Cloud9

Great Great Great Quote from Biztalk Mapping Book from Apress

Anyone who has spent much time in the IT world knows that success is often due in

very large measure to those who came before us who took the time to stop and explain a

technique or a method, patiently guided us past our mistakes, or had the grace to let us

learn from our failures. While the debt incurred cannot be paid back, it can certainly be

acknowledged. So we raise our glasses to the many individuals in our checkered pasts

who viewed expertise as something to be shared and not hoarded.

Share This Post:

Posted On Thursday, February 25, 2010 12:26 PM | Feedback (0)

WS-Discovery acting flaky from Host with Hyper-V virtual interface enabled

I ran into a situation where I was trying out WS-Discovery.

you know the new WCF capability that allows you dynamically find services on your local network.

Which would come in handy if say some company created software that ran on windows and hosted some services that could automatically link up with co-workers clients like windows phone and maybe even the plasma screen or microsoft surface computer?

Well i ran into a little hiccup today where enabling the virtual network interface for Hyper-V on my laptop caused discovery to throw an exception...

I ran the DiscoveryChat solution from the .NET40 training kit february drop

(the "end" solution at
C:\VS2010TrainingKit\Labs\WhatsNewInWCF4\Source\Ex4-ServiceDiscovery\End\C#)

and in the OnFindCompleted method

( the method that asynchronously returns with the discovery client is done )

FindCompletedEventArgs.Error returned an exception

here are the details...

-----------------------------------------

FindCompletedEventArgs.Error is not null.

[System.ServiceModel.CommunicationException] = {"An unexpected socket exception occurred when sending data. See inner exception for details."}

InnerException = {"A socket operation was attempted to an unreachable host"}

StackTrace = "\r\nServer stack trace: \r\n at System.Runtime.AsyncResult.End[TAsyncResult](IAsyncResult result)\r\n at System.ServiceModel.Channels.ServiceChannel.SendAsyncResult.End(SendAsyncResult result)\r\n at System.ServiceModel.Channels.ServiceChannel.EndCal...

source mscorlib.

next steps

------------------------------------------------

after bumbling around in different places i started playing with my network interfaces...
I have three network interfaces in my Control Panel\Network and Internet\Network Connections

1. Local Area Connection (Broadcom NetLink (TM) Gigabit Ethernet)

2. Local Area Connection - Virtual Network (probably from Hyper-V)

3. Wireless Network Connection (Intel(R) WiFi Link 5300 AGN)

i disabled 2 and 3 and discovery worked

i re-enabled and reproduced the error

i enabled everything then disabled Virtual Network and.. ooo nooo .. it worked!

I then disabled the Virtual Network and it didnt work :(

Just to make sure I turned on one of the Hyper-V servers and browsed a website from inside the VM pinged it pinged from the VM to my host and to other machines on the network finally i enabled everything then disabled Virtual Network it worked!

I then disabled the Virtual Network and it didnt work :(

Share This Post:

Posted On Wednesday, February 17, 2010 7:35 PM | Feedback (1)

SAAS vs Software + Services

Saas vs. S+S
Saas is an architectural paradigm where a solution architecture can benefit from the economies of scale of the data and behavior of that architecture being built and hosted in the cloud by a third party in a multitenant fashion.

Software + Services is an architectural paradigm where a solution architecture can achieve some of the same economies of scale as Saas while simultaneously benefiting from the synergies and efficiencies of the data and behavior of that

architecture being partly built on premises and partly built by third parties in a multitenant fashion, as well as, partly hosted on premises and partly hosted in the cloud in a multitenant fashion.
The cloud meaning, from an application standpoint, a set of applications or services with standards based interoperable interfaces that can be easily reachable and easily composed from any platforms in any locations with an internet

connection. The cloud also meaning, from an infrastructure standpoint, a set of connected data centers providing elastic compute, elastic storage and other enterprise SLAs for those applications or services.
Multitenant meaning application routines, data and infrastructure meant to be built and hosted in a shared manner among multiple clients of the Saas organization.
In Software + Services the degree to which solution architecture is partly hosted on premesis or in the cloud, or, the degree to which the application is built from 3rd party services or software vs. homegrown software can be anywhere

along a spectrum of totally homegrown and hosted in house with small amount of 3rd party to almost totally a Saas model except for some code running on premises or close to the consumer of that data or behavior.
The "Software" in Software + Services alludes to data and routines executed or stored as close to the consumer as possible and/or on-premise inside corporate firewall. This could include everything from thick clients on desktops or

