Hackathon in Columbus–Feb 8th

Thursday, January 30 2014         No Comments

On Saturday, February 8th, 2014, there will be a Windows DevUnleashed hackathon event at the Columbus Microsoft office.  If you have an interest in writing a Windows 8 or Windows Phone application come out and get started.  The morning will cover basics of developing for the Windows store ecosystem, how to build games using Unity & MonoGame, as well as a quick introduction to how Windows Azure can help.  The rest of the afternoon is going to be heads down coding on your app!

Here is a blurb from the registration site:

“This Windows DevUnleashed hackathon-style event is run by your local developer community & completely FREE, thanks to sponsor support! Come learn from experts in Windows 8/Windows Phone client Apps/Games and Windows Azure; kickstart your dream App! Spend the morning with short lectures covering key topics and then start building your App with plenty of help around. Compete with your App by the end of hackathon for a chance to win some amazing PRIZES!!”

Note that there are some prerequisite installs on the registration page, so make sure you load up before you come!

What does PCI Compliance mean for Windows Azure?

Thursday, January 16 2014         No Comments

On January 16th, 2014 it was announced that Windows Azure met PCI DSS Level 1 compliance.  You can check out ScottGu’s blog post about the announcement, or the Windows Azure Trust Center, but what does this actually mean?  Does it mean you can go host a payment gateway on Windows Azure, or store open credit card data there? 

PCI compliance is a standard used for being able to handle card holder data for things like credit cards and debit cards.  By handling I mean not only making charges to a card, but also just storing the data for any reason, such as a merchant that stores your card to make checkout faster, etc.  This compliance is something that I’ve heard as a request from folks looking at Azure for years now.  I used to work for a financial services company and this was definitely a major blocker for adoption for folks in that industry.  While many companies found other uses for Windows Azure, they couldn’t do much for the core business as they needed to have PCI compliance to do so.  Needless to say this is a big deal.

Now, to be fair, the actual underlying systems running Windows Azure in the Data Centers have been PCI compliant for a while now.  This is why you may have seen Microsoft listed on the PCI DSS websites prior to now.  This meant that the Data Centers themselves met a lot of the requirements, but that the exposed customer services didn’t mean all the requirements yet.  According to the Attestation of Compliance from the reviewer the following Windows Azure features are in scope and covered:   infrastructure, development platform, operations and support for compute, data services, app services and network services.  Basically, it looks like everything and the kitchen sink.  I couldn't find any exclusions listed.

Within the PCI DSS guidelines there are 12 requirements.  That sounds simple until you dig into them, but at a high level there are 12.  They cover various aspects of security such as firewalls, physical access, user permissions, policies and more.  You can read all about them on the PCI website and in their quick standards guide (yes, the quick version is 34 pages long).  Each one of these requirements and all of their sub requirements have to be met in order for a solution to be PCI compliant, and that is really the important point.  In order for a solution to be compliant it has to meet all the requirements, since Windows Azure is a platform in which you are resting part or all of your solution then there is still some work to be done on your end.  With today’s announcement Microsoft is bearing some of the burden of compliance verification.  The Customer Azure PCI Guide details out which requirements are met completely by Windows Azure, and which ones will need to be also proved out by the customer (meaning you). 

I’ve worked at a company that dealt with PCI compliance and when auditors were in to verify everything it was always a stressful time.  It’s not that we were worried we’d have issues, but more along the lines of all the effort needed to get the requirements proved out so that the auditor had everything they needed.  There was a lot of prep and research that went into gathering the information.  What Microsoft has done is take some of that load off of you as the customer.  For example, you don’t have to prove out that your routers are secured and synchronized.  The Customer Azure PCI Guide I mentioned above details out each requirement indicating what is met simply because you host in Windows Azure and what needs to be proved by the customer for their solution. 

So, yes, you can create a payment gateway or store credit card data on Windows Azure, but beyond what Microsoft is attesting to you’ll need to cover all the other requirements.  Also, if your solution is hybrid and has pieces located in a data center outside of Windows Azure you’ll need to ensure that all requirements are met there as well.  While it isn’t a blanket that anything running on Windows Azure is compliant, with this announcement you now can begin to work on solutions that require this level of compliance knowing the foundation/platform you are building from is covered.

If you are wondering what the “Level 1” means in the announcement it refers to the level of requirements that need to be met in the PCI standard based first on the number of transactions the compliance holder is going to have go through their system.  The more volume your company goes through the more stringent the requirements you have to meet, which makes sense.  If you process and store tons of card numbers you’re also going to be a much likely target for those who wish to get at that data.  Level 1 means Windows Azure has to meet the highest standards for PCI compliance and is required for any merchant handling more than 6 million transactions a year.  Also, the level a merchant has to meet can also be shifted to the higher standards if they’ve had a breach of security in the past. 

I am certainly not a PCI expert, but I’ve worked with employers and clients who have dealt with PCI in the past.  This announcement is a big deal.  Hats off to the Windows Azure team!

