Add a Firewall to Your Microsoft Azure Web Site

Microsoft has just announced that you can enable a web application firewall to your Azure web site.

Using ModSecurity, you can enable firewall rules to filter inbound and outbound HTTP/HTTPS requests.  This enables you to filter out unwanted traffic.

Enabling the new feature is easy – you just update your web.config.

<configuration>
<system.webServer>
<ModSecurity enabled=”true” configFile=”D:homesitewwwrootsecrules.conf” />
</system.webServer>
</configuration>

You can then supply a ModSecurity configuration file that prescribes your firewall rules.

Currently, ModSecurity module is available for all categories of Azure Websites including the free tier. The important thing to note however is that the module runs within your IIS worker process on Azure websites; so any throttles and restrictions that apply to your worker process are also applicable to ModSecurity. So for the free tier, there is a cap on CPU minutes per day consumption for your site, and these would apply to ModSecurity running in the worker process as well.

Read More

New Enterprise Social and Office 365 Success Centers Launched

Microsoft has launched two new web sites to encourage adoption of its products – the Office 365 Success Center and the Enterprise Social Resource Center.

image

The Office 365 Success Center contains general best practices for adopting Office 365 along with a set of templates for tasks such as:

  • Setting Vision
  • Executive Sponsorship
  • Identification of Scenarios
  • Defining and Prioritizing Solutions
  • Adoption Planning
  • Measuring Success

The Enterprise Social Resource Center provides a set of case studies focused on social collaboration, connected workforces and social sales.

image

Read More

Microsoft’s New Azure SQL DB Pricing Models Provide Better Pricing for Storage, Dedicated Performance

In the next year, Microsoft will retire its Web and Business tiers for Azure SQL DB.  Microsoft has now introduced a new pricing model that provides increased storage and dedicated performance commitments for Azure SQL.  In addition, the size of databases running on Azure SQL has been increased to up to 500 GB.

To compare, let’s assume you have a 50 GB SQL Database that you want to host on Azure.  Under the old model, you are charged exclusively on the size of the database – in this case, the price is $125.88 per month.   There is no performance commitment attached to this database – your SQL database runs in essentially a shared cluster with all the other databases being hosted.

In the new model, you pay per database instead of per storage size.  The Standard pricing allows you to have a database of up to 250 GB.  The cost is either $20.15 per month for S1 or $100.13 per month for S2.  The difference in the two models is how much performance you are allocated – S1 is assigned “20 DTUs” and S2 is assigned “50 DTUs” (presumably 150% faster).

Pricing will also shift starting in November 1, 2014 – the price for S1 will increase while the price for S2 will decrease.

Read More

Performance Comparison of SQL Server Running Locally vs. Azure IAAS

We have been experiencing significant performance challenges with running SQL Server on Microsoft Azure using IAAS based virtual machines.  In investigation the differences in performance, we ran some performance tests using a tool called HammerDB which allows for easy simulation of the TPC-C industry standard benchmark (It can simulate any other other SQL script you like as a test as well).  You can simulate a number of virtual test users who will hammer your SQL database with your test scripts and measure the results.

Based on the standard TPC-C benchmark, here are some interesting results. 

Running on My Laptop

My laptop is a Dell Precision M4700 with 32 GB of RAM loaded with SQL Server 2012 Enterprise.  It has 4 physical cores so it should be able to handle easily 4 virtual users with its own dedicated core.  Here is the test running with 4 virtual users. 

image

As you can see by the performance counters, the limiting factor is clearly I/O – the disk hits 100% while 4 users banging at 4 cores barely hits 13% of available CPU.  Memory is also ready available with 69% free.

Here are the results of the test in transactions per minute:

image

As you can see by the graph, my laptop generates approx. 40K transactions per minute.

