wiki

Codit Wiki

Loading information... Please wait.

Codit Blog

Posted on Monday, November 20, 2017 6:22 PM

Toon Vanhoutte by Toon Vanhoutte

In a previous post, I've explained how you can enable OMS monitoring in Logic Apps. In the meantime, the product team has implemented some new features to the OMS plugin, so let's have a look at what has been added to our toolbox.

Mass Resubmit

This feature allows you to perform a multi-select of the Logic App runs you want to resubmit. In the upper right corner, you can resubmit them, through a single button click. This comes in very handy, when you're operating a bigger Logic Apps integration environment.

Tracked Properties

Tracked properties allow you to log custom data fields to OMS. These tracked properties are now available for search and the details can be viewed per Logic App run. This is a must have feature to find back messages, based on business related metadata, such as customer name, invoice number, order reference, etc…

Proposed improvements

At our customers, we enable OMS monitoring by default. It's free, if you can live with the 7-day retention and 500 MB per day limit. While using it in real customer environments, we identified that there's still room for improvement in order to make this a solid monitoring solution. These are the most important suggestions towards the product team:

Performance

  • On average, there's a 10 minute delay between the Logic App run execution and the logs being available in OMS. Although a delay is acceptable, 10 minutes is a quite long time span. 
  • This delay is most disturbing when you are resubmitting messages: you perform a resubmit, but you can't see right away the results of that action.

Error Handling

  • When working in an operations team, you have no visibility on what Logic App runs have already been resubmitted. This results in situations that some failed Logic Apps are resubmitted twice, without knowing it.
  • Some failures can be handled through a manual intervention. It would be handy if you can mark these failures as handled, so everyone is aware that this failure can be ignored.

User Experience

  • Tracked properties are only visible when opening the detail view. Would be nice if you could add them as columns in the result pane.
  • The search on tracked properties is limited to one AND / OR combination. Maybe a more advanced free text search on the top could provide a better user experience. 
  • A click through from the results pane, to the Logic Apps run details view, could improve the troubleshooting experience.

Conclusion

Happy to see continuous investments on the operational side of Logic Apps. As always, I'm looking at it with a critical mindset, to give constructive feedback and help to steer the product in the best way for our customers. It's great to see that the product team is taking into account such feedback to continuously improve the product! Be aware that the OMS plugin is still in preview!

Toon

Categories: Azure
Tags: Logic Apps, OMS
written by: Toon Vanhoutte

Posted on Thursday, November 9, 2017 2:44 PM

Toon Vanhoutte by Toon Vanhoutte

Recently I received some questions about deploying long running Logic Apps. Before providing an answer, I double-checked if my thoughts were correct.

Deployment statements

My answer contained the following statements:

  1. A new version of a Logic App can be deployed, when there are old versions running.
  2. A Logic App completes in the (potentially old) version is was instantiated.
  3. A Logic App gets resubmitted against the latest deployed version.

Deployment test

I quickly took a test to verify if these statements are true.

  • I created a long running Logic App with a delay of 1 minute and a terminate with Version 1 as the message.

  • I fired the Logic App and immediately saved a new version of the Logic App with Version 2 as the terminate message. The Logic App instance continued running and terminated with the message Version 1.

 

  • If I resubmitted this Logic App, it instantiated a new Logic App from the latest deployed workflow definition. You can verify this by the Version 2 terminate message in the resubmitted Logic App.

 

I hope these deployment clarifications were helpful!

Categories: Azure
Tags: Logic Apps
written by: Toon Vanhoutte

Posted on Monday, October 23, 2017 11:18 AM

Glenn Colpaert by Glenn Colpaert

In this blog post, I will go deeper into detail on why IoT is more than just collecting some data from devices and explain you why it's important to engage business into your IoT Solution next to your perfectly built architecture.

Simplifying IoT, one Azure service at a time!