server software inside corporate firewalls to Silvelight web based applications to clients on roaming mobile phones.
The "Services" in Software + Services allude to data and routines running in the cloud. The cloud meaning, from an application standpoint, a set of applications or services with standards based interoperable interfaces that can be

easily reachable and easily composed from “the Software” which is hosted on any platforms in any locations with an internet connection. The cloud also meaning, from an infrastructure standpoint, a set of connected data centers

providing elastic compute, elastic storage capabilities and other enterprise SLAs for the “Services”.
The "+" in Software + Services is probably the most important part of the equation. The "+" alludes to the set of technologies and architectural patterns that provide the bridge out from the domain of the "software" to the domain of

the "services" and vice versa. There are certain challenges that must be met to achieve this connectivity which include identity projection, firewall traversal and possibly data synchronization.
Think of the "Software" and "Services" as the neutrons and electrons of the architecture. Then the "+" would be the strong nuclear force which combine to make the sum way more than its parts. The same way that neutrons and electrons

combine with the strong nuclear force to achieve the foundation of our reality, is the same way Software + Services will form the foundation of a global computing platform.
A smart man once said "The Network is the computer". I think this is what he meant.

Choices organizations make for their solution architectures from Saas to anywhere on the spectrum of Software + Services affect the costs, architectural flexibility and control of the infrastructure that hosts the solution and its data

and behavior.

You can also start left or right on this spectrum depending on your scenario. For example an organization with significant investments in on-premise software might be on the extreme left and start slowly by moving some small degree to

the right. A start up company might start out totally on the right with all thier software assets in the cloud but slowly move degrees to the left over time. A Saas ISV might have all the tiers of thier application hosted in the cloud

but bring some of it's power closer to the consumer by building a mesh enabled front end.

Costs of infrastructure
------------------------------------------
Saas
Saas providers like salesforce.com manage large data centers that service all of their customers.
You gain cost savings on the capital expense of designing and provisioning a data center to support your application.
You gain cost savings on the operational expense of running and managing the lifecycle of that data center. The costs savings here are spread across all the tenants of that data center e.g. all the clients of salesforce.com. As

Salesforce learns more and more about how to improve their data center, from all their client experiences, those benefits are passed on to all their customers.
You gain many economies of scale.

Software + Services
Software + Services solutions leverage some of the Saas like economies of scale of cloud based infrastructure but also the computing power that is near the consumer of the application.
For example the ability to leverage the compute and storage of a mobile phone or laptop for the data and behavior of live mesh based applications.
This would provide some additional infrastructure cost savings vs. a solution entirely built and hosted in a Saas model.

Architectural flexibility of infrastructure
------------------------------------------------------------------------------------
Saas
Many Saas providers let you request additional compute and storage for your application on demand. If you are suddenly serving double your customers from last month you can pay for extra storage capacity.
If your application runs on servers alongside partner applications behind the same firewall you can imagine easier integration scenarios.

Software + Services
Software + Services solutions leverage some of the Saas like flexibility of infrastructure I just mentioned but also some additional architectural choices like disconnected client access or integrating with other on-premise or mobile

operating system software. This application can simultaneously leverage compose able Saas like services in the cloud for collaboration. For example the instant message client this same application would require some compute and

routines on centralized cloud servers to route and process messages.

Control of SLAs of the infrastructure
------------------------------------------------------------------------------------
Saas
With Saas Unfortunately you lose control. Not that losing control of the infrastructure of your data center is good or bad but a functional requirement of your solution architecture might be to have control over some SLA like the

geo-location of your servers that host your data.
Another affect of control of your SLA would be that salesforce.com might be able to guarantee .999 percent availability but you need .99999999.
Examples are flight control systems availability or a government or industry regulation that forces a health provider to keep machines that host patient data within the walls and behind the firewall of the provider organization.

Software + Services
Software + Services provide choice. If you need control of an SLA you can have it. You just run that part of your solution architecture on-premises and the rest you put in the cloud.
Example is NASA flight control system. You want that system to be inside the NASA space center in control of your specialized engineers but all the data it generates you can shoot up into the cloud for heavy analysis. You could

imagine an application that compares this archived analysis results with current real-time flight data to report deviations and anomalies.

