THE KNOWLEDGE BANK make a deposit: RESOURCE KNOWLEDGE BANK we have our facts straight

PostID=3637502&AppID=6054&AppType=Weblog&ContentType=0" width="1" height="1"> Fri, 12 Sep 2014 16:00:00 Z http://blogs.technet.com/b/dataplatforminsider/archive/2014/09/12/new-vm-images-optimized-for-transactional-and-dw-workloads-in-azure-vm-gallery.aspx SQL Server Team http://blogs.technet.com/b/dataplatforminsider/archive/2014/09/12/new-vm-images-optimized-for-transactional-and-dw-workloads-in-azure-vm-gallery.aspx#comments Cloud DataInTheCloud 7814008 d5e57398-b9ef-4490-9955-07cbb4e4a80d:c369e87d-3d5c-4eb3-833f-0e2746ece605 SQL Server Team http://blogs.technet.com/b/dataplatforminsider/archive/2014/09/12/new-vm-images-optimized-for-transactional-and-dw-workloads-in-azure-vm-gallery.aspx#comments Blog 0 Fri, 31 Dec 9999 00:00:00 GMT Mon, 01 Jan 0001 00:00:00 GMT True False False Fri, 12 Sep 2014 16:14:47 GMT http://blogs.technet.com/b/dataplatforminsider/archive/2014/09/12/new-vm-images-optimized-for-transactional-and-dw-workloads-in-azure-vm-gallery.aspx Fri, 12 Sep 2014 16:00:00 GMT 7 days ago 0 technet 37322373 2446 New VM Images Optimized for Transactional and DW workloads in Azure VM Gallery We are delighted to announce the release of new optimized SQL Server images in the Microsoft Azure Virtual Machines Gallery. These images are pre-configured with optimizations for transactional and Data Warehousing workloads respectively by baking in <a href="http://msdn.microsoft.com/en-us/library/azure/dn133149.aspx?WT.mc_id=Blog_SQL_Announce_Announce">our performance best practices</a> for running SQL in Azure VMs. <h2>What preconfigured VM images are available?</h2> The following four new pre-configured VM images are now available in the Azure VM Gallery: <ul> <li>SQL Server 2014 Enterprise Optimized for Transactional Workloads on Windows Server 2012 R2</li> <li>SQL Server 2014 Enterprise Optimized for Data Warehousing on Windows Server 2012 R2</li> <li>SQL Server 2012 SP2 Enterprise Optimized for Transactional Workloads on Windows Server 2012</li> <li>SQL Server 2012 SP2 Enterprise Optimized for Data Warehousing on Windows Server 2012</li> </ul> Currently we support these images on VM instances that allow up to 16 data disks attached to provide the highest throughput (or aggregate bandwidth). Specifically, these instances are Standard Tier A4, A7, A8 and A9 and Basic tier A4. Please refer to <a href="http://msdn.microsoft.com/en-us/library/azure/dn197896.aspx?WT.mc_id=Blog_SQL_Announce_Announce">Virtual Machine and Cloud Service Sizes for Azure</a> for further details on the sizes and options. <h2>How to provision a VM from the gallery using the new transactional/DW images?</h2> To provision an optimized transactional or DW VM image by using the Azure Management Portal, <ol> <li>Sign in to the Azure Management Portal.</li> <li>Click VIRTUAL MACHINE in the Azure menu items in the left pane.</li> <li>Click NEW in the bottom left corner, and then choose COMPUTE, VIRTUAL MACHINE, and FROM GALLERY.</li> <li>On the Virtual machine image selection page, select one of the SQL Server for transactional or Data Warehousing images. <a href="http://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-60-54/2438.dpi_2D00_sep12_2D00_1.png"><img src="http://blogs.technet.com/resized-image.ashx/__size/550x0/__key/communityserver-blogs-components-weblogfiles/00-00-00-60-54/2438.dpi_2D00_sep12_2D00_1.png" border="0" alt=" " /></a></li> <li>On the Virtual machine configuration page, in the SIZE option, choose from the supported sizes. <a href="http://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-60-54/0246.dpi_2D00_sep12_2D00_2.png"><img src="http://blogs.technet.com/resized-image.ashx/__size/550x0/__key/communityserver-blogs-components-weblogfiles/00-00-00-60-54/0246.dpi_2D00_sep12_2D00_2.png" border="0" alt=" " /></a> Please note that only Standard tier A4, A7, A8 and A9 and Basic Tier A4 are supported at this point and attempts to provision unsupported VM sizes will fail. <a href="http://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-60-54/5807.dpi_2D00_sep12_2D00_3.png"><img src="http://blogs.technet.com/resized-image.ashx/__size/550x0/__key/communityserver-blogs-components-weblogfiles/00-00-00-60-54/5807.dpi_2D00_sep12_2D00_3.png" border="0" alt=" " /></a></li> <li>Wait for the provisioning to finish. While waiting, you can see the provisioning status on the virtual machines page (as in the picture below). When the provisioning is finished, the status will be Running with a checkmark. <a href="http://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-60-54/7823.dpi_2D00_sep12_2D00_4.png"><img src="http://blogs.technet.com/resized-image.ashx/__size/550x0/__key/communityserver-blogs-components-weblogfiles/00-00-00-60-54/7823.dpi_2D00_sep12_2D00_4.png" border="0" alt=" " /></a></li> </ol> Alternatively, you can use PowerShell Commandlet New-AzureQuickVM to create the VM. You will need to pass your cloud service name, VM name, image name, Admin user name and password and so on as parameters. A simple way is to obtain the image name is to use Get-AzureVMImage to list out all the available VM images. <h2>What are the specific configurations included in the transactional/DW images?</h2> The optimization we include in the optimized images are based on the <a href="http://msdn.microsoft.com/en-us/library/azure/dn133149.aspx?WT.mc_id=Blog_SQL_Announce_Announce">Performance Best Practices for SQL Server in Azure Virtual Machines</a>. Specifically, it includes: <table border="1" cellspacing="0" cellpadding="0" style="width:624px;"> <tbody> <tr> <td width="102" valign="top"> </td> <td width="151" valign="top"> </td> <td width="165" colspan="2" valign="top"> Transactional </td> <td width="206" valign="top"> DW </td> </tr> <tr> <td width="102" rowspan="4" valign="top"> Disk configurations </td> <td width="151" valign="top"> Number of data disks attached </td> <td width="164" valign="top"> 15 </td> <td width="207" colspan="2" valign="top"> 15 </td> </tr> <tr> <td width="151" rowspan="2" valign="top"> Storage spaces </td> <td width="371" colspan="3" valign="top"> Two storage pools: - 1 data pool with 12 data disks; fixed size 12 TB; Column = 12 - 1 log pool with 3 data disks; fixed size 3 TB; Column = 3 One data disk remaining for the user to attach and determine the usage. </td> </tr> <tr> <td width="165" colspan="2" valign="top"> Stripe size = 64 KB </td> <td width="206" valign="top"> Stripe size = 256 KB </td> </tr> <tr> <td width="151" valign="top"> Disk sizes, caching, allocation size </td> <td width="371" colspan="3" valign="top"> 1 TB each, HostCache=None, NTFS Allocation Unit Size = 64KB </td> </tr> <tr> <td width="102" rowspan="6" valign="top"> SQL Configurations </td> <td width="151" valign="top"> Startup Parameters </td> <td width="371" colspan="3" valign="top"> -T1117 to help keep data files the same size in case DB needs to autogrow -T1118 to assist in TEMPDB scalability (See <a href="http://blogs.msdn.com/b/psssql/archive/2008/12/17/sql-server-2005-and-2008-trace-flag-1118-t1118-usage.aspx?WT.mc_id=Blog_SQL_Announce_Announce">here</a> for more details) </td> </tr> <tr> <td width="151" valign="top"> Recovery Model </td> <td width="165" colspan="2" valign="top"> No change </td> <td width="206" valign="top"> Set to “SIMPLE” for MODEL database using ALTER DATABASE </td> </tr> <tr> <td width="151" valign="top"> Setup default locations </td> <td width="371" colspan="3" valign="top"> Move SQL Server error log and trace file directories to data disks </td> </tr> <tr> <td width="151" valign="top"> Default locations for databases </td> <td width="371" colspan="3" valign="top"> System databases moved to data disks. The location for creating user databases changed to data disks. </td> </tr> <tr> <td width="151" valign="top"> Instant File Initialization </td> <td width="371" colspan="3" valign="top"> Enabled </td> </tr> <tr> <td width="151" valign="top"> Locked pages </td> <td width="371" colspan="3" valign="top"> Enabled (See <a href="http://msdn.microsoft.com/en-us/library/ms190730.aspx?WT.mc_id=Blog_SQL_Announce_Announce">here</a> for more details) </td> </tr> <tr> <td width="121"></td> <td width="146"></td> <td width="159"></td> <td width="1"></td> <td width="197"></td> </tr> </tbody> </table> <h2>FAQ</h2> <ul> <li>Any pricing difference between the optimized images and the non-optimized ones? No. The new optimized images follow exactly the same pricing model (details <a href="http://azure.microsoft.com/en-us/pricing/details/virtual-machines/#sql-server?WT.mc_id=Blog_SQL_Announce_Announce">here</a>) with no additional cost. Note that with larger VM instance sizes, higher cost is associated.</li> <li>Any other performance fixes I should consider: Yes, consider applying relevant performance fixes for SQL Server <ul> <li><a href="http://support.microsoft.com/kb/2958012/en-us?WT.mc_id=Blog_SQL_Announce_Announce">Fix for poor performance on I/O when you execute select into temporary table statement in SQL Server 2012</a></li> <li><a href="http://support.microsoft.com/kb/2973444/en-us?WT.mc_id=Blog_SQL_Announce_Announce">SQL Server performance counters are disabled" when you move the SQL Server resource in SQL Server 2014</a></li> </ul> </li> <li>How can I find more information on Storage Spaces? For further details on Storage Spaces, please refer to <a href="http://social.technet.microsoft.com/wiki/contents/articles/11382.storage-spaces-frequently-asked-questions-faq.aspx?WT.mc_id=Blog_SQL_Announce_Announce">Storage Spaces Frequently Asked Questions (FAQ)</a>.</li> <li>What is the difference between the new DW image and the previous one? The previous DW image requires customers to perform additional steps such as attaching the data disks post VM creation while the new DW image is ready for use upon creation so it is more streamlined and less error prone.</li> <li>What if I need to use the previous DW image? Is there any way I can access it? The previous VM images are still available, just not directly accessible from the gallery. Instead, you can continue using Powershell commandlets. For instance, you can use Get-AzureVMImage to list out all images and once you locate the previous DW image based on the description and publish date, you can use New-AzureVM to provision it accordingly.</li> </ul> Visit our <a href="https://manage.windowsazure.com/?WT.mc_id=Blog_SQL_Announce_Announce">Azure portal</a> and give this new SQL VM image offering a try, and let us know what you think. Let your colleagues know about the New VM Images available by sharing via your preferred social channels and don’t forget to follow <a href="https://twitter.com/SQLServer">@SQLServer</a> on Twitter and find <a href="https://www.facebook.com/sqlserver">SQL Server on Facebook</a>. <div style="clear:both;"></div><img src="http://blogs.technet.com/aggbug.aspx?PostID=3637502&AppID=6054&AppType=Weblog&ContentType=0" width="1" height="1"> New VM Images Optimized for Transactional and DW workloads in Azure VM Gallery We are delighted to announce the release of new optimized SQL Server images in the Microsoft Azure Virtual Machines Gallery. These images are pre-configured with optimizations for transactional and Data Warehousing workloads respectively by baking in our performance best practices for running SQL in Azure VMs.What preconfigured VM images are available? The following four new pre-configured VM images are now available in the Azure VM Gallery:SQL Server 2014 Enterprise Optimized for Transactional Workloads on Windows Server 2012 R2SQL Server 2014 Enterprise Optimized for Data Warehousing on Windows Server 2012 R2SQL Server 2012 SP2 Enterprise Optimized for Transactional Workloads on Windows Server 2012SQL Server 2012 SP2 Enterprise Optimized for Data Warehousing on Windows Server 2012 Currently we support these images on VM instances that allow up to 16 data disks attached to provide the highest throughput (or aggregate bandwidth). Specifically, these instances are Standard Tier A4, A7, A8 and A9 and Basic tier A4. Please refer to Virtual Machine and Cloud Service Sizes for Azure for further details on the sizes and options.How to provision a VM from the gallery using the new transactional/DW images? To provision an optimized transactional or DW VM image by using the Azure Management Portal,Sign in to the Azure Management Portal.Click VIRTUAL MACHINE in the Azure menu items in the left pane.Click NEW in the bottom left corner, and then choose COMPUTE, VIRTUAL MACHINE, and FROM GALLERY.On the Virtual machine image selection page, select one of the SQL Server for transactional or Data Warehousing images.On the Virtual machine configuration page, in the SIZE option, choose from the supported sizes.Please note that only Standard tier A4, A7, A8 and A9 and Basic Tier A4 are supported at this point and attempts to provision unsupported VM sizes will fail.Wait for the provisioning