Tomorrow night I’ll be taking calls for Children in Need 2012 (#CiN)

This content is 12 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Normally, on a Friday night, I can be found in my living room, on the sofa, watching something on TV.

This week will be different because tomorrow night, instead of watching telly, I’ll be working in one of the Children in Need call centres.  My employer is one of the organisations selected to provide the service for the BBC’s annual fundraiser and many of us have volunteered to “man the phones” so, if your call ends up in Manchester tomorrow, there’s a (small) chance that it will be me that takes your details.

There will be events taking place up and down the country in support of this great charity initiative and, if you’re able to do so, please give generously. More details can be found on the official BBC Children in Need website*.

*markwilson.it has no affiliation with Children in Need, other than as a supporter.

 

Creating new endpoints to open up access to Windows Azure virtual machines

This content is 12 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

In my recent posts on creating a virtual machine on Windows Azure and connecting to a Windows computer running on Windows Azure, I mentioned endpoints but didn’t explain the process for creating new ones, i.e. opening up new ports for Internet access:

The RemoteDesktop endpoint shown above was created automatically when my virtual machine was provisioned but it may also be necessary to create new endpoints, for example allowing HTTP access over TCP port 80, HTTPS over TCP 443, etc.

To create a new endpoint, open up the virtual machine in the Windows Azure management console, then select Endpoints and click the Add Endpoint button at the bottom of the screen.  When creating endpoints, a new endpoint can be established or, if one already exists, this may be selected to load balance between multiple virtual machines. I only have a single virtual machine and so I selected add endpoint:

At this point, specify a name (HTTP would have been a better name than the one I used in the example below), select a protocol, and chose the port numbers:

The endpoint will then be created and the virtual machine will be accessible using the chosen protocol and port numbers:

To test the connection, I connected to my virtual machine over RDP and configured Windows Server roles/features in Server Manager (I installed IIS, just to prove that the machine was Internet-connected – but the server could be running any workload). Then, I connected to my virtual machine’s public DNS using a web browser (I could also have used the public virtual IP address shown in the dashboard for the virtual machine):

 

Connecting to a Windows computer running on Windows Azure

This content is 12 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

In yesterday’s post about creating a virtual machine in Windows Azure, I left out the details for connecting to the virtual machine.

Virtual machine connections are controlled using endpoints, like the one shown below:

In this case, the endpoint for RemoteDesktop was created automatically as part of the virtual machine creation process so it’s pretty simple to connect to the virtual machine. Just fire up a Remote Desktop client and connect to the DNS name given to the virtual machine when it was created (in my case, that was mwil-playground.cloudapp.net). Alternatively, click the Connect button at the bottom of the Windows Azure management console:

Then, follow the prompts to:

  • Connect to an computer with an unknown publisher:
  • Provide  appropriate credentials:
  • Confirm that there is no certificate to validate the connection:
(It is possible to specify management certificates in the Windows Azure management console but that’s outside the scope of this post.)
After a short while, during which remote desktop configures the session, a connection should be made and the operating system can be administered as normal:

Microsoft’s message to UK partners for FY13 (#PBBBirm #MSPartnersUK)

This content is 12 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

I spent most of yesterday at Microsoft’s Partner business briefing in Birmingham. The afternoon workshops were especially good value (I was in the Public Cloud session, learning more about Office 365) but the morning keynote (delivered by Janet Gibbons, Microsoft’s UK Director for Partner Strategy and Programmes) had some interesting messages that are worth sharing further:

  • 95% of Microsoft’s global revenues are generated through it’s channel partners.
  • 2012 is the biggest launch year in Microsoft’s history with almost every product having a major refresh or a new iteration (from Windows 8 to Halo 4).
    • Microsoft is spending significant volumes on product advertising.
  • Microsoft is still a software company, but increasingly a devices and services company.
    • Many of those services relate to software subscriptions.
    • Interestingly, there is a 26% piracy rate for software in the UK (20% of Office users are illegal/mis-licensed) – and no piracy with online services.
    • There are new partner opportunities for selling Office 365 and managing the customer relationship (billing, etc.) to expand the revenue opportunity with value-added services.
  • Microsoft’s FY13 priorities are:
    • Excite customers, businesses and advertisers with Windows 8 devices and applications.
    • Win against Google every time with Office 365 and launch Office [2013].
    • Build application ecosystem for Windows 8, Windows Phone and Windows Azure.
    • Win the datacentre with private, public and hybrid cloud.
    • Grow SQL Server through BI, big data and mission critical [deployments].
    • Drive deployment for Windows, Office, Internet Explorer, Active Directory.
    • Win with business solutions.
    • Grow Windows Phone market share.
    • Drive Xbox profit and grow Kinect and Live Attach.
    • Grow reach, search and monetisation of our consumer online  services.
Interesting to see the Microsoft FY13 scorecard in public: great openness at #PBBBirm - to be applauded #MSPartnersUK http://t.co/AtIlIVNw
@markwilsonit
Mark Wilson