The Internet of Things (IoT) isn't a technology revolution, it is a business revolution enabled by technology. By 2020, there will be 26 Billion connected 'things' and IoT will be good for a 12$ Trillion market share. These connected 'things' will range from more consumer-driven IoT ranging from wearables and home automation to intelligent industrial scenarios like smart buildings and intelligent machine infrastructures.

In this blog post, I will go deeper into detail on why IoT is more than just collecting some data from devices and explain you why it's important to engage business into your IoT Solution next to your perfectly built architecture. I will talk about some of the more complex things you need to think about when building and designing your solution. Some of them might be scary or sound very complex to tackle, but remember that some of these solutions are just one Azure service away...

A simple view on IoT

When creating a simplified overview of an IoT project or solution, it can be drilled down to the following 4 key components.
An IoT project always comes down to securely connecting your devices to the cloud and start flowing your local data streams into the cloud. Once your device data is stored in the cloud you can start creating insights on it. Based on that, you can leverage the business intelligence towards business and allow them to act upon actions or events raised on that data and trigger additional workflows.

IoT projects can be complex!

However, when taking a closer look on IoT Projects there is more to say than the above 4 key components, especially when moving from a POC setup to a full-blown production ready solution with potentially thousands of devices in the field. As IoT is a business-driven revolution, the most important action there is that you need business to be involved from the very start, as they are the key-drivers from your IoT project. The risk of not involving the business into IoT projects is that you potentially get stuck in POC limbo and your IoT solutions will never see the break of day. Once you get business on board, things are getting easier... or not. Some of the most important technical questions or decisions are listed below, all of them are just a small part of your entire solution. 

How to connect things that are hard to connect?

Getting your IP enabled devices connected to the cloud is one thing, but how will you connect your existing devices, that don't speak IP, to the cloud. What if your devices are not capable of change or the risk of changing them is too high? Or what if your devices aren't even allowed to talk to the cloud, due to security reasons. When this is the case you might need to look at other possibilities to connect your devices with the cloud, like for example introducing a gateway that will be responsible for acting as a 'bridge' between your devices and cloud platform.

Device Management/lifecycle

Once your devices are connected, there's still some open questions or challenges you need to tackle before processing your data. How will you securely identify and enroll your devices onto your IoT Platform. How will you scale that enrollment for many devices? Next to enrollment there is also a question of configuration and managing your devices. When looking at Device Management and Lifecycles there are a couple of management patterns like updates, reboots, configuration updates or even software updates.

Data storage/Visualization

Another key component within an IoT solution is data. Data is key on getting the insights the business is looking for. Without a proper data storage/visualization strategy you're in for some trouble, think fast IO and high scale. When it comes to storing your data, there is no silver bullet. It really depends on the use-case and what the ultimate goal is. Key action there is to pick the storage based on the actions you will perform with your stored data. There is storage that is a perfect input for your analytics tiers but mighy not be a good option when it's just about archiving the data for later use.

Analytics

As already mentioned during this blog, data is key inside your IoT solution. The real value of your IoT project is making sense of your data and getting insights from that data. Once you captured that insight, it is key to connect these insights back to the business and evolve your business by learning from those insights.

Edge Computing

When doing IoT projects you're not always in the position of having full-blown connected sites or factories. There might be a limit on communication bandwidth or even limited internet connectivity. What if you would like your devices to only send aggregated data of the last minute to the cloud? What if you would like to keep all your data close to your device and only send fault data to the cloud. If this is the case, you need introduce Edge Computing into your IoT Solution, Edge Computing allows you to perform buffering, analytics, machine learning and even executing custom code on your device without the need of a proper internet connection.

Security

Let's not go into detail on this one. Start implementing it from day zero as this is the most important part of your IoT Solution. Your end to end value chain must be secured. Never cut budget on your security strategy and implementation when doing IoT Projects.