UPDATE - Nov 20th, 2015: Tim Holman has written an article about his own thoughts on Azure PCI compliance. It's well worth a read and makes some really good points. The Attestation of Compliance (AoC) document that was written in 2014 is out of date with the actual listing of services by names and branding. For example, we now call Azure Websites Azure App Service. Without a good mapping of what the very broad coverage mentioned in the AoC refers to it is hard to ensure you are covered.

I'd highly suggest that if you are looking at Azure for a solution that requires PCI Compliance that you perform as much due diligence on your own as you can. Take your solution design and go over it with a fine tooth comb. If necessary, reach out to Microsoft and speak to someone in the Security and Compliance groups to get verification on what is, or is not, covered.

CodeMash 2014: Research list

Monday, January 13 2014         No Comments

Every year I attend CodeMash I have a list of technologies to watch, utilities to try out and topics to research.  I don’t always get around to them all as there just never seems to be enough time.

Here is my list for this year:

  • A Managed code library for AR Drone exists, but seems to be older. Need to find if there is anything newer. Not that I have time to do anything with it.
  • Look into Fiddler Extensions and Fiddler Script. Specifically, is there anything that might help during Windows Azure development when troubleshooting calls to the management API, storage or other services?  Thanks to Eric Lawrence for his talk on Fiddler.
  • Play with the Scratch Pad feature of Fiddler more, especially for use in demos when no internet connectivity is available.
  • Neo 4j graph database. I've not worked with graph databases before and this was used in an example in Jimmy Bogard's talk.
  • MR Unit for testing Hadoop - From Keegan Witt's talk.
  • The Blue Tooth SMART technology is really interesting. There are some really good uses for the technology.  I wish I had more time.  Thanks to Ben Von Handorf for sharing his knowledge on it.
  • Should queue up the "Security Now" podcast via Rob Gillen's talk. Also need to change all my passwords…. daily…


What’s on your list?  Add a comment here or blog about it and add comment link.

CodeMash 2014

Monday, January 13 2014         No Comments

Last week marked my seventh CodeMash, having only missed the very first one (a fact of which I’m still sad about).  As usual, the conference was top notch.  It’s amazing what a small number of dedicated volunteers can pull off.  At the end of the event they brought up the staff and there was less than two dozen folks there.  That’s the all volunteer staff that pulled off a four day conference for 2,000 people.  That’s quite a remarkable feat and my hat is off to them.  The event has grown year after year, to the point that this year they had just as many people in their families KidsMash program as they did at the very first CodeMash conference!

My Automating Windows Azure Session

This year I was honored to be selected to present a session on Automating Windows Azure.  Thank you for the folks that attended the session.  As promised here the resource links I showed on my last slide.  Also provided are the scrubbed copies of the scripts I had shown in my demos.  You’ll need to add your certificate thumbprint and subscription IDs to the scripts to get them to work, as well as change the storage account and cloud service account names to make them globally unique.

I hope you enjoyed the talk.  I will be giving it numerous times this year at various user groups and a few other events.  If you attended this one I’d really appreciate any constructive criticism you have on it.  Either leave a comment or contact me directly.

An Unexpected Session

The weather this year was pretty bad on Monday, so not all of the precompiler speakers were able to make it to the Conference in time for their sessions on Tuesday.  I had the great pleasure of teaming up with Josh Holmes to present a half day workshop on “Speaking for Speakers” to help fill in for another speaker until they arrived.  I had a great time working with Josh on this and the folks who joined us for the workshop were very engaged.  It was awesome co-presenting this with Josh who is someone I admire as not only an excellent presenter, but also a great person.


Thanks to all who organized and attended CodeMash to make it what it was: an excellent event and learning experience.

CINNUG Holiday Gathering and Gaming

Thursday, December 12 2013         No Comments


We have moved the event to the Hyatt place across Mason-Montgomery road.  We are in the meeting room.  The address is 5070 Natorp Blvd.


As I mentioned in a previous post there will be a holiday gathering on Sunday, December 15th at the Microsoft office in Mason.  The Cincinnati .NET User Group will be supplying some treats and there will be plenty of board games to choose from to play. The event runs from 10 AM to 6:30 PM; however, feel free to just stop in when you have time for however long you can stay.

In Case of Inclement Weather

If the weather looks bad or is already horrible then check back at the blog and/or watch my twitter feed @mikewo for updates.  As always, even if we decide the weather isn’t bad enough to cancel the event please take into account the conditions of the roads in your own area and be careful.

CodePaLOUsa 2014 (and discount code)

Tuesday, December 10 2013         No Comments

The awesome CodePaLOUsa conference is scheduled for Feb 24th-26th.  The 24th is a pre-conference day with workshops.  If you’ve not been to CodePaLOUsa, I highly recommend it.  The organizers do an outstanding job and visiting Louisville, KY can be unique experience.  There are a ton of great speakers, and this year Leon Gersing will be giving one of the keynotes, along with Collen Slaughter, Elle Waters and Tim Huckaby. 

If you need to convince your boss they even have a printable PDF with why they should send you.  Also, if it helps, here is a link to the registration site with a code that can get you 10% both the regular conference and the workshop day: https://www.eiseverywhere.com/cpl14?discountcode=Wood .(Promo code is WOOD if the link fails; limited use code, use it quick).

