At Build 2014, Azure announced RESTful API for resource management called Azure Resource Manager and a shiny new Azure portal. In the years since Azure App Service has  implemented support for Azure Resource Manager. If you manage your App Service resources through the portal or through automation against the REST API or any of these SDKs, clients or tools or deploy resources through deployment templates, you are already using Azure Resource Manager. If, however, you also have automation built against the legacy Azure Service Management APIs, this announcement affects you.

Azure App Service resource management will be supported only through Azure Resource Manager. Azure Service Management support will be retired on June 30, 2018. The Service Management APIs are archaic and not well suited for the modern cloud. Supporting Service Management APIs any longer will hold us back from delivering premium developer experience and control plane scale. Customers currently using the Service Management APIs will be better served by moving to Resource Manager. Azure Resource Manager has many benefits over Service Management like robust deployment model, role-based access and better API support for existing and new features. For more information,  see Difference between Azure Service Manager and Azure Resource Manager.

Authentication

Service Management supports authentication using Azure Active Directory or management certificates. For Resource Manager authentication is built around Azure Active Directory apps and interactive user access. To learn more, see Resource Manager API Authentication. If your automation must use certificates for management, you can achieve that by Authenticating to Azure Resource Manager using AAD and certificates.

Resource Deployment

Resource Manager has a robust deployment engine with declarative resource description. To understand how the resource deployment differences between the two, see  Resource Manager Deployment Model. Resource manager supports resource deployment via deployment templates. Additionally, starting from Microsoft Azure SDK for .NET 2.9, resource deployment via Visual Studio is also supported. For more information, see Deploying resources and code through Visual Studio.

Directly calling the API

If you want to code against the Resource Manager REST API directly, refer to Azure App Service REST API documentation. ARMClient and Azure Resource Explorer are great tools to play with and discover the shape of the App Service Resource Manager API. For more information on ARMClient, see ARMClient: a command line tool for the Azure API.

SDKs and tools

Resource Manager offers SDKs and tools in a large set of languages, frameworks and platforms. These include but are not limited to .NET, Node, Java, Ruby, Python, Go, PowerShell and Azure CLI. Detailed documentation, tutorials and examples are available here.

App Service Resource Metrics

If your automation consumed the App Service resource metrics API, we recommend that you switch over to the Azure Resource Manager Monitoring APIs. While we still offer App Service specific metrics API, we plan on deprecating them soon. The Resource Manager Monitoring APIs are the common way of interacting with metrics across any resource on any service within Azure. For more information, see  metrics supported by Azure Monitor.

Please make sure to move all your automation and deployment tools to use new API’s before June 30^th 2018 so that you do not experience any service interruptions and benefit from superior deployment and management capabilities of Azure Resource Manager

Microsoft Japan Data Platform Tech Sales Team

佐藤秀和

Azure SQL Database Managed Instance (以降、Managed Instance) の Public Preview が始まりました。

https://docs.microsoft.com/en-us/azure/sql-database/sql-database-managed-instance

本記事では、Managed Instance の特徴と、ご評価を開始する手順についてご紹介いたします。

◆ Managed Instance の特長
・フルマネージ サービス
Managed Instance は、SQL Server のリレーショナル データベース サービスが提供する、ほぼ全ての機能を提供するフルマネージサービスとなります。

Azure SQL Database と同様に、PaaSの特性(修正プログラムやバージョンの更新管理、自動バックアップ、高可用性構成)を生かしながら、SQL Serverが持つほぼ全ての機能を活用することが出来るので、オンプレミスにある既存の SQL Server をクラウドへ移行する際には最善の移行先となります。

IaaS (SQL Server) / PaaS (Managed Instance) / PaaS (SQL Database) との対比

可用性構成については、IaaS (SQL Server) では、ユーザー様自身で構築する必要がありますが、PaaS (Managed Instance) / PaaS (SQL Database) では、可用性構成があらかじめ組み込まれた構成となっています。
OS や DB などのミドルウェアの修正プログラムの適用やバージョンアップの管理については、IaaS (SQL Server) では、ユーザー様自身で管理を行う必要がありますが、PaaS (Managed Instance) / PaaS (SQL Database) では、Azure 側で全て自動的に管理が行われます。
データベースのバックアップも同様に、PaaS (Managed Instance) / PaaS (SQL Database) では、Azure 側で自動的に管理が行われます。
PaaS (Managed Instance) と PaaS (SQL Database) の異なる点としては、 PaaS (SQL Database) では、一つ独立したデータベースをサービスとして提供するもの (Single DB の場合) ですので、データの操作や管理はデータベースレベルとなりますが、PaaS (Managed Instance)では、インスタンスレベルのサービスとなりますので、SQL Server と同様に複数のデータベースを集約して管理することが可能です。

