Where to put serverless business logic???

Good question!
There are several platform services you can put a serverless application’s logic in Azure, but not all might suit your needs.

Let us have a look, there are:

• Azure Functions
• Logic Apps
• Microsoft Flow
• Event Grid
• Cloud Storage
• Cosmos DB
• Azure Storage
• Identity
• Azure Active Directory (AAD)
• Azure Active Directory B2C
• Intelligence
• Cognitive Services
• Azure Search
• Machine Learning
• …..

There are quite a few more PaaS Services you can use, but, for a start, let us stay with those mentioned.

Sorting out, what to choose

The basic bricks in the Azure serverless construction kit are Azure Functions. They should be used to implement custom, pieces of functionality. It is important to have many functions, not a huge a single one that holds the complete logic of an application to enable flexible combinations as well as easy re-organization of those, to have good granularity as business requirements change.

Azure functions can call themselves directly, which is perfectly valid, or use the services of an orchestrator such as Logic apps or Flow to create workflows based  on self-implemented Functions, 3rd party functionality offerings, which are pulled in via “connectors”, or the mixture of both. The later scenario most probably is the one that is desired for many business solutions: Use custom as well as 3rd party functionality bricks, to get things done fast and efficient.
The difference between Flow and Logic apps is that Flow is an external service that is used to orchestrate selected functionality exposed by ones app through web hooks. Therefore, it is much like, the better known, If-This-Than-That (IFTTT) orchestrator and is ideally be used to enable anybody at the outside to use functionality exposed by your app, if desired.
Due to this and the fact that normally nobody wants to expose all of an apps inner workings, Logic apps, as the Azure-native orchestrator, would be the best choice to be used for the development of a custom solution.

Leveraging other Cloud services

As already mentioned, there are a lot of 3rd party building blocks one can use e.g. to send mail or twitter messages with the help of connectors. Fortunately, there are also connectors for other Azure infrastructural parts and services, such as message queues. You could set up a classical Service Bus namespace, or rely on the Azure Event Grid global messaging infrastructure that is provided by Azure, as well. This enables a solution to work asynchronously, buffering peak loads or even surviving smaller outages, without loosing information.

What else do we need?

At the end of the day, we want to persist our data in a reliable store and here it comes in handy that Azure is offering blob, table and Azure SQL storage services, to be tailored to your needs.
In this context Cosmos DB is one of the new shining stars, providing polyglot access in easily deployed, cross-regional, multi-master no-SQL DB store scenarios. This DB is really fast and unbelievable efficient. However, it is not one of the cheapest services.
Another, more than important, pillar of a solution is identity. In Azure you are able to choose between Azure Active Directory, if your solution is facing company employees or Active Directory B2C, if real customers are using your application. Both directories provide state of the art security and identification mechanisms leveraging OAuth and OpenIdConnect standards. And no worries, it is also possible to use both within a solution to satisfy the needs of different roles.
Example: employee as content provider  using AAD – customer as content subscriber identified by AAD B2C!

Quite often solutions need to work with data, search, evaluate and recognize correct trends or do recommendations. At this point Azure intelligence backed by Azure Search, Cognitive Services and Machine learning comes into play. These services are able to cover a broad range of complexity, reaching from easy to use picture recognition, to highly demanding AI models to predict car prices. It is certainly a good idea to start with low hanging fruits, such as providing good search capabilities in your app, before delving into the deep seas of data lakes and analytics clusters to back continuously optimized AI models.

And yes, there is more …..

With the services described, we are already in for good start to create a first serverless solution. But, we have by far not seen all of the possibilities. Nevertheless, this is a good bridge-head to rest for the moment. Rome was not built in a day and we are going to make our way episode by episode through the jungle!

Alexander

Build 2018 – Day 3

just saw a really outstanding session of Mark Russinovich, containing a wild ride through Azure Datacenters, Azure hardware, FPGAs, network topologies down to nothing less as quantum computing.

Enriched with great demos and presented with style!