Simplifying IoT

Congratulations, you've survived the scary part... Thanks to the Azure cloud some of the above challenges are just a couple of button clicks away. The goals of Azure and Microsoft is making it easier to build, secure and provision scalable solutions from device to cloud. The list of recent IoT innovations on the Azure platform is endless, with major focus on some of the key challenges every IoT project phases: Security, Device Management, Insights and Edge Computing.
The future is bright, time to do some IoT!!
Cheers, Glenn
Categories: Azure
Tags: IoT
written by: Glenn Colpaert

Posted on Tuesday, October 17, 2017 12:53 PM

Tom Kerkhove by Tom Kerkhove

Auto-scaling is a great way to not only optimize your costs but also a flexible way of doing asynchronous processing.We will look at how Azure Monitor Autoscale allows you to define auto-scaling rules, what the caveats are and what would be good additions to the service

Building scalable systems is crucial for any cloud platform.

One way to achieve this is to decouple your frontend nodes from your backend processing by using the Competing Consumer pattern. This makes it possible to easily add more processing instances (scale out) when the workload is growing, being messages filling the queue.
Automating things is always great, but it is crucial to be aware of what is going on in your platform. This is often forgotten, but should be part of your monitoring as well.
Once everything is setup you can save money by optimizing your resources based on your needs, instead of overprovisioning.

A question I have received a couple of times is - Great! But how do I do that?

Enter Azure Monitor Autoscale

Azure Monitor Autoscale enables you to define rules that will automatically scale your workloads based on specific metrics.

These metrics can be Service Bus Queues, Storage Queues, Application Insights, custom metrics and more. Currently, Azure Monitor Autoscale is limited to workloads running on Azure Cloud Services (Yes, you've read that right!), App Service Plans and/or Virtual Machine Scale Sets.

When more advanced auto-scaling rules are required, you can define multiple autoscale conditions. This allows you to vary your scaling based on day of the week, time of day or even date ranges.

This makes it really great because this allows you to have more aggressive scaling over the weekend, when more people are buying products than during working hours. The date ranges are also interesting because you can define specific rules for a specific period when you are launching a new marketing campaign and expect more traffic.

Configuring auto-scaling for an Azure Service Bus Queue

Sello is hosting an online platform for selling items online and would like to improve their scalability. To achieve this, they want to start auto-scaling their worker role based on the message count of their Service Bus queue.

In order to configure it, we need to go to "Azure Monitor" and click on "Autoscale". There it will give you an overview of all resources that can be autoscaled and their current status:

As you can see, there is no auto-scaling configured which we can easily add by clicking on the specific role we'd like to autoscale.

When no auto-scaling is configured you can easily change the current instance count, or you can enable auto-scaling and define the profile that fits your needs.

Each auto-scaling condition has a name and contains a set of scaling rules that will trigger a scaling action. Next to that, it provides you the capability to limit the instances to a certain amount of instances.

When adding a scale rule you can select the metric you want to scale on and basically define the criteria that triggers the action you want to perform being scaling up or down.

By using a cooldown, it allows your platform to catch up after the previous scaling activity. This is to avoid that you add more instance again, while the previous scale action has actually already mitigated it.

In this case, we're adding a rule to add 2 instances when the active message count is greater than 2000 with a cooldown of 15 minutes.

Scaling out is great, scaling in is even better! Just follow the same principle, here we're scaling 1 instance down when the criteria are met.

Once everything is configured, your role will start auto-scaling and the configuration looks similar to this:

 

Creating awareness about auto-scaling

Woohoow, auto-scaling! Awesome!

Well - It's great but not done yet. Be aware of how your platform is auto-scaling. By using the Run History you can get an overview of your recent scaling activities and learn from it. Creating scaling definitions is not an easy thing to do and should be re-evaluated frequently.

As you can see below, we can handle the load without any problem but it can be improved by scaling down more aggressively.

A more proactive way of monitoring this is by using notifications where you can either use email notifications or trigger an HTTP webhook when scaling action is happening.

This is very handy when you want to create awareness about these actions - An easy way to achieve this is to create a Logic App that handles these events, similar to how I did this for Azure Alerts.

You can use one centralized handler for this or create dedicated handlers, based on your use-case. I personally prefer to use a centralized handler because it makes it easier to maintain if the handling is the same for all.