また、SQL Server から Managed Instance への移行に際しては、SQL Server で既にお持ちのライセンスをベースに、コストメリットのある優位な条件での移行が可能となるライセンスプログラムを提供いたします。詳細については、下記サイトの内容をご確認ください。
・Azure SQL Database の価格 (Managed Instance) - 「Azure ハイブリッド特典」
https://azure.microsoft.com/ja-jp/pricing/details/sql-database/managed/
⇒ 現時点の価格は、プレビュー期間中の金額となります。GA後に価格改定を予定しています。

・SQL Server との高い互換性
Managed Instance は、SQL Server 2017 のリレーショナル データベース サービスが提供するほぼ100%の機能をサポートします。
SQL Database では利用できない、複数のデータベースに対するクエリやトランザクション管理や、変更データキャプチャ、SQL CLR等の機能が利用可能です。

Managed Instance は高可用構成を予め構成していますので、AlwaysOn 可用性グループやログ配布等の可用性構成をユーザー様自身で構成することは出来ません。
また、Managed Instance は、SSIS / SSAS / SSRS / ML Services 等のリレーショナル データベース 以外のサービスは現時点では提供されませんので、Azure の各サービス (Data Factory / Analysis Services / Power BI / ML 等)に移行する必要があります。

その他各機能のサポートについては、下記内容を参照ください。
SQL Server / SQL Database / Managed Instance のサポート機能
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-features

サポートする SQL Server のバージョンは SQL Server 2005 以降で、SQL Server で取得したバックアップを使って、Managed Instance に復元することが可能です。Managed Instance では、SQL Server 2008 (互換性レベル：100)以降の互換性レベルをサポートしていますので、SQL Server 2005の場合には 互換性レベル：100 に置き換えられます。

・セキュリティ
VNETのネイティブ対応：Azure 仮想マシンと同等のネイティブなVNET対応となりますので、よりセキュリティの高いネットワーク環境を構成することが可能となります。

Azure SQL Database や SQL Server が提供する各種セキュリティ、コンプライアンス対応を機能が利用出来ます。
認証と認可：SQL 認証、Azure Active Directory 認証をサポート
データの保護：ネットワーク経路の暗号化、保存されたデータを暗号化する透過的データ暗号化や常時暗号化
ユーザー権限に応じたデータ保護：動的データマスキング、行レベルセキュリティ

また、Managed Instance では SQL Database で提供されている脅威の検出機能を利用して、不審なデータベースへのアクセスや、SQL インジェクション攻撃等を検知して管理者への通知を行うことが出来るようになりますので、オンプレミス環境の SQL Server を Managed Instance に移行することで、より安全にデータベースを運用することが可能となります。

◆ Managed Instance の構成
2018年3月時点の Public Preview では、”General Purpose” というManaged Instance のベースとなる構成を提供しており、特徴は以下の通りです。
・Azure Services Fabric と 高速なリモートストレージ (Premium Storage) の組み合わせにより、高いパフォーマンスと可用性を実現
・仮想 CPU(vCores)：8, 16, 24
・ストレージ容量：最大8TB

今後GAに向けて、より高いパフォーマンスと可用性を実現する構成を提供予定となっておりますので、ご期待頂ければと思います。

◆移行方法
SQL Server から Managed Instance への移行には、以下の方法で容易に移行することが出来ます。

・Azure Data Migration Services (プレビュー)
Azure Data Migration Services を使用することで、データベースの移行に関わる手順を自動化して、SQL Server から Managed Instance へのデータベースの移行の手順を自動化して実行することが可能となります。
詳細については、下記を参照ください。
Migrate SQL Server to Azure SQL Database Managed Instance
https://docs.microsoft.com/ja-jp/azure/sql-database/sql-database-managed-instance-migrate#select-migration-method-and-migrate

