The second day of Microsoft LEAP we focused on Deploying for the Cloud. Deploying applications in the cloud and offering Software, Platform and Infrastructure as a Service are hot topics at the moment (Well, it has been a hot topic for some time now). Choosing a good cloud provider is a very important decision to make in this process. Microsoft Azure and Amazon AWS are two of the leading cloud service providers. Since this article is based on my visit to Redmond and the LEAP keynotes, I will be looking at some of the services Azure provides.
DevOps with Microsoft Azure
Jessica Deen, the Deen of DevOps, had a great session on how DevOps is about people, process, and products. Getting it all right requires effort, but the benefits to your organization and customers can be huge. The aim of DevOps is to merge Developments, Operations and Quality Assurance for continuous delivery. DevOps is not a process or a job role. It is a total culture. You live in it. Your application lives in it.
Why DevOps was created? How DevOps increase the profit of a company? DevOps mostly focus on three main areas: Reducing human errors, reduce downtime and increase productivity. With proper DevOps processes you can reduce costs and increase productivity.
There are 3 main sections in DevOps. Continuous Integration, Continuous Deployment, and Continuous learning and monitoring. Azure has a very broad ecosystem to support that. There are 5 main tools in Azure DevOps ecosystem. Those are:
- Azure Boards
- Azure Pipelines
- Azure Repos
- Azure Test Plans
- Azure Artifacts
You can track all the development stages, from idea to release, with Azure Boards. Azure Boards gives you Kanban boards, backlogs, team dashboards, and custom reporting to track all works. This helps to keep your team aligned with all the code changes throughout the development life cycle. Azure Pipelines are available for Linux, Windows, and MacOS. It supports any language. You can build, test and deploy apps written from Java, Net, PHP, NodeJS, C/C++, Ruby, Android, iOS etc. Also, it is easily extensible. With Azure Pipelines, you can easily build and push images to container registries like docker hub and Aure container Registry.
Azure is integrated with GitHub now, and with Azure Repos, now you can have Unlimited private Git repo hosting and support for TFVC that scales from a hobby project to the world’s largest Git repositories. Azure Test Plan is expected to give you end-to-end traceability. You can Run tests and log defects from your browser. Track and assess quality throughout your testing lifecycle. Finally, with Azure Artifacts, you can Create and share Maven, npm, and NuGet package feeds from public and private sources – fully integrated into CI/CD pipelines.
Vulnerabilities and Azure Monitor
Barry Dorrans, author of “Beginning ASP.NET Security” had a great session on the vulnerabilities of applications. OWASP illustrates that developers keep making the same mistakes over and over again, but what about more esoteric vulnerabilities. Actually, Microsoft releases a report called Microsoft Bulletin about their vulnerabilities. Microsoft has particularly mentioned about 8 vulnerabilities and their actions and process to fix them in one of their latest conferences. Some of them are:
- Hash DoS
- Padding Oracle
- SharePoint ViewState RCE
- Exchange RCE
- Infinite Regex DoS
It’s not the time for a detailed study of them. But it’s good to have some understanding of it. Let’s discuss a couple of them.
Hash DoS is a denial of service attack caused parsing to form inputs. Let’s take an example to understand it. Assume a scenario where all form fields with A would go into slot A. To get a value back you go to the slot and look through everything. The more A fields there are the longer it takes. If you can force everything into a single slot then lookups will take more and more CPU which leads to DoS. Microsft advice not to use user inputs as dictionaries unless the user input is a string or a Hash Code for the user input is strong and you implement a session key. In the Padding Oracle, there will be a cryptographic attack to disclose information. You can avoid it by Not exposing padding oracles and Not returning detailed errors.
Azure Monitor service gives you full visibility across your App & your Infrastructure Health. Catherine Wang and Michael Milirud took us through how Azure Monitoring helps us discovering and fix issues with Diagnostics and Analytics tools. That’s not all. It tracks KPIs and proactively optimizes end-user experience. It is built around three concepts.
- Unified Monitoring – A common platform for all metrics, logs, and another monitoring telemetry.
- Data-Driven Insights – Advanced diagnostics and analytics powered by machine learning capabilities
- Partner Integration – the Rich ecosystem of popular DevOps, issue management, SIEM, and ITSM tools
Power BI
Sergei Gundorov took us through a great keynote on Business Decisions and reminded us how most decisions are made from data. If you have better ways to analyze and present data, you can make better decisions. Microsoft introduced Power BI for business analytics. It is intended to be for both small and big businesses. But Power BI is not just a self-service tool for business analysts. Power BI has introduced many tools which enable you to analyze and visualize data very quickly. A striking feature of Power BI is its Ability to create and share reports.
With the introduction of Power BI embedded in Azure, now you can integrate power BI capabilities with your cloud application ever so smoothly. It drastically simplifies creating reports, visuals, dashboards in your app. Meanwhile, Power BI Embedded API allows developers to customize how intelligence is added to their applications.
Let’s see how Power BI Embedded have made integration easier. Power BI contents can be embedded in any application. It relies on web standards such as HTML5 and JavaScript. It works in web applications, mobile applications, and even thick client applications. SDK resources support many development platforms such as C#, JavaScript, TypeScript.
We discussed DevOps, Monitoring and Power BI here. There are more to add. Deploying your application in a good cloud service provider will make life easier. This article intended to give you an explanation about the current trends in the cloud world. Particularly, how Microsoft has improved their cloud business. There are other cloud services who provide similar functionalities. For example, Google and Amazon that also have a huge set of services. I look forward to the next LEAP sessions, and as always – If you have any questions, feel free to contact me at bjorn.nostdahl@gunnebo.com