When we put everything together, this is a high-level overview of all the settings for auto-scaling.

If we were to add a new autoscale condition, we'd have to specify the period in which it would be in effect and basically ignoring all other scaling conditions.

Caveats

Defining auto-scaling rules are not easy and they come with a few caveats:

Be careful what metric you are auto-scaling on and make sure that it's the correct one. Unfortunately, I've seen a case where we were stuck in an infinite scaling loop because we were auto-scaling our worker roles based on the Message Count of a Service Bus queue. However; Message Count not only includes the active messages but also the dead-lettered messages which weren't going away. What we actually ended up with was changing our auto-scaling metric to Active Message Count which is what we were interested in here.

This brings me to monitor your auto-scaling - This is not only important to detect issues as I've just mentioned but also to learn how your platform is scaling and continuously improve your scaling criteria. It is something that needs to grow since this is use-case specific.

Protect your budget and include instance limitations on your auto-scaling conditions. This will protect you from burning your resource costs in case something goes wrong or if having to wait a little longer is not a problem.

Taking auto-scaling to the next level

Azure Monitor Autoscale is great how it is today, but I see a couple of features that would be nice to have:

  • Scaling Playbooks - Similar to Azure Alerts & Security Center's Security Playbooks, it would be great to have native integration with Azure Logic Apps which makes it not only easier but also encourages people to use a centralized workflow of handling these kinds of notifications. Next to that, it also makes it easier to link both resources together, instead of having to copy the URL of the HTTP connector in your Logic App.
  • Event-Driven Auto-scaling - The current auto-scaling is awesome and it provides a variety of metric sources. However, with the launch of Azure Event Grid, it would be great to see Azure Monitor Autoscale evolve to support an event-based approach as well:
    • Autoscale when certain events are being pushed by Azure Event Grid to react instead of polling a specific metric
    • Emit auto-scaling events when actions are being started or finalized. That would allow subscribers to react on that instead of triggering a webhook. This also provides more extensibility where instead of only notifying one webhook, we can basically open it up for everybody who is interested in this

That said, I think having both a metric-based & eventing-based model would be the sweet spot as these support their own use-cases.

Conclusion

With Azure Monitor Autoscale it is really easy to define auto-scaling rules that handling all the scaling for you, but you need to be careful with it. Having a good monitoring approach here is the key to success.

Every powerful tool comes with a responsibility.

Thanks for reading,

Tom

Categories: Azure
written by: Tom Kerkhove

Posted on Friday, October 13, 2017 10:50 AM

Tom Kerkhove by Tom Kerkhove

A few weeks ago, Microsoft held another edition of its Ignite conference in Orlando, FL.

After going through most of the announcements and digesting them I found that there were a couple of interesting ones in the security & data space.

Let's have a closer look.

Introducing Virtual Network Service Endpoints (Preview)

With the introduction of Virtual Network Service Endpoints (Preview) you can now protect your Azure resources by moving them inside a VNET and thus restricting access to that VNET or subnet itself.

Currently, this is only supported for Azure Storage & Azure SQL Database/Warehouse but the end goal is to provide this for all services.

By using VNET Service Endpoints you can now fully isolate your resources because you can now fully remove all access to the public internet by which you are limiting the risk of exposure.

It has been a long-awaited feature to isolated access, certainly for Azure Storage & Azure SQL Database, and I am excited and very happy that it's finally here!

Additional resources:

Introducing Azure Data Factory 2.0 (Preview)

This must be my favorite announcement - Azure Data Factory 2.0 (Preview)the next generation of data integration.

While Azure Data Factory 1.0 was limited to a data-slicing model only, it now supports different types of triggers such as webhooks.

With Azure Data Factory 2.0 comes the new Integration Runtime that provides you with the infrastructure to orchestrate data movement, activity dispatching & SSIS package execution, both in Azure & on-premises.

But that's not all, there is more - Http activity support, integration with Azure Monitor, integration with Azure Key Vault, and much more! We'll dive deeper into this announcement in a later article.