Of course, there was the obligatory Windows 8 marketing message (maybe I’ve been through too many new operating system release cycles and it all feels like another turn on the merry-go-round so I switched off a little in that part) but it was also interesting to hear Intel stand up and say (I paraphrase), “we’re still friends with Microsoft and even though Windows runs on another platform too x86 is better [does anyone remember when Windows NT supported DEC Alpha and ARC-MIPS alongside Intel x86?]. Don’t forget that Atom is power-optimised too [not just underpowered] and we have all this lovely built-in security stuff in our hardware platform”.

As for Office and Office 365 – probably too much for this post but some of the changes coming up in the next release look fantastic. I’m certainly glad I made the switch from Google Apps, although maybe a P1 plan wasn’t the best idea…

Creating a virtual machine on Windows Azure in 10 easy steps

This content is 12 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Despite my reservations about Microsoft’s charging model for Windows Azure’s virtual machine (IaaS) capabilities, I was interested enough to take a look after last week’s Microsoft Tech.Days Online event. I signed up for a 90 day (750-hours/month) free trial (which, on the face of it, seems pretty poor in comparison to the 1 year free usage tier from Amazon but, because Amazon have to license Windows, and Microsoft can presumably cross-charge itself, Windows virtual machines are excluded from Amazon’s trial).

It was amazingly simple to get myself up and running with a new virtual machine and I thought I’d demonstrate that here:

  1. If you don’t already have one, sign up for a Windows Azure account and log on to the Windows Azure management console.
  2. On the All Items pane, select Create An Item:
  3. Select Virtual Machine and then From Gallery:
  4. Choose an operating system for the virtual machine, for example Windows Server 2012:
  5. Give the virtual machine a name, supply an Administrator password, and select a size (if you’re using the free trial, then you’ll want to select the small option):
  6. This will be a standalone virtual machine, but it needs a DNS name (for access from the Internet), some storage (I auto-generated the storage) and a region/affinity group/virtual network (I selected the West Europe region, as I’m in the UK and didn’t yet have any virtual networks assigned):
  7. The availability set is not really of any significance when running a single VM, so I left this as none:
  8. Windows Azure will start to provision the virtual machine:
  9. Once completed, the newly-created virtual machine and associate storage will be visible in the console:
  10. Click on the virtual machine name to access the virtual machine dashboard which contains performance information as well as configuration details. From here, you can make further configuration changes (e.g. creating endpoints for access to the virtual machine):

 

What-as-a-service?

This content is 12 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

I’ve written previously about the “cloud stack” of -as-a-service models but I recently saw Microsoft’s Steve Plank (@plankytronixx) give a great description of the differences between on-premise,  infrastructure as a service (IaaS), platform as a service (PaaS) and software as a service (SaaS).

Of course, this is a Microsoft view of the cloud computing landscape and I’ve had other discussions recently where people have argued the boundaries for IaaS or PaaS and confused things further by adding traditional web hosting services into the mix*.  Even so, I think the Microsoft description is a good starting point and it lines up well with the major cloud services offerings from competitors like Amazon and Google.

Not everyone will be familiar with this so I thought it was worth repeating Steve’s description here:

In an on-premise deployment, the owning organisation is responsible for (and has control over) the entire technology stack.

With infrastructure as a service, the cloud service provider manages the infrastructure elements: network, storage, servers and virtualisation. The consumer of the IaaS service will typically have some control over the configuration (e.g. creation of virtual networks, creating virtual machines and storage) but they are all managed by the cloud service provider.  The consumer does, however, still need to manage everything from the operating system upwards, including applying patches and other software updates.

Platform as a service includes the infrastructure elements, plus operating system, middleware and runtime elements. Consumers provide an application, configuration and data and the cloud service provider will run it, managing all of the IT operations including the creation and removal of resources. The consumer can determine when to scale the application up or out but is not concerned with how those instances are operated.

Software as a service provides a “full-stack” service, delivering application capabilities to the consumer, who only has to be concerned about their data.

Of course, each approach has its advantages and disadvantages:

  • IaaS allows for rapid migrations, as long as the infrastructure being moved to the cloud doesn’t rely on other components that surround it on-premise (even then, there may be opportunities to provide virtual networks and extend the on-premise infrastructure to the cloud). The downside is that many of the management issues persist as a large part of the stack is still managed by the consumer.
  • PaaS allows developers to concentrate on writing and packaging applications, creating a service model and leaving the underlying components to the cloud services provider. The main disadvantage is that the applications are written for a particular platform, so moving an application “between clouds” may require code modification.
  • SaaS can be advantageous because it allows for on-demand subscription-based application use; however consumers need to be sure that their data is not “locked in” and can be migrated to another service if required later.

