In this Tutorial, we will discuss about the factious & advantages of Azure Data Storage Options over the Classical On-premise cost consuming Storage Model.
So, What we will be reading for next 3 minutes. Yes!
- We will explore different Azure Data Storage Options,
- Comparison between Azure Data Storage & On-premise Data Storage
As Microsoft said their next 5 years will be heavily focused on Internet Of Things & Artificial Intelligence. To concur this, they have proposed strong Platform for storing Data in Cloud, as discussed earlier in Core Services Platform post for PaaS, Iaas & SaaS.
Why Should we Choose Azure Data Storage?
- Automated backup and recovery: No need for 24×7 support by Admin Team.
- Replication across the globe: Microsoft Data centers are located across the Globe in 8 Continents & 16 Places. Hence, data will never get lost, if we follow the Security Model, Storage Model & Governance Model proposed by Microsoft.
- Support for data analytics: Microsoft Azure Data Lake Storage Gen2, App Insights will take care of your Application Data & Site Analytics in-depth.
- Encryption capabilities: We might winder, if we use Public Cloud adopted by Microsoft. DO I need to worry about my Data Storage Leakage or sharing. Well, Microsoft has clearly depicted its capabilities through Container Virtualization, VM Virtualization & Cryptographic Key policies for Multi Tenant Workspace.
- Multiple data types: BLOB, File, Queues helps you to save different types of File Format & its Server rendition Models.
- Data storage in virtual disks: Azure can store only up to 8TB of data in Virtual disks. Well, good option tobe considered for Large Blob Images, Videos, Multimedia Formats & its Search Features.
- Storage tiers: Auto assignment of VMs or Storage Containers, helps our clients to sleep peacefully ( Provided, if Budget limit is setted in Azure Portal using Azure Cost Management Preview Feature).
What are Types of data Azure Supports?
Microsoft arrived at the below data types based on the Storage Design Requirements. Lets see few examples:
- Structured – Data with Proper Schema. Ex- Azure SQL Database as Database as a service (DaaS)
- Semi-Structured – Data can be identified by Unique Keys or Tags, can contain ‘N’ number of Columns Ex: Azure Cosmos DB, No SQL Database
- Un-Structured – Documents, Files, Blob( Image, Video) Ex: Storage Containers( Blobs, Files, Queues, Tables)
1. Azure SQL Database
- Azure SQL Database is a relational database as a service (DaaS)
- SQL Database is a high-performance, reliable, fully managed and secure database.
- Migrate existing SQL Server databases using the Azure Database Migration Service(Backend Service –Microsoft Data Migration Assistant)
2. Azure Cosmos DB
- Azure Cosmos DB is a globally distributed database service built for PaaS Strategy,
- Supports Schema less database – you can update Metadata at any point of time. Ex: I have created Azure Cosmos DB & Collection, added First Row or Item with 2 Metadata(Title, ID). In Second Row, I can push new Metadata Fields like( Image URL, Link URL, Description) in addition to existing Fields. It is one of the super cool Feature for Azure developers and it supports SQL Queries also.
- Global availability makes it Top DB tier for Architects choice.
3. Azure Blob storage
- Azure Blob Storage is unstructured,
- Blob Storage can manage thousands of simultaneous uploads, massive amounts of video data, constantly growing log files, and can be reached from anywhere with an internet connection.
- Blobs aren’t limited to common file formats. A blob could contain gigabytes of binary data streamed
- Ability to store up to 8 TB of data for virtual machines
4. Azure Data Lake Storage Gen2
- Contains both structured and unstructured data.
- Mainly Used for Analytic purposes.
- Have Big Data File System capabilities
5. Azure Files
- Azure Files offers fully managed file shares in the cloud that are accessible via the industry standard Server Message Block (SMB) protocol.
- Azure file shares can be mounted concurrently by cloud or on-premises deployments of Windows, Linux, and macOS.
- Azure Files uses the Server Message Block (SMB) protocol that ensures the data is encrypted at rest and in transit.