Costs of the data
------------------------------------------------------------------------------------
Saas
Data must be backed up, recovered and protected.
Databases must be procured and installed.
With Saas provider you gain cost savings on the capital expense of purchasing and installing a database or designing and building a database schema and/or data warehouse.
You gain cost savings on the operational expense of managing the lifecycle of your database, backing up, recovering and protecting the data within it. The costs savings here are spread across all the tenants of the Saas data

architecture e.g. all the clients of salesforce.com. As Salesforce learns more and more about backup and recovery processes, or more efficient or effective data models across all their client experiences, those benefits are passed back

to all customers.

Software + Services
You may find that hosting your data in the cloud adds some overhead in terms of meeting compliance requirements.
This cost may be prohibitive or slow down your business. You may want to host a slice of your data in house, the slice that would be costly in terms of meeting compliance.

Architectural flexibility of the data
------------------------------------------------------------------------------------
Saas
Since your data model is similar if not the same as other clients of the Saas provider many data integration scenarios are easier to achieve with partners.
Data can be analyzed across Saas customers and aggregated results passed back to the benefit of all customers. Mergers and acquisitions would be easier and faster to execute. Even across different Saas providers if both Saas providers

have done integrations together before.

Software + Services
Having some of the data in the domain or location of the consumer of the data; be that on a mobile device offline or behind corporate firewalls may provide some required architectural choices.
Data stored on decentralized mobile devices can continue to work. In addition you can take advantage of peer to peer architectures for your data that may save you from using up too much of the clouds bandwidth and more of your

consumers bandwidth. You may have an application on a device that needs to share data across co-located devices. Or some of that data may need to reside in house to provide decision support for a set of machines on an assembly line.

Control of SLAs of the data
------------------------------------------------------------------------------------
Saas
With Saas unfortunately you lose control. Not that losing control of the SLAs around your data are good or bad but a functional requirement of your solution architecture might be to tag certain data for regulatory reasons in the

particular industry or sub industry you are in.

Software + Services
Cloud based data solutions offer high scalability but maybe not the performance you require.
Real time processing of flight data needs to happen quickly. You may not have 1000 users but just 5 engineers that need data analyzed real-time of the last 100 gigs of data. But the rest of the data can be archived in the cloud for

analysis by the entire staff of NASA as part of the same application.

Costs of building application features
------------------------------------------------------------------------------------
Saas
Features are already coded for you; you just ask to turn them on. You don’t have to buy programmers to create features.
Ongoing maintenance and debugging of application features are done by a team of many programmers highly in tune with the problem domain and the benefits of fixes are spread out to every one of the Saas providers clients.
Lessons learned are baked into the system across all of the experiences with the tenants of the application. Economies of scale on the ongoing improvement of the software are achieved.

Software + Services
Software + Services provide choice. While leveraging the economies of scale of Saas, S+S also allows you to defined specialized routines that apply to your specific scenario.
It may cost less for you to build these specialized routines in house as your team is highly performant in the unique aspects of your business needed these specialized routines.

Architectural flexibility of building application features.
------------------------------------------------------------------------------------
Saas
Saas lets you easily expose functionality to partners outside of your firewall from its central perch in the sky.

Software + Services
Software + Services lets you combine the architectural benefits of connectivity in the sky with the ability to connect to legacy on premises apps or software in client machines.

Control of SLAs of building application features
------------------------------------------------------------------------------------
Saas
With Saas unfortunately you lose control. You may want to log for auditing purpose every time an image from a radiology application is erased from a patient record.
You might have to live with the default feature set of a Saas provider that does not do this.

Software + Services
Software + Services give you back some control. You can connect to application features in the cloud and add your own features with specialized steps as you see fit.

Share This Post:

Posted On Tuesday, February 09, 2010 11:31 AM | Feedback (0)

Green Health Solutions

Putting my last attempt at creating a business on the shelf...

Passed to second round of grant funding but ultimately did not receive grant.

We were looking to submit GHS for the first round of federal grants being offered for HIT Regional Extension Centers.

Bio....

Green Health Solutions Inc. (GHS) a non-profit, minority owned Health Care
Information Technology Company, will support President Obama's goal of
strengthening the quality, affordability and security of the United
States health care system by providing non-profit information
technology training, non-profit information technology consulting
services, and research to help move the United States health care
system towards broad adoption of standards-based electronic health
information systems, including electronic health records.

Green Health Solutions Inc. (GHS). will accomplish this by:
1 - Retaining a board and set of advisors comprised of healthcare
industry and technology experts that provide immediate experience and
credibility in the healthcare information technology field.
2 - Retaining the services (either as consultants or employees) of
experienced technologist and industry experts.
3 - Re-training experienced technologists to understand existing and
legacy health care systems.
4 - Training technologists to understand and/or achieve certification
in new and existing technologies that can support president Obama's
health care computerization goals.
5 - Managing and/or staffing projects that help move the United States
health care industry participants from inadequate technologies to new
technologies utilizing a workforce that includes the aforementioned
resources.

