Tuesday, June 17, 2014

Performance load balancing using Azure Traffic Manager – step by step guide

Before proceeding ahead I will strongly recommend you to go through the basics of Azure Traffic Manager from link - http://sanganakauthority.blogspot.com/2014/06/understanding-azure-traffic-manager-for.html
Hope you have now basic background about working of Azure Traffic Manager.
So in this below article I am going to show a way how Azure Traffic Manager can be used to perform load balancing based on performance.
Problem Statement –
Let’s say I have created a wonderful web application related to Kid’s Parenting Tips and it is big hit now. (Although I don’t have any kids yet!! J J). So people around the world wish to get those wonderful tips from my application. However, fame comes with problems!!!
I have hosted my application in an azure cloud service in West Europe region. A good number of users located in Asia are accessing my application and they reported very high latency, low bandwidth and slow loading of my web application; in short poor performance. This is because; users in Europe are getting served from Europe data center only which is fine however Asia users are also getting served from the same Europe datacenter hosted application and hence poor performance. What I want is, users from Asia should get request served from nearest datacenter to their physical location which is Asia datacenter. Hence it is much obvious that I should host copy of my parenting web application in Asia region datacenter as well.
But the problem still remains, even if I have copy of my application hosted in Asia region, how do I make sure that users from Asia are getting request served from Asia region only and Europe users get request served from Europe region datacenter hosted application only?
This is where we can use Azure Traffic Manager with Performance load balancing technique.
Implementation –
Ok, I have created two different cloud services with following details –
1.     Kunalcloudservice1 in West Europe region

2.     Kunalcloudservice2 in South East Asia region

After this I created a sample cloud service project with default asp.net web role and deployed in these two cloud service.

Then I click on Traffic Manager in my subscription and created new traffic manager service with Performance type of load balancing method  as specified below –

It takes around 30 minutes for Traffic manager to get in ready status. Now as of now there are no endpoints associated with Traffic manager. Therefore you will see the status as Inactive. Screenshot as shown below -

Monday, June 16, 2014

Understanding Azure Traffic Manager for network traffic management

Before understanding Azure Traffic Manager let’s first understand terminologies that are used in Traffic Manager.
What is Domain Name System - DNS –?
Every web site hosted on server has a unique IP. It is very hard to remember the IP therefore user friendly name introduced. These are nothing but the Domain names. So DNs server internally converts user friendly names into IP address of a web site.
Hence Domain name is simply a unique name for your application by which it is known in the internet world. For example, Google.com is DNS name. In other words, we can call it as a unique name that is assigned to your web application.
What is Local DNS?
Local DNS server is nothing but the server of your Internet Service Provider by which you get internet access for your machine. If you are part of any organization and accessing the internet from organization network then your corporate network DNS will be your local DNS.
What is CNAME?
CNAME stands for Canonical Name. The dictionary meaning of Canonical is Authorized or Recognized.
CNAME is a type of record in the DNS used to specify that, domain name uses the IP address of another domain. For example, on Azure I created a cloud service and its DNS name will be http://kunalcloudservice.cloudapp.net

Let’s say I wish to change it to http://kunal.com so that I don’t want my customers to see cloudpp.net thing. Then I will configure CNAME or custom name for my cloud service DNS. So http://kunal.com will be my CNAME for cloud service DNS.
What is DNS Cache?
A DNS cache contains records that transform domain names to IP address. The internet domain name system involves caching on internet DNS server and on client machine which connects to DNS servers.
Why to use Azure Traffic Manager?

Thursday, June 12, 2014

Scalability – Scale up and scale out

The scalability meaning in dictionary states that, ability of system to expand to cope with increased use.
Scalability Definition -
In computer terminology it is referred as, the ability of a system to handle growing amount of work without degrading its performance.
Description –
Scalability of a system or application always depends on Hardware and software component that forms a complete system or application. For an application to be scalable first it should support distributed architecture.
The distributed application means complete application spans across multiple computers in a network and they work in conjunction by passing messages to each other. You application is based on distributable architecture means complete application can be deployed on many servers or computers and still it works well without any failure and malfunction. If your application is distributable then it can be scalable as well.
For achieving scalability Hardware Virtualization is always preferred. To understand hardware virtualization process in terms of cloud computing click on following link -