SQL 2012 on Azure

In order to test out Azure SQL performance, we set up a VM using the SQL Server 2012 SP2 Enterprise Optimized for Transactional Workloads.

image

We then setup Hammer DB using the same test script to install the TPC-C database.  Here are the results of the test on SQL 2012.

image

Again, the challenge isn’t CPU or RAM, it’s I/O. 

image

SQL 2014 on Azure

SQL 2014 provides about the same performance of SQL 2012 out of the box.  Note that the database itself is the same SQL as used on the SQL 2012 server, so perhaps adding in some in memory optimizations could improve the performance.  Here are the results with SQL 2014.

image

image

Conclusion: It’s all about I/O

The key conclusion is that as expected with databases, it’s all about I/O.  If we look at just the basic speed at which SQL can write to disk, there is a massive difference between my local laptop (which has a very standard SATA drive in it) and what Azure disk volumes are delivering, even when using supposedly optimized file storage settings.

My laptop is writing at 4 MB per second while the Azure VMs are only writing at less than 1 MB per second.

image

image

Read More

SharePoint Online Tags and Notes Retired

SharePoint, starting with version 2010, has a feature called Tags and Notes that allowed for ad hoc tagging of content to encourage people to add additional metadata to make it easier to find relevant content.  This feature was transitioned into SharePoint 2013 and Office 365.

Tag cloud

As of now, the SharePoint Online Tags and Notes feature has been officially retired.   If you have existing tags and notes they will be available but disabled.  Note Board and Tag Cloud web parts are also now effectively disabled.

Microsoft encourages you to move to Yammer as a replacement for this existing feature.  If you want to export all your existing content, Microsoft allows you to export your existing content to a .CSV file.

Screen shot with export link highlighted

Read More

Great White Paper on Azure Data Security Just Published

Microsoft has published a really good white paper on Azure Data Security.  You can find the paper here.

The paper focuses on key issues around allocation of customer storage space and how this storage is secured during allocation and when it is de-allocated.  Microsoft outlines how customer data is destroyed as it is de-allocated so that there is no method for another customer getting access to that data if they are randomly allocated a previously used storage block.

image

Data destruction techniques vary depending on the type of data object being destroyed, whether it be whole subscriptions themselves, storage, virtual machines, or databases. In a multi-tenant environment such as Microsoft Azure, careful attention is taken to ensure that one customer’s data is not allowed to either “leak” into another customer’s data, or when a customer deletes data, no other customer (including, in most cases, the customer who once owned the data) can gain access to that deleted data.

In a shared storage service such as Azure, this protection of customer data is a fundamental requirement for ensuring that your data is protected from other customers (and/or malicious hackers).

Read More

Azure Media Services Introduces Speech Recognition Service for Indexing Video Content

Azure Media Services provides a high performance, cloud scalable video encoding, indexing and streaming platform for video producers.  It provides the ability for video producers to encode their video so that it is optimized and available for a wide variety of formats such as tablets, mobile phones, television stations, etc. 

Azure Media Services was used to broadcast all of NBC’s Olympics feeds online which is a pretty good scalability test given the audience for live event feeds.

Microsoft has announced the availability of a new speech recognition service that indexes and stores as searchable metadata all the speech found in the video.  The indexed text can then be used for close captioning, transcriptions and searching.

“Lots of banks are interested not only in storing data in the cloud but in how you recall it. You could say ‘tell me when I was talking to this customer about the price of gold’ and it will know where that part of the conversation was. Now we can analyze that data and make it searchable. The Financial Conduct Authority are quite interested in that for compliance; are the Chinese walls inside the bank working? And internal compliance departments are interested too; they’re looking at data mining audio calls and conversations.”

He suggests it will be even more useful it you connect it to other data sources and machine learning systems. “There are already automated trading systems that monitor Twitter,” he points out. “Now you could do monitoring inside the bank for sentiment too.”

 

The engine behind the indexing service is called MAVIS and has been in development for several years. 

Note that at this time MAVIS only supports indexing of English content.

Read More