You are here

Feed aggregator

Avoiding Visual Studio Fakes Build break

MSDN Blogs - 1 hour 49 min ago

If you are using Visual Studio Fakes in your Unit Testing, and you created your test project from any of the below versions of Visual Studio, then if you upgrade to Visual Studio 2013 Update 4, you may start hitting build errors around Microsoft.QualityTools.Testing.Fakes.dll.

Visual Studio 2012

Visual Studio 2013 Update1

Visual Studio 2013 Update2

Visual Studio 2013 Update3


Exact error message : "The type 'Microsoft.QualityTools.Testing.Fakes.Stubs.StubBase`1' is defined in an assembly that is not referenced. You must add a reference to assembly 'Microsoft.QualityTools.Testing.Fakes, Version=, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a'".


To overcome this build error : please follow any of the below workarounds :

1. In all your .proj files that refer this assembly, remove the version info from the reference. (it should not be having

2. In all your .proj files that refer this assembly, turn specific version field of the reference to "false".


Hope this helps.

Installation of the MBAM fails with the error 0x80041010

MSDN Blogs - 3 hours 29 min ago


Hello Everyone,


Many of you would have come across issues with respect to the installation of the MBAM 1.0\2.0\2.5 Client on Windows 7, 8 and 8.1 machines.


The installation of the Client starts as follows:



The installation rolls back in few seconds as seen in the following screenshot.



We will notice  the  following error message in the Application Event logs:


Log Name:      Application

Source:        Microsoft-Windows-WMI

Date:          10/1/2014 1:19:08 PM

Event ID:      10

Task Category: None

Level:         Error

Keywords:      Classic

User:          N/A

Computer:  XXXX.COM


Event filter with query "SELECT * FROM __InstanceOperationEvent WITHIN 30 WHERE TargetInstance ISA 'mbam_Volume' AND TargetInstance.BitLockerManagementVolumeType='3'" could not be reactivated in namespace "//./ROOT/Microsoft/MBAM" because of error 0x80041010. Events cannot be delivered through this filter until the problem is corrected.


err 0x80041010

# for hex 0x80041010 / decimal -2147217392

AXE_E_ASSESSMENT_CRASHED                                       axeerror.h

# The assessment crashed or caused a system reboot without

# first notifying AXE of an impending reboot.

PP_E_EXCLUDED                                                  errormsg.h

# The credential is blocked.

SYNC_E_ITEM_HAS_NO_VERSION_DATA                                synchronizatio


# Operation is not valid as the specified item has no version

# data.

WBEM_E_INVALID_CLASS                                           wbemcli.h



Source:        MsiInstaller

Date:          10/1/2014 1:19:15 PM

Event ID:      11708

Task Category: None

Level:         Information

Keywords:      Classic

User:          N/A

Computer:      XXXX.COM


Product: MDOP MBAM -- Installation failed.


Additionally we would find the following in the MSI logs:


MSI (c) (D8:C4) [19:11:59:227]: Note: 1: 1708

MSI (c) (D8:C4) [19:11:59:227]: Product: MDOP MBAM -- Installation failed.


MSI (c) (D8:C4) [19:11:59:227]: Windows Installer installed the product. Product Name: MDOP MBAM. Product Version: 2.1.0117.0. Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success or error status: 1603.


MSI (c) (D8:C4) [19:11:59:227]: Grabbed execution mutex.

MSI (c) (D8:C4) [19:11:59:227]: Cleaning up uninstalled install packages, if any exist

MSI (c) (D8:C4) [19:11:59:243]: MainEngineThread is returning 1603



 err 1603

# for decimal 1603 / hex 0x643

  csierrWebService_AccessDenied                                  csiErrorDefinit


  ecFavCreateMessage                                             ec.h

  ERROR_INSTALL_FAILURE                                          winerror.h

# Fatal error during installation.

# No results found for hex 0x1603 / decimal 5635

# as an HRESULT: Severity: SUCCESS (0), FACILITY_NULL (0x0), Code 0x643

# for decimal 1603 / hex 0x643

  ERROR_INSTALL_FAILURE                                          winerror.h


At the time of installation if we capture a process monitor ( would see the following


12:21:33.7955823 PM rundll32.exe 35176 CreateFile C:\Windows\System32\mofcomp.exe NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a

12:21:33.7959753 PM rundll32.exe 35176 CreateFile C:\Windows\Installer\MSIEC.tmp-\mofcomp.exe NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a

12:21:33.7964261 PM rundll32.exe 35176 CreateFile C:\Windows\System32\mofcomp.exe NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a

12:21:33.7972865 PM rundll32.exe 35176 CreateFile C:\Windows\system\mofcomp.exe NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a

12:21:33.7977407 PM rundll32.exe 35176 CreateFile C:\Windows\mofcomp.exe NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a

12:21:33.7989175 PM rundll32.exe 35176 CreateFile C:\Program Files\Java\jdk1.8.0_05\bin\mofcomp.exe NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a


By default the environment variables for windows Vista\7\8 are as follows:


C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;{plus program paths}






These are the environment variables which are listed at the time of the issue which is the cause of the installation failure.



This usually occurs when the environment variables have been changed by Code Developers for developing their product.


So we can fix this issue by following any one of the following methods:


Method 1:


Copying the mofcomp.exe from WBEM folder to the default folders like




Method 2:


We can modify the environment variables on your machine by doing any one of the following steps:




1.Open Computer Management.

2. In the console tree, right-click Computer Management (Local), and then click Properties.

3. On the Advanced tab, under Environment Variables, click Settings.

4. Select a user in the User variables for list.

5. Click the name of the system variable (Path)

6. Click Edit to change the value of the Path






1.Open regedit.exe

2.Navigate to the following location:


3.On the right hand pane , select Path and right click , modify and enter the environment variables.





You can verify the environment variables by running the command SET PATH with admin privileges on an elevated command prompt .




Hope this was