I’ll be there giving a six hour Introduction to Windows Azure workshop of the 24th.  Hope to see you there.

Southwest Ohio Code Camp–Presentations

Saturday, December 07 2013         No Comments

Thanks to the folks who came to my two talks today at SWOCC!  As promised here are links to the slide decks:

Cloud – It’s More than Virtual Machines

Dependable Cloud Architecture

If you have any questions, just reach out!

Southwest Ohio Code Camp

Tuesday, November 26 2013         No Comments

It’s been many years since the Cincinnati-Dayton Code Camp.  The event got merged into the Central Ohio Day of .NET and when that event moved North to Columbus we didn’t move along with it.  The Cincinnati .NET User group has revived the code camp and is hosting the Southwest Ohio Code Camp on Saturday, December 7th.  There are still tickets and you have until Dec 1st to register.

Here’s the tentative schedule:

Creating Single Page Applications with AngularJS and ASP.NET MVC 4 Web API (Brian Woodward)
How I Learned to Love Dependency Injection (James Bender)

Diversified ASP.Net - One Web Project - 4 ASP.Net Frameworks (Jeff Fritz)
AOP for You and Me (Matt Groves)

Mobile ASP.Net Web Forms - Making the impossible possible (Jeff Fritz)
The class that knew too much: refactoring spaghetti code (Matt Groves)

Introduction to HTML5 (Sam Nasr)
Git your .NET on! (James Bender)

Advanced HTML5 and JavaScript APIs
Cloud: It's More than Virtual Machines (Mike Wood)

Infrastructure Automation via Chef and Vagrant (Adam Kunk)
Dependable Cloud Architecture (Mike Wood)


I’m especially looking forward to Brian Woodward’s talk on AngularJS and single page applications.

The cost is $10 to cover food, which is really, really cheap for continuous learning. 

Register Now!

In addition to the code camp there is a Day of Agile on the Friday beforehand.  You can register for that event at the same link.

Holiday Gaming!

Wednesday, November 13 2013         2 Comments


We have moved the event to the Hyatt place across Mason-Montgomery road.  We are in the meeting room.  The address is 5070 Natorp Blvd.


It’s that time of year again when things very busy.  There are gifts to buy, parties to attend, award ceremonies at schools, projects are due, and life just seems to need everything crammed into the smallest time frame as possible before the new year.  I wish I could say that I’ve got an answer to all that stress, but in fact, I’m going to add one more thing you can tack into your calendar for December: A game Day!

When: Sunday, December 15th, 2013 – 10:00 AM to 6:30 PM
Where: The Microsoft Office in Mason, OH -
4605 Duke Drive, Suite 800, Mason, OH 45040
What: Board games and frivolity

Come and reduce some of your stress by having fun with other like-minded geeks and their families.


TRIM Support comes to Windows Azure Virtual Machines

Monday, October 14 2013         No Comments

The Windows Azure Virtual Machines (WAVM) feature uses the BLOB storage service to store the actual VHDs for the guest virtual machines.  The OS disk and any attached data disks are basically giant Page Blob files stored in your Windows Azure storage account. 

When the WAVM feature was first announced someone immediately asked the question, “If I have an 100 GB data Disk VHD file in my storage account, but it’s only got 20 GB of space used am I charged for all 100 GB?”  This was a good question and the answer was a “No, but…”.  Only fixed sized VHDs are supported in Windows Azure; however, the storage system supports sparse files, so if only 20 GB of space was used on the VHD then you were only charged for that 20 GB. 

That’s great, but note that if you then added another 30 GB of data and promptly deleted say 40 GB you would be charged 50 GB of storage.  This is because the VHDs worked like any other hard drive and even though you delete the data the actual pages aren’t really removed (which is why things like undelete work and why we have tools like Kill Disk to completely erase disks on our local hard drives). 

The great news is that a change has been released so that Windows Azure VMs for some Windows OSs now support TRIM-like functionality!  A TRIM command to a Solid State Drive is a way for the OS to tell the drive that blocks of data are no longer valid and can be removed.  This type of functionality is now built in to some of the Windows Servers available in Windows Azure.  Basically the OS tells the Storage system that certain pages are no longer valid and they are removed (just like in the SSD TRIM commands).  Note that this works for deleted files, not files that simply changed in size.  The best thing is that this just happens for you behind the scenes and since it is dealt with at the Host level you are likely already enjoying the benefit of this feature.

The Windows Server 2012 and 2012 R2 virtual machines completely support the TRIM like command for all disks (OS and Data).  The Windows Server 2008 R2 based virtual machines only has this support for the OS disk (which is due to the older OS supporting TRIM only on SATA disks and not SCSI which the data disks appear to the OS as).  They are looking at ways of incorporating the same functionality for the Linux based OSs available on Windows Azure, but there are apparently commands that can be used to force this type of operation on Linux manually (I’m not a Linux expert so I won’t be expanding on that).

UPDATE: May 4th, 2017 - A reader reported that they were told that Windows Server 2008 R2 on Azure does NOT support TRIM for OS Disks.

This is actually a really great feature.  There’s nothing like doing nothing special and saving money while doing it.