・SQL Server のバックアップからの復元
Managed Instance は、SQL Server のバックアップイメージからの復元が可能となっています。
Azure上のストレージに展開された SQL Server で取得したバックアップイメージから、Managed Instance に復元することが可能です。
詳細については、DMS での移行と同様に上記サイトの情報を参照ください。

Data Migration Assistant は、現バージョン(v3.4) では、まだ Managed Instance に対応していませんが、今後リリースされるバージョンで対応予定となります。移行前の評価や移行ツールとして活用頂ければと思います。
Overview of Data Migration Assistant
https://docs.microsoft.com/en-us/sql/dma/dma-overview
ダウンロード（Microsoft® Data Migration Assistant v3.4 ）
https://www.microsoft.com/en-us/download/details.aspx?id=53595

◆ Managed Instance (Public Preview) の評価
Azure Portal の「リソースの作成」からAzure SQL Managed Instance (プレビュー) を検索すると、下記画面が表示されます。
2018年3月時点の Public Preview では承認制としているため、下記画面の様に承認リクエストを上げて頂き、2週間以内に記載頂いたメールアドレス宛に承認結果をご連絡させて頂きますので、その後 Managed Instance 環境が利用可能となります。

また、続報がありましたら本ブログにて情報を更新してまりますので、ご期待ください。

SQL Server 2008 / 2008 R2 は、2019年7月にサポートを終了いたします。
アップグレードの計画がまだの方は早急にご検討頂ければと思います。
また、Managed Instance がその一助となれば幸いです。

Azure CAT recently published the...

• Azure Virtual Datacenter: Lift and Shift Guide

In this whitepaper, we outline the process enterprise IT staff and decision makers can use to identify and plan the migration of applications and servers to Azure using the lift and shift method, minimizing any additional development costs while optimizing cloud hosting options. In our experience, the lift and shift method will cover the bulk of enterprise scenarios.

Authored by David Read and Thuy Le from the Microsoft Azure Customer Advisory Team (AzureCAT), this guide helps you to identify the technical details of what assets are good candidates to migrate (vs. other options of onboarding to Azure) and to work through the details of what a cost model for these resources would entail.

For additional information, please refer to:

• Azure Virtual Datacenter eBook

Jump on in. The Cloud is warm.

- Ninja Ed

Azure CAT Guidance

"Hands-on solutions, with our heads in the Cloud!"

このポストは、2018年2月28日に投稿された Upcoming change to management endpoint port on June 1 の翻訳です。

もし仮想ネットワーク上に API Management サービスインスタンスを展開していましたら、下記ご確認ください。

Azure Portal および PowerShell 用の管理エンドポイント向けのポートを 443 ポートから 3443 ポートに変更します。(こちらのページまたは下記の表をご覧ください。) 今回の変更はお客様が受信管理トラフィックを分離したり、受信管理トラフィックを制御できるようにするために実施されます。6月1日に、今まで管理エンドポイントで使っていた 443 ポートの利用を停止します。よって、6月1日以降も引き続き確実にサービスをご利用いただくために、NSG の受信ルールにおいて、3443 ポートへのアクセスを許可してください。

ご質問や懸念点等がありましたら API Management forum または Stack Overflow を通じてご連絡ください。

Hi,

Visual Studio Team Services aka VSTS is a great tool when it comes to Application Lifecycle Management, Continuous Integration and Continuous Deployment. It is a must have tool in any DevOps organization working with Microsoft technologies (but not only). With that in mind, it is a surprise to no-one that most of the Azure PaaS services are natively integrated with VSTS, using either existing extensions, either ARM templates, either ARM APIs.

However, strangely enough, I couldn't find a real integration with Azure API Management other than this extension, which is a nice effort but not reflecting the real value of Azure API Management. Some getting started ARM templates are available but that's rather light for now. Moreover, while ARM templates are great, they are sometimes limited or not that easy to manipulate.

So, in an attempt to contribute, I released a free VSTS extension on the marketplace, called API Management Suite,  that covers a rather broad set of features of Azure API Management. The extension helps dealing with:

• Creation/Update of Gateway APIs with and without versioning pointing to traditional backend API services
• Creation/Update of Gateway APIs with and without versioning on top of Azure Functions
• Creation/Update of Gateway Products
• Built-in support of Gateway Policies for both products & APIs

Everything is open sourced on GitHub in this repo.