to finish. While waiting, you can see the provisioning status on the virtual machines page (as in the picture below). When the provisioning is finished, the status will be Running with a checkmark. Alternatively, you can use PowerShell Commandlet New-AzureQuickVM to create the VM. You will need to pass your cloud service name, VM name, image name, Admin user name and password and so on as parameters. A simple way is to obtain the image name is to use Get-AzureVMImage to list out all the available VM images.What are the specific configurations included in the transactional/DW images? The optimization we include in the optimized images are based on the Performance Best Practices for SQL Server in Azure Virtual Machines. Specifically, it includes: Transactional DW Disk configurations Number of data disks attached 15 15 Storage spaces Two storage pools: - 1 data pool with 12 data disks; fixed size 12 TB; Column = 12 - 1 log pool with 3 data disks; fixed size 3 TB; Column = 3 One data disk remaining for the user to attach and determine the usage. Stripe size = 64 KB Stripe size = 256 KB Disk sizes, caching, allocation size 1 TB each, HostCache=None, NTFS Allocation Unit Size = 64KB SQL Configurations Startup Parameters -T1117 to help keep data files the same size in case DB needs to autogrow -T1118 to assist in TEMPDB scalability (See here for more details) Recovery Model No change Set to “SIMPLE” for MODEL database using ALTER DATABASE Setup default locations Move SQL Server error log and trace file directories to data disks Default locations for databases System databases moved to data disks. The location for creating user databases changed to data disks. Instant File Initialization Enabled Locked pages Enabled (See here for more details) FAQAny pricing difference between the optimized images and the non-optimized ones?No. The new optimized images follow exactly the same pricing model (details here) with no additional cost. Note that with larger VM instance sizes, higher cost is associated.Any other performance fixes I should consider:Yes, consider applying relevant performance fixes for SQL Server Fix for poor performance on I/O when you execute select into temporary table statement in SQL Server 2012SQL Server performance counters are disabled" when you move the SQL Server resource in SQL Server 2014How can I find more information on Storage Spaces?For further details on Storage Spaces, please refer to Storage Spaces Frequently Asked Questions (FAQ).What is the difference between the new DW image and the previous one?The previous DW image requires customers to perform additional steps such as attaching the data disks post VM creation while the new DW image is ready for use upon creation so it is more streamlined and less error prone.What if I need to use the previous DW image? Is there any way I can access it?The previous VM images are still available, just not directly accessible from the gallery. Instead, you can continue using Powershell commandlets. For instance, you can use Get-AzureVMImage to list out all images and once you locate the previous DW image based on the description and publish date, you can use New-AzureVM to provision it accordingly. Visit our Azure portal and give this new SQL VM image offering a try, and let us know what you think. Let your colleagues know about the New VM Images available by sharing via your preferred social channels and don’t forget to follow @SQLServer on Twitter and find SQL Server on Facebook. Azure Azure VM Images Azure VM Gallery http://weblogs.asp.net:80/scottgu/azure-sql-databases-api-management-media-services-websites-role-based-access-control-and-more Azure Community News .NET Visual Studio SQL Server Azure: SQL Databases, API Management, Media Services, Websites, Role Based Access Control and More This week we released a major set of updates to Microsoft Azure. This week’s updates include: <ul> <li>SQL Databases: General Availability of Azure SQL Database Service Tiers <li>API Management: General Availability of our API Management Service <li>Media Services: Live Streaming, Content Protection, Faster and Cost Effective Encoding, and Media Indexer <li>Web Sites: Virtual Network integration, new scalable CMS with WordPress and updates to Web Site Backup in the Preview Portal <li>Role-based Access Control: Preview release of role-based access control for Azure Management operations <li>Alerting: General Availability of Azure Alerting and new alerts on events </li></ul> All of these improvements are now available to use immediately (note that some features are still in preview). Below are more details about them: <h2>SQL Databases: General Availability of Azure SQL Database Service Tiers </h2> I’m happy to announce the General Availability of our new Azure SQL Database service tiers - Basic, Standard, and Premium. The SQL Database service within Azure provides a compelling database-as-a-service offering that enables you to quickly innovate & stand up and run SQL databases without having to manage or operate VMs or infrastructure. Today’s SQL Database Service Tiers all come with a 99.99% SLA, and databases can now grow up to 500GB in size. Each SQL Database tier now guarantees a consistent performance level that you can depend on within your applications – avoiding the need to worry about “noisy neighbors” who might impact your performance from time to time. Built-in point-in-time restore support now provides you with the ability to automatically re-create databases at a certain point of time (giving you much more backup flexibility and allowing you to restore to exactly the point before you accidentally did something bad to your data). Built-in auditing support enables you to gain insight into events and changes that occur with the databases you host. Built-in active geo-replication support, available with the premium tier, enables you to create up to 4 readable, secondary, databases in any Azure region. When active geo-replication is enabled, we will ensure that all transactions committed to the database in your primary region are continuously replicated to the databases in the other regions as well: <a href="https://mscblogs.blob.core.windows.net/media/scottgu/Media/image_161995EF.png"><img title="image" border="0" alt="image" src="https://mscblogs.blob.core.windows.net/media/scottgu/Media/image_thumb_278F1829.png" width="800" height="450"></a> One of the primary benefits of <a href="http://msdn.microsoft.com/en-us/library/azure/dn741339.aspx">active geo-replication</a> is that it provides application control over disaster recovery at a database level. Having cross-region redundancy enables your applications to recover in the event of a disaster (e.g. a natural disaster, etc). The new active geo-replication support enables you to initiate/control any failovers – allowing you to shift the primary database to any of your secondary regions: <a href="https://mscblogs.blob.core.windows.net/media/scottgu/Media/image_4BB70369.png"><img title="image" border="0" alt="image" src="https://mscblogs.blob.core.windows.net/media/scottgu/Media/image_thumb_2242C229.png" width="800" height="450"></a> This provides a robust business continuity offering, and enables you to run mission critical solutions in the cloud with confidence. <h3>More Flexible Pricing</h3> SQL Databases are now billed on a per-hour basis – allowing you to quickly create and tear down databases, and dynamically scale up or down databases even more cost effectively. Basic Tier databases support databases up to 2GB in size and cost $4.99 for a full month of use. Standard Tier databases support 250GB databases and now start at $15/month (there are also higher performance standard tiers at $30/month and $75/month). Premium Tier databases support 500GB databases as well as the active geo-replication feature and now start at $465/month. The below table provides a quick look at the different tiers and functionality: <a href="https://mscblogs.blob.core.windows.net/media/scottgu/WindowsLiveWriter/99feed2ae3fb_13462/image_32.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; border-bottom-width: 0px; display: inline; border-top-width: 0px" border="0" alt="image" src="https://mscblogs.blob.core.windows.net/media/scottgu/WindowsLiveWriter/99feed2ae3fb_13462/image_thumb_15.png" width="632" height="636"></a> <a href="http://msdn.microsoft.com/en-us/library/dn741336.aspx" target="_blank">This page</a> provides more details on how to think about DTU performance with each of the above tiers, and provides benchmark details on the number of transactions supported by each of the above service tiers and performance levels. During the preview, we’ve heard from some ISVs, which have a large number of databases with variable performance demands, that they need the flexibility to share DTU performance resources across multiple databases as opposed to managing tiers for databases individually. For example, some SaaS ISVs may have a separate SQL database for each customer and as the activity of each database varies, they want to manage a pool of resources with a defined budget across these customer databases. We are working to enable this scenario within the new service tiers in a future service update. If you are an ISV with a similar scenario, please click <a href="http://technet.microsoft.com/en-us/evalcenter/dn800591">here</a> to sign up to learn more. Learn more about SQL Databases on Azure <a href="http://azure.microsoft.com/en-us/services/sql-database/" target="_blank">here</a>. <h2>API Management Service: General Availability Release</h2> I’m excited to announce the General Availability of the <a href="http://azure.microsoft.com/en-us/services/api-management/" target="_blank">Azure API Management Service</a>. In my <a href="http://weblogs.asp.net/scottgu/azure-new-documentdb-nosql-service-new-search-service-new-sql-alwayson-vm-template-and-more">last post</a> I discussed how API Management enables customers to securely publish APIs to developers and accelerate partner adoption. These APIs can be used from mobile and client applications (on any device) as well as other cloud and service based applications. The API management service supports the ability to take any APIs you already have (either in the cloud or on-premises) and publish them for others to use. The API Management service enables you to: <ul> <li>Throttle, rate limit and quota your APIs <li>Gain analytic insights on how your APIs are being used and by whom <li>Secure your APIs using OAuth or key-based access <li>Track the health of your APIs and quickly identify errors <li>Easily expose a developer portal for your APIs that provides documentation and test experiences to developers who want to use your APIs</li></ul> Today’s General Availability provides a formal SLA for Standard tier services. We also have a developer tier of the service that you can use, starting at just $49 per month. <h3>OAuth support in the Developer Portal</h3> The API Management service provides a developer console that enables a great on-boarding and interactive learning experience for developers who want to use your APIs. The developer console enables you to easily expose documentation as well enable developers to try/test your APIs. With this week’s GA release we are also adding support that enables API publishers to register their OAuth Authorization Servers for use in the console, which in turn allows developers to sign in with their own login credentials when interacting with your API - a critical feature for any API that supports OAuth. All normative authorization grant types are supported plus scopes and default scopes. <a href="https://mscblogs.blob.core.windows.net/media/scottgu/WindowsLiveWriter/99feed2ae3fb_13462/image_2.