Let’s monitor that cloud!

Cloud everywhere.
Pic: Cloud Everywhere, Singapore. Shot on Samsung Galaxy S8

It can’t be just a coincidence that recently many of my friends expressed interest in monitoring how their teams are using their cloud subscription. And yet, all of them have a valid problem to worry about! Let’s talk about this problem, scenario, and solution in this last blog post of 2018 :)

Problem:

A subscription is shared with the team or each member has a separate subscription. Anyone can create any kind of resources (e.g. Virtual Machines, Storage Accounts, Network Security Groups, Web or Application Services, etc…). Even though there are policies and access restrictions which can be forced in Azure Portal, sometimes Administrators or Support engineers require (or literally they ask for) ‘God Mode’ with full access to play around, explore services or fix some things. In this case, monitoring these activities happened in ‘god mode’ & quick remediation or reversal is important before any damage happens.

Scenario:

Sometimes, developers often need to create resources to try out things. For example, they may want to create a Storage Account. Now, we want to enforce rules around Storage Account and make sure that the created Storage Account is accessible only via HTTPs protocol. Or let’s say Network Admin creates a Network Security Group (NSG) and in that case, the policy is to disable or enable specific ports or protocols (UDP/TCP/etc).

Solution:

I consider Azure Services as Lego blocks. You can mix and match and use them together as and when required. In this case, there are multiple ways to handle this scenario and possibly many more. There could be operations team managing this infrastructure using their custom tools. However, being a developer, I’ll focus on two solutions from a developer’s point of view. And I can see there are two easy solutions:

(1) Whenever a resource is created (or executed like Logic App trigger) or modified or deleted within a subscription, a record is maintained at subscription level and resource group level. This log can be further exported to different Azure services to take action. For example, it can be exported (or streamed) to Event Hub for event publishing.

(2) Using Azure Monitor set up a trigger to such records (create, update, delete resources) and take action (Notify by Email/Text, call Logic App, Functions, etc…)

Once these pipelines are set up, these services (Event Hub/Activity Log) will send data in JSON format which can be used to track down what has happened.

This JSON has required information like resource id and resource type. In this case, I’m using Logic App to parse this JSON and accordingly call respective Azure Function which will take the action (by calling Azure Functions). I’m considering two scenarios here. (A) when new Storage Account is created and (B) when new Network Security Group is created/modified with Rules. But there can be many such scenarios!

Now according to the case (NSG/Storage Account), it will call the Azure Function. To modify the resources in subscription, I’m using Fluent APIs which makes life much easier. For example the following code creates a VM using Fluent APIs in US East Region within rgName provided:

Using these Fluent APIs, let’s write Azure Function which will monitor newly created Storage Account and make sure that it is accessible only with HTTPs protocol.

In the above code

storageAccount?.Update().WithOnlyHttpsTraffic().Apply(); 

makes sure that Storage Account is accessible with HTTPs protocol only.

One last thing before executing this function or enabling Logic App, give permission to this Azure Function to modify resources. It can be done by creating and passing service principal or by using Managed Identity option. More details are here on this blog post.  Managed Identity helps to avoid storing credentials in code.

Once this setup is complete, whenever Storage Account or Network Security Group is created, modified & updated, the Logic App will execute and call the respective Azure Function.

Conclusion

Using these various Azure Services, it is possible to monitor the subscription and perform actions on resources as per the rules. This makes governance easier. The sample and code used for Azure Functions in this blog post is available on GitHub here. Clone it and follow the steps there to deploy and run it in Azure subscription.

Advertisements

AI Future Now Event Update

Last week, i.e. on 7th November, I delivered a session at Microsoft AI Future Now event in Singapore. The session was titled as ‘Microsoft Azure – The Best Platform for AI Development‘. The idea behind this session was to showcase fundamental services which Microsoft Azure provides, on top of which other services can be *hosted*.  The session was a primer for the next session delivered by my friend Puneet on Bot Framework & Cognitive Services Deep Dive.

In this session, I covered App Services which can be used to host applications using different Azure Services like Cognitive Services or web application serving Chat bots. I also talked about Azure Serverless Platform and use cases where Cognitive Service can be used to read the receipt and attach the expense details to respective expense report. 