6. Azure Queues
- Azure Queue storage is a service for storing large numbers of messages that can be accessed from anywhere in the world.
- A single queue message is up to 64 KB in size, and a queue can contain millions of messages.
- Consist of Sender & Receiver Components for sharing messages. A sender can be Web API, Web App, Mobile App and receiver can be any service application capable of listening or accepting to messages.
- Mainly used for distributing loads between servers to balance the Network Load.
Comparison between Azure Data Storage & On-premise Storage Options:
Azure Capabilities over On-premise Servers in simple terms based on our experience. Add your Pros & Cons at comments section.<<will be added here with Courtesy links>>
- A nearly limitless pool of raw compute, storage, and networking components which will expand dynamically based on Customer Utilization. Whereas, On-premise for each additional Server, Database or Load Balancer, needs to pay upfront fee for Infrastructure & Admin dependency is required.
- Speech recognition and other cognitive services that help make your application stand out from the crowd. Whereas, need to identify third-party tools for each set of Enterprise Applications
- Analytics services that enable you to make sense of telemetry data coming back from your software and devices. Whereas, in On-premise analytics is not 90%. Since it will make additional calls or it will be dependent on browser Agent. Third party Tools like AppD, Omniture still lacks a long way behind Microsoft Telemetry services.
- Azure Data stored can be mounted concurrently by cloud or on-premises deployments of Windows, Linux, and macOS. Whereas, server needs to be identified for Different Softwares. Needs tobe categorised as WFE, Application, Database Server. Needs dedicated Team & Disaster Mode/ Back up recovery options should be considered.
- Azure Search supports data crawling, Artificial Intelligence, Cognitive Support, Telemetry Analysis. Whereas, On-premise need to configure Several Application Servers like SharePoint Search Database Content, Crawled Database Content, Indexed Database content, Business Intelligence License procurement.
- Automation Deployment Model supports Hybrid deployment to Azure/ On premise both using Azure DevOps/ Continuous Integration using Multi Platform Gates like Powershell, NodeJS, Jenkins(1000+ Marketplace Tools)/ Continuous Build/ Container Image Deployment Model. Whereas, in On-premise still Automation is night mare requires huge customization & procurement.
- Azure Governance Model is well protected by Inbuilt Security Policies, Compliance Policy Centers, Encryption Policies, Replication & Disaster Recovery Policies. Whereas, Data Classification, Policy Identification & Data Breach Identification requires support from Legal Agencies, Enterprise Consultants & continuous data watch required.
- Azure keeps the Operation Cost at Minimal & Running Cost depending upon utilization. Disk Storage( with Tier Model – Hot, Cool, Archival Model) Cost Management predicted seems to be 98% accurate. Hence, clients can start preparing their budget based on the Architecture proposed & adopted in well advance time. Whereas, In On-premise Performance, Network calls, Operation Threshold Limit can affect Operation cost & running cost. For each Additional resource requires Procurement, Configuration, Admin Support & Budget Allocation in middle of nowhere :)
We can summarize above points in terms of:
- Cost effectiveness (Ex – pay-as-you-go subscription Model),
- Reliability (Ex- Data backup, load balancing, and disaster recovery strategies),
- Storage types (Ex- Azure Cosmos DB, Storage Containers( Blobs, Files, Queues, Tables)
- Agility (Ex- Requirements and New technologies change or adoption).
Hope above points justifies the pricing Model of Microsoft :)
In this post, I ‘ve given you the steps to go through the process of getting your app up into the Office app store so you can start making millions.
Before you decide to submit your app to the store, you need to do a few things:
Read the app store submission guidelines at http://msdn.microsoft.com/en-us/library/jj220035.aspx. These highlight the conditions your app must meet before it will be accepted. Register for a Seller account. Check out http://msdn.microsoft.com/en-us/library/jj220034.aspx how an overview of what info you need to provide and the process of getting one. The Seller accounts can take a few days to come through, so plan ahead and be patient
Make sure you have a logo, screenshots and some descriptive text ready for the app submission. A version of your .app file that has been compiled for Release.