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; border-bottom-width: 0px; display: inline; border-top-width: 0px" border="0" alt="image" src="https://mscblogs.blob.core.windows.net/media/scottgu/WindowsLiveWriter/99feed2ae3fb_13462/image_thumb.png" width="624" height="472"></a> For more details on how to enable OAuth 2 support with API Management and integration in the new developer portal, check out this <a href="http://go.microsoft.com/fwlink/?LinkId=511375">tutorial</a>. <a href="http://azure.microsoft.com/en-us/services/api-management/" target="_blank">Click here</a> to learn more about the API Management service and try it out for free. <h2>Media Services: Live Streaming, DRM, Faster Cost Effective Encoding, and Media Indexer</h2> This week we are excited to announce the public preview of Live Streaming and Content Protection support with Azure Media Services. The same Internet scale streaming solution that leading international broadcasters used to live stream the 2014 Winter Olympic Games and 2014 FIFA World Cup to tens of millions of customers globally is now available in public preview to all Azure customers. This means you can now stream live events of any size with the same level of scalability, uptime, and reliability that was available to the Olympics and World Cup. <h3>DRM Content Protection</h3> This week Azure Media Services is also introducing a new Content Protection offering which features both static and dynamic encryption with first party PlayReady license delivery and an AES 128-bit key delivery service. This makes it easy to DRM protect both your live and pre-recorded video assets – and have them be available for users to easily watch them on any device or platform (Windows, Mac, iOS, Android and more). <h3>Faster and More Cost Effective Media Encoding</h3> This week, we are also introducing faster media encoding speeds and more cost-effective billing. Our enhanced Azure Media Encoder is designed for premium media encoding and is billed based on output GBs. Our previous encoder was billed on both input + output GBs, so the shift to output only billing will result in a substantial price reduction for all of our customers. To help you further optimize your encoding workflows, we’re introducing Basic, Standard, and Premium Encoding Reserved units, which give you more flexibility and allow you to tailor the encoding capability you pay for to the needs of your specific workflows. <h3>Media Indexer</h3> Additionally, I’m happy to announce the General Availability of Azure Media Indexer, a powerful, market differentiated content extraction service which can be used to enhance the searchability of audio and video files. With Media Indexer you can automatically analyze your media files and index the audio and video content in them. You can learn more about it <a href="http://azure.microsoft.com/blog/2014/09/10/introducing-azure-media-indexer/" target="_blank">here</a>. <h3>More Media Partners</h3> I’m also pleased to announce the addition this week of several media workflow partners and client players to our existing large set of media partners: <ul> <li>Azure Media Services and <a href="http://www.telestream.net/wirecast/overview.htm">Telestream’s Wirecast</a> are now fully integrated, including a built-in destination that makes its quick and easy to send content from Wirecast’s live streaming production software to Azure. </li></ul> <ul> <li>Similarly, <a href="http://newtek.com/products/tricaster-8000.html">Newtek’s Tricaster</a> has also been integrated into the Azure platform, enabling customers to combine the high production value of Tricaster with the scalability and reliability of Azure Media Services. </li></ul> <ul> <li><a href="http://www.cires21.com/en/">Cires21</a> and Azure Media have paired up to help make monitoring the health of your live channels simple and easy, and the widely-used <a href="http://www.jwplayer.com/">JW player</a> is now fully integrated with Azure to enable you to quickly build video playback experiences across virtually all platforms.</li></ul> <h3>Learn More</h3> Visit the <a href="http://azure.com/media">Azure Media Services</a> site for more information and to get started for free. <h2>Websites: Virtual Network Integration, new Scalable CMS with WordPress</h2> This week we’ve also released a number of great updates to our Azure Websites service. <h3>Virtual Network Integration</h3> Starting this week you can now integrate your Azure Websites with Azure Virtual Networks. This support enables your Websites to access resources attached to your virtual networks. For example: this means you can now have a Website directly connect to a database hosted in a non-public VM on a virtual network. If your Virtual Network is connected to your on-premises network (using a Site-to-Site software VPN or ExpressRoute dedicated fiber VPN) you can also now have your Website connect to resources in your on-premises network as well. The new Virtual Network support enables both TCP and UDP protocols and will work with your VNET DNS. Hybrid Connections and Virtual Network are compatible such that you can also mix both in the same Website. The new virtual network support for Web Sites is being released this week in preview. Standard web hosting plans can have up to 5 virtual networks enabled. A website can only be connected to one virtual network at a time but there is no restriction on the number of websites that can be connected to a virtual network. You can configure a Website to use a Virtual Network using the new Preview Azure Portal (<a href="http://portal.azure.com">http://portal.azure.com</a>). Click the “Virtual Network” tile in your web-site to bring up a virtual network blade that you can use to either create a new virtual network or attach to an existing one you already have: <a href="https://mscblogs.blob.core.windows.net/media/scottgu/WindowsLiveWriter/99feed2ae3fb_13462/image_4.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; border-bottom-width: 0px; display: inline; border-top-width: 0px" border="0" alt="image" src="https://mscblogs.blob.core.windows.net/media/scottgu/WindowsLiveWriter/99feed2ae3fb_13462/image_thumb_1.png" width="897" height="363"></a> Note that an Azure Website requires that your Virtual Network has a configured gateway and Point-to-Site enabled. It will remained grayed out in the UI above until you have enabled this. <h3>Scalable CMS with WordPress</h3> This week we also released support for a Scalable CMS solution with WordPress running on Azure Websites. Scalable CMS with WordPress provides the fastest way to build an optimized and hassle free WordPress Website. It is architected so that your WordPress site loads fast and can support millions of page views a month, and you can easily scale up or scale out as your traffic increases. It is pre-configured to use <a href="http://wordpress.org/plugins/windows-azure-storage/">Azure Storage</a>, which can be used to store your site’s media library content, and can be easily configured to use the Azure CDN. Every Scalable CMS site comes with auto-scale, staged publishing, SSL, custom domains, Webjobs, and backup and restore features of Azure Websites enabled. Scalable WordPress also allows you to use <a href="http://wordpress.org/plugins/jetpack/">Jetpack</a> to supercharge your WordPress site with powerful features available to WordPress.com users. You can now easily deploy Scalable CMS with WordPress solutions on Azure via the Azure Gallery integrated within the new Azure Preview Portal (<a href="http://portal.azure.com">http://portal.azure.com</a>). When you select it within the portal it will walk you through automatically setting up and deploying a complete solution on Azure: <a href="https://mscblogs.blob.core.windows.net/media/scottgu/WindowsLiveWriter/99feed2ae3fb_13462/image_6.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; border-bottom-width: 0px; display: inline; border-top-width: 0px" border="0" alt="image" src="https://mscblogs.blob.core.windows.net/media/scottgu/WindowsLiveWriter/99feed2ae3fb_13462/image_thumb_2.png" width="874" height="587"></a> Scalable WordPress is ideal for Web developers, creative agencies, businesses and enterprises wanting a turn-key solution that maximizes performance of running WordPress on Azure Websites. It’s fast, simple and secure WordPress hosting on Azure Websites. <h3>Updates to Website Backup</h3> This week we also updated our built-in Backup feature within Azure Websites with a number of nice enhancements. Starting today, you can now: <ul> <li>Choose the exact destination of your backups, including the specific Storage account and blob container you wish to store your backups within. <li>Choose to backup SQL databases or MySQL databases that are declared in the connection strings of the website. <li>On the restore side, you can now restore to both a new site, and to a deployment slot on a site. This makes it possible to verify your backup before you make it live. </li></ul> These new capabilities make it easier than ever to have a full history of your website and its associated data. <h2>Security: Role Based Access Control for Management of Azure</h2> As organizations move more and more of their workloads to Azure, one of the most requested features has been the ability to control which cloud resources different employees can access and what actions they can perform on those resources. Today, I’m excited to announce the preview release of Role Based Access Control (RBAC) support in the Azure platform. RBAC is now available in the <a href="https://portal.azure.com/">Azure preview portal</a> and can be used to control access in the portal or access to the Azure Resource Manager APIs. You can use this support to limit the access of users and groups by assigning them roles on Azure resources. Highlights include: <ul> <li>A subscription is no longer the access management boundary in Azure. In April, we introduced <a href="http://azure.microsoft.com/en-us/documentation/articles/azure-preview-portal-using-resource-groups/">Resource Groups</a>, a container to group resources that share lifecycle. Now, you can grant users access on a resource group as well as on individual resources like specific Websites or VMs. </li></ul> <ul> <li>You can now grant access to both users groups. RBAC is based on Azure Active Directory, so if your organization already uses groups in Azure Active Directory or Windows Server Active Directory for access management, you will be able to manage access to Azure the same way.</li></ul> Below are some more details on how this works and can be enabled. <h3>Azure Active Directory</h3> Azure Active Directory is our directory service in the cloud. You can create organizational tenants within Azure Active Directory and define users and groups within it – without having to have any existing Active Directory setup on-premises. Alternatively, you can also sync (or federate) users and groups from your existing on-premises Active Directory to Azure Active Directory, and have your existing users and groups automatically be available for use in the cloud with Azure, Office 365, as well as over 2000 other SaaS based applications: <a href="https://mscblogs.blob.core.windows.net/media/scottgu/WindowsLiveWriter/99feed2ae3fb_13462/image_8.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; border-bottom-width: 0px; display: inline; border-top-width: 0px" border="0" alt="image" src="https://mscblogs.blob.core.windows.net/media/scottgu/WindowsLiveWriter/99feed2ae3fb_13462/image_thumb_3.png" width="632" height="305"></a> All users that access your Azure subscriptions, <a href="http://blogs.technet.com/b/ad/archive/2014/08/15/prepping-for-new-management-features.aspx">are now present in the Azure Active Directory</a>, to which the subscription is associated. This enables you to manage what they can do as well as revoke their access to all Azure subscriptions by disabling their account in the directory. <h3>Role Permissions</h3> In this first preview we are pre-defining three built-in Azure roles that give you a choice of granting restricted access: <ul> <li>A Owner can perform all management operations for a resource and its child resources including access management. <li>A Contributor can perform all management operations for a resource including create and delete resources. A contributor cannot grant access to others. <li>A Reader has read-only access to a resource and its child resources. A Reader cannot read secrets. </li></ul> In the RBAC model, users who have been configured to be the service administrator and co-administrators of an Azure subscription are mapped as belonging to the Owners role of the subscription. Their access to both the current and preview management portals remains unchanged. Additional users and groups that you then assign to the new RBAC roles will only have those permissions, and also will only be able to manage Azure resources using the new <a href="https://portal.azure.com/">Azure preview portal</a> and Azure Resource Manager APIs. RBAC is not supported in the current <a href="https://manage.windowsazure.com">Azure management portal</a> or via older management APIs (since neither of these were built with the concept of role based security built-in). <h3>Restricting Access based on Role Based Permissions</h3> Let’s assume that your team is using Azure for development, as well as to host the production instance of your application. When doing this you might want to separate the resources employed in development and testing from the production resources using <a href="http://azure.microsoft.com/en-us/documentation/articles/azure-preview-portal-using-resource-groups/">Resource Groups</a>. You might want to allow everyone in your team to have a read-only view of all resources in your Azure subscription – including the ability to read and review production analytics data. You might then want to only allow certain users to have write/contributor access to the production resources. Let’s look at how to set this up: Step 1: Setting up Roles at the Subscription Level We’ll begin by mapping some users to roles at the subscription level. These will then by default be inherited by all resources and resource groups within our Azure subscription. To set this up, open the Billing blade within the Preview Azure Portal (<a href="http://portal.azure.com">http://portal.azure.com</a>), and within the Billing blade select the Azure subscription that you wish to setup roles for: <a href="https://mscblogs.blob.core.windows.net/media/scottgu/WindowsLiveWriter/99feed2ae3fb_13462/image_12.