The slides for this session are available on Slideshare and demo for serverless is covered in my webinar on serverless platform which can be accessed from here

Once again, thanks for making this session houseful. Looking forward to see you at next Microsoft community event. 

Namaste,
Mayur Tendulkar

I have a dream

I have a dream. A dream of using my machine with seamless background updates without worrying about the restarts. A dream of using any device without worrying about drivers. A dream to connect projectors, speakers, power plugs without carrying additional adapters. A dream to connect my headphones to any phone, any in-flight system without thinking about splitters and connectors. A dream to use a single USB spec cable with all devices. A dream to collaborate with my colleagues without thinking about collaborating software (and its resource utilization). I have a dream.

Collaboration: Outlook, Teams, Telegram, Slack, WhatsApp, Skype, Skype for Business

i-have-a-dream-collaboration

Adapters: US, Europe, Japan, Asia and what not

photo_2018-10-11_07-23-48

Headset/Speakers: 2.5mm/3.5mm and splitter for in-flight systems

photo_2018-10-11_07-23-51

Adapters/Dongles: USB-C/Mini Display to various formats and network connections

photo_2018-10-11_07-23-54

Namaste,
Mayur Tendulkar

The Case of Custom Ouf Of Office

In 2006-07, when I was writing Windows Mobile apps, I really enjoyed using MessageInterceptor type. Using that, we could build our own workflows based on Text Messaging. For example, send an SMS to the device and if SMS contains “Play”, play a song. If SMS contains “Stop”, stop playing the song. And what not. Oh, and I could say if the message is from my parents, reply “I’m in college” and if from friends reply as “I’m waiting outside the movie theater”.

However, I missed this functionality for a long time with different devices (lack of message intercepting API on some platforms). And recently I eagerly wanted to have it for the email, considering the heavy influx of emails in my new role. I got to know about Azure Logic App Service and thought, perhaps let’s go ahead and build something similar. And for me, this is a fantastic way to learn something new.

Scenario: Let’s build a solution which will read incoming email messages and if the message is from one particularly annoying friend, let’s reply with an equally annoying message. If it is from my manager, let’s reply with some positive update and if from a customer we’ll reply with actual OOF. Well, a lot of email service providers allow you to setup OOF, but it is not customizable for different emails. Outlook in Office 365 allows 2 separate OOF messages, one for members within your organization and one for outside organization. Our solution will provide more customizations.

Step 1: Create Azure Logic App Service

Navigate to Azure Portal and Create a resource. Search for Logic App and click on ‘Create’. Give it a name, select the subscription, create Resource Group and finally select a location near to you.

01. Create Logic App

Once Logic App is created, scroll down the next screen and click on ‘Blank Logic App’. This will allow you to add the logical functionality to the just created app.

02. Blank Logic App

Step 2: Design Logic App – Use Connector & Trigger

Connectors allow you to connect your logic app with the desired service. In our case, we’ll use Office 365 Outlook connector to connect to the mail service. And once you connect to the service, there will be a Trigger to activate the logic app. Again, in our case, it will be an email arriving in our inbox.

03. Logic App Connector & Trigger Webhook

Once you select the connector and trigger, sign in with your credentials and connect the email service with your logic app.

Step 3: Setup the Rule and Switch Case

On this screen select the folder in your mailbox to monitor and other aspects of the email. Click on ‘+ Next step’ and write define your logic.

04. Logic App Switch Case

Depending on the connector selected, you’ll see different options for the switch case. For example, in case of Outlook connector and Email trigger, there can be conditions to check for who has sent the email, if it has attachments, if it has importance set or if it has been sent directly to me or to any distribution list to which I’m subscribed.  These conditions will vary depending on trigger and connector.

05. Logic App Switch Options

Once the Switch is set, let’s set up the cases. Here, I’m checking if the email is from Vikram (Oh, he isn’t the annoying friend :) ) and setting up a reply for him. I can also repeat this for many more senders.

06. Logic App Case Vikram

The next one is for my manager Joao,

06. Logic App Case Joao

You can add as many cases as you want and ultimately add a default case. At the end, the logic app designer will look something like this:

06. Logic App Entire Logic

Finally, once this step is done, Run the logic app and wait for the magic to happen :)

07. Logic App Run

In this situation, if a user sends you an email and if the user falls under the cases, the user will receive the response accordingly and if not, user will receive the default response.