Decided how you are going to licence your app. The app store itself allows you to define how the app will be licensed, will it be free, will it be per purchase, per user, will there be a trial etc. Some of these decisions are not simple and require significant forethought and in some cases additional development work. For our app I decided to keep it simple and go for a free version. Microsoft published a couple of great blogs / articles helping with the licencing over at the Office apps blog.
Finally, make sure you have tested, tested and tested your app again, the submission process is very thorough and tests the functionality of your app across not only IE but all supported SharePoint 2013 browsers.
Once all of the above is ready, submitting your app is relatively simple. Navigate to the Seller Dashboard and follow the prompts to submit the app.
First choose a listing type, our app is for Project Server, so we need to choose an app for SharePoint, then click on next.
In the next screen you will be asked some information about your app like the name, version, category to list it under and some other bits and pieces. The most important part are the testing notes, these are your only real way of passing information through to the testers who are looking at your app.
As we are making the app available to everyone, there is no need to choose Trial support. Click on Next. The final bits to add before you can submit the app are screenshots and some descriptive text and links to support, EULA and Privacy policies.
Once you’ve added that text, click on Next and your ready to submit for validation. From experience, the validation process can take around 3-5 working days. Unfortunately at the moment there is no progress indicator of where you are in the process, with the app either being in a Draft or Approved state. Once the app has become approved, it takes a few hours for it to propagate down into the SharePoint app store and to become available for everyone to download and start using.
Authorization and authentication for apps in SharePoint 2013
OAuth in SharePoint 2013
In SharePoint 2010, the authentication to the site is based on Classic or Claims based or Anonymous Access but in SharePoint 2013, Microsoft come up with the new mode of Authentication called as OAuth.
In case of SP sites, OAuth Process Flow is as follows,
1. User Signs in SP 2013–>Security Token is generated by Identity Provider–>Token is validated & allows the user to Sign in SP sites.
OAuth is an open protocol for authorization. OAuth enables secure authorization from desktop and web applications in a simple and standard way. OAuth enables users to approve an application to act on their behalf without sharing their user name and password. For example, it enables users to share their private resources or data (contact list, documents, photos, videos and so on) that are stored on one site with another site, without users having to provide their credentials (typically user name and password).
OAuth enables users to authorize the service provider (in this case, SharePoint 2013) to provide tokens instead of credentials (for example, user name and password) to their data that is hosted by a given service provider (that is, SharePoint 2013). Each token grants access to a specific site (for example, a SharePoint document repository) for specific resources (for example, documents from a folder) and for a defined duration (for example, 30 minutes). This enables a user to grant a third-party site access to information that is stored with another service provider (in this case, SharePoint), without sharing their user name and password and without sharing all the data that they have on SharePoint.
In case of App authentication, SharePoint 2013 uses the Windows Azure Access Control Service (ACS) as the app identity provider.
2. When is using OAuth required?
The OAuth protocol is used to authenticate and authorize apps and services. The OAuth protocol is used:
- To authorize requests by an app for SharePoint to access SharePoint resources on behalf of a user.
- To authenticate apps in the Office Store, an app catalog, or a developer tenant.
3. Access Tokens
In SharePoint 2013, an OAuth STS is used only for issuing tokens (that is, server-to-server and context tokens). An OAuth STS is not used for issuing sign-in tokens, that is, they are not used as identity providers. So, you will not see an OAuth STS listed in the user sign-in page, the Authentication Provider section in Central Administration, or the people picker in SharePoint 2013.
But, SharePoint 2013 administrators can use Windows PowerShell commands to enable or disable an OAuth STS. SharePoint administrators are able to enable or disable OAuth for a given web application, similar to how they can enable or disable trusted login providers in SharePoint 2010.
SharePoint 2013 implements the OAuth protocol to allow apps that are running external to SharePoint to access protected SharePoint resources on behalf of a resource owner. In the SharePoint incoming implementation of the protocol, the OAuth roles are played by the following components:
External apps take on the role of the client.
SharePoint users take on the role of resource owner.
