Rules to Better Azure

​​​​Since 1990, SSW has supported the developer community by publishing all our best practices and rules for everyone to see. 

If you still need help, visit SSW Consulting Services ​and book in a consultant.​​

Hold on a second! How would you like to view this content?
Just the title! A brief blurb! Gimme everything!

​​​

  1. Do you know how to be frugal with Azure Storage Transactions?

    Azure transactions are CHEAP. You get tens of thousands for just a few cents. What is dangerous though is that it is very easy to have your application generate hundreds of thousands of transactions a day.

    Every call to Windows Azure Blobs, Tables and Queues count as 1 transaction. Windows Azure diagnostic logs, performance counters, trace statements and IIS logs are written to Table Storage or Blob Storage.

    If you are unaware of this, it can quickly add up and either burn through your free trial account, or even create a large unexpected bill.

    Note: Azure Storage Transactions do not count calls to SQL Azure.

    Ensure that Diagnostics are Disabled for your web and worker roles

    Having Diagnostics enabled can contribute 25 transactions per minute, this is 36,000 transactions per day.

    Question for Microsoft: Is this per Web Role?

    Check properties Figure: Check the properties of your web and worker role configuration files Disable Diagnostics Figure: Disable diagnostics

    Disable IntelliTrace and Profiling

    Azure publishing settings Figure: When publishing, ensure that IntelliTrace and Profiling are both disabled

    Robots.txt

    Search bots crawling your site to index it will lead to a lot of transactions. Especially for web "applications" that do not need to be searchable, use Robot.txt to save transactions.

    Place robots.txt Figure: Place robots.txt in the root of your site to control search engine indexing

    Continuous Deployment

    When deploying to Azure, the deployment package is loaded into the Storage Account. This will also contribute to the transaction count.

    If you have enabled continuous deployment to Azure, you will need to monitor your transaction usage carefully.

    References

  2. Do you always rename staging Url on Azure?

    ​If you use the default Azure staging web site Url, it can be difficult to remember and a waste of time trying to lookup the name every time you access it. Follow this rule to increase your productivity and make it easier for everyone to access your staging site.

    Default Azure Url:

    • sugarlearning-staging.azurewebsites.net
    Figure: Bad e​​​​xample - Site using the default Url (hard to remember!!)

    Customized Url:

    • staging.sugarlearning.com
    Figure: ​Good ​example - Staging Url having production Url with "staging." prefix


    ​​How to setup a custom Url

    1. Add a CName to the default Url to your DNS server 

    2015-03-10_17-13-55.png Figure: ​ CName being added to DNS for the default Url

    2. Instruct Azure to accept the custom Url 

     custom domains (1).pngFigure: ​ Azure being configured to accept the CName

  3. Do you configure your web applications to use application specific accounts for database access?

    ​​Do you configure your web applications to use application specific accounts for database access? 

    An application's database access profile should be as restricted as possible, so that in the case that it is compromised, the damage will be limited. 

    Application database access should be also be restricted to only the application's database, and none of the other databases on the server

    administratorlogininitsconnectionstring.png 

    Bad Example – Contract Manager Web Application using the administrator login in its connection string 

     

    databaseuserconfiguredintheconnectionstring.png 

     

    Good Example – Application specific database user configured in the connection string

    Most web applications need full read and write access to one database.  In the case of EF Code first migrations, they might also need DDL admin rights.  These roles are built in database roles:

     db_ddladminMembers of the db_ddladmin fixed database role can run any Data Definition Language (DDL) command in a database.
     db_datawriterMembers of the db_datawriter fixed database role can add, delete, or change data in all user tables.
     db_datareaderMembers of the db_datareader fixed database role can read all data from all user tables.

    Table: Database roles taken from Database-Level Roles

    If you are running a web application on Azure as you should configure you application to use its own specific account that has some restrictions.  The following script demonstrates setting up an sql user for myappstaging and another for myappproduction that also use EF code first migrations:

    USE master

    GO

    CREATE LOGIN myappstaging WITH PASSWORD = '************';

    GO

    CREATE USER myappstaging FROM LOGIN myappstaging;

    GO

    USE myapp-staging-db;

    GO

    CREATE USER myappstaging FROM LOGIN myappstaging;

    GO

    EXEC sp_addrolemember 'db_datareader', myappstaging;

    EXEC sp_addrolemember 'db_datawriter', myappstaging;

    EXEC sp_addrolemember 'db_ddladmin', myappstaging;

    Script: Example script to create a service user for myappstaging

    Note: If you are using stored procedures, you will also need to grant execute permissions to the user.  E.g.:

    GRANT EXECUTE TO myappstaging

    Data Source=tcp:xyzsqlserver.database.windows.net,1433; Initial Catalog=myapp-staging-db; User ID=myappstaging@xyzsqlserver; Password='*************' 

    Figure: Example connection string

  4. Do you consider AzureSearch for your website?

    AzureSearch is designed to work with Azure based data and runs on ElasticSearch. It is still NEW as of today (27/4/2015) and doesn't expose all the advanced search features. You may resist to choose it as your search engine from the missing features and what seems to be an expensive monthly fee ($250 as of today). If this is the case, follow this rule:

    Consider AzureSearch if your website:

    1. Uses SQL Azure (or other Azure based data such as DocumentDB), and
    2. Does not require advanced search features.

    Consider ElasticSearch if your website:

    1.  Requries advance search features that aren't supported by AzureSearch

    Keep in mind that 1) hosting of a full-text search service costs you labour to set up and maintain the infrastructure, and 2) a single Azure VM can cost you up to $450. So do not drop AzureSearch option unless the missing features are absolutely necessary for your site


    ​ ​​​

    ​​​​Untitled2.png

    Figure: Good Example - Azure website using AzureSearch for what it can deliver today


    ​​​​Untitled.png

    Figure: Bad Example - Azure website using ElasticSearch for a simple search that AzureSearch can do
  5. Do You Know How to Backup Data on SQL Azure?