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; border-bottom-width: 0px; display: inline; border-top-width: 0px" border="0" alt="image" src="https://mscblogs.blob.core.windows.net/media/scottgu/WindowsLiveWriter/99feed2ae3fb_13462/image_thumb_5.png" width="764" height="538"></a> Then scroll down within the blade of subscription you opened, and locate the Roles tile within it: <a href="https://mscblogs.blob.core.windows.net/media/scottgu/WindowsLiveWriter/99feed2ae3fb_13462/image_18.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; border-bottom-width: 0px; display: inline; border-top-width: 0px" border="0" alt="image" src="https://mscblogs.blob.core.windows.net/media/scottgu/WindowsLiveWriter/99feed2ae3fb_13462/image_thumb_8.png" width="416" height="425"></a> Clicking the Roles title will bring up a blade that lists the pre-defined roles we provide by default (Owner, Contributor, Reader). You can click any of the roles to bring up a list of the users assigned to the role. Clicking the Add button will then allow you to search your Azure Active Directory and add either a user or group to that role. Below I’ve opened up the default Reader role and added David and Fred to it: <a href="https://mscblogs.blob.core.windows.net/media/scottgu/WindowsLiveWriter/99feed2ae3fb_13462/image_30.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; border-bottom-width: 0px; display: inline; border-top-width: 0px" border="0" alt="image" src="https://mscblogs.blob.core.windows.net/media/scottgu/WindowsLiveWriter/99feed2ae3fb_13462/image_thumb_14.png" width="726" height="515"></a> Once we do this, David and Fred will be able to log into the Preview Azure Portal and will have read-only access to the resources contained within our subscription. They will not be able to edit any changes, though, nor be able to see secrets (passwords, etc). Note that in addition to adding users and groups from within your directory, you can also use the Invite button above to invite users who are not currently part of your directory, but who have a Microsoft Account (e.g. <a href="mailto:scott@outlook.com">scott@outlook.com</a>), to also be mapped into a role. Step 2: Setting up Roles at the Resource Level Once you’ve defined the default role mappings at the subscription level, they will by default apply to all resources and resource groups contained within it. If you wish to scope permissions even further at just an individual resource (e.g. a VM or Website or Database) or at a resource group level (e.g. an entire application and all resources within it), you can also open up the individual resource/resource-group blade and use the Roles tile within it to further specify permissions. For example, earlier we granted David reader role access to all resources within our Azure subscription. Let’s now grant him contributor role access to just an individual VM within the subscription. Once we do this he’ll be able to stop/start the VM as well as make changes to it. To enable this, I’ve opened up the blade for the VM below. I’ve then scrolled down the blade and found the Roles tile within the VM. Clicking the contributor role within the Roles tile will then bring up a blade that allows me to configure which users will be contributors (meaning have read and modify permissions) for this particular VM. Notice below how I’ve added David to this: <a href="https://mscblogs.blob.core.windows.net/media/scottgu/WindowsLiveWriter/99feed2ae3fb_13462/image_28.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; border-bottom-width: 0px; display: inline; border-top-width: 0px" border="0" alt="image" src="https://mscblogs.blob.core.windows.net/media/scottgu/WindowsLiveWriter/99feed2ae3fb_13462/image_thumb_13.png" width="844" height="561"></a> Using this resource/resource-group level approach enables you to have really fine-grained access control permissions on your resources. <h3>Command Line and API Access for Azure Role Based Access Control</h3> The enforcement of the access policies that you configure using RBAC is done by the Azure Resource Manager APIs. Both the Azure preview portal as well as the command line tools we ship use the Resource Manager APIs to execute management operations. This ensures that access is consistently enforced regardless of what tools are used to manage Azure resources. With this week’s release we’ve included a number of new Powershell APIs that enable you to automate setting up as well as controlling role based access. <h3>Learn More about Role Based Access</h3> Today’s Role Based Access Control Preview provides a lot more flexibility in how you manage the security of your Azure resources. It is easy to setup and configure. And because it integrates with Azure Active Directory, you can easily sync/federate it to also integrate with the existing Active Directory configuration you might already have in your on-premises environment. Getting started with the new Azure Role Based Access Control support is as simple as assigning the appropriate users and groups to roles on your Azure subscription or individual resources. You can read more detailed information on the concepts and capabilities of RBAC <a href="http://aka.ms/azurerbac">here</a>. Your feedback on the preview features is critical for all improvements and new capabilities coming in this space, so please try out the new features and provide us your <a href="http://aka.ms/azurerbacfeedback">feedback</a>. <h2>Alerts: General Availability of Azure Alerting and new Alerts on Events support</h2> I’m excited to announce the release of Azure Alerting to General Availability. Azure alerts supports the ability to create alert thresholds on metrics that you are interested in, and then have Azure automatically send an email notification when that threshold is crossed. As part of the general availability release, we are removing the 10 alert rule cap per subscription. Alerts are available in the full azure portal by clicking Management Services in the left navigation bar: <a href="https://mscblogs.blob.core.windows.net/media/scottgu/WindowsLiveWriter/99feed2ae3fb_13462/image_14.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; border-bottom-width: 0px; display: inline; border-top-width: 0px" border="0" alt="image" src="https://mscblogs.blob.core.windows.net/media/scottgu/WindowsLiveWriter/99feed2ae3fb_13462/image_thumb_6.png" width="790" height="558"></a> Also, alerting is available on most of the resources in the Azure preview portal: <a href="https://mscblogs.blob.core.windows.net/media/scottgu/WindowsLiveWriter/99feed2ae3fb_13462/image_16.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; border-bottom-width: 0px; display: inline; border-top-width: 0px" border="0" alt="image" src="https://mscblogs.blob.core.windows.net/media/scottgu/WindowsLiveWriter/99feed2ae3fb_13462/image_thumb_7.png" width="869" height="428"></a> You can create alerts on metrics from 8 different services today (and we are adding more all the time): <ul> <li>Cloud Services <li>Virtual Machines <li>Websites <li>Web hosting plans <li>Storage accounts <li>SQL databases <li>Redis Cache <li>DocumentDB accounts</li></ul> In addition to general availability for alerts on metrics, we are also previewing the ability to create alerts on operational events. This means you can get an email if someone stops your website, if your virtual machines are deleted, or if your Azure Resource Manager template deployment failed. Like alerts on metrics, you can route these alerts to the service and co-administrators, or, to a custom email address you provide. You can configure these events on a resource in the Azure Preview Portal. We have enabled this within the Portal for Websites – we’ll be extending it to all resources in the future. <h2>Summary</h2> Today’s Microsoft Azure release enables a ton of great new scenarios, and makes building applications hosted in the cloud even easier. If you don’t already have a Azure account, you can sign-up for a <a href="http://azure.microsoft.com/en-us/pricing/free-trial/" target="_blank">free trial</a> and start using all of the above features today. Then visit the <a href="http://azure.microsoft.com/" target="_blank">Microsoft Azure Developer Center</a> to learn more about how to build apps with it. Hope this helps, Scott P.S. In addition to blogging, I am also now using Twitter for quick updates and to share links. Follow me at: <a href="http://www.twitter.com/scottgu" target="_blank">twitter.com/scottgu</a> Fri, 12 Sep 2014 06:14:18 Z http://weblogs.asp.net:80/scottgu/azure-sql-databases-api-management-media-services-websites-role-based-access-control-and-more Cloud MicrosoftLeadership 7809101 http://weblogs.asp.net:80/scottgu/azure-sql-databases-api-management-media-services-websites-role-based-access-control-and-more Blog 0 Fri, 31 Dec 9999 00:00:00 GMT Mon, 01 Jan 0001 00:00:00 GMT True False False Fri, 12 Sep 2014 06:16:55 GMT http://weblogs.asp.net:80/scottgu/azure-sql-databases-api-management-media-services-websites-role-based-access-control-and-more Fri, 12 Sep 2014 06:14:18 GMT 8 days ago 0 asp 37301964 2426 Azure: SQL Databases, API Management, Media Services, Websites, Role Based Access Control and More This week we released a major set of updates to Microsoft Azure. This week’s updates include: <ul> <li>SQL Databases: General Availability of Azure SQL Database Service Tiers <li>API Management: General Availability of our API Management Service <li>Media Services: Live Streaming, Content Protection, Faster and Cost Effective Encoding, and Media Indexer <li>Web Sites: Virtual Network integration, new scalable CMS with WordPress and updates to Web Site Backup in the Preview Portal <li>Role-based Access Control: Preview release of role-based access control for Azure Management operations <li>Alerting: General Availability of Azure Alerting and new alerts on events </li></ul> All of these improvements are now available to use immediately (note that some features are still in preview). Below are more details about them: <h2>SQL Databases: General Availability of Azure SQL Database Service Tiers </h2> I’m happy to announce the General Availability of our new Azure SQL Database service tiers - Basic, Standard, and Premium. The SQL Database service within Azure provides a compelling database-as-a-service offering that enables you to quickly innovate & stand up and run SQL databases without having to manage or operate VMs or infrastructure. Today’s SQL Database Service Tiers all come with a 99.99% SLA, and databases can now grow up to 500GB in size. Each SQL Database tier now guarantees a consistent performance level that you can depend on within your applications – avoiding the need to worry about “noisy neighbors” who might impact your performance from time to time. Built-in point-in-time restore support now provides you with the ability to automatically re-create databases at a certain point of time (giving you much more backup flexibility and allowing you to restore to exactly the point before you accidentally did something bad to your data). Built-in auditing support enables you to gain insight into events and changes that occur with the databases you host. Built-in active geo-replication support, available with the premium tier, enables you to create up to 4 readable, secondary, databases in any Azure region. When active geo-replication is enabled, we will ensure that all transactions committed to the database in your primary region are continuously replicated to the databases in the other regions as well: <a href="https://mscblogs.blob.core.windows.net/media/scottgu/Media/image_161995EF.png"><img title="image" border="0" alt="image" src="https://mscblogs.blob.core.windows.net/media/scottgu/Media/image_thumb_278F1829.png" width="800" height="450"></a> One of the primary benefits of <a href="http://msdn.microsoft.com/en-us/library/azure/dn741339.aspx">active geo-replication</a> is that it provides application control over disaster recovery at a database level. Having cross-region redundancy enables your applications to recover in the event of a disaster (e.g. a natural disaster, etc). The new active geo-replication support enables you to initiate/control any failovers – allowing you to shift the primary database to any of your secondary regions: <a href="https://mscblogs.blob.core.windows.net/media/scottgu/Media/image_4BB70369.png"><img title="image" border="0" alt="image" src="https://mscblogs.blob.core.windows.net/media/scottgu/Media/image_thumb_2242C229.png" width="800" height="450"></a> This provides a robust business continuity offering, and enables you to run mission critical solutions in the cloud with confidence. <h3>More Flexible Pricing</h3> SQL Databases are now billed on a per-hour basis – allowing you to quickly create and tear down databases, and dynamically scale up or down databases even more cost effectively. Basic Tier databases support databases up to 2GB in size and cost $4.99 for a full month of use. Standard Tier databases support 250GB databases and now start at $15/month (there are also higher performance standard tiers at $30/month and $75/month). Premium Tier databases support 500GB databases as well as the active geo-replication feature and now start at $465/month. The below table provides a quick look at the different tiers and functionality: <a href="https://mscblogs.blob.core.windows.net/media/scottgu/WindowsLiveWriter/99feed2ae3fb_13462/image_32.