Company Leadership
-------------------
Hector M Rodriguez, MBA
Hector Rodriguez is Microsoft's Health Plans Industry Technology
Strategist in the Microsoft Health & Life Sciences Industry Unit. He
Focuses on working with Microsoft's health plan customers, partners,
product groups, and field resources to understand the Healthcare
industry's current challenges and to formulate end-to-end solution
scenarios to address those challenges.

Shahid Shah
CEO of Netspective, a Java/.NET enterprise architect, a Microsoft
Architect MVP, and SOA consultant/speaker that specializes in
healthcare IT with an emphasis on e-health, EMRs, data integration,
and legacy modernization. Served as HIMSS Enterprise IT Committee
Member.
Over the last 15 years the health IT positions held include Virtual
CTO for CardinalHealth's CTS unit, CTO of a Elect ronic Medical
Records (EMR) company, a Chief Systems Architect at American Red
Cross, Architecture Consultant at NIH, and SVP of Healthcare
Technology at COMSYS.

Shashi Raina, MBA, PMP, MCTS Biztalk Server
Principle Consultant for Enterprise Integration at 26ny specializing
in EDI and integration solutions on the Microsoft platform.

Juan C. Suero
I am a Enterprise Integration consultant with 10 years experience
specializing on (but not limited to) the Microsoft platform. That
includes forthcoming Cloud based technologies like windows Azure and
.NET Servicebus as well as Identity technologies such as Windows
Geneva.
I have taken some time off to study integration as it pertains to the
Health Care Industry. Hl7, HIE, NHIN, and HealthVault. I attended
HIMSS 2009 in Chicago and plan on attending further HIT conferences
such as NHIN connect training and HealthVault in June.

Strategic details...

Partners:
Tellago a Microsoft Gold Partner for technology implementation. They have Health Care experience.
http://tellago.com/

Ephren W. Taylor II
Socially Conscious Capitalist, CEO of City
Capital Corporation, more famously know as the the youngest African
American CEO of a publicly traded company. He has stated his
intentions to help and his team going through its due diligence on it.
http://www.citycapitalcorp.net/index.html

One of our Board Members is
Hector M Rodriguez Microsoft's Health Plans Industry Technology
Strategist in the Microsoft Health & Life Sciences Industry Unit

Below is
1. Our approach to Regional HIT Centers

One of the requirements is that we are able to serve 1000 providers over a two year period. We think
we have a way to accomplish the goals of the HIT Regional Center program sustainably, cheaply and effectively.
Current lightweight, off the shelf, open source clinical systems that
together help providers fill the goal of the federal legislation,
but refactor them and host them in Microsoft Azure Cloud
then add what is missing in terms of the federal legislation or "meaningful use"
These systems would be a suite, 2 or 3 of integrated systems that integrate with each other and integrate to other providers we service.
Reason for Azure Cloud... economies of scale, save on hosting, pay as you go.

Our strategy looks to be as friction free as possible leveraging Microsoft Azure and windows 7 netbooks a la the
following presentation from
Mark D. Smith, MD, MBA, President and CEO of California HealthCare Foundation
http://www.healthvault.com/chc2009/MarkSmith.asx

It looks to leverage disruptive innovation via Microsoft Cloud OS and
be used as a platform for further disruptive innovation.
Ideas from "The Innovators Prescription", a book by Clayton M. Christensen
professor of business administration at Harvard Business School
http://innovatorsprescription.com/

Part of our solution is also to leverage informatics graduates and
interns, particularly minority students, to help us scale to 1000
providers served in the next 2 years.
They have enough domain knowledge and enough technical skill to
interface as necessary through the relationship with the provider.
And this would strengthen the communities they live in.

Our desire is to also jump start minority I.T. or informatics graduates
into a field that will see significant growth and resource shortages
in addition to secure long-term employment that is difficult to
outsource to other countries.