A must see, as soon as the recording will be out: https://channel9.msdn.com/Events/Build/2018/BRK2508

And yes, Service Fabric people look out for Service Fabric Mesh, could really become a game changer.

Alexander

Build 2018–Keynote Day 1

Stunning new Azure IOT capabilities announced yesterday, during Satja Nadella’s keynote. I really like the DJI Drone detecting damages on a pipe system at real-time based on an AI model! This is the future arriving at our doorstep. Find a very good summary in Mary Jo’s article.

Renewed as Microsoft RD!

I am very happy to announce that I was just renewed as a Microsoft Regional Director for the next two years.

 

 

The Regional Director Program provides Microsoft leaders with the customer insights and real-world voices it needs to continue empowering developers and IT professionals with the world’s most innovative and impactful tools, services, and solutions.
You will typically find Regional Directors keynoting at top industry events, leading community groups and local initiatives, running technology-focused companies, or consulting on and implementing the latest breakthrough within a multinational corporation.

Very happy to be part of this unique group of exceptional people!

Alexander

Searching for identity – Azure B2C

Building systems in the Cloud efficiently means to be smart and use the building blocks offered. One literally have everything, e.g. in Azure, to rebuild your on-premise data center. However it would not be a winner to do this….

 

Instead, be a fast mover and leverage provided  building blocks to your advantage. Identity Management is a good example, you can roll your own in your solution or turn AAD B2C offering great value at limited costs (https://azure.microsoft.com/de-de/services/active-directory-b2c/). And talking about speed, just grab it and use it, nothing can be developed faster.

Alexander

.NET is back!

After years of being not so in focus as a development platform and sometimes even put into the legacy drawer, .NET in its  appearance as .NET Core seems to have more than a bright future now!

Microsoft just revealed at its Connect() event in New York that Samsung is going to support .NET Core on Tizen, the companies OS for electronic devices (watches, TVs, IOT, etc.) and Google also joins the party in the name of dotnet foundation (http://dotnetfoundation.org/blog/google-join-tsg).

This is huge, this is awesome, because all of a sudden .NET is back as true a cross-device development platform incorporating all the good stuff Xamarin brought into the company. Not only this, .NET Core is different than .NET, because it is Open Source and has a strong community backing, with over 60% of recent contributions made by 3rd party developers.

The “new Microsoft” does not stop surprising and innovating. 

 

http://dotnetfoundation.org/blog/google-join-tsg

 

I am looking forward, to see more!
With sails set in this direction, this can be just the beginning.

 

Alexander

How to start with Azure IOT

If you are a newbie to Azure or Azure IOT, you are certainly questioning yourself how to get into this new environment most efficiently.
Well, I just had to do this myself and here are the learnings!

As a prerequisite it would be great to be familiar with writing code and doing architectures for enterprise solutions, because Azure solutions are not so different per se. They only leverage new building blocks and occasionally have specialties emerging of their new type of infrastructure.

For a start it is good to have a look at the Azure IOT templates Microsoft is offering (currently for remote monitoring and predictive maintenance). With the templates, one should especially focus on the architecture, which is something that provides great insight into how Azure IOT solutions work and should be created.
However, I have found the implementation to be state of the art from an enterprise perspective, which means it really is very generic, but the bad thing about this approach for newbies is that due to lack of documentation it makes it very time-consuming to understand, what really is  going on in the solution. This is especially true, if you want to hook in to extend it!
In addition, I experienced some nasty PowerShell versioning issues using the deployment scripts for the templates. Not really fun.

 

Due this, I recommend to approach Azure IOT with the normal Azure documentation having the template architectures in mind. If you are doing a first POC or similar based on this, you may not create the most clean and generic architecture, but you will end up with a first solution to your problem you fully comprehend and that was fun to create!

Why? Well, because the general Azure documentation on the services used for Azure IOT is easy to understand and has great samples, which are fun to reuse in your own code.

So – do not loose time. I really liked how Azure IOT Hub compensates schema changes in e.g. telemetry messages (which normally break classical solutions!) and the flexibility as well as the potential of Stream Jobs / Web Jobs, which could be a killer feature in any of your next solutions.