Conclusion:

Logic Apps Service makes it easy to write workflows and automate tasks. And even though we used Logic Apps for email workflow, there are connectors available for different services which you can find here. If this list doesn’t cover your service, you can write one on your own connector and documentation for the same is available here.
Don’t forget to ‘nuke’ the resource group once done with it or you’ll keep replying to all your emails – automagically. :)

Happy coding (or designing workflows :) ).
Namaste,
Mayur Tendulkar

 

 

 

 

 

 

 

Xamarin.Forms And The Case of Failed NuGet Packages – Part 2

Most enterprise mobile apps require enterprise-level authentication mechanism. In that case, people use tried and tested Active Directory Authentication Library (ADAL) or Microsoft Authentication Library (MSAL). ADAL is in GA and it works fine with cross-platform mobile apps built using Xamarin. However, MSAL is in ‘preview’ and it offers nightly builds to try out. I wanted to try the latest nightly build (ver: 1.1.1-alpha0417) as it uses updated Android Support Package and old preview bits of MSAL (ver: 1.1.0-preview) were not compatible with latest  Xamarin.Forms anymore. Here, I was trying to build one app over holidays and I got stuck on one interesting issue. Let’s discuss it in this blog post.

The Problem:

When you create a blank Xamarin.Forms app, it automatically references Xamarin.Forms NuGet along with all the required dependencies.

At this time, when you’ll try to install MSAL, you may get stuck at this issue of versioning.

The reason being Xamarin.Forms NuGet requires a specific version of Android Support Packages whereas Microsoft Authentication Library requires anything above Ver. 25.3.1.

The Solution:

Sometimes, things are very simpler than it looks. I spent a lot of time on solving this issue but was unable to fix it. Thanks to my friend Nish, who helped me with his ‘ problem-solving skills’ and we got this working.

The solution is simple:

  1. Remove all NuGet packages from Android project. For the sake of it, close and restart Visual Studio.
  2. Open the solution and Install MSAL NuGet package first.
  3. After installing MSAL NuGet, install Xamarin.Forms NuGet package.

Bingo!

Now you can build Xamarin.Forms apps with Microsoft Authentication Library. If you want to know more about how to use the SDK, follow the blog post here on Xamarin blog.

Even though I’m talking about Xamarin.Forms and MSAL here, this blog post is very much applicable wherever you’re trying to use any NuGet package which has updated dependency on Android Support Package.

Setup info:
Visual Studio Enterprise 2017 Preview (15.5.2)
Xamarin (4.8.0.753)
Xamarin.Forms (2.5.0.121934)
Microsoft Authentication Library (1.1.1-alpha0417)

Namaste,
Mayur Tendulkar

 

Learn Mobile App Dev & Mobile DevOps Here

DevOps Meme

My friend Prachi tagged me on this meme on Facebook and I couldn’t agree more with her. When I started my career, my entire version control was folders – zipped, tagged and stored on multiple hard-disks. But then things changed. My guru Raj, enlightened me about advantages of version control systems. I learned about how multiple people can collaborate on projects or how errors can be reversed by going through code history if version controls like Team Foundation Server or GitHub are used. I started using those and these days, all my projects and samples are either in Visual Studio Team Services or in GitHub repository.  Going one step ahead, I’m using Visual Studio Mobile Center for DevOps along with these version control systems.

But what is this all about? How it helps in building successful mobile applications? And I thought about answering these questions in a video series. The goal is to explain mobile DevOps and different steps in mobile DevOps in small (less than 10 mins) videos.  After completing this series, you’ll be able to build cross-platform Xamarin.Forms mobile application, which will consume Microsoft Cognitive Service and set-up mobile DevOps for the same.

To follow along with this series, I’m recommending following minimum hardware/software combination:

  • Intel i5, 8GB, 50GB machine with Hyper-V support & Windows 10 Professional
  • MacBook or MacMini with i5, 4GB, 50GB for compiling iOS apps
  • Visual Studio 2017 Community Preview

With these hardware/software additional services used in this series are:

Watch the 1st video here about activating these tools & services to set-up mobile DevOps.

In 2nd video learn about how to setup build automation, using Visual Studio Mobile Center.

