differing capabilities for different application requirements.  These layers of cloud computing are often more complementary than competitive.  Application architects and designers must take these differences into account as they consider how to best deliver application requirements.

ACS v2 Protocols & Tokens Matrix

Version 2 of Windows Azure’s Access Control Service (ACS) was released recently.  There seems to be some confusion flying about when it comes to which security tokens are provided by protocols or ACS mechanisms.  Here’s a quick matrix which we hope will clarify the situation:

  SWT SAML 1.1 SAML 2.0
OAuth 2.0





So you can acquire a SAML 2.0 token using a SAML protocol (aka, SAMLP), but not SWT or SAML 1.1 tokens.

This matrix also draws attention to other issues:

  • SWT tokens are the most protocol agnostic. ACS supports rendering SWT tokens from all protocols except SAMLP.
  • SAML 1.1 are the most protocol specific.  If your application requires SAML 1.1, ACS has already made your protocol decision for you. (From a security token perspective, WS-Federation is a more complex special case of WS-Trust)

What Happens When an Azure Role Starts?


Cory Fowler (SyntaxC4) has a good post on Windows Azure Role Startup Life Cycle. Notable aspects of the post include:

  • Synchronous and Asynchronous Startup TaskType and problems to watch for
  • A good, step-by-step diagram of how the Azure Fabric Controller turns the Cloud Service Package (.cspkg) and Cloud Service Configuration (.cscfg) files into a running role instance
  • Suggestions on avoiding Role Startup race conditions

Azure 1.4 SDK and Tools

Yesterday (3/9/11) Microsoft announced updates for the Windows Azure SDK and Tools (VSCloudService.exe).  As the download page indicates, this SDK release’s primary purpose is to address stability issues.  Other improvements include:

  • Azure Management Portal – Improved responsiveness
  • Azure Connect – Multi-admin support and installation for non-English Windows
  • Azure Content Delivery Network (CDN) – Provides for delivery of secure content via HTTPS

Be aware also that the 1.4 SDK installer automatically uninstalls previous versions.  So, if you need 1.3 for a while still, you’ll need to keep it safe.

Download the SDK & tools here.

When Free Is Not Enough

Beginning today, Microsoft is offering developers free access to Windows Azure through the end of June.  The offer includes compute time, storage space, SQL Azure database and AppFabric features for Access Control and Service Bus.  See the announcement for details.

This offer should be very appealing to many, many developers and ISVs.  Interestingly, it is not a compelling offer for us.  Why not?  Well, I think the answer is worth passing on.

Microsoft’s free Azure offer is not valuable to those already developing on Azure.  Two perspectives on this fact are:

  • Microsoft has carefully crafted the offer in order to keep paying customers paying
  • Cloud computing is so cheap that the transition cost to “free” is too expensive

I don’t see much value in arguing one way or another about the first point.  Our speculation on this point is no more (or less) valuable than anyone else’s.  We are living proof of the second point, however.  Our monthly Azure expenses are so low, that it’s not work the effort to temporarily switch to “free” and switch back when it runs out.  In this case, the opportunity cost (of lost development work, etc.) is far higher than “free.”

Sometimes free just isn’t enough!

What’s New in Azure Guest OS 2.2?

This Azure Guest OS release come two months after the previous (v. 2.1).  Does this release provide minor changes, or does it include patches for substantial security issues?  Let’s dig and find out.

Microsoft announced Windows Azure Guest OS 2.2 (Release 201101-01) which contains 11 specified security patches.  More specifically, this Azure Guest OS is comprised of:

  • Windows Server 2008 R2, plus
  • All security patches through December, 2010, and
  • 2 updates to previous security patches

The 11 specified patches specified in the bulletin fall in to a few vulnerability categories.  9 of the patches were included in December’s Security Bulletin; the 3 marked with ‘*’ are patch updates.  The bulletin IDs, ‘MS10-…’ gives away that they originated in 2010.

Vulnerability Bulletins
Elevation of Privilege MS10-092, MS10-098, MS10-100
Remote Code Execution MS10-077*, MS10-091, MS10-095, MS10-096
Denial of Service MS10-101, MS10-102
IE Cumulative Updates MS10-090*
ASP.NET, Information Disclosure MS10-070*

MS10-070 & MS10-077 were originally released last year in September and October, respectively.  MS10-090 was originally released in December, 2010, but was update in early January, 2011.

Even though most of these were in December’s Security Bulletin, we should take a look at the criticality and exploitability ratings for each (relative to Windows Server 2008 R2 for x64 only; impacts to Itanium-based systems my differ slightly)

Bulletin Severity Rating Exploitability Rating
MS10-090 Critical Consistent Exploit Code Likely
MS10-091 Critical Consistent Exploit Code Likely
MS10-092 Important Consistent Exploit Code Likely
MS10-095 Important Consistent Exploit Code Likely
MS10-096 Important Consistent Exploit Code Likely
MS10-098 Important Consistent Exploit Code Likely
MS10-100 Important Consistent Exploit Code Likely
MS10-101 Important Functioning exploit code unlikely
MS10-102 Important Functioning exploit code unlikely

So, I think it’s safe to assess that this new Azure Guest OS includes some very significant security patches.  Agree? Don’t agree?  Leave a comment for us below.