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; border-bottom-width: 0px; display: inline; border-top-width: 0px" border="0" alt="image" src="https://mscblogs.blob.core.windows.net/media/scottgu/WindowsLiveWriter/99feed2ae3fb_13462/image_thumb_15.png" width="632" height="636"></a> <a href="http://msdn.microsoft.com/en-us/library/dn741336.aspx" target="_blank">This page</a> provides more details on how to think about DTU performance with each of the above tiers, and provides benchmark details on the number of transactions supported by each of the above service tiers and performance levels. During the preview, we’ve heard from some ISVs, which have a large number of databases with variable performance demands, that they need the flexibility to share DTU performance resources across multiple databases as opposed to managing tiers for databases individually. For example, some SaaS ISVs may have a separate SQL database for each customer and as the activity of each database varies, they want to manage a pool of resources with a defined budget across these customer databases. We are working to enable this scenario within the new service tiers in a future service update. If you are an ISV with a similar scenario, please click <a href="http://technet.microsoft.com/en-us/evalcenter/dn800591">here</a> to sign up to learn more. Learn more about SQL Databases on Azure <a href="http://azure.microsoft.com/en-us/services/sql-database/" target="_blank">here</a>. <h2>API Management Service: General Availability Release</h2> I’m excited to announce the General Availability of the <a href="http://azure.microsoft.com/en-us/services/api-management/" target="_blank">Azure API Management Service</a>. In my <a href="http://weblogs.asp.net/scottgu/azure-new-documentdb-nosql-service-new-search-service-new-sql-alwayson-vm-template-and-more">last post</a> I discussed how API Management enables customers to securely publish APIs to developers and accelerate partner adoption. These APIs can be used from mobile and client applications (on any device) as well as other cloud and service based applications. The API management service supports the ability to take any APIs you already have (either in the cloud or on-premises) and publish them for others to use. The API Management service enables you to: <ul> <li>Throttle, rate limit and quota your APIs <li>Gain analytic insights on how your APIs are being used and by whom <li>Secure your APIs using OAuth or key-based access <li>Track the health of your APIs and quickly identify errors <li>Easily expose a developer portal for your APIs that provides documentation and test experiences to developers who want to use your APIs</li></ul> Today’s General Availability provides a formal SLA for Standard tier services. We also have a developer tier of the service that you can use, starting at just $49 per month. <h3>OAuth support in the Developer Portal</h3> The API Management service provides a developer console that enables a great on-boarding and interactive learning experience for developers who want to use your APIs. The developer console enables you to easily expose documentation as well enable developers to try/test your APIs. With this week’s GA release we are also adding support that enables API publishers to register their OAuth Authorization Servers for use in the console, which in turn allows developers to sign in with their own login credentials when interacting with your API - a critical feature for any API that supports OAuth. All normative authorization grant types are supported plus scopes and default scopes. <a href="https://mscblogs.blob.core.windows.net/media/scottgu/WindowsLiveWriter/99feed2ae3fb_13462/image_2.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; border-bottom-width: 0px; display: inline; border-top-width: 0px" border="0" alt="image" src="https://mscblogs.blob.core.windows.net/media/scottgu/WindowsLiveWriter/99feed2ae3fb_13462/image_thumb.png" width="624" height="472"></a> For more details on how to enable OAuth 2 support with API Management and integration in the new developer portal, check out this <a href="http://go.microsoft.com/fwlink/?LinkId=511375">tutorial</a>. <a href="http://azure.microsoft.com/en-us/services/api-management/" target="_blank">Click here</a> to learn more about the API Management service and try it out for free. <h2>Media Services: Live Streaming, DRM, Faster Cost Effective Encoding, and Media Indexer</h2> This week we are excited to announce the public preview of Live Streaming and Content Protection support with Azure Media Services. The same Internet scale streaming solution that leading international broadcasters used to live stream the 2014 Winter Olympic Games and 2014 FIFA World Cup to tens of millions of customers globally is now available in public preview to all Azure customers. This means you can now stream live events of any size with the same level of scalability, uptime, and reliability that was available to the Olympics and World Cup. <h3>DRM Content Protection</h3> This week Azure Media Services is also introducing a new Content Protection offering which features both static and dynamic encryption with first party PlayReady license delivery and an AES 128-bit key delivery service. This makes it easy to DRM protect both your live and pre-recorded video assets – and have them be available for users to easily watch them on any device or platform (Windows, Mac, iOS, Android and more). <h3>Faster and More Cost Effective Media Encoding</h3> This week, we are also introducing faster media encoding speeds and more cost-effective billing. Our enhanced Azure Media Encoder is designed for premium media encoding and is billed based on output GBs. Our previous encoder was billed on both input + output GBs, so the shift to output only billing will result in a substantial price reduction for all of our customers. To help you further optimize your encoding workflows, we’re introducing Basic, Standard, and Premium Encoding Reserved units, which give you more flexibility and allow you to tailor the encoding capability you pay for to the needs of your specific workflows. <h3>Media Indexer</h3> Additionally, I’m happy to announce the General Availability of Azure Media Indexer, a powerful, market differentiated content extraction service which can be used to enhance the searchability of audio and video files. With Media Indexer you can automatically analyze your media files and index the audio and video content in them. You can learn more about it <a href="http://azure.microsoft.com/blog/2014/09/10/introducing-azure-media-indexer/" target="_blank">here</a>. <h3>More Media Partners</h3> I’m also pleased to announce the addition this week of several media workflow partners and client players to our existing large set of media partners: <ul> <li>Azure Media Services and <a href="http://www.telestream.net/wirecast/overview.htm">Telestream’s Wirecast</a> are now fully integrated, including a built-in destination that makes its quick and easy to send content from Wirecast’s live streaming production software to Azure. </li></ul> <ul> <li>Similarly, <a href="http://newtek.com/products/tricaster-8000.html">Newtek’s Tricaster</a> has also been integrated into the Azure platform, enabling customers to combine the high production value of Tricaster with the scalability and reliability of Azure Media Services. </li></ul> <ul> <li><a href="http://www.cires21.com/en/">Cires21</a> and Azure Media have paired up to help make monitoring the health of your live channels simple and easy, and the widely-used <a href="http://www.jwplayer.com/">JW player</a> is now fully integrated with Azure to enable you to quickly build video playback experiences across virtually all platforms.</li></ul> <h3>Learn More</h3> Visit the <a href="http://azure.com/media">Azure Media Services</a> site for more information and to get started for free. <h2>Websites: Virtual Network Integration, new Scalable CMS with WordPress</h2> This week we’ve also released a number of great updates to our Azure Websites service. <h3>Virtual Network Integration</h3> Starting this week you can now integrate your Azure Websites with Azure Virtual Networks. This support enables your Websites to access resources attached to your virtual networks. For example: this means you can now have a Website directly connect to a database hosted in a non-public VM on a virtual network. If your Virtual Network is connected to your on-premises network (using a Site-to-Site software VPN or ExpressRoute dedicated fiber VPN) you can also now have your Website connect to resources in your on-premises network as well. The new Virtual Network support enables both TCP and UDP protocols and will work with your VNET DNS. Hybrid Connections and Virtual Network are compatible such that you can also mix both in the same Website. The new virtual network support for Web Sites is being released this week in preview. Standard web hosting plans can have up to 5 virtual networks enabled. A website can only be connected to one virtual network at a time but there is no restriction on the number of websites that can be connected to a virtual network. You can configure a Website to use a Virtual Network using the new Preview Azure Portal (<a href="http://portal.azure.com">http://portal.azure.com</a>). Click the “Virtual Network” tile in your web-site to bring up a virtual network blade that you can use to either create a new virtual network or attach to an existing one you already have: <a href="https://mscblogs.blob.core.windows.net/media/scottgu/WindowsLiveWriter/99feed2ae3fb_13462/image_4.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; border-bottom-width: 0px; display: inline; border-top-width: 0px" border="0" alt="image" src="https://mscblogs.blob.core.windows.net/media/scottgu/WindowsLiveWriter/99feed2ae3fb_13462/image_thumb_1.png" width="897" height="363"></a> Note that an Azure Website requires that your Virtual Network has a configured gateway and Point-to-Site enabled. It will remained grayed out in the UI above until you have enabled this. <h3>Scalable CMS with WordPress</h3> This week we also released support for a Scalable CMS solution with WordPress running on Azure Websites. Scalable CMS with WordPress provides the fastest way to build an optimized and hassle free WordPress Website. It is architected so that your WordPress site loads fast and can support millions of page views a month, and you can easily scale up or scale out as your traffic increases. It is pre-configured to use <a href="http://wordpress.org/plugins/windows-azure-storage/">Azure Storage</a>, which can be used to store your site’s media library content, and can be easily configured to use the Azure CDN. Every Scalable CMS site comes with auto-scale, staged publishing, SSL, custom domains, Webjobs, and backup and restore features of Azure Websites enabled. Scalable WordPress also allows you to use <a href="http://wordpress.org/plugins/jetpack/">Jetpack</a> to supercharge your WordPress site with powerful features available to WordPress.com users. You can now easily deploy Scalable CMS with WordPress solutions on Azure via the Azure Gallery integrated within the new Azure Preview Portal (<a href="http://portal.azure.com">http://portal.azure.com</a>). When you select it within the portal it will walk you through automatically setting up and deploying a complete solution on Azure: <a href="https://mscblogs.blob.core.windows.net/media/scottgu/WindowsLiveWriter/99feed2ae3fb_13462/image_6.