Share This Post:

Posted On Tuesday, February 09, 2010 12:04 AM | Feedback (1)

Azure storage partitioning strategy question

I asked someone the following question..

in the following code... ( from MSDN Mag 2010 issue ( thomas erl ))

    [Description("PartitionKey=UserId, Rowkey=AccountId")]
    public class UserAccountBalance : TableServiceEntity
    {
        public double Balance { get; set; }
        public UserAccountBalance()
            : base(Guid.NewGuid().ToString(), Guid.NewGuid().ToString())
        {
        }
        public UserAccountBalance(Guid userId, Guid accountId)
            : base(userId.ToString(), accountId.ToString())
        {
        }
    }

is this creating 1 partition for every UserID in the system?

My understanding of partitions is that lets say I have 50 records for each user and I have 10,000 users.. my query doesnt have to do a table scan of the entire 10,000
to find the 50 records im interesting in for that query therebye improvign performance.
and that other tricks can be done with the 50 recrods like moving them around maybe closer to where they are queried the most.. e.g if my user is coming from California then he hits the Webrole instance in the west coast datacenter and somehow Azure is able to learn to move the Cali user data closer to that WebRole instance.
But a guy from New Yorks records would be moved to the Chicago datacenter as he would mostlikey acccess the Chicago WebRole instance doing the query.

that being said.
THe wouldnt the UserId as Partition key fragment the data all over the place?
or does Azure begin to seperate records out to servers based on performance even though I started with 1 record per partition?

I can see how a table that keeps track of a users historical bank transactions can be partitioned based on UserId
but bank balances seem to be 1 record per user.

thanks.

and got the following answer.....

Usually, you choose a PartitionKey based on 2 factors.

1. Entities within the same partition are usually stored on the same server. Obviously, a search across several servers (even in the same data center) is slower than a search on a single server.

2. PartitionKey is indexed. That means if you query entities for a particular partition, you don't need to perform a table scan.

Both factors need to be considered. And sometimes, they may interdict with each other. For example, if you have too many entities in a partition, you must scan more data when you want to query a particular partition. But if you divide the partition into several small partitions, there's no guarantee that they will be stored on a single server (they may or may not)...

On the other hand, if your query doesn't contain a PartitionKey or RowKey, you're always required to do a table scan, because only PartitionKey and RowKey are indexed. So for the bank balance table, I'm not sure why the author chooses UserID as PartitionKey, but probably because most queries are done per user, so it is desired to index the UserID.

As for data centers, we do not automatically store the data in a data center that is near the user's request location. When creating the storage account, you're required to choose a data center. If you want to serve global users with great performance, you need to create serveral different storage accounts targeting different data centers.

Share This Post:

Posted On Thursday, January 14, 2010 10:33 AM | Feedback (0)

ADFS20 Federated Authentication step lab environment issue you will run into ( and the solution )

first a note: I know this is the name of my blog is cloud9 and im supposed to be talking about Azure but just like everyone has thier pronounciation of the word Azure... I have my own defintion or vision of what Azure is. Azure is the core of a software + services platform. At this point in the game you might be saying DUH.. Whatever. Well let me just whatever your whatever lol.
Azure = S+S = ( Azure Cloud, ServiceBus, Identity Metasystem (ACS/WIF/ADFS20/Cardspace etc), Dublin, WCF, WF, REST, Silverlight, the browser, ASP.net and of course the .net framework )
Its also a set of architectural patterns on top of these technical elements that include SOA, n-tier app dev and all the message based patterns you used in Biztalk server.
and finally it will be this forthcoming modeling layer that sits ontop of EVERYTHING i just mentioned.

and now on to the real reason for this post...
ADFS20 Federated Authentication step lab environment issue you will run into ( and the solution )

there is a document called HowToSetupGenevaServerFederatedCollaborationTestLabEnvironment.pdf
its about 40 pages long and supposed to take 4 hours to complete (YEAH RIGHT!)

anyway.
ive done run through this document for Geneva Beta 1, Beta 2 and the RC.
the last step of setting up this lab, step 8 on page 39 talks about obtaining
a certificate from the CA and setting its private key PIN

but when you try to request a User certificate the MMC barks at you saying that it cannot access the
certificate revocation service.

Im sure there are alot of people like me who were ( or are ) total Newbs when it comes to PKI, CRL, CAs, Certificates, heck maybe even Active Directory Group Policy

But these things are VERY important when setting up this new world of Claims based authentication because they all come into play to enable the infrastructure to do the Client, STS, Relying party dance.

so what happened in the lab demo?
how do you fix a certificate revocation service access problem?
The first thing i did was turn off all my firewalls.
That didnt work.
Then i remembered the previous labs where I had to actually configure something in the CA and then in Active Directory.
seems like these steps were left out of the HowToSetupGenevaServerFederatedCollaborationTestLabEnvironment.pdf
for ADFS20 RC.

but here they are for your pleasure.

please replace the appropriate names for the ones in your environment im not going to sit here and make this perfect for you lol.

