Windows Azure Panel Discussion Q&A

  • Article

I am at the Azure Firestarter event in Redmond today which just finished with a panel discussion and Q&A.  Here are my notes.

Q: For Dallas, do I need to use C# to access the data?

A: No - it's pretty easy to use C# classes but Dallas exposes an OData feed so you need a language that can access a REST API.

Q: Is there pricing on the CDN?

A: Still preview. No pricing info.

Q: You mentioned you could run an EXE by hosting it in WCF. Will it recycle with the role or will it run persistently?

A: When I do this, I create a worker role that starts the process, wait for exit and if it exits throw an exception - which causes Azure to recycle the role and restart the EXE.

Q: Is it possible to have a private cloud?

A: Not today. No offering for that today. But it's under consideration.

Q: If I have an app that can't be deployed via xcopy - it requires something installed or configed, can it be run in Azure?

A: If the MSI can run as a non-administrator, you could conceivably run that and wait for it to finish in your OnStart method in the web role. Admin mode is coming later.

Q: Can we change the affinity?

A: No - once it's set cannot change.

Q: Suppose you have a web role that needs to adjust affinity based on work week differences in US, Europe and Asia?

A: If there are times when you don't need it in the U.S. - you could redeploy to a data center. You can create three applications - one in each place - but all will have different domain names. You could set up a DNS record on top of it.

Q: What kind of techniques have you seen to secure the SQL Azure connection string?

A: Those configuration files are encrypted when uploaded - you can use code-based cryptography to encrypt and decrypt the connection string when reading it.

Q: Is there a plan to expand COUNT support in Azure Tables?

A: No.

Q: When you roll out changes to the OS, how do we make sure it doesn't break?

A: The guest OS in the virtual machine doesn't change unless you update the OS Version string. The base OS actually running on the machine is updated but not the guest OS.

Q: Is there a Patterns & Practices document for building on-premises apps?

A: There is Windows Azure guidance is working on it. Eugenio Pace has been blogging on this at https://blogs.msdn.com/eugeniop/

Q: Is there a way to authenticate to Azure and use the service fabric to proxy authenticate?

A: No clear what the question is.

Q: What is your replication and disaster safety policy?

A: Create three replicas within the data center and also one shadow copy to another data center within the same region. If you choose US - North Central, there also is a US - South Central and we'll make a copy there. You'll never see it - it's only for disaster recovery if a data center is lost. Georeplication is planned for the future.

Q: What are the plans for SharePoint on Azure?

A: None of the slides put SharePoint on it now - not sure what the plans are around offering SharePoint developer services.

Q: Only thing we can't automate now using Service Management API is to create hosted services. Are there plans to change that?

A: Probably.

Q: How can I test in the cloud without exposing to the entire Internet?

A: You can write code to do this. There is nothing in the platform that helps. You could have an IP address whitelist and not allow through anything not on the whitelist.

Q: Does SQL Azure support page compression?

A: No

Q: Does 50 GB limit include the log?

A: No

Q: How do you manage compatibility if you upgrade to SP1?

A: Don't apply the service pack itself. We make modifications to the engine themselves. Will announce that as part of the service updates.

Q: Is SQL Azure good for OLTP or OLAP applications?

A: Primary application is light workload OLTP - types of traffic you see within a departmental application - hundreds of transactions per second. Have some customers hosting the cubes in the cloud and running analysis services on premises, but planning to make this available hosted this year.

Q: When will you get transparent data encryption?

A: SQL Azure is a multi-tenant system - managing the keys is a hard problem. It's on the roadmap but have some work to do.

Q: Why isn't the CLR enabled?

A: Haven't done enough testing - have to be sure that no malicious user can do something evil with a DLL even if it's marked safe. It's on the roadmap but have to be really careful about security around this.

Q: Can I use Bing to crawl my database?

A: Have a SQL Azure Labs site and can expose your DB as an Odata feed. Power of that is you can expose to non-MS clients like an iPhone app.

Q: When you said multiple tenants share the same data file did you mean that multiple databases are within the same MDF file?

A: That's correct.

Q: So each SQL Azure database isn't really a database it's effectively a set of tables?

A: There was an "under the hood" talk at PDC that you can look at to learn more about how this works.

Q: Isn't it scary to have SQL Server exposed on the Internet?

A: There is a firewall feature that restricts access to SQL Server based on IP addresses, and also prevent some user name /password changes.

Q: Can you put Microsoft PII data on an Azure database?

A: Not sure - need to get back to you on that.

Q: Can you use SQL Profiler?

A: No - but we are adding some DMVs to get that information.

Q: Can we authenticate to Azure using RSA two-factor ID?

A: No - today only a Live ID for the windows Azure portal

Q: Can we install Windows Media Services or third-party services?

A: Anything you can do as a non-administrative user you can do. You can add a managed module but to add a native module, you have to be able to do things you can't do as a non-admin. Have two features coming this year: admin mode and the VM role which allows you to deploy a VM instead of the base image.

Q: How long does it take to deploy millions of records to SQL Azure?

A: Depends on Internet connection speed, whether you're doing single inserts or bulk copy API.

Q: Mark was talking about session state - how do you do that without SQL Server

A: You can do it with the ASP.Net sample available on code gallery. There's another sample on codeplex that uses SQL Azure. You do want to test the performance on those though. Neither one of those clean out the session data for you. There's a KB article on how to set up the session state. Don't have a SQL Agent infrastructure to do cleanup - will need to roll your own.

Q: When will you increase beyond 50 GB?

A: Are there bigger databases in the future? Can probably assume there will be. Keep in mind that you really want to think about a scale out pattern.

Q: What's the motivation for multi-tenanting MDF files?

A: Better use of resources.

Q: Can you say what the releases are for Azure?
A: This year is all I can say.

Q: What's the best pattern for implementing a cold storage / hot storage model?

A: Cold storage wherever you started should probably move to Windows Azure storage at some point. Where to put the hot data depends on the access patterns - a lot of writes? A lot of reads? Can put data in SQL Azure that they're doing a lot of querying against but then migrate to even a Windows Azure blob after a while.

Q: If someone has 3 TB of data can they send you the data on a DVD to upload it to SQL to avoid connection costs for the upload?

A: No plans at present but it's a great idea.

Q: What kinds of things are people doing with Python?

A: Haven't seen much on Python.

Q: Is there academic pricing for Azure?
A: There is programmatic things where we give it out to universities. Talk to your account manager.

Q: You mentioned throttling - at what point does an app get cut off?

A: Answer differs between Windows Azure and SQL Azure. For Windows Azure table storage, it's about 500 rps. Beyond that we start to suspect a DoS attack. You'll get error messages and handle those and back off. For SQL Azure - there's no connection limit but it's like being on an airplane you can spread out a bit. If you start using all the resources on the box, you will get a throttling specific error message and kicks in around 5 minutes per query. The way to handle this is scale out. Buy more databases to avoid hammering one, or do better partitioning so it can be spread out. The limit is per partition. For tables, it's a partition key; for blobs, it's the blob name; for queues, it's the queue name. For SQL Azure database, it's the database.

Q: At SxSW there was a Facebook toolkit deployed. Any experiences?

A: It's based on best practices of people who've actually built some Facebook apps on Azure.

Q: Is there a standard way to synchronize between on-premises and cloud DBs?

A: Yes -it's on the Windows Azure portal.