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; border-bottom-width: 0px; display: inline; border-top-width: 0px" border="0" alt="image" src="https://mscblogs.blob.core.windows.net/media/scottgu/WindowsLiveWriter/99feed2ae3fb_13462/image_thumb_2.png" width="874" height="587"></a> Scalable WordPress is ideal for Web developers, creative agencies, businesses and enterprises wanting a turn-key solution that maximizes performance of running WordPress on Azure Websites. It’s fast, simple and secure WordPress hosting on Azure Websites. <h3>Updates to Website Backup</h3> This week we also updated our built-in Backup feature within Azure Websites with a number of nice enhancements. Starting today, you can now: <ul> <li>Choose the exact destination of your backups, including the specific Storage account and blob container you wish to store your backups within. <li>Choose to backup SQL databases or MySQL databases that are declared in the connection strings of the website. <li>On the restore side, you can now restore to both a new site, and to a deployment slot on a site. This makes it possible to verify your backup before you make it live. </li></ul> These new capabilities make it easier than ever to have a full history of your website and its associated data. <h2>Security: Role Based Access Control for Management of Azure</h2> As organizations move more and more of their workloads to Azure, one of the most requested features has been the ability to control which cloud resources different employees can access and what actions they can perform on those resources. Today, I’m excited to announce the preview release of Role Based Access Control (RBAC) support in the Azure platform. RBAC is now available in the <a href="https://portal.azure.com/">Azure preview portal</a> and can be used to control access in the portal or access to the Azure Resource Manager APIs. You can use this support to limit the access of users and groups by assigning them roles on Azure resources. Highlights include: <ul> <li>A subscription is no longer the access management boundary in Azure. In April, we introduced <a href="http://azure.microsoft.com/en-us/documentation/articles/azure-preview-portal-using-resource-groups/">Resource Groups</a>, a container to group resources that share lifecycle. Now, you can grant users access on a resource group as well as on individual resources like specific Websites or VMs. </li></ul> <ul> <li>You can now grant access to both users groups. RBAC is based on Azure Active Directory, so if your organization already uses groups in Azure Active Directory or Windows Server Active Directory for access management, you will be able to manage access to Azure the same way.</li></ul> Below are some more details on how this works and can be enabled. <h3>Azure Active Directory</h3> Azure Active Directory is our directory service in the cloud. You can create organizational tenants within Azure Active Directory and define users and groups within it – without having to have any existing Active Directory setup on-premises. Alternatively, you can also sync (or federate) users and groups from your existing on-premises Active Directory to Azure Active Directory, and have your existing users and groups automatically be available for use in the cloud with Azure, Office 365, as well as over 2000 other SaaS based applications: <a href="https://mscblogs.blob.core.windows.net/media/scottgu/WindowsLiveWriter/99feed2ae3fb_13462/image_8.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; border-bottom-width: 0px; display: inline; border-top-width: 0px" border="0" alt="image" src="https://mscblogs.blob.core.windows.net/media/scottgu/WindowsLiveWriter/99feed2ae3fb_13462/image_thumb_3.png" width="632" height="305"></a> All users that access your Azure subscriptions, <a href="http://blogs.technet.com/b/ad/archive/2014/08/15/prepping-for-new-management-features.aspx">are now present in the Azure Active Directory</a>, to which the subscription is associated. This enables you to manage what they can do as well as revoke their access to all Azure subscriptions by disabling their account in the directory. <h3>Role Permissions</h3> In this first preview we are pre-defining three built-in Azure roles that give you a choice of granting restricted access: <ul> <li>A Owner can perform all management operations for a resource and its child resources including access management. <li>A Contributor can perform all management operations for a resource including create and delete resources. A contributor cannot grant access to others. <li>A Reader has read-only access to a resource and its child resources. A Reader cannot read secrets. </li></ul> In the RBAC model, users who have been configured to be the service administrator and co-administrators of an Azure subscription are mapped as belonging to the Owners role of the subscription. Their access to both the current and preview management portals remains unchanged. Additional users and groups that you then assign to the new RBAC roles will only have those permissions, and also will only be able to manage Azure resources using the new <a href="https://portal.azure.com/">Azure preview portal</a> and Azure Resource Manager APIs. RBAC is not supported in the current <a href="https://manage.windowsazure.com">Azure management portal</a> or via older management APIs (since neither of these were built with the concept of role based security built-in). <h3>Restricting Access based on Role Based Permissions</h3> Let’s assume that your team is using Azure for development, as well as to host the production instance of your application. When doing this you might want to separate the resources employed in development and testing from the production resources using <a href="http://azure.microsoft.com/en-us/documentation/articles/azure-preview-portal-using-resource-groups/">Resource Groups</a>. You might want to allow everyone in your team to have a read-only view of all resources in your Azure subscription – including the ability to read and review production analytics data. You might then want to only allow certain users to have write/contributor access to the production resources. Let’s look at how to set this up: Step 1: Setting up Roles at the Subscription Level We’ll begin by mapping some users to roles at the subscription level. These will then by default be inherited by all resources and resource groups within our Azure subscription. To set this up, open the Billing blade within the Preview Azure Portal (<a href="http://portal.azure.com">http://portal.azure.com</a>), and within the Billing blade select the Azure subscription that you wish to setup roles for: <a href="https://mscblogs.blob.core.windows.net/media/scottgu/WindowsLiveWriter/99feed2ae3fb_13462/image_12.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; border-bottom-width: 0px; display: inline; border-top-width: 0px" border="0" alt="image" src="https://mscblogs.blob.core.windows.net/media/scottgu/WindowsLiveWriter/99feed2ae3fb_13462/image_thumb_5.png" width="764" height="538"></a> Then scroll down within the blade of subscription you opened, and locate the Roles tile within it: <a href="https://mscblogs.blob.core.windows.net/media/scottgu/WindowsLiveWriter/99feed2ae3fb_13462/image_18.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; border-bottom-width: 0px; display: inline; border-top-width: 0px" border="0" alt="image" src="https://mscblogs.blob.core.windows.net/media/scottgu/WindowsLiveWriter/99feed2ae3fb_13462/image_thumb_8.png" width="416" height="425"></a> Clicking the Roles title will bring up a blade that lists the pre-defined roles we provide by default (Owner, Contributor, Reader). You can click any of the roles to bring up a list of the users assigned to the role. Clicking the Add button will then allow you to search your Azure Active Directory and add either a user or group to that role. Below I’ve opened up the default Reader role and added David and Fred to it: <a href="https://mscblogs.blob.core.windows.net/media/scottgu/WindowsLiveWriter/99feed2ae3fb_13462/image_30.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; border-bottom-width: 0px; display: inline; border-top-width: 0px" border="0" alt="image" src="https://mscblogs.blob.core.windows.net/media/scottgu/WindowsLiveWriter/99feed2ae3fb_13462/image_thumb_14.png" width="726" height="515"></a> Once we do this, David and Fred will be able to log into the Preview Azure Portal and will have read-only access to the resources contained within our subscription. They will not be able to edit any changes, though, nor be able to see secrets (passwords, etc). Note that in addition to adding users and groups from within your directory, you can also use the Invite button above to invite users who are not currently part of your directory, but who have a Microsoft Account (e.g. <a href="mailto:scott@outlook.com">scott@outlook.com</a>), to also be mapped into a role. Step 2: Setting up Roles at the Resource Level Once you’ve defined the default role mappings at the subscription level, they will by default apply to all resources and resource groups contained within it. If you wish to scope permissions even further at just an individual resource (e.g. a VM or Website or Database) or at a resource group level (e.g. an entire application and all resources within it), you can also open up the individual resource/resource-group blade and use the Roles tile within it to further specify permissions. For example, earlier we granted David reader role access to all resources within our Azure subscription. Let’s now grant him contributor role access to just an individual VM within the subscription. Once we do this he’ll be able to stop/start the VM as well as make changes to it. To enable this, I’ve opened up the blade for the VM below. I’ve then scrolled down the blade and found the Roles tile within the VM. Clicking the contributor role within the Roles tile will then bring up a blade that allows me to configure which users will be contributors (meaning have read and modify permissions) for this particular VM. Notice below how I’ve added David to this: <a href="https://mscblogs.blob.core.windows.net/media/scottgu/WindowsLiveWriter/99feed2ae3fb_13462/image_28.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; border-bottom-width: 0px; display: inline; border-top-width: 0px" border="0" alt="image" src="https://mscblogs.blob.core.windows.net/media/scottgu/WindowsLiveWriter/99feed2ae3fb_13462/image_thumb_13.png" width="844" height="561"></a> Using this resource/resource-group level approach enables you to have really fine-grained access control permissions on your resources. <h3>Command Line and API Access for Azure Role Based Access Control</h3> The enforcement of the access policies that you configure using RBAC is done by the Azure Resource Manager APIs. Both the Azure preview portal as well as the command line tools we ship use the Resource Manager APIs to execute management operations. This ensures that access is consistently enforced regardless of what tools are used to manage Azure resources. With this week’s release we’ve included a number of new Powershell APIs that enable you to automate setting up as well as controlling role based access. <h3>Learn More about Role Based Access</h3> Today’s Role Based Access Control Preview provides a lot more flexibility in how you manage the security of your Azure resources. It is easy to setup and configure. And because it integrates with Azure Active Directory, you can easily sync/federate it to also integrate with the existing Active Directory configuration you might already have in your on-premises environment. Getting started with the new Azure Role Based Access Control support is as simple as assigning the appropriate users and groups to roles on your Azure subscription or individual resources. You can read more detailed information on the concepts and capabilities of RBAC <a href="http://aka.ms/azurerbac">here</a>. Your feedback on the preview features is critical for all improvements and new capabilities coming in this space, so please try out the new features and provide us your <a href="http://aka.ms/azurerbacfeedback">feedback</a>. <h2>Alerts: General Availability of Azure Alerting and new Alerts on Events support</h2> I’m excited to announce the release of Azure Alerting to General Availability. Azure alerts supports the ability to create alert thresholds on metrics that you are interested in, and then have Azure automatically send an email notification when that threshold is crossed. As part of the general availability release, we are removing the 10 alert rule cap per subscription. Alerts are available in the full azure portal by clicking Management Services in the left navigation bar: <a href="https://mscblogs.blob.core.windows.net/media/scottgu/WindowsLiveWriter/99feed2ae3fb_13462/image_14.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; border-bottom-width: 0px; display: inline; border-top-width: 0px" border="0" alt="image" src="https://mscblogs.blob.core.windows.net/media/scottgu/WindowsLiveWriter/99feed2ae3fb_13462/image_thumb_6.png" width="790" height="558"></a> Also, alerting is available on most of the resources in the Azure preview portal: <a href="https://mscblogs.blob.core.windows.net/media/scottgu/WindowsLiveWriter/99feed2ae3fb_13462/image_16.