Push user certificates to the servers
Configure Group Policy on both the sts1 and sts2 VM computers using the following procedure.

To push computer certificates to the servers
1. Log on to sts1 and sts2
2. Click Start, click Run, type mmc, and then click OK.
3. On the File menu, click Add/Remove Snap-in, and then click Add. The Add or Remove Snap-ins dialog box opens.
4. In Available snap-ins, scroll down to and double-click Group Policy Management Editor, and then click OK. The Group Policy Wizard opens.
5. In Select Group Policy Object, click Browse. The Browse for a Group Policy Object dialog box opens.
6. In Domains, OUs, and linked Group Policy Objects, click Default Domain Policy, and then click OK.
7. Click Finish, and then click OK.
8. Double-click Default Domain Policy. In the console, expand the following path: Computer Configuration, Policies, Windows Settings, Security Settings, Public Key Policies.
9. Double-click Certificate Services Client - Auto-Enrollment. In Configuration Model, select Enabled.
10. Select the Renew expired certificates, update pending certificates, and remove revoked certificates check box.
11. Select the Update certificates that use certificate templates check box, and then click OK.
12. In the Default Domain Policy console, expand the following path: User Configuration, Policies, Windows Settings, Security Settings, Public Key Policies.
13. Double-click Certificate Services Client - Auto-Enrollment. In Configuration Model, select Enabled.
14. Select the Renew expired certificates, update pending certificates, and remove revoked certificates check box.
15. Select the Update certificates that use certificate templates check box
16. Select the Expiration notification check box, and then click OK.
17. Leave this snap-in open and move to the next procedure.

Configure certificate templates
Configure the domain user certificates in AD CS on the sts1 and sts2 VM computers using the following procedure.
To configure certificate templates
1. Log on to sts1 and sts2
2. Click Start, click Run, type mmc, and then click OK.
3. On the File menu, click Add/Remove Snap-in, and then click Add. The Add or Remove Snap-ins dialog box opens.
4. In Available snap-ins, double-click Certification Authority. Select the certification authority (CA) that you want to manage, and then click Finish. The Certification Authority dialog box closes, returning you to the Add or Remove Snap-ins dialog box.
5. In Available snap-ins, double-click Certificate Templates, and then click OK.
6. In the console tree, click Certificate Templates. All of the certificate templates are displayed in the details pane.
7. In the details pane, right-click the Web Server template, and then click Properties.
8. On the Security tab, click Add, in the Enter the object names to select text box type Domain Computers, and then click OK.
9. In Permissions for Domain Computers, under Allow, select the Read and Enroll check boxes, and then click OK.
10. On the Security tab, click Add, in the Enter object names to select text box type Domain Controllers, and then click OK.
11. In Permissions for Domain Controllers, under Allow, select the Read and Enroll check boxes, and then click OK.
12. In the details pane, right-click the User template, and then click Duplicate Template.
13. In the Duplicate Template dialog box, select Windows Server 2003, Enterprise Edition, and then click OK.
14. On the General tab, in Template display name, type Geneva Users.
15. On the Subject Name tab, unselect the Include e-mail name in subject name and E-mail name check boxes.
16. On the Request Handling tab, make sure that the Allow private key to be exported check box is selected.
17. Click the Security tab. In Group or user names, click Domain Users.
18. In Permissions for Domain Users, under Allow, select the Enroll and Autoenroll permission check boxes, and then click Add.
19. In the left pane of the Microsoft Management Console (MMC), double-click Certification Authority, double-click the CA name, and then click Revoked Certificates.
20. Right-click Revoked Certificates, and then click Properties.
21. On the CRL Publishing Parameters tab, set the CRL publishing interval to 2 years and clear the Publish Delta CRLs check box, and then click OK.
22. In the console tree, right-click Certificate Templates, point to New, and then click Certificate Template to Issue. The Enable Certificate Templates dialog box opens.
23. Click Geneva Users from the list, and then click OK.

Share This Post:

Posted On Wednesday, December 23, 2009 2:32 PM | Feedback (0)

Runtime Customization of Microsoft.IdentityModel configuration

Below is a Microsoft.IdentityModel configuration you might find in a web.config or app.config that hosts websites or webservices that leverage Claims based authentication and authorization.