I’ll update this blog post in coming weeks with the 3rd video in this series, which will be about building mobile applications.

Stay tuned and subscribe to my blog/channel :)

Namaste.
Mayur Tendulkar

Mobile Mindset for five star mobile applications

These days anyone can write mobile applications. With tools like Xamarin & Visual Studio, it has become a lot easier. But for successful mobile applications, developers need to have what I call a ‘mobile mindset‘. Mobile mindset is developed gradually after using various devices and numerous mobile applications. One can learn many things from developing this mindset. So, what is this ‘mobile mindset’ all about? Let’s discuss it in this blog post.

Before Developer, Be a Consumer

The idea is to use a hell lot of mobile applications. Try breaking the boundary of famous apps and use applications which you’ve never used before. Observe the user experience. As, a number of applications you will use in daily life, you’ll get an idea of how your application needs to be designed. You can get inspired by some applications or learn from mistakes of others.

Mobile Apps != Web or Desktop Apps

In large organizations, a pool of web/desktop developers are trained to develop mobile applications. However, there is a huge difference in mobile applications and web or desktop applications. There are constraints on screen size and resolution, battery power, processing power, network connectivity and multitasking when it comes to mobile devices. Think about all these challenges before architecting mobile applications.

Screens & Navigations

In the case of desktop/web applications, users can navigate to any page or screen anytime easily because there are menus, navigation & address bars. They can even launch another application or site for some task and come back to your application. However, this luxury isn’t available in mobile apps and if the user needs to tap or swipe in your mobile app for more than 3 times to complete 1 task, perhaps it is a high time for you to redesign the flow of your application. When it comes to screen, try to avoid distractions. Heavy use of multiple navigations, controls on the screen, advertisement banners can lead to bad user experience. There are guide available for user experience and navigation patterns. Learn about them and see which one suits for your application. And remember, more screens, more swipes and bad user experience can lead to unhappy users.

mobile-mindset-02

User-Friendly Interface

As compared to desktop or laptops, mobile devices have a small screen. It is often called as ‘screen real estate’. Use it wisely. Make controls and ‘next steps‘ discoverable. Use controls which can expand and contract depending on usage. Give hints to the user. Your app has failed if the user has to ‘google’ next steps or read the user manual to use your app.

mobile-mindset-01

Data – As & When Required

If the user is going to launch your app for the first time, treat him with respect. Don’t collect all the user details. If needed, by providing ‘privacy policy‘, ask for only required details to register with your app or service (e.g. age, email, phone, password) and get him onboard. Once onboarding is complete, depending on requirements gather the necessary information (e.g. preferences, network, etc).

On the other side, when required, download contextual data. It doesn’t make sense to download the entire brochure of products when the user is only interested in check out with the items in his cart. Use paging, pull-to-refresh mechanisms to download the data while confirming available bandwidth. A user may be connected to a high-speed wifi network or may be connected to 4G network on roaming. This can be a costly affair.

Having said that, remember, if it takes more than a minute to get to the first screen of your application when the user launches it for the first time, probably, he’ll switch to other similar application or service.

Use Feedback Channels

Before publishing your application to the store, use tools like HockeyApp to conduct beta testing. Distribute your application privately and check the impact. Include crash analytics. And once testing phase is complete, release it to the store. Because once the application is available in the store, users will download it, use it. But when it will crash, seldom they will report it. But definitely, rate it 1 star. Without annoying, ask user to rate your app. Users talking about your apps is the best marketing for your app you can get for free.

Analyse

Don’t just publish your app in the store and leave it for sinking. Use tools like Application Insights, HockeyApp, etc… which can provide details about app launches, app crashes, unique visitors. You can add code to customize the data collected like gender, age, location, preferences of the user. Consider providing ‘privacy policy‘ and notify user about collecting this information. Once you collect that data, analyze it and depending on that provide customized services to your users. Your users will be happy to receive customized offerings. But don’t overdo it.

These are some of the basics of mobile application development, which helps to build ‘mobile mindset’. Thanks to Dipankar, Pooja & Prashant for their valuable feedback over this post. Try these tips in your next mobile app and let us know your feedback through comments.

Enjoy building mobile apps. Happy coding.

Namaste,
Mayur Tendulkar