Relationships in the Entity Framework

Blobs in AzureBlobs OverviewAzure in a Day TrainingAzure BlobsModule 1: Azure Blobs OverviewModule 2: Blob AccountsDEMO: Setting up a Blob AccountDEMO: Mapping a custom URI to Blob AccountModule 3: Blob ContainersDEMO: Blob ContainersModule 4: Managing BlobsDEMO: Blob REST APIDEMO: Uploading Block BlobsModule 5: Securing BlobsDEMO: Setting Container PermissionsDEMO Shared Access SignaturesAgendaOverviewAzure Blob ModelAccountContainerBLOBSecurityAdditional ConceptsOverview of Windows Azure BLOBsWhat are BLOBSShared Storage RequirementsHow Azure BLOBs Stack UpIntroduction to the Azure BLOB APIsIntroduction to the Azure BLOB Security ModelWhat are BLOBsCollection of binary data stored as a single object or entityMedia FilesImagesVHD According to wikipedia (http://en.wikipedia.org/wiki/Binary_large_object)Jim Starkey - amorphous chunks of data invented by Jim Starkey at DEC, who describes them as "the thing that ate Cincinnati, Cleveland, or whatever"5The ChallengeDo you have enough space?Is the solution elastic?Is it load balanced (available)?Is your data safe in the face of a disk crash (durable)?What are the costs?Up front costs?Management costs? Are your results consistent?Is it performant (enough)?Requirements For Shared StorageScalableAvailableDurableMaintainableAffordableReproducible (Consistent)Scalability and AvailabilityLeverages Web Role infrastructureThousands of disk arraysEfficient FailoverAutomatic load balancing of blobsHot (frequently accessed) blobs served from multiple serversHot blobs cached multiple times

Azure storage leverages Web Role infrastructureJust like there are hundreds of thousands of servers in datacenters available to scale out for web roles, there are also thousands and thousands of disk arrays for storage storage is truly utility computing think of it like electricityEfficient Failover if there is a failure, your data will be served from a healthy replicaThe problemed replica will be re-created elsewherehot blobs will be served from many servers to scale out and meet the traffic needs of your application

8DurabilityData replicated at least 3 timesData is spread out across fault and upgrade domainsCan choose to geo-replicate dataBetween 2 locationsIn same geo-regionAsynchronous replicationFault domainYou can think of a fault domain as a physical unit of failureThere is no clear documentation on MS website, but it is probably best thought of as a rackIt is also not documented (or at least I couldnt find it) what the default number of fault domains are, but it is between 3 and 5Having your data stored across fault domains means that no single point of failure can cause you to lose your dataUpgrade DomainLogical unit of upgrade

9Maintainable and AffordableMaintainableLet Microsoft handle the maintenanceYou concentrate on solving business problemsAffordableNo upfront costsUtility computingPay only for what you use (like electricity)Scale up or down on demand

Azure Blob StorageScalable Sales to thousands of serversAvailable Load balanced; Hot blobs cachedDurable Blobs replicated to at least 3 servers across fault domainsMaintainable Let Microsoft handle itAffordable Utility computing; Pay for what you use; No upfront costsReproducible Consistency guaranteed

Introducing the Azure BLOB APIsREST API - Complete APIClient APIs Wrappers around REST APIAzure .NET SDK (StorageClient)Windows Azure SDK for JavaWindows Azure SDK For PHP DevelopersClient APIs hide complexity ofSigning RequestsMaking HTTP Requests / handling responsesSerialization / Deserialization

Introducing the Azure BLOB Security ModelPrivate AccessContainer Access Controls (ACLs)Shared Access SignaturesBLOBContainer

AgendaOverviewAzure Blob ModelAccountContainerBLOBSecurityAdditional ConceptsBlob Data ModelAccountHighest level. All containers are scoped by storage accountUnit of billingContainerAn account can contain one or more containers1 level - containers cannot contain other containersContain 0 or more blobsAccess policies set at this levelBlobBlock Blob Data ModelAccountContainerContainerBlobBlobBlobBlobAccountThe account is about ownershipShared keys are assigned to accountSet location; Affinity GroupEnable CDN more about this laterAll containers belong to an accountURI to your account: http://.blob.core.windows.netYou can associate a friendly URI to your account

ContainersContain BlobsSingle-levelThink of as a FolderScoped by accountAccess Permissions more laterPrivatePublicFull public read accessPublic read access for blobs onlyURI to container : http://.blob.core.windows.net/

Microsoft Durable, Reliable BLOB Organizational Units 2009 R2Root ContainersDefault container for your accountA BLOB can be addressed in a root container without referencing the root container nameThe root container must be created (there is no root container by default)Create by adding a container named $root

http://deveducate.blob.core.windows.net/$root/EF4.pnghttp://deveducate.blob.core.windows.net/EF4.png

Common Container OperationsListContainersCreateCreateIfNotExistDeleteSetMetadata

Listing ContainersGet reference to CloudStorageAccountGet a CloudBlobClientCall ListContainers()