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; border-bottom-width: 0px; display: inline; border-top-width: 0px" border="0" alt="image" src="https://mscblogs.blob.core.windows.net/media/scottgu/WindowsLiveWriter/99feed2ae3fb_13462/image_thumb_7.png" width="869" height="428"></a> You can create alerts on metrics from 8 different services today (and we are adding more all the time): <ul> <li>Cloud Services <li>Virtual Machines <li>Websites <li>Web hosting plans <li>Storage accounts <li>SQL databases <li>Redis Cache <li>DocumentDB accounts</li></ul> In addition to general availability for alerts on metrics, we are also previewing the ability to create alerts on operational events. This means you can get an email if someone stops your website, if your virtual machines are deleted, or if your Azure Resource Manager template deployment failed. Like alerts on metrics, you can route these alerts to the service and co-administrators, or, to a custom email address you provide. You can configure these events on a resource in the Azure Preview Portal. We have enabled this within the Portal for Websites – we’ll be extending it to all resources in the future. <h2>Summary</h2> Today’s Microsoft Azure release enables a ton of great new scenarios, and makes building applications hosted in the cloud even easier. If you don’t already have a Azure account, you can sign-up for a <a href="http://azure.microsoft.com/en-us/pricing/free-trial/" target="_blank">free trial</a> and start using all of the above features today. Then visit the <a href="http://azure.microsoft.com/" target="_blank">Microsoft Azure Developer Center</a> to learn more about how to build apps with it. Hope this helps, Scott P.S. In addition to blogging, I am also now using Twitter for quick updates and to share links. Follow me at: <a href="http://www.twitter.com/scottgu" target="_blank">twitter.com/scottgu</a> Azure: SQL Databases, API Management, Media Services, Websites, Role Based Access Control and More This week we released a major set of updates to Microsoft Azure. This week’s updates include:SQL Databases: General Availability of Azure SQL Database Service Tiers API Management: General Availability of our API Management Service Media Services: Live Streaming, Content Protection, Faster and Cost Effective Encoding, and Media Indexer Web Sites: Virtual Network integration, new scalable CMS with WordPress and updates to Web Site Backup in the Preview Portal Role-based Access Control: Preview release of role-based access control for Azure Management operations Alerting: General Availability of Azure Alerting and new alerts on events All of these improvements are now available to use immediately (note that some features are still in preview). Below are more details about them: SQL Databases: General Availability of Azure SQL Database Service Tiers I’m happy to announce the General Availability of our new Azure SQL Database service tiers - Basic, Standard, and Premium. The SQL Database service within Azure provides a compelling database-as-a-service offering that enables you to quickly innovate & stand up and run SQL databases without having to manage or operate VMs or infrastructure. Today’s SQL Database Service Tiers all come with a 99.99% SLA, and databases can now grow up to 500GB in size. Each SQL Database tier now guarantees a consistent performance level that you can depend on within your applications – avoiding the need to worry about “noisy neighbors” who might impact your performance from time to time. Built-in point-in-time restore support now provides you with the ability to automatically re-create databases at a certain point of time (giving you much more backup flexibility and allowing you to restore to exactly the point before you accidentally did something bad to your data). Built-in auditing support enables you to gain insight into events and changes that occur with the databases you host. Built-in active geo-replication support, available with the premium tier, enables you to create up to 4 readable, secondary, databases in any Azure region. When active geo-replication is enabled, we will ensure that all transactions committed to the database in your primary region are continuously replicated to the databases in the other regions as well: One of the primary benefits of active geo-replication is that it provides application control over disaster recovery at a database level. Having cross-region redundancy enables your applications to recover in the event of a disaster (e.g. a natural disaster, etc). The new active geo-replication support enables you to initiate/control any failovers – allowing you to shift the primary database to any of your secondary regions: This provides a robust business continuity offering, and enables you to run mission critical solutions in the cloud with confidence. More Flexible Pricing SQL Databases are now billed on a per-hour basis – allowing you to quickly create and tear down databases, and dynamically scale up or down databases even more cost effectively. Basic Tier databases support databases up to 2GB in size and cost $4.99 for a full month of use. Standard Tier databases support 250GB databases and now start at $15/month (there are also higher performance standard tiers at $30/month and $75/month). Premium Tier databases support 500GB databases as well as the active geo-replication feature and now start at $465/month. The below table provides a quick look at the different tiers and functionality: This page provides more details on how to think about DTU performance with each of the above tiers, and provides benchmark details on the number of transactions supported by each of the above service tiers and performance levels. During the preview, we’ve heard from some ISVs, which have a large number of databases with variable performance demands, that they need the flexibility to share DTU performance resources across multiple databases as opposed to managing tiers for databases individually. For example, some SaaS ISVs may have a separate SQL database for each customer and as the activity of each database varies, they want to manage a pool of resources with a defined budget across these customer databases. We are working to enable this scenario within the new service tiers in a future service update. If you are an ISV with a similar scenario, please click here to sign up to learn more. Learn more about SQL Databases on Azure here. API Management Service: General Availability Release I’m excited to announce the General Availability of the Azure API Management Service. In my last post I discussed how API Management enables customers to securely publish APIs to developers and accelerate partner adoption. These APIs can be used from mobile and client applications (on any device) as well as other cloud and service based applications. The API management service supports the ability to take any APIs you already have (either in the cloud or on-premises) and publish them for others to use. The API Management service enables you to: Throttle, rate limit and quota your APIs Gain analytic insights on how your APIs are being used and by whom Secure your APIs using OAuth or key-based access Track the health of your APIs and quickly identify errors Easily expose a developer portal for your APIs that provides documentation and test experiences to developers who want to use your APIs Today’s General Availability provides a formal SLA for Standard tier services. We also have a developer tier of the service that you can use, starting at just $49 per month. OAuth support in the Developer Portal The API Management service provides a developer console that enables a great on-boarding and interactive learning experience for developers who want to use your APIs. The developer console enables you to easily expose documentation as well enable developers to try/test your APIs. With this week’s GA release we are also adding support that enables API publishers to register their OAuth Authorization Servers for use in the console, which in turn allows developers to sign in with their own login credentials when interacting with your API - a critical feature for any API that supports OAuth. All normative authorization grant types are supported plus scopes and default scopes. For more details on how to enable OAuth 2 support with API Management and integration in the new developer portal, check out this tutorial. Click here to learn more about the API Management service and try it out for free. Media Services: Live Streaming, DRM, Faster Cost Effective Encoding, and Media Indexer This week we are excited to announce the public preview of Live Streaming and Content Protection support with Azure Media Services. The same Internet scale streaming solution that leading international broadcasters used to live stream the 2014 Winter Olympic Games and 2014 FIFA World Cup to tens of millions of customers globally is now available in public preview to all Azure customers. This means you can now stream live events of any size with the same level of scalability, uptime, and reliability that was available to the Olympics and World Cup. DRM Content Protection This week Azure Media Services is also introducing a new Content Protection offering which features both static and dynamic encryption with first party PlayReady license delivery and an AES 128-bit key delivery service. This makes it easy to DRM protect both your live and pre-recorded video assets – and have them be available for users to easily watch them on any device or platform (Windows, Mac, iOS, Android and more). Faster and More Cost Effective Media Encoding This week, we are also introducing faster media encoding speeds and more cost-effective billing. Our enhanced Azure Media Encoder is designed for premium media encoding and is billed based on output GBs. Our previous encoder was billed on both input + output GBs, so the shift to output only billing will result in a substantial price reduction for all of our customers. To help you further optimize your encoding workflows, we’re introducing Basic, Standard, and Premium Encoding Reserved units, which give you more flexibility and allow you to tailor the encoding capability you pay for to the needs of your specific workflows. Media Indexer Additionally, I’m happy to announce the General Availability of Azure Media Indexer, a powerful, market differentiated content extraction service which can be used to enhance the searchability of audio and video files. With Media Indexer you can automatically analyze your media files and index the audio and video content in them. You can learn more about it here. More Media Partners I’m also pleased to announce the addition this week of several media workflow partners and client players to our existing large set of media partners: Azure Media Services and Telestream’s Wirecast are now fully integrated, including a built-in destination that makes its quick and easy to send content from Wirecast’s live streaming production software to Azure. Similarly, Newtek’s Tricaster has also been integrated into the Azure platform, enabling customers to combine the high production value of Tricaster with the scalability and reliability of Azure Media Services. Cires21 and Azure Media have paired up to help make monitoring the health of your live channels simple and easy, and the widely-used JW player is now fully integrated with Azure to enable you to quickly build video playback experiences across virtually all platforms.Learn More Visit the Azure Media Services site for more information and to get started for free. Websites: Virtual Network Integration, new Scalable CMS with WordPress This week we’ve also released a number of great updates to our Azure Websites service.Virtual Network Integration Starting this week you can now integrate your Azure Websites with Azure Virtual Networks. This support enables your Websites to access resources attached to your virtual networks. For example: this means you can now have a Website directly connect to a database hosted in a non-public VM on a virtual network. If your Virtual Network is connected to your on-premises network (using a Site-to-Site software VPN or ExpressRoute dedicated fiber VPN) you can also now have your Website connect to resources in your on-premises network as well. The new Virtual Network support enables both TCP and UDP protocols and will work with your VNET DNS. Hybrid Connections and Virtual Network are compatible such that you can also mix both in the same Website. The new virtual network support for Web Sites is being released this week in preview. Standard web hosting plans can have up to 5 virtual networks enabled. A website can only be connected to one virtual network at a time but there is no restriction on the number of websites that can be connected to a virtual network. You can configure a Website to use a Virtual Network using the new Preview