If your requirements require you to do this at runtime at the start of the app you can do the following....

void Application_Start(object sender, EventArgs e)
{
FederatedAuthentication.ServiceConfigurationCreated += new EventHandler<ServiceConfigurationCreatedEventArgs>(FederatedAuthentication_ServiceConfigurationCreated);
}

void FederatedAuthentication_ServiceConfigurationCreated(object sender, ServiceConfigurationCreatedEventArgs e)
{
// you can configure ServiceConfiguration by accessing e.ServiceConfiguration

}

f

You might want some simple wizards around application administration and setup for example if you are reselling your same software to many different companies... and you dont want them to muck around with security.. just set it up based on initial values and save that in the database to called upon application initialization.

federatedAuthentication is different..... that config is associated with federated authentication http modules so you have to catch another event inside the ASP.net pipeline.

service certificate and audience uris

e.ServiceConfiguration.AudienceRestriction.AllowedAudienceUris.Add("<your audience uri>")
e.ServiceConfiguration.ServiceCertificate = <your certificate>

For configurations insdie wsFederation, you will have to add the following to your global.asax:

void Application_AuthenticateRequest(object sender, EventArgs e)
{
FederatedAuthentication.WSFederationAuthenticationModule.Issuer = "<your issuer>";
FederatedAuthentication.WSFederationAuthenticationModule.Realm = "<your realm>";
}

Share This Post:

Posted On Monday, November 30, 2009 9:05 PM | Feedback (0)

Is Biztalk Dublin is Dublin Biztalk?

Someone out in the ether asked a question that I have heard many times and i just shake my head.

With "Dublin" on the horizon as the future distributed application server role for Windows, does it make sense for Microsoft to call this new role "Windows BizTalk Services"?

my answer is ...

I don't think they want to do that.
Biztalk and Dublin are different products.
Biztalk is an application integration messaging server.
Dublin is an application server.
Biztalk integrates applications. Dublin runs applications.

Someone develops a line of business application or server for example like a CRM system.
They expose functionality to itself and to the outside world by installing bits in Dublin.

If you want to integrate your CRM system with some other system.
like an ordering application that takes thousands of orders from the internet.
you don't necessarily want your endpoints exposed to such high traffic.
You can drop those messages in Biztalk and it will queue them up for you
letting your downstream app "catch up"

Biztalk is all about receiving messages and queuing them quickly
with the ability to possibly transform those messages into a structure that you can handle uniformly.
A set of canonical types of just all XML.

In application architecture they have the n-tiered design.
They separate these things for logical and physical strategies.
In one of the tiers you might do ADO.NET in another you might do ASP.NET
Both of these things do similar things if you think about it.
They take some data from the user and processes it and spits back a response.
Both use similar patterns of OO, the .NET framework etc. etc.
But they are very different animals too.
even though you can manipulate both with visual studio.

The analogy is the same in Dublin vs. Biztalk.
Even though they have similar tools and provide similar patterns and abstractions they are different.. very different tools
for different strategies.
Yes they both exist in the applications integrations space but I think Dublin exists more on the application end. To host endpoints and their application protocols and whatnot.

If im an ISV selling an enterprise application that you can plug into your SOA
its gonna need to be able to host its workflows and endpoints in a technology like dublin.

and if im a high transaction company im going to need something like Biztalk to manage interactions between all those applications.

The ISV is not going to require that I install bits into my biztalk server.
What if some companies dont have Biztalk server but something else.

Biztalk is also a very mature and complete kindof appliance.

They are totally different.

Dont be fooled by the similar looking tools and workflow and similar looking management tools.
These actually might be standard things you SHOULD have in any system that takes and input and spits out an output.

what do you think?

Share This Post:

Posted On Tuesday, September 01, 2009 2:55 PM | Feedback (0)

Accessing Azure Development Fabric Hosted WCF endpoint from remote clients

So lets say you want to test early development builds in a continuously integrated system.
You want to take all your developers code and execute it on a seperate box and be able to test client access to your system remotely.

Yeah you could put it up in staging on Azure but maybe you dont want to do that yet. Maybe you just want some testers bangin away at it from some remote client.

Well right now thats kinda hard since the development fabric carries a restriction to deny request from non-localhost ips. It only accepts loopback.
Sounds like a job for the .NET 4.0 Router.