Some organisations go further – for example, in the White Book of Cloud Adoption, Fujitsu wrote about Data as a Service (DaaS) and Business Process as a Service (BPaaS) – but IaaS, PaaS and SaaS are the commonly used models.  There are also many other considerations around data residency and other issues but they are outside the scope of this post. Hopefully though, it does go some way towards describing clear distinctions between the various -as-a-service models.

* Incidentally, I’d argue that traditional web hosting is not really a cloud service as the application delivery model is only part of the picture. If a web app is just running on a remote server it’s not really conforming with the broadly accepted NIST definition of cloud computing characteristics. There is a fine line though – and many hosting providers only need to make a few changes to their business model to start offering cloud services. I guess that would be an interesting discussion with the likes of Rackspace…

Sorting out my home backups

This content is 12 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

After my parents-in-law’s recent burglary (and related data loss), I started to think more seriously about my household’s backups which are spread across a variety of USB drives, NAS units and cloud services (Dropbox, SkyDrive, Box.net, etc.).

My plan is to:

  1. Duplicate – hard drives fail. I know, because I’ve lost data that way – and RAID is no substitute for a proper backup (as I learned the hard way). If it doesn’t exist in (at least) two places, it doesn’t exist.
  2. Consolidate – bits and pieces on various drives is a nightmare – to know that it’s definitely backed up, I need to know it’s on the “big backup drive” (as well as in the primary source).
  3. Archive – both physically (media stored in a safe) and virtually (upload to the cloud). Be ready for some long uploads though, over an extended period (I only have ADSL 2 – no fibre here).

Steps 1 and 2 work hand in hand and, last weekend, I picked up a 3TB Seagate Backup Plus Desktop drive. I’m not using the bundled backup software that offers idiot-proof backups for both local and social media (Facebook, Flickr) data but installing the software on my MacBook includes Paragon NTFS for Mac, which means I can use this drive with Macs and PCs without reformatting (there is a Mac version too – although the only differences I can see from a comparison of Seagate’s data sheets for “normal” and Mac versions are: Firewire and USB 2.0 cables instead of USB 3.0; downloadable HFS+ driver for Windows instead of preloaded NTFS driver for Mac OS X; 3 year warranty instead of 2 years).

Step 3 is more involved. I did some analysis into a variety of cloud services a while ago and found that each one has pros/cons depending on whether you want to back up a single computer or multiple computers, limitations on storage, cost, etc. I didn’t get around to publishing that information but there is a site called Which Online Backup that might help (although I’m not sure how impartial it is – it’s certainly nothing to do with the Which? consumer information/campaign service).

My current thinking is that I’ll continue to use free services like Dropbox to backup and sync many of my commonly-used files (encrypting sensitive information using TrueCrypt) at the same time as creating a sensible archive strategy for long term storage of photographs, etc. That strategy is likely to include Amazon Glacier but, because of the way that the service works, I’ll need to think carefully about how I create my archives – Glacier is not intended for instant access, nor is it for file-level storage.

I’ll write some more as my archive strategy becomes reality but, in the meantime, the mass data copy for the duplicate and consolidate phases has begun, after which all other copies can be considered “uncontrolled”.

More retail banking security theatre

This content is 12 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Yesterday, I bought a new suit. Nothing remarkable there but I paid on my Lloyds TSB Duo Avios credit card. A card that I will shortly be cutting into little pieces because it’s useless to me if the bank declines transactions on an apparently random basis…

You see, I also wanted an extra pair of trousers and they were out of stock. The very helpful guy at John Lewis went through the online order process, I supplied my credit card details and all was good. Then we went to the till and paid for the suit jacket and first pair of trousers.

The £250 transaction for the suit went through OK but a short while later I was called by John Lewis to say that the £80 order for the trousers placed a few minutes earlier had been declined.  That seemed strange – especially as it was placed before the larger transaction (I’d expect the large one to be declined if there was some sort of anti-fraud flag triggered by a small purchase and then a large one) so we tried again. No joy. Declined by the bank. So I supplied some different card details and all was OK.

I was annoyed. I use multiple credit cards for good reasons but at least I had been able to use a different card even if that does mean that my personal and business transactions are mixed up. Fast forward to this morning and I was incensed.

Sunday morning, 10am: enjoying a rare lie-in whilst the kids are away; the phone rings – it might be my in-laws and it might be important, so I answer.