Azure Portal (http://portal.azure.com). Click the “Virtual Network” tile in your web-site to bring up a virtual network blade that you can use to either create a new virtual network or attach to an existing one you already have: Note that an Azure Website requires that your Virtual Network has a configured gateway and Point-to-Site enabled. It will remained grayed out in the UI above until you have enabled this. Scalable CMS with WordPress This week we also released support for a Scalable CMS solution with WordPress running on Azure Websites. Scalable CMS with WordPress provides the fastest way to build an optimized and hassle free WordPress Website. It is architected so that your WordPress site loads fast and can support millions of page views a month, and you can easily scale up or scale out as your traffic increases. It is pre-configured to use Azure Storage, which can be used to store your site’s media library content, and can be easily configured to use the Azure CDN. Every Scalable CMS site comes with auto-scale, staged publishing, SSL, custom domains, Webjobs, and backup and restore features of Azure Websites enabled. Scalable WordPress also allows you to use Jetpack to supercharge your WordPress site with powerful features available to WordPress.com users. You can now easily deploy Scalable CMS with WordPress solutions on Azure via the Azure Gallery integrated within the new Azure Preview Portal (http://portal.azure.com). When you select it within the portal it will walk you through automatically setting up and deploying a complete solution on Azure: Scalable WordPress is ideal for Web developers, creative agencies, businesses and enterprises wanting a turn-key solution that maximizes performance of running WordPress on Azure Websites. It’s fast, simple and secure WordPress hosting on Azure Websites. Updates to Website Backup This week we also updated our built-in Backup feature within Azure Websites with a number of nice enhancements. Starting today, you can now: Choose the exact destination of your backups, including the specific Storage account and blob container you wish to store your backups within. Choose to backup SQL databases or MySQL databases that are declared in the connection strings of the website. On the restore side, you can now restore to both a new site, and to a deployment slot on a site. This makes it possible to verify your backup before you make it live. These new capabilities make it easier than ever to have a full history of your website and its associated data. Security: Role Based Access Control for Management of Azure As organizations move more and more of their workloads to Azure, one of the most requested features has been the ability to control which cloud resources different employees can access and what actions they can perform on those resources. Today, I’m excited to announce the preview release of Role Based Access Control (RBAC) support in the Azure platform. RBAC is now available in the Azure preview portal and can be used to control access in the portal or access to the Azure Resource Manager APIs. You can use this support to limit the access of users and groups by assigning them roles on Azure resources. Highlights include: A subscription is no longer the access management boundary in Azure. In April, we introduced Resource Groups, a container to group resources that share lifecycle. Now, you can grant users access on a resource group as well as on individual resources like specific Websites or VMs. You can now grant access to both users groups. RBAC is based on Azure Active Directory, so if your organization already uses groups in Azure Active Directory or Windows Server Active Directory for access management, you will be able to manage access to Azure the same way. Below are some more details on how this works and can be enabled.Azure Active Directory Azure Active Directory is our directory service in the cloud. You can create organizational tenants within Azure Active Directory and define users and groups within it – without having to have any existing Active Directory setup on-premises. Alternatively, you can also sync (or federate) users and groups from your existing on-premises Active Directory to Azure Active Directory, and have your existing users and groups automatically be available for use in the cloud with Azure, Office 365, as well as over 2000 other SaaS based applications: All users that access your Azure subscriptions, are now present in the Azure Active Directory, to which the subscription is associated. This enables you to manage what they can do as well as revoke their access to all Azure subscriptions by disabling their account in the directory. Role Permissions In this first preview we are pre-defining three built-in Azure roles that give you a choice of granting restricted access:A Owner can perform all management operations for a resource and its child resources including access management. A Contributor can perform all management operations for a resource including create and delete resources. A contributor cannot grant access to others. A Reader has read-only access to a resource and its child resources. A Reader cannot read secrets. In the RBAC model, users who have been configured to be the service administrator and co-administrators of an Azure subscription are mapped as belonging to the Owners role of the subscription. Their access to both the current and preview management portals remains unchanged. Additional users and groups that you then assign to the new RBAC roles will only have those permissions, and also will only be able to manage Azure resources using the new Azure preview portal and Azure Resource Manager APIs. RBAC is not supported in the current Azure management portal or via older management APIs (since neither of these were built with the concept of role based security built-in). Restricting Access based on Role Based Permissions Let’s assume that your team is using Azure for development, as well as to host the production instance of your application. When doing this you might want to separate the resources employed in development and testing from the production resources using Resource Groups. You might want to allow everyone in your team to have a read-only view of all resources in your Azure subscription – including the ability to read and review production analytics data. You might then want to only allow certain users to have write/contributor access to the production resources. Let’s look at how to set this up: Step 1: Setting up Roles at the Subscription Level We’ll begin by mapping some users to roles at the subscription level. These will then by default be inherited by all resources and resource groups within our Azure subscription. To set this up, open the Billing blade within the Preview Azure Portal (http://portal.azure.com), and within the Billing blade select the Azure subscription that you wish to setup roles for: Then scroll down within the blade of subscription you opened, and locate the Roles tile within it: Clicking the Roles title will bring up a blade that lists the pre-defined roles we provide by default (Owner, Contributor, Reader). You can click any of the roles to bring up a list of the users assigned to the role. Clicking the Add button will then allow you to search your Azure Active Directory and add either a user or group to that role. Below I’ve opened up the default Reader role and added David and Fred to it: Once we do this, David and Fred will be able to log into the Preview Azure Portal and will have read-only access to the resources contained within our subscription. They will not be able to edit any changes, though, nor be able to see secrets (passwords, etc). Note that in addition to adding users and groups from within your directory, you can also use the Invite button above to invite users who are not currently part of your directory, but who have a Microsoft Account (e.g. scott@outlook.com), to also be mapped into a role. Step 2: Setting up Roles at the Resource Level Once you’ve defined the default role mappings at the subscription level, they will by default apply to all resources and resource groups contained within it. If you wish to scope permissions even further at just an individual resource (e.g. a VM or Website or Database) or at a resource group level (e.g. an entire application and all resources within it), you can also open up the individual resource/resource-group blade and use the Roles tile within it to further specify permissions. For example, earlier we granted David reader role access to all resources within our Azure subscription. Let’s now grant him contributor role access to just an individual VM within the subscription. Once we do this he’ll be able to stop/start the VM as well as make changes to it. To enable this, I’ve opened up the blade for the VM below. I’ve then scrolled down the blade and found the Roles tile within the VM. Clicking the contributor role within the Roles tile will then bring up a blade that allows me to configure which users will be contributors (meaning have read and modify permissions) for this particular VM. Notice below how I’ve added David to this: Using this resource/resource-group level approach enables you to have really fine-grained access control permissions on your resources. Command Line and API Access for Azure Role Based Access Control The enforcement of the access policies that you configure using RBAC is done by the Azure Resource Manager APIs. Both the Azure preview portal as well as the command line tools we ship use the Resource Manager APIs to execute management operations. This ensures that access is consistently enforced regardless of what tools are used to manage Azure resources. With this week’s release we’ve included a number of new Powershell APIs that enable you to automate setting up as well as controlling role based access. Learn More about Role Based Access Today’s Role Based Access Control Preview provides a lot more flexibility in how you manage the security of your Azure resources. It is easy to setup and configure. And because it integrates with Azure Active Directory, you can easily sync/federate it to also integrate with the existing Active Directory configuration you might already have in your on-premises environment. Getting started with the new Azure Role Based Access Control support is as simple as assigning the appropriate users and groups to roles on your Azure subscription or individual resources. You can read more detailed information on the concepts and capabilities of RBAC here. Your feedback on the preview features is critical for all improvements and new capabilities coming in this space, so please try out the new features and provide us your feedback. Alerts: General Availability of Azure Alerting and new Alerts on Events support I’m excited to announce the release of Azure Alerting to General Availability. Azure alerts supports the ability to create alert thresholds on metrics that you are interested in, and then have Azure automatically send an email notification when that threshold is crossed. As part of the general availability release, we are removing the 10 alert rule cap per subscription. Alerts are available in the full azure portal by clicking Management Services in the left navigation bar: Also, alerting is available on most of the resources in the Azure preview portal: You can create alerts on metrics from 8 different services today (and we are adding more all the time): Cloud Services Virtual Machines Websites Web hosting plans Storage accounts SQL databases Redis Cache DocumentDB accounts In addition to general availability for alerts on metrics, we are also previewing the ability to create alerts on operational events. This means you can get an email if someone stops your website, if your virtual machines are deleted, or if your Azure Resource Manager template deployment failed. Like alerts on metrics, you can route these alerts to the service and co-administrators, or, to a custom email address you provide. You can configure these events on a resource in the Azure Preview Portal. We have enabled this within the Portal for Websites – we’ll be extending it to all resources in the future. Summary Today’s Microsoft Azure release enables a ton of great new scenarios, and makes building applications hosted in the cloud even easier. If you don’t already have a Azure account, you can sign-up for a free trial and start using all of the above features today. Then visit the Microsoft Azure Developer Center to learn more about how to build apps with it. Hope this helps, Scott P.S. In addition to blogging, I am also now using Twitter for quick updates and to share links. Follow me at: twitter.com/scottgu Azure Community News .NET Visual Studio SQL Server

THE KNOWLEDGE BANK make a deposit

Saturday, September 20, 2014

RESOURCE KNOWLEDGE BANK we have our facts straight

No comments:

Post a Comment