Welcome me to Aditi

Change is good.

After 7 years working for the worlds greatest software company Microsoft I decided a change was needed, and new challenges to be found. My last day was 9/6/13.

It was a great 7 years and I’ve done some pretty amazing things,  kick started the Windows PowerShell training, built the mega demo DinnerNow and Visual Studio 2008 training kits. Then it was onto Windows Azure. I was the first Azure evangelist in 2008 and worked with the original A-team, Ryan Dunn, Vittorio Bertocci , Zach Owens, Steve Marx, James Conard and Wade Wegner. We started Cloud Cover, shipped a few PDC keynotes, built the Windows Azure training kit and worked the Azure magic on the conference circuit. We were Microsoft Evangelists and we lived the dream. Everyone has since moved on, some have other roles in MS and others have left. The fun things is, all those that have left now work at Aditi Technologies.

I’m pleased to be back working with some of the most talented people i know at Aditi Technologies. I joined Monday as the general manager for cloud services. There I will continue to work on Windows Azure projects with a great team of Cloud Architects. I’ve spent the last few days in a secret location with Wade (the CTO) and others on the leadership team, drinking from the fire hose and I feel pretty refreshed. I cannot say much more, other than this is an incredibly exciting place to be right now.

I’ll miss working with all the great people at Microsoft – but raise your glass to change and new beginnings.

 

How to use Diagnostics.wadcfg to configure Windows Azure diagnostics collection

When a role imports the Diagnostics module by using the service definition, the Diagnostics module looks for a file named “diagnostics.wadcfg” in the root directory of the role. This file can be deployed in the same place as your app.config/web.config file.

The file is used by the diagnostics agent to create the initial profile for collection. You can modify the settings after deployment using the PowerShell cmdlets I’ve talked about previously.

Here is a sample file. It should be pretty straight forward to understand. Note, times for seconds would be in the format PT30S, this representing 30 seconds.

<?xml version="1.0" encoding="utf-8" ?>
<DiagnosticMonitorConfiguration xmlns="http://schemas.microsoft.com/ServiceHosting/2010/10/DiagnosticsConfiguration" configurationChangePollInterval="PT15M" overallQuotaInMB="4096">
  <WindowsEventLog bufferQuotaInMB="1024" 
                   scheduledTransferLogLevelFilter="Verbose" 
                   scheduledTransferPeriod="PT10M">
    <DataSource name="Application!*"/>
    <DataSource name="System!*"/>    
  </WindowsEventLog>
  <DiagnosticInfrastructureLogs bufferQuotaInMB="1024"
                                scheduledTransferLogLevelFilter="Verbose"
                                scheduledTransferPeriod="PT10M" />
  <Logs bufferQuotaInMB="1024"
        scheduledTransferLogLevelFilter="Verbose"
        scheduledTransferPeriod="PT10M" />
  <PerformanceCounters bufferQuotaInMB="512" scheduledTransferPeriod="PT10M">
    <PerformanceCounterConfiguration counterSpecifier="\Memory\Available MBytes" sampleRate="PT5M"/>
    <PerformanceCounterConfiguration counterSpecifier="\Processor(_Total)\% Processor Time" sampleRate="PT5M"/>
    <PerformanceCounterConfiguration counterSpecifier="\Network Interface(*)\Bytes Sent/sec" sampleRate="PT5M"/>
    <PerformanceCounterConfiguration counterSpecifier="\Network Interface(*)\Bytes Total/sec" sampleRate="PT5M"/>
  </PerformanceCounters>  
</DiagnosticMonitorConfiguration>

All you really have to do is drop that file in the root directory of your role and you are done!

The documentation here, suggests that you would use code to configure diagnostics. If you have ever read any of my blog posts you probably know how I feel about that. (Note: for those that haven’t its just wrong to use code. Really ops should be supplying this file for production. You have an ops team right?)

THIS POSTING IS PROVIDED “AS IS” WITH NO WARRANTIES, AND CONFERS NO RIGHTS, UNLESS MY BROTHER GAVE YOU THE SECRET CODE.

Encrypting and Decrypting in Windows Azure

When deploying applications to Windows Azure, you probably will be dealing with encrypted connections strings, passwords and other such things. If you have ever used Remote Desktop, you will have noticed an encrypted password, along with a certificate that is used to encrypt the password. You can of course do the same with your secret things too.

Doing this creates the need for a tool to encrypt such settings. There are a few posts out there that show how to decrypt the values in code (you can grab some from here), you still need a way for operators to create these values in the first place. I thought a couple of PowerShell scripts should do the trick nicely.

You will need the thumbprint of a certificate in the CurrentUser\My store, which would be the same cert you deploy with you Azure deployment in order to decrypt.

The Encrypt function looks like:

Function Encrypt($stringToEncrypt, $thumb)
{
    $cert = get-item cert:\CurrentUser\My\$thumb
    [System.Reflection.Assembly]::LoadWithPartialName("System.Security") | out-null
    $passbytes = [Text.Encoding]::UTF8.GetBytes($stringToEncrypt)
    $content = New-Object Security.Cryptography.Pkcs.ContentInfo -argumentList (,$passbytes)
    $env = New-Object Security.Cryptography.Pkcs.EnvelopedCms $content
    $env.Encrypt((new-object System.Security.Cryptography.Pkcs.CmsRecipient($cert)))

    [Convert]::Tobase64String($env.Encode())
}

The Decrypt function looks like:

Function Decrypt($EncryptedString, $thumb)
{    
    $cert = get-item cert:\CurrentUser\My\$thumb    
    [System.Reflection.Assembly]::LoadWithPartialName("System.Security") | out-null
    $encodedBytes = [Convert]::Frombase64String($EncryptedString)
    $env = New-Object Security.Cryptography.Pkcs.EnvelopedCms
    $env.Decode($encodedBytes)
    $env.Decrypt($cert)
    $enc = New-Object System.Text.ASCIIEncoding
    
    $enc.GetString($env.ContentInfo.Content)    
}

Usage is simple:

$pwd = Encrypt "TheDavidAiken" "39836617C1A2BBAC6F90C0224C31B019854C6659"
Decrypt $pwd "39836617C1A2BBAC6F90C0224C31B019854C6659"

Enjoy.

THIS POSTING IS PROVIDED “AS IS” WITH NO WARRANTIES, AND CONFERS NO RIGHTS, UNLESS YOU HAVE A NOTE FROM MY MUM