Here are a few words on how it works and what business purposes it serves.

Business purpose

APIM offers a greater security thanks to the various techniques you can use to filter incoming requests with ad hoc policies and check whether incoming requests are eligible to be forwarded to backend services, being traditional APIs, Azure Fabric APIs or Azure Functions.

On top of the security bits, APIM is very handy to enable throttling and caching on the fly. It is particularly useful when you want to monetize APIs or share bits with external partners. Depending on your use case, you might work with a gateway that is only accessible to internal consumers, a hybrid one, or fully external.

How does the extension work?

APIM was recently brought into the typical ARM APIs. Therefore, it makes it a good candidate to be integrated into VSTS as well. Basically, the extension works with:

• an out of the box ARM service endpoint you define in VSTS and to which you must grant some permissions in order to alter APIM instances.
• a set of tasks to deal with APIs, functions and security checks.

The integration with functions was a little bit more challenging because not everything is exposed through ARM. Some endpoints, such as Azure Functions configuration, are still using a token issued for the https://management.core.windows.net resource instead of https://management.azure.com, the typical ARM resource identifier, but overall, it's a mere consumption of Azure Management APIs, right from VSTS, nothing rocket science.

A few screenshots

For instance, one of tasks allows you to create API Products on the fly:

with the possibility to define policies within VSTS. Only a few templates are brought into the UI but one can override the provided content with our own.

The following task helps in checking whether an API is secure or not, by testing all of its endpoints thanks to its swagger definition:

I let you discover the rest! Don't hesitate to propose contributions in the repo.

Happy deployments!

Má vaše IT katalog služeb, které nabízíte obchodním jednotkám či jiným týmům? Spravujete pro ně nějakou aplikaci či prostředí? Současně jim ale chcete dát možnost automatického nasazení, aniž by se vás museli ptát? A také zajistit, že náklady na infrastrukturní zdroje půjdou za nimi? Použijte servisní katalog v Azure – vámi navržená a spravovaná řešení, která vaši kolegové najdou jednoduše v portálu k vytvoření.

Proč servisní katalog a proč je jiný, než marketplace

Jako ideální příklad použití pro servisní katalog vidím právě situaci popsanou v úvodu. IT chce nabídnout nějaké standardizované řešení ostatním částem organizace privátním způsobem. Současně se můžete rozhodnout, zda toto řešení bude na straně příjemce startovací šablona a ve vytvořených zdrojích se mohou libovolně hrabat nebo zda preferujete variantu, kdy na vytvořené zdroje mají pouze čtecí práva a vy se jim o ně staráte přestože běží v jejich subscription, do které třeba normálně přístup nemáte.

Druhá situace může být totéž ale s tím, že místo centrálního IT tuto službu nabízí váš dodavatel či partner. Vytvoří pro vás šablonu častěji opakovaného spravovaného řešení a vy sami si ji můžete nasadit a zrušit kolikrát chcete. Stále ovšem jde o privátní situaci, tedy položka katalogu je jen pro vás.

Stejný mechanismus lze použít i v Marketplace. Servisní katalog je privátní záležitost, Marketplace je naopak určen „široké veřejnosti“. Není tedy vhodný pro interní záležitosti, spíše pro aplikační firmy, které chtějí svůj software nabídnout na kliknutí všem zákazníkům Azure (je nutné splnit určité podmínky a být v Microsoft Developer programu).

Co v tom může být a jak to funguje

Samotné zdroje se řeší formou ARM šablony, takže cokoli co lze šablonou definovat, může být součástí této položky v katalogu. Infrastrukturní věci, platformní služby a tak podobně. Může to být jedno VM, celý kompexní cluster VM nebo PaaS infrastruktura s Web App a Azure SQL DB například. Tato ARM šablona je to, co se příjemci vytvoří v jeho subscription, když si to objedná.