SharePoint 2013 takes on the role of the resource server.
ACS takes on the role of the authorization server.
An app for SharePoint requests permissions to access SharePoint resources by doing the following:
An app for SharePoint requests the permissions that it needs during installation from the user who is installing it.
The developer of an app must request, through the app manifest file, the permissions an app needs.
5. For an app to be granted the permissions it requested, the following conditions must be fulfilled:
An app must be granted permissions by the user who is installing it.
Users can grant only the permissions that they have; the user installing the app must be able to grant all permissions required by the app, or app installation fails.
6. An app is granted the permissions it asked for when:
An app is installed by a website administrator.
An app is explicitly granted permission by a tenant administrator or website administrator.
An end user gives consent.
In the app manifest file, an app requests access to specific scopes (that is, locations on SharePoint 2013). An app for SharePoint uses a permission request to specify the permissions that it needs to function correctly. The permission requests specify both the rights that an app needs and the scope at which they need the rights. In short:
An app uses permission request scopes to specify the permissions that it needs.
The requests specify both the rights and the scope that the app needs.
Scopes indicate where in the SharePoint hierarchy a permission request applies. SharePoint supports four different content scopes: site collection, website, list, and tenancy. There are also feature scopes for performing search queries, accessing taxonomy data, social features, Microsoft Business Connectivity Services (BCS) features, and Project Server 2013 features.
7. Steps in the SharePoint 2013
The OAuth authentication and authorization flow for a SharePoint 2013 cloud-hosted app is shown in Figure 1.
- A user types a URL in a browser to go to a SharePoint page where a particular app is installed. In this case, the app is a Contoso.com app and the user interface element on the SharePoint page comes from the Contoso.com app.
2. SharePoint processes the page and detects that there is a component from the Contoso.com app on the page. SharePoint must get a context token that it can send to the Contoso.com app. SharePoint asks ACS to create and sign a context token that contains context information (for example, the current user, what web is being rendered on SharePoint, and other context information) and an authorization code. This context token can be used later by Contoso.com to request an access token from ACS. The Contoso.com server can use the access token to talk back to SharePoint if the Contoso.com app wants to make a web service call to SharePoint later.
3. ACS returns the signed context token to SharePoint. The signed context token is signed with an client secret that only ACS and the Contoso.com app share.
4. SharePoint renders the page, including an IFRAME pointing to the app host serverâin this case, Contoso.com. When SharePoint renders the page, it also passes the context token to the IFRAME.
5. The IFRAME causes the browser to request a page from the Contoso.com server. The context token is included in the browser request that is sent to the Contoso.com server.
6. The Contoso.com server gets the context token. Contoso.com validates the signature on the context token. The token is signed with an client secret that only Contoso.com and ACS share. Contoso.com can validate that the token is really intended for it and that it is not a random request from some random server. It knows that it is part of a SharePoint request.
7. If the Contoso.com server wants to talk back to SharePoint, there is a refresh token in the context token that Contoso.com can extract, so that it can include that information in the request to ACS for an access token. Contoso.com uses the refresh token that it extracted from the context token, the context token that it got from SharePoint, and its credentials (which are its client Id value and its client secret value) to request an access token from ACS so that it can talk back to SharePoint.
8. ACS returns an access token to the Contoso.com server. Contoso.com can cache this access token. That way, the Contoso.com server doesn’t have to ask ACS for an access token every time that it talks back to SharePoint. (Or, Contoso.com can make an access token request every time and not cache the access token.) By default, access tokens are good for a few hours at a time. Each access token is specific to the user account that is specified in the original request for authorization, and grants access only to the services that are specified in that request. Your app should store the access token securely, because it is required for all access to a user’s data.
9. Contoso.com can use the access token to make a web service call or CSOM request to SharePoint, passing the OAuth access token in the HTTP Authorizationheader.
10. SharePoint returns the information that Contoso.com requested to Contoso.com. The Contoso.com app renders the IFRAME contents as a per-user request in step 1. This completes the OAuth transaction process. The user now sees the SharePoint page fully rendered.