Additional resources:

Azure DDOS Protection Service (Preview)

Distributed Denial-Of-Service attacks can be brutal and unfortunately is very easy to use. Nowadays, you can find it on the internet as a managed offering or even do it yourself just like Troy Hunt explains.

That's why Microsoft is announcing Azure DDOS Protection Service (Preview) that allows you to protect your Virtual Networks in order to secure your Azure resources even more.

However, Microsoft Azure already brings you DDOS protection out-of-the-box. The difference here is that Azure DDOS Protection Service takes this a step further and give you more features & control.

Here is a nice comparison:

Azure DDOS Protection Service is a turn-key solution which makes it easy to use and is integrated into the Azure Portal. It gives you dedicated monitoring and allows you to define policies on your VNETs. By using machine learning it tries to create a baseline of your traffic pattern and identifies malicious traffic.

Last but not least, it also integrates with Azure Application Gateway allowing you to do L3 to L7 protection.

Additional resources:

Taking Azure Security Center to the next level

Another example of the security investment by Microsoft are there recent announcements for Azure Security Center. You can not only use it for cloud workloads but also for on-premises workloads as well.

Define corporate security standards with Azure Policy (Limited Preview)

Azure Policy allows you to define corporate standards and enforce them on your Azure resources to make sure that the resources are compliant with your standards. They also come with some default rules, such as running at least SQL Server 12.0 and can be scoped to either a management group or resource group level.

By using initiative definitions, you can group one or multiple policy definitions as a set of requirement. An example could be an initiative that consolidates all SQL database related definitions.

To summarize, Azure Policy allows you to define security standards across multiple subscriptions and/or resource groups making it easier to manage your complete infrastructure.

It is currently in limited preview but sign-up for the preview in the Azure portal.

Introduction of Security Playbooks

With the addition of Security Playbooks you can now easily integrate certain playbooks in reaction to specific Security Center alerts.

It allows you to create & link an Azure Logic Apps which orchestrates the handling of the alert, tailored to your security needs.

Investigation Dashboard

Azure Security Center now provides a new visual, interactive investigation experience to analyze alerts and determine root cause analysis.

It visualizes all relevant information linked to a specific security incident, in this case an RDP brute force attack.

It makes it a lot easier to get the big picture of the potential cause, but also the impact of the incident. By selecting certain nodes in the equasion, it provides you with more information about that specific segment. This enables you to drill deeper and get a better understanding of what is going on.

However, these are only a subset of the announcements, you can find all of them in this blog post.

Additional resources:

Introducing SQL Vulnerability Assessment (VA)

SQL Vulnerability Assessment (VA) is a new service that comes with Azure SQL Database and SQL on-premise via SQL Server Management Studio (SSMS).

It allows you to discover, track and remediate potential database vulnerabilities. You can see it as a lite version of Azure Security Center focused on SQL DBes that lists all potential vulnerabilities after running a scan.

This is another example of Microsoft making security more approachable, even if you are not a security expert. After running a scan you will probably see some quick wins making your database more secure step by step.

Additional resources:

Summary

Microsoft made some great announcements at Ignite and this is only the beginning, there were a lot more of them and I recommend read more about them on the Azure blog or watch the Ignite sessions on-demand.

Personally, I recommend Mark Russinovich' interesting talk called "Inside Microsoft Azure datacenter hardware and software architecture" which walks you through how Azure datacenters work, their recent investments & achievements and what their future plans are.

Lately, the IT side of Azure is coming closer to the developer side where services such as Azure Networking is becoming easier to integrate with PaaS services such as Azure Storage & SQL DB. It looks like this is only the beginning and we can expect more of these kinds of integrations making it easier for both IT & Devs to build more secure solutions.

Last but not least, don't forget that the Azure Roadmap gives a clear overview of what service is at what stage. Here you can see all services that are in preview for example.

Thanks for reading,

Tom Kerkhove.

Categories: Azure
written by: Tom Kerkhove