Practicing Microsoft Azure: Part 5 (App Service)

This article provides a tour of the Windows Azure app service and explores the messaging service and Active Directory in details with its hidden features, especially in the context of clouds.

App Service

The Windows Azure network:

  1. Active Directory

    • Directory
    • Access Control
    • Multi-factor Authentication

  2. Message Service Bus

    • Queues
    • Service Bus
    • Notification Hub

  3. Media Service

Active Directory

Active Directories are used in many organizations for their identity and access-control system. Active Directory is a mechanism to secure the resources by offering a single sign-on for users across online services. The Windows Azure Active Directory therefore provides a cloud-based version of Active Directory that allows the user to manipulate Active Directory like the functionality over a cloud. Moreover, it integrates into our on-premise Active Directory system. So overall, Active Directory is employed to create and manage new user accounts, add applications and manage access to them and do other identity management tasks. In fact, the Azure development portal creates a default Active Directory even as you buy a subscription as in the following:

active directory

Before the advent of Windows Azure Active Directory when no on-premises AD infrastructure was available, organizations typically hosted their own custom security mechanism or Active Directory instance for Azure applications. Azure Active Directory services therefore not only eases the essential undertaking like managing user identities per application but also aids with the single sign-on across multiple applications.

Directory

Directory

The Windows Azure directory is a little bit different from the conventional AD in terms of the LDAP directory whereas Azure AD implements industry-standard WS-Trust, WS-Federation and SAML-2 standards for platform agnostic integration of authentication services. Azure Active Directory is designed to store objects, including users, groups, roles and contacts and provide authentication and authorization services for applications.

Access Control

Access Control provides an ability to combine or implement social identity providers and with on-premises ADFS at the application. This is basically used for authenticating and authorizing users to gain access to your web applications and services. Access control is a great mechanism for authentication, instead of implementing a custom authentication system with user accounts. Moreover, it provides a unique scope for addressing ACS resources within your application. It contains essential settings, including IPs you trust, the RP applications you want to serve, the rules that you apply to incoming tokens and endpoints that the application does something with.

Access Control

Multifactor Authentication

Multi-Factor Authentication is employed whereas a stronger access control for employees, customers is required. Windows Azure Multi-Factor imposes an extra layer of authentication in addition to user account user name and password, by asking them to use their phone device together with their password. Multi-Factor Authentication can be used to control access to both on-premises and cloud-based applications for your business such as to secure access to Windows Azure and to other Microsoft Online Services like Office 365 and Dynamics CRM Online. Apart from that, it shields your sensitive data with rigorous monitoring and generates alerts, as well as creates machine learning-based reports that identify inconsistent access patterns to mitigate potential threats. You can use the Windows Azure Management Portal to create a new Multi-Factor Authentication provider in Windows Azure.

Multifactor Authentication

Message Service Bus

Software is often multitude in nature since it manipulates and operates through multiple layers like business logic, database and so on where the main application is run at a different location whereas the data is located at multiple data centres. So, it is expected from each tier to be communicated with each other in an effective, secure and efficient way. In fact, it is a huge challenge to set up a reliable communication over a cloud environment. Windows Azure therefore provides several ways for the various components of a cloud-based application to effectively communicate with one another, including Queue, Topics, Relay and Notification Hubs.

Message Service Bus

The Service Bus is typically a cloud-based messaging system for connecting just about anything, including applications, services and devices. It therefore solves the hassle of communication between on-premises applications and the outside world by allowing on-premises web services to project public endpoints.

Queues and Topics

Queues provides simple first in, first out guaranteed message delivery and suport a range of standard protocols, including REST, AMQP and WS*. From an Azure portal, you can create queues as well configure its other parameters such as TTL for storing messages. Moreover, you can also manage queues in terms of queue length and last access times for your queues. On the other side, the topic delivers messages to multiple subscriptions and moves out such messages to downstream systems. Topics can be created and configured at its maximum size, the Time To Live (TTL) until its expiration.

Queues and Topics

In the same way, the relay and notification hubs can be created from an Azure portal as in the following. Relay offers a reliable and secure cloud-based Communications Bridge for on-premises services, whereas Notification Hubs quickly send millions of messages to Android, Windows and iOS, as well as enables the sending of localized push notifications to set up a multilingual communication. Notification Hubs provide cloud-based applications with a method of broadcasting cross-platform push notifications quickly to large numbers of recipients. Notification Hubs can be used with applications running in Windows Azure Virtual Machines, Cloud Services, Web Sites, or Mobile Services.

Cloud Services

Media Service

Windows Azure Media cloud-based service enable the building of workflows for creating, managing and distributing media across a wide range of user devices, including Windows Phone, iOS and Android devices. The user can upload securely, store, encode and package video or audio content for both on-demand and live streaming delivery using Azure Media Services. It can also be combined with the on-premises tools and processes that you already use for delivering media experiences to users or customers. But performance, scalability and security in media services over a cloud is a big challenge to deal with.

Media Service

Subsequently, Azure Media Services choose cloud storage to locate the media for processing and streaming. Furthermore, you can programmatically upload your content using the Media Services REST API or one of the available client SDKs. Azure Media Services also maintains an encryption of your sensitive media files by ciphering your content locally and then it uploads it to Azure Storage where it will be stored in an encrypted form. Here, we'll see the media service setup in the Azure management portal as in the following:

Azure management

The process of media account creation will take some time due to the lack of an existing storage account. Finally, its Control Panel in the Azure Portal will be like as in the following wherein you can add a diverse kind of media content:

media contents

Once the service has been set up as in the previous figure, you can navigate to the Content Tab and upload a single format Media file. For example here, I am uploading an AVI file from my local machine. Later, you can attach an encoder and package that video content for both on-demand and live streaming delivery to various clients (for example, TV, PC and mobile devices).

upload a single format

Summary

This article provided a tour of the Windows Azure app service, explored the messaging service and Active Directory in details with its hidden features, especially in context of clouds. The Active Directory is a cloud-hosted multitenant directory service that supports industry-standard authentication protocols and token formats so that it is interoperable with Microsoft as well as non-Microsoft application platforms. At the end of the article, we dug deeper into the media service that enables building workflows for creating, managing and distributing media across a wide range of devices.

Reference