Druhou součástkou je definice GUI. Při startu z portálu víte, že všechna řešení mají nějakého průvodce, který se ptá na důležité parametry. Toto GUI máte pod svou kontrolou a můžete se zeptat na co chcete. Posbírané výsledky můžete předat ARM šabloně a tímto jí parametrizovat. V ukázce vám popíšu jak to udělat, aby to měl uživatel co nejjednodušší. Tedy aby si nevybíral složité věci, kterým nemusí rozumět, ale spíše nějaké zjednodušené varianty. Nejčastěji „velikost“ aplikace – Small, Medium, Large. Za touto jednoduchu volbou schováte technické detaily vašeho doporučeného sizingu, třeba velikosti VM, velikosti a typy disků, SKU Azure SQL DB atd. Stejně tak můžete využít kondicionály v ARM a dát možnost jednoduše zvolit, zda chci vysokou dostupnost nebo ne (a podle toho udělám jednu instanci nebo nějaký balancovaný cluster).

Třetí komponentou je nastavení práv. Prvním je nastavení zámečku, tedy zda má mít operátor k vytvořeným zdrojům přístup nebo ne. Pokud to chcete koncipovat jako startovací šablonu (a ať si to pak rozvrtá jak chce), zámeček nedávejte. Pokud to má být vámi spravovaná služba, zámeček dejte a uživateli neříkejte ani administrátorský login do VM či DB. S tím souvisí druhá věc – jste schopni u těchto zdrojů přiřadit práva (RBAC) pro vámi definovaný účet či AAD skupinu. Jinak řečeno centrálnímu IT týmu se automaticky vytvoří práva v roli, kterou definujete, takže může se zdroji patřičně zacházet a starat se o prostředí.

Vyzkoušejme si to

Celou ukázku mám zde: https://github.com/tkubica12/azure-managed-app

Nejprve mrkněte na ARM šablonu s názvem mainTemplate.json. Je to jednoduchá šablonka, která vygeneruje infrastrukturu s jednou VM a veřejným endpointem (výslednou URL mimochodem vrací jako output, který pak uživatel uvidí v portálu). Vaší pozornosti doporučuji jak se implementuje ono zjednodušení sizingu na varianty Small, Medium a Large.

Dále se podívejte na createUiDefinition.json. To je definice GUI, ve které chci odsouhlasení s tím, že to budu spravovat já a následně se ptám na některé parametry, konkrétně velikost řešení a doménové jméno.

Oba soubory zabalíme do zipu a na ten se odkážeme při definici této položky v katalogu.

Pokračovat ve čtení

rename

1111

While deploying asp.net core 2 to IIS, you may get one of these errors  or both 

500.19 Internal Server error

The first of the issue is 500.19 error when trying to host an asp.net core 2.0 application inside IIS7. What you get might be  something like below

This one was quite simple,turned out to be ANCM (ASP.NET CORE MODULE) module and related configuration was not correctly recognized by IIS. This can be fixed by installing the .NET Core Windows Server Hosting bundle  .

By installing the .NET CORE Server Hosting bundle ,it added the ANCM module correctly to IIS .When you install the ANCM module,,it will copy dlls and schema files to as follows

C:WindowsSystem32inetsrvaspnetcore.dll

C:WindowsSystem32inetsrvconfigschemaaspnetcore_schema.xml

If you are running IIS application pool on 32 bit ,you should also see it under

C:WindowsSysWOW64inetsrvaspnetcore.dll.

It will also add the required configuration changes to ApplicationHost.Config(C:WindowsSystem32inetsrvconfig) file.You should see AspNetCoreModule in the globalModules section.

 <add name="AspNetCoreModule" image="%SystemRoot%system32inetsrvaspnetcore.dll" />

HTTP Error 502.5 - Process Failure

This error will be like this

If the ASP.NET Core Module fails to start, a 502.5 Process Failure status code page appears. This can be caused by multiple reasons

• ASP.NET Core Module fails to launch the backend process - This could be because an exception occured in your asp.net core startup.cs 
• The backend .NET Core process starts but fails to listen on the configured port - You can refer my other blog entry for a similar issue

You web.config will be

 <system.webServer>
 <handlers>
 <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified" />
 </handlers> 
 <aspNetCore processPath="dotnet" arguments=".ipsum.api.dll" stdoutLogEnabled="true" stdoutLogFile=".logsstdout" forwardWindowsAuthToken="true" />
 </system.webServer>