Creating a ContainerGet reference to CloudStorageAccountGet a CloudBlobClientGet a reference to a containerCall Create() or CreateIfNotExist()

Deleting a ContainerGet reference to CloudStorageAccountGet a CloudBlobClientGet a reference to a containerCall Delete()

DEMOBLOB ContainersAgendaOverviewAzure Blob ModelAccountContainerBLOBSecurityAdditional ConceptsBlob Data Modeldeveducate (Storage Account)images (container)videos (container)Logo.png (blob)Home.png (blob)Contact.png (blob)EF4.wmv (blob)MVC2.wmv (blob)Azure.wmv (blob)http://.blob.core.windows.net//

http://deveducate.blob.core.windows.net/images/Logo.png

http://deveducate.blob.core.windows.net/videos/EF4.wmv

Template:

Example:

262 Types of BlobsBlock blobsOriginal kind of blobOptimized for streaming (uploading a file to be downloaded in its entirety)Max size 200 GBPage blobsIntroduced with 9/19/09 releaseProvide the ability to write to a range of bytes in a blobOptimized for multiple random read/writes (mounting a drive)Max size 1 TBYou have to align to the 512 byte boundry (multiple of 512)Once the blob has been created, its type cannot be changedWith page blobs - All pages must align 512-byte page boundaries

27Adding Block BlobsBlobs 64 MB must be added via BlocksBreak entire file down into blocks < 4MBPUT individual blocks with Block ID, storing the IDAfter all blocks are successfully uploaded, PUT blocklist containing all block IDs (in correct order)Advantages of uploading via blocksNot all or nothingAble to retry failed blocks a.k.a. - ContinuationUploading in ParallelUpload blocks in any order only list of blocks in blocklist must be in orderPut Blob vs. PutBlock/PutBlockListID: 006 ( 4 MB)ID: 001 (4 MB)ID: 002 ( 4 MB)ID: 003 ( 3 MB)ID: 004 ( 3 MB)ID: 005 ( 2 MB)20 MBBreak it down intoBlocks SingleBlobUpload)

SingleBlobUploadThresholdInBytes The maximum size of a blob, in bytes, that may be uploaded as a single blob, ranging from between 1 and 64 MB inclusive. The default value is 33554432 bytes (32 MB)*** This is the enabling property when working with the StorageClient API to take advantage of the Block BLOB functionalityIf the size of the BLOB is larger than what you set this property at, Parallel uploading comes into playThe size of the blocks that are uploaded are equal to what you set the WriteBlockSizeInBytes value

39DEMOUpload BlobAgendaOverviewAzure Blob ModelDevelopmentSecurityBLOB ScenariosAccessing BLOBsPermissionsPrivate Shared Key SigningSET ACL on ContainerVery CourseOptionsFull public read accessPublic read access for blobs onlyPrivateShared Access SignaturesMore Fine GrainedAuthorization PseudocodeCreate storage account; Receive Shared KeyClient: creates a signature string with certain parts of the request in a specific orderClient: Sign the signature string with the keyClient: Send signature string with the requestServer: Repeat steps 2-4 with server copy of shared keyCompare signatures

Neither Can:List Containers Create Container Set Container Metadata Get Container ACL Set Container ACL Delete Container Put Blob Set Blob Properties Set Blob MetadataPut Block Get Block List (uncommitted blocks only or all blocks) Put Block List Delete Blob Copy Blob Snapshot Blob Lease Blob Put PageSetting Container Permissions

Shared Access SignaturesAllow you to apply a more granular access policyImplemented as URL QueryString ParametersAccess Policy consists of:StartTimeEndTimePermissionsAccess Policy can be either:Included in the querystring parameters Applied to the container (container-level access policy)Well get to the container-level access policy in a moment46

Shared Access Signature ExampleURI to resource Shared Access PolicySigned ResourceSigned IdentifierSignatureSigned StartSigned ExpiryPermissionshttp://{account}.blob.core.windows.net/{container}/{blob}?st=2010-11-25T12 00 00TZD&se=2010-11-25T12 30 00TZD&sp=r

&sr=b&si=policyName&sig=WBvuc8uiNHp3L5Sph2tu4XAPsoKNGY99Zltl0YN9qvc%3D

NOTES:

NOTES:sr=b for blob sr=c for container

NOTES:Signed Identifier references a named container-level access policyStart, End and Permissions can be defined there

NOTES:Used to authenticate the request

NOTES:Any or all of these can be applied to a container-level access policy

Container-Level Access PolicyApply permissions to containerMore secure and Best PracticeThose permissions not included in URLPermissions can be revoked Duration can be > 1 hourExample

Shared Access Signature on BlobShared Access Signature with container-level access policyShared Access Signature on Container

Best PracticesUse container-level access policiesLimit the duration to as short as possibleGrant minimal permissionsUse Shared Access Signatures over HTTPSDEMOShared Access Signatures