“This is an automated anti-fraud call from Lloyds TSB…” (or similar). I’m angry now, but I comply with the whole process as I think I might be charged twice for my trousers.  This process involved:

  • Confirming that I was (imagine robotic voice) “Mr Mark Wilson”. 1. Yes, that’s me.
  • Confirming my year of birth. Not exactly a secret, especially not to anyone who might answer my home phone.
  • Confirming my day and month of birth. Again, public information, and known to all in my household.
  • Listening to some details of some possibly fraudulent transactions: two declined for £80 and one approved for £250; both flagged as Internet purchases at John Lewis, a “grocery or supermarket” retailer. Not much help there as John Lewis is a department store (Waitrose is their supermarket brand) and clearly store transactions are incorrectly flagged as Internet purchases – which means the information is unreliable at best and confusing if it had been a different retailer with whom I was less familiar.
  • Confirming I had made those transactions. Tempting to say no but that would be fraudulent. I said 1 for yes, anyone in the house who answered my phone could have answered anything…
  • Supplying my mobile phone number for future anti-fraud calls (I probably didn’t supply it in the first place because I was concerned they would use it for marketing…). Well, at least my mobile is more immediate, and more secure than the home phone (only I use it).

Pure security theatre.

I can understand the banks wanting to reduce fraud – it costs them millions. But my account has a significantly larger credit limit than transactions I attempted in John Lewis yesterday and they could go a lot higher before declining transactions and inconveniencing me as a customer. I can see some patterns that might have flagged the anti-fraud systems but not the sense in declining the first and third transactions yet accepting the second (larger) one. It’s possible that John Lewis stored my card details and applied them after a short delay but, even so, I’d think it’s pretty common for people to make in-store transactions and place orders through the retailer’s online channel at or around the same time (in scenarios like the one I described).

I’ll make the most of the interest-free period until my next bill, pay in full (as always) and then I’ll be closing my account with Lloyds TSB. “Security” that stops me using my cards when I want to, and disturbs my privacy at home (with an automated call using publicly-available information!) is “security” I can do without…

Windows Azure IaaS pricing “gotcha”

This content is 12 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

One of the concerns with moving more infrastructure services into a public cloud is cost. It’s all very well that the costs are low, and that the CapEx has switched to OpEx but it’s also good to be able to budget. Subscription-based charging models can make that difficult at times.

Over the last couple of weeks, I’ve been brushing up my knowledge of both Amazon’s and Microsoft‘s infrastructure as a service (IaaS) offerings and I found something that’s quite alarming. Not only is the Windows Azure IaaS offering less fully-featured than Amazon EC2 but, from a cursory glance, it could potentially cost a lot more because of the way that Microsoft charges for compute service provision.

Whereas Amazon only charging for the hours when a virtual machine is “powered on”, Microsoft charges for the fact that the virtual machine has been provisioned, regardless of whether it’s actually doing anything.  This sounded odd, so I asked a question of one of the evangelists at Microsoft UK, who used a rental car analogy to explain that when I have a virtual machine deployed in Azure I’ve still taken resources that can’t be allocated to someone else until I “undeploy” it (think of booking and returning the hire car). On the other hand though, Amazon only charges for the time I use the virtual machine (although I will of course have to pay for the storage that it is actually using), so the analogy is more one of a pool of shared cars.

Microsoft using rental car analogy for Azure IaaS: VM charged whether running or not; think Amazon EC2 is more like car share! #TechDays2012
@markwilsonit
Mark Wilson

I tried to confirm this with Amazon Web Services (@awscloud) and Microsoft Windows Azure (@windowsazure) but have not received a response at the time of writing; however Dave Hood alerted me to a clause in the Windows Azure pricing details:

“Compute hours are charged whenever the Virtual Machine is deployed, irrespective of whether it is running or not.”

That could work out quite expensive for those who have spare virtual machines deployed, ready to fire up at a moment’s notice, but not normally in operation (e.g. in a disaster recovery failover scenario).

[Update 12:22]: Microsoft’s Windows Azure team have responded via Twitter to confirm that VMs are charged, even when not running:

@ #WindowsAzure VMs are in preview. You are charged for hours even when shut down as long as the image exists in your gallery.
@WindowsAzure
WindowsAzure

Useful links: October 2012

This content is 12 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

A list of items I’ve come across recently that I found potentially useful, interesting, or just plain funny:

  • Bike Hike – Web mapping tool, including ability to create and view .GPX files.
  • AutoHotkey – Scriptable desktop automation with hotkeys (via Garry Martin).
  • Parental control app – For iPhone, iPad and iPod Touch (via Bill Minton)
  • Jailbreak Stats – Handy tool for information about jailbreak compatibility with various releases of iOS and devices (see also this Lifehacker post)