1. stdoutLogEnabled should be enabled and look for a log files in the stdoutLogFile location you specified in your web.config file. If this folder is not there,do create the folder and reproduce the issue .
2. Please note that if you have disableStartUpErrorPage  setting enabled, you will just get regular 502 error page of IIS and not this specific page 
3. If you don't see anything in the log file,you can add ASPNETCORE_ENVIRONMENT environment variable and also enable developer exception page in your startup.cs 

<aspNetCore processPath="dotnet" arguments=".MyApp.dll" stdoutLogEnabled="false" stdoutLogFile="\?%home%LogFilesstdout"> 
<environmentVariables>
 <environmentVariable name="ASPNETCORE_ENVIRONMENT" value="Development" /> 
</environmentVariables> 
</aspNetCore>

and the startup.cs Configure method should have

public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
 {
if (env.IsDevelopment())
 {
 app.UseDeveloperExceptionPage();
 }

After this,you should see the developer exception page in your application which should tell you what is the error your application is running into.

Hope it helps!

Extended Events Step By Step

Introduction

I’ve read a few articles about using Extended Events (aka xEvents) to perform troubleshooting, and they do indeed provide a very powerful tool to troubleshoot. This is particularly true in Azure DB where in many cases we don’t have many alternatives, there is no Profiler (or as we’d prefer server side traces) so we don’t get much in the way of choice. There are a number of great articles on how to troubleshoot a specific issue with extended events, but so far I’ve not found an end to end, step by step guide to take a user through from start to finish, so as with many things in life, if you want a job done right, you have to do it yourself. I am going to try and do this using only the management portal, and SQL Server Management Studio, if you are thinking ‘wow we could do that in Power Shell’ chances are you don’t need the help below.

Capturing Extended Events

When working with extended events there are two places you can capture the events, the first is the ‘ring buffers’ this is in-memory, and obviously the amount of space we can use for this is going to be limited, the other drawback is that its not very portable or easy to share. The alternative is a file which is great for on-prem, but in Azure we have to place this file in a storage account which adds a level of complexity for us.
The overall steps for creating and capturing extended events from an Azure DB are going to be as follows

• Set up a storage account and container
• On the Azure DB server create a master encryption key
• Create credentials in Azure DB to access the storage account
• Configure Extended event session
• Run the capture

I am going to assume that there is nothing set up for us and we are starting from scratch.

Setting up a storage account

OK so on the Portal we are going to select New Storage
http://portal.azure.com/

This should then spin away deploying for us, it will take a little while but after we should have the storage account pinned to our dashboard.
Once we have an account created we need to make a container to put our file in. On the dashboard select the storage account and the under the Blob Storage, select Containers

You can then press + Container and add your container. I’ve created one called events here.

To ensure that access to our storage is secure we must create a SAS (Shared Access Signature) key. I did this in the Storage Explorer in the Azure Portal.

The Permissions are very important!

This should then provide is wit the key for the events container, which we can copy and use later.

Setting up the Extended Events

OK so that is the first phase of the operation, we now have a storage account and container ready for our extended event capture.

Create the Credentials

Meanwhile in SQL Server Management Studio we first need to create some credentials to access the storage account.
Step 1 is to create a secured master key (if you don’t have one already. Use the following command to do this.

CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'x4565465xxxxx!';

Then go ahead and create the Database Scoped Credential in the database you are going to monitor

CREATE DATABASE SCOPED CREDENTIAL [https://exeventtest.blob.core.windows.net/events]
WITH IDENTITY='SHARED ACCESS SIGNATURE',
SECRET = 'sp=rwl&st=2018-03-09T16%3A45%3A00Z&se=2024-03-10T1xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxWM0%3D&sr=c'

NOTE: You must remove the leading ‘?’ from the key

Creating the session

Now we can create a session, to do this via SSMS we expand the database and open Extended Events then right click on Sessions, there is then to option to create a new session via a wizard or manually.

In the Wizard we first select the Session name and if we want to use a template, I’ve skipped those steps and moved to the events to capture.
For this example, I am going to show how to capture errors, so the event I select is the error_reported event

Then some additional data I may need, here I select the database_id , client_hostname, and username

I am not filtering at this point so skip ahead to storage

And we are done we can hit Finish…. And you should end up with the following.