Type of Scalability –

Monday, June 9, 2014

Difference between Public Blob, Public Container and Private container in Microsoft Windows Azure Storage

If you create a storage account in Windows Azure subscription, you can have 3 options to create containers. There are many ways by which you can create container.
Creating Container from Management Portal –
You can create azure storage account container from management portal as shown below –

From the above figure it is clear that, while creation of container you can specify 3 types of Access Control List (ACL’s) or restrict access properties. They are – Private, Public Blob and Public Container.
Let’s understand them one by one.
Private –
As the name specifies, private container will not provide anonymous access to container or blobs within it. Anonymous access means no user can get use blob URL top download blob contents from browser itself without specifying azure storage account name and key. You must have storage account credentials to retrieve it or use SAS(Shared Access Policy) or configure Stored Access Policy for the blob or container level.
Public blob –
Means your container is having restricted access and hence cannot be used anonymously to list the blobs present in container however all the blobs within container can be access publicly with anonymous access from browser directly.
For example, “con” container in below screenshot is having public access for all blobs in it however does not have public access on container itself. Hence the blob training.pdf in below screenshot can be accessed from browser with below link –

Saturday, June 7, 2014

Create Azure Managed Cache Service in Microsoft Windows Azure

Currently Azure Managed creation is not supported from Azure management portal. You need Azure Powershell command to get started with Azure Managed Cache Service.
Open Powershell for azure.

Type following command to login to subscription


You will be prompted to login. Enter the credentials and proceed.

Then you need to select the azure subscription of your choice. Type following command to select the desired subscription.


You will be prompted to enter the subscription name. Please enter your subscription name. This can be found on portal – settings menu option on left hand pane as shown below -

Friday, June 6, 2014

The certificates with the CNG private key are not supported. Use a certificate based on a key pair generated by a legacy Cryptographic Service Provider.

ADFS and AD configuration is very easy these days with Azure Virtual Machine. I configured AD on Azure VM with Windows Server 2012 R2 and now was the turn to configure ADFS 3.0.
For this I was requiring a certificate. As this was development scenario I decided to choose self-signed certificate. Therefore I opened IIS and from Server Certificate option I created a self signed certificate and provided in configuration of ADFS.
The other way of generating self signed certificate is to use below command using Visual Studio Developer Tools in admin mode and following command to create certificate.-
makecert -sky exchange -r -n "CN=CertificateName" -pe -a sha1 -len 2048 -ss My "CertificateName.cer"

When I selected this certificate on ADFS Federation Configuration Wizard then I received an error as - The certificates with the CNG private key are not supported. Use a certificate based on a key pair generated by a legacy Cryptographic Service Provider.
This problem is encountered because IIS or makecert command creates newer kind of certificate which is not compatible with ADFS. Therefore we need to provide Microsoft Strong Cryptographic Provider so as to generate compatible certificate. The way to generate compatible certificate is powershell command. First download the PowerShell command used for generation of certificate from the link - https://gallery.technet.microsoft.com/scriptcenter/Self-signed-certificate-5920a7c6#content

Then I copied this .ps1 file to c:\kunal folder. Now open powershell window as admin mode and fire below commands in Powershell to generate the certificate .pfx file which would be compatible.

PS C:\kunal> . \New-SelfSignedCertificateEx

PS C:\kunal> New-SelfSignedCertificateEx -Subject "CN=mycert.cloudapp.net" -EKU "Server Authentication" -KeyUsage 0xa0 -StoreLocation "LocalMachine" -ProviderName "Microsoft Strong Cryptographic Provider" -Exportable

The generated certificate can be exported from Certificate store of local machine as described in the below link - http://sanganakauthority.blogspot.in/2012/02/install-certificate-in-local-computer.html

Use this certificate in ADFS configuration and you should be good go ahead.
In case above way of adding the script in Powershell .\New-SelfSignedCertificateEx do not work, you can simply import using Import-Module. Run below command - 
PS C:\kunal> Import-Module  .\New-SelfSignedCertificateEx
After this run above main command to create the certificate.

Hope this helps.