Basically the thought is that you need something local that can recast your test request originating outside of your machine to
requests that "originate from your machine" to 127.0.0.1

The way to do this is simple. On the machine hosting windows Azure Development Fabric and your visual studio install
Install the WindowsAzurePlatform training kit. One of the labs will guide you on how to expose WCF Services from the development fabric.
Once you are done with that create a client to your service... The Azure Dev fabric will make you point your WCF clients to the loopback address 127.0.0.1.
This is where the router comes in.
You need to install .NET 4.0. You might also want to install Visual Studio 2010 Beta 1.
Then you want to get the .NET 40 WCF Samples.
Inside the .NET 4.0 samples theres the famous calculator service but this time with a router in front of it.
You want to change the config file to mimic what i have below.
You want to host the router locally so it can talk to 127.0.0.1 and can also expose an endpoint on 192.168.1.X or something.
Finally you want to take the Calculator client and run it outside of the VM on your host machine or even on another machine altogether.

p.s.
Dont worry Visual Studio 2010 Beta 1 and Visual Studio 2008 sp1 can run side-by-side.. its actually "encouraged".
also remember to enable the ports or just disable the firewall temporarily

Windows Azure Platform Training Kit - August Update
http://www.microsoft.com/DownLoads/details.aspx?familyid=413E88F8-5966-4A83-B309-53B7B77EDF78&displaylang=en

Windows Communication Foundation (WCF) and Windows Workflow Foundation (WF) Samples for .NET Framework 4.0 Beta 1
http://www.microsoft.com/downloads/details.aspx?FamilyID=5aca0622-d87d-4cc9-a22c-0d58205a56b4&displaylang=en

Microsoft .NET Framework 4 Beta 1
http://www.microsoft.com/downloads/details.aspx?FamilyID=ee2118cc-51cd-46ad-ab17-af6fff7538c9&displaylang=en

Visual Studio 2010 Professional Beta 1 – Web Installer
http://www.microsoft.com/downloads/details.aspx?familyid=75CBCBCD-B0E8-40EA-ADAE-85714E8984E3&displaylang=en

Visual Studio 2010 and .NET Framework 4 Training Kit - May Preview
http://www.microsoft.com/downloads/details.aspx?familyid=752CB725-969B-4732-A383-ED5740F02E93&displaylang=en

Config Files....

============================================
the SVC style service
============================================

<%@ ServiceHost Language="C#" Debug="true" Service="WcfService1.CalculatorService" CodeBehind="Service1.svc.cs" %>

<system.serviceModel>
<services>
      <service name="WcfService1.CalculatorService" behaviorConfiguration="CalculatorServiceBehavior">
        
    
    <endpoint address="" binding="basicHttpBinding" contract="WcfService1.ICalculator"/>
    <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
   </service>
</services>
<behaviors>
   <serviceBehaviors>
    <behavior name="CalculatorServiceBehavior">
     <serviceDebug includeExceptionDetailInFaults="True"/>
          
          <serviceMetadata httpGetEnabled="true"/>
    </behavior>
   </serviceBehaviors>
</behaviors>
</system.serviceModel>

============================================
THE ROUTER
============================================

<system.serviceModel>
    <services>
      <service behaviorConfiguration="routingData" name="System.ServiceModel.Routing.RoutingService">
        <host>
          <baseAddresses>
            <add baseAddress="http://192.168.1.101:5555/routingservice/router"/>
          </baseAddresses>
        </host>
        <endpoint address="" binding="basicHttpBinding" name="reqReplyEndpoint" contract="System.ServiceModel.Routing.IRequestReplyRouter" />
      </service>
    </services>
    <behaviors>
      <serviceBehaviors>
        <behavior name="routingData">
          <serviceMetadata httpGetEnabled="True"/>
          <routing routingTableName="routingTable1" />
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <client>
      <endpoint name="CalculatorService" address="http://127.0.0.1:81/Service1.svc" binding="basicHttpBinding" contract="*" />
    </client>
    <routing>
      <filters>
        <filter name="MatchAllFilter1" filterType="MatchAll" />
      </filters>
      <routingTables>
        <table name="routingTable1">
          <entries>
            <add filterName="MatchAllFilter1" endpointName="CalculatorService" />
          </entries>
        </table>
      </routingTables>
    </routing>
</system.serviceModel>

============================================
THE CLIENT
============================================

<system.serviceModel>
    <client>
      <endpoint address="http://192.168.1.101:5555/routingservice/router"
                binding="basicHttpBinding"
                contract="Microsoft.Samples.ServiceModel.ICalculator" />
    </client>
</system.serviceModel>

Share This Post:

Posted On Monday, August 31, 2009 4:31 PM | Feedback (0)

Saas vs. Software + Services