Hit Close and refresh the Object Explorer.

And there it is...

Capturing a session.

The first thing to do is to start the session. You should see the red square turn into a play button

Now to make an error, run the following in your database

select wibble from wobble

In the storage explorer for the blob container you should now see a file(s) (I had a couple of goes at this)

Once you stop the session the lock will be removed from the file and you can then open the file and marvel at its contents.

Inspecting the Capture

I downloaded the file and then opened it in SSMS

The example given here is not the most complex but it does offer an end to end walkthrough, there are many different scenarios where Extended events can be used in SQL and Azure DB.
As well as using SSMS to inspect the contents, it is also possible to dive into them directly.
The internet has many examples of capturing extended events , but hopefully this will give an end to end example which can aid you when working through those examples.

Transformational Technologies for learning and teaching with Microsoft Surface and Office 365 – Register now!

Microsoft Education UK and the University of Central Lancashire (UCLan) are thrilled to invite you to join us for our Transformational Technologies for Learning and Teaching event. This will be a premier event for educators and IT personnel within Higher Education, Further Education and Schools that aims to inspire, engage and connect learning practitioners and technologists alike with the latest in transformative ideas, opportunities and solutions to support your communities of learning.

Microsoft Surface, together with Windows 10 and Office 365, continues to be a critical enabler for the University of Central Lancashire’s strategic learning and teaching ambitions. UCLan and Microsoft are celebrating our recent initiatives in learning environment enhancement and academic development, which have culminated in the roll-out of Surface devices to all 1500 members of the University’s academic teaching community. We want to share our experiences of this exciting journey, share best practice, and explore ideas for future enhancements in technology enabled learning and teaching.

This is a day you don't want to miss! It will consist of inspirational keynotes , practical seminars, and further opportunities to see how the latest Microsoft technologies can support and embrace digital transformation in education.

Space is limited so please register now.

We look forward to welcoming you to the event.

When :

Wednesday 28th March, 10.00 AM - 4.15 PM

Where:

University of Central Lancashire, Preston Campus, Harrington Building Fylde Road Preston, PR1 2HE

Agenda:

Looking for answers to questions about Azure? Well look no further! Welcome to the landing page of the Azure App Consults team, a group within Microsoft that is revolutionizing the way start-ups are collaborating. By way of introduction, my name is Noel Morris, and I am an Azure Apps Consults Engineer at Microsoft. Together, my team and I assist customers from across the world, helping them getting on-boarded with Azure and make the most of the platform’s capabilities. Through our interactions with our diverse array of customers, we’ve been able to collect customer feedback, common questions, and compile that information into this blog to make it more readily available. We hope you’re as excited about what Azure can do for you as we are about helping you get there!

Who We Are

Our group is the Azure App Consults team, AAC for short, a global network of experienced engineers at Microsoft that specialize in a variety of Azure Technologies. Our mission is to empower start-ups across the world with the necessary tools and guidance they need to succeed. Our engineers provide deep, technical one-on-one sessions on how to best utilize Azure, customized to align with the needs of each organization.

What Does Azure App Consults Do?

A consultation is a discussion designed to address the questions and challenges of development teams. Each AAC Engineer works with start-ups and development teams to identify the current state of their cloud architecture, provide customized technical guidance on individual needs, and deliver a detailed action plan in the form of a summary report.

What to Expect From this Blog

Our goal with this blog is simple: to help our customers.

Our team has helped hundreds of customers be successful by providing guidance on a variety of services in Azure. In doing so, we’ve come to note some common questions and patterns. Not only are we eager to help you, we are eager empower you to help yourself! This blog will be a place for our team to proactively engage with organizations looking to getting started with or improve on current Azure implementations.

We will be documenting solutions that we see frequently and common mistakes that are made when implementing those solutions in Azure.

Topics We Cover

We offer customized architecture guidance, assistance with Azure development, and optimization of Azure projects.

Here are a few examples of the exciting topics we cover:

• Azure App Services
• Kubernetes and Containers
• Serverless technologies like Azure Functions and Logic Apps
• Messaging technologies like Event Hubs and Service Bus
• And, of course, migrations from On-Prem and other Clouds

We look forward to building a community here and engaging in the conversations that our customers are having around Azure.