Alexander

PS:
Yes sorry, it is European Soccer Championships over here currently! Therefore the soccer goalkeeper image, that has absolutely nothing to do with this entry’s content!

Azure Stack – The Game Changer

While having a “Cloud First, Mobile First” strategy makes a lot of sense, especially in consumer related projects, this approach is problematic in quite a few industrial and professional embedded scenarios.

Why?

Well, as a company you might not have connectivity for all your devices everywhere due to infrastructure/cost reasons or security/high-availability considerations.
In these scenarios one currently is quite left alone today by large SW vendors, with what was considered legacy datacenter technology.
However, some smart people at Microsoft have thought about this and have found a great solution!

What, if You could use Cloud (Azure) technology on-premises just as in the Cloud and maybe even transparently roam between the two just as required? Sounds good?
If that raises some interest with you, have a look at Azure Stack. Jeffrey Snover, aka the father of PowerShell, introduces the newest version of this game changing technology in his current blog post.

I consider this great news for all solution architects that have to cope with real world scenarios, which never are Cloud-only or datacenter-only!

Great work Azure Stack team! Keep it up, I am eagerly waiting for more to come. 🙂

 

Alexander

Windows Phone 8.1 VPN-Trigger for MDM managed devices

Well, let us start with the bad news first:

• FQDN triggers (http://my.companyintranet.com
• Domain suffix based triggers *.companyintranet.com

do not work on WP 8.1!

Why? – Well, I do not know and I really tried hard! 😦

 

 

However, you should specify the DNS Suffix *.companyintranet.com as well as the corresponding IP-Range (e.g. 10.0.0.1/8) in any case in your MDM VPN profile, to enable VPN split tunnels (this means: Intranet traffic goes through tunnel, all the other traffic through normal network connection), which does work!

To trigger a VPN connection, using an MDM deployed “automatic” VPN Profile, you can use PIDs, which e.g. can be found  here: https://msdn.microsoft.com/en-us/library/dn602089.aspx, or Product Family Names (PFNs, e.g. from package manifest, if you have a LOB app).
Generally VPN triggers do only work on “automatic” profiles!

PIDs only work with older WP8.0 or built-in apps (well, except for triggering IE, which does not work at all and that seems to be a bug).
If you have newer apps (e.g. based on Universal Windows Platform – UWP), only PFNs will work as triggers. Therefore, PFNs are the way to go forward.

Another trigger approach are IP-Range based triggers. If you call an IP-address in the intranet range specified ( 10.0.0.1/8 in our example) from an app,  a VPN Tunnel is launched. An interesting thing is that the phone does not care, if the address really exists. So calling any of the addresses within the range from an app, will open a VPN Tunnel.

I nearly forgot DNS shortnames, such as http://my . This way to trigger a connection  does work, but is not really often used, at least by my customers.

 

Happy Tunneling!

Alexander

Windows Phone 8.1 Enterprise Services and Certificates

Windows Phone 8.1 has some great enterprise features and is one of the most secure phones in the market.
However, there are some things to consider, if You want to use these devices in an MDM managed enterpise service (VPN/Wi-Fi) scenario.
One of these things are device certificates: Quite a few companies use several dedicated certificates to access enterprise services like VPN and Wi-Fi. This approach does not work with WP 8.1 phones, because they expect only a single device certificate per device and company root CA, not service specific ones.
Of course, you could roll-out a variety of different SCEP certificates via an MDM system, but the cert-picker on the phone will not automatically select the fitting certificate for a service, because it always chooses the first device cert from your company CA, it finds in the cert store!
This will naturally not always be the suiting one, which causes trouble accessing the service.

This behavior is by design and seems to be annoying at the first glance, but it is, if you think about it from an architectural perspective, much cleaner than the different certs for different services approach. A device certificate should only be used to authenticate the device and user against enterprise services, the related user / device rights should be stored in the directory services of your company.
Using this approach, rights management is much more transparent for administrators and not dependent on the possession of a certain service certificate. In addition, managing a single certificate is much less effort than multiple per device.

 

Alexander