    ​Built-in Automatic Backup in Azure SQL Database

    Microsoft Azure SQL Database has built-in backups to support self-service Point in Time Restore and Geo-Restore for Basic, Standard, and Premium service tiers.

    You should use the built in automatic backup in Azure SQL Database versus using T-SQL.

    ​  ​​​    T-​​​SQL: CREATE DATABASE destination_database_nameAS COPY OF[source_server_name].source_database_name​​​​

    Figure: Bad example - Using T-SQL to restore your database​
    Azure-restore.jpg
    Figure: Good example - Using the built in SQL Azure Database automatic backup system to restore your database

    Azure SQL Database automatically creates backups of every active database using the following schedule: Full database backup once a week, differential database backups once a day, and transaction log backups every 5 minutes. The full and differential backups are replicated across regions to ensure availability of the backups in the event of a disaster.

    Backup Storage

    Backup storage is the storage associated with your automated database backups that are used for Point in Time Restore and Geo-Restore. Azure SQL Database provides up to 200% of your maximum provisioned database storage of backup storage at no additional cost.​

    Service TierGeo-RestoreSelf-Service Point in Time RestoreBackup Retention PeriodRestore a Deleted Database

    Web

    Not supported

    Not supported

    n/a

    n/a

    Business

    Not supported

    Not supported

    n/a

    n/a

    Basic

    Supported

    Supported

    7 days

    Standard

    Supported

    Supported

    14 days

    Premium

    Supported

    Supported

    35 days

    Figure: All the modern SQL Azure Service Tiers support back up. Web and Business tiers are being retired and do not support backup. Check Web and Business Edition Sunset FAQ​ for up to date retention periods.

    Learn more:

    Other ways to back up Azure SQL Database:


  6. Do you know how to find the closest Azure Data Centre for your next project?

    Here's a cool site that tests the latency of  Azure Data Centres from your machine. It can be used to work out which Azure Data Centre is best for your project based on the target user audience: http://www.azurespeed.com

    As well as testing latency it has additional tests that come in handy like:

    • CDN Test
    • Upload Test
    • Large File Upload Test
    • Download Test
    azure-speed.jpg
    Figure: AzureSpeed.com example​
  7. Do You Know To Pay for Azure WordPress Databases?

    Setting up a WordPress site hosted on Windows Azure is easy and free, but you only get 20Mb of MySql data on the free plan.

    Figure: Once you approach your 20Mb limit you will receive a warning that your database may be suspended
    Figure: If you are serious about your blog and including content on it, you should configure a paid Azure Add-on to host your MySQL Database when you set it up
    Figure: If you have already created your blog, navigate to your Web Site within the Azure portal, select Linked Resources, select the line for the MySQL Database and click the Manage link. This will open the ClearDb portal. Go to the Dashboard and click Upgrade
    References: John Papa: Tips for WordPress on Azure
  8. Do you know when to use Geo Redundant Storage?

    Data in Azure Storage accounts is protected by replication. Deciding how far to replicate it is a balance between safety and cost.​

    Figure: It is important to balance safety and pricing when choosing the right replication strategy for Azure Storage Accounts

    Locally redundant storage (LRS)

    • Maintains three copies of your data. 
    • Is replicated three times within a single facility in a single region. 
    • Protects your data from normal hardware failures, but not from the failure of a single facility.
    • Less expensive than GRS
    • Use when:
      • o Data is of low importance – e.g. for test websites, or testing virtual machines
      • o Data can be easily reconstructed
      • o Data is non-critical
      • o Data governance requirements restrict data to a single region

    Geo-redundant storage (GRS). 

    • The default when you create it storage accounts.
    • Maintains six copies of your data. 
    • Data is replicated three times within the primary region, and is also replicated three times in a secondary region hundreds of miles away from the primary region
    • In the event of a failure at the primary region, Azure Storage will failover to the secondary region. 
    • Ensures that your data is durable in two separate regions.
    • Use when:
      • o Data cannot be recovered if los​t
    Read access geo-redundant storage (RA-GRS). 
    • Replicates your data to a secondary geographic location (same as GRS)
    • Provides read access to your data in the secondary location
    • Allows you to access your data from either the primary or the secondary location, in the event that one location becomes unavailable.
    • Use when:​
      • o Data is critical, and access is required to both the primary and the secondary regions
    More reading
  9. Do you shutdown VM's when you no longer need them?

    ​​Often we use Azure VM's for presentations, training and development. As there is a cost involved to store and use the VM it is important to ensure that the VM is shutdown when it is no longer required.​

    Shutting down the VM will prevent compute charges from incurring. There is still a cost involved for the storage of the VHD files but these charges are a lot less than the compute charges. 

    The following is stated on http://www.windowsazure.com/en-us/pricing/member-offers/msdn-benefits/ "Stop your virtual machines and we will stop billing them within a minute. " Please note that is for MSDN Azure subscriptions. 

    You can shutdown the VM by either making a remote desktop connection to the VM and shutdown server or using Azure portal to shutdown the VM.​

    Azure.jpg
    Figure: Azure Portal​