Noel Morris

The Azure App Consults Team

More information about how Microsoft and our team are working with start-ups can be found at this link.

Content has been added throughout this document to support the CredSSP updates for the CredSSP Remote Code Execution Vulnerability (CVE-2018-0886): https://msdn.microsoft.com/en-us/library/mt752485.aspx

Three changes at https://msdn.microsoft.com/en-us/library/mt226583.aspx

• In Sections 6.1.4.3, msDS-Behavior-Version: Domain NC Functional Level, and 6.1.4.4, msDS-Behavior-Version: Forest Functional Level, certain product names have been removed from the support lists for behavior levels DS_BEHAVIOR_WIN2000 through DS_BEHAVIOR_WIN2003.
• In Section 2.2.20.6 (formerly section 2.2.20.5), KEYCREDENTIALLINK_ENTRY Identifiers, the KeyUsage entry of the KEYCREDENTIALLINK_BLOB structure has been identified as required.
• In Section 3, Details, the service pack number for Windows Server 2003 operating system has been corrected.

Two changes at https://msdn.microsoft.com/en-us/library/mt829317.aspx

• In Section 6, Appendix A: Product Behavior, Windows Server 2016 and Windows Server have been removed from the applicability list, and a new behavior note added to Section 1.5, Prerequisites/Preconditions. 
• In Section 2.2.4.7, TrunBox, definitions to the DataOffset and DataOffsetPresent fields have been added.

In Section 1, Introduction, the applicable server context for this protocol has been clarified to say that it is used exclusively in the context of Windows Multipoint Server scenarios: https://msdn.microsoft.com/en-us/library/mt846360.aspx

In this blog post, App Dev Managers Anand Shukla and Sash Kavalaparambil share some tips on configuring a load balancer for web applications.

Sometimes the way a web application needs to manage state can have a profound impact on scalability and the load balancing configuration.  There are many different options (both software and hardware) to provide load balancing solutions, but they all share some core concepts.  Generally, you start by considering the application requirements for session persistence:

1. Sticky persistence: If the session data is maintained on the Web Server itself (typically in the memory - e.g. Inproc session state in ASP.NET), you would want to configure your load balancer in a way that the requests from same Client is directed to the same web server. Sticky sessions can also be used when you are dependent on local Web Server resources (such as file system).
2. Non-Sticky persistence: If the session data is maintained in a database or distributed caching system (shared by all the web servers), it does not matter which Web Server the request is routed to as all the servers will have access to the shared session store.

Load Balancers can be configured primarily in the following ways for SSL scenarios

1. SSL offloading (or SSL termination): In this configuration, the load balancer receives https request from the client (e.g. a browser), decrypts the requests and creates a new request (http or https) and sends it to the web server. Web Server sends the response back to the load balancer which in turn sends the response back to the browser. In this case, the SSL certificate needs to installed at the Load Balancer (LB) as it handles the encryption / decryption.
   It is lot easier to configure sticky persistence in SSL offloading since the LB can decrypt the request and use the underlying session cookies to route traffic to a specific Web Server. Load Balancers maintain a route table and use that to determine which request with specific session cookie goes to what backend Web Server. You can use other parameters such as Client IP etc. to determine the stickiness but using session cookie is probably the best idea.
2. Pass through: In a pass through, Load Balancer just redirects traffic coming from Client to the Web Servers. If it is an https requests, load balancer's cannot see what is inside the request.
   In this case, there is Client IP is the most useful information that can be used to maintain stickiness. This may work primarily in a controlled Intranet environment, however, this is not optimal as many clients may have same IP (hidden behind a single IP), or Clients can change the IP during a session or sometimes a single client can use multiple IP addresses.

Ideally, you want to design applications for non-sticky persistence which adheres to rest principles and more easily scales to handle high capacity demands. In this case, it does not matter which server the request goes to and load balancers can effectively route the request to web servers using the load balancing algorithms best suited for your scenarios.

Premier Support for Developers provides strategic technology guidance, critical support coverage, and a range of essential services to help teams optimize development lifecycles and improve software quality.  Contact your Application Development Manager (ADM) or email us to learn more about what we can do for you.

I have one VM with UnManaged OS Disk and Data Disk. Now it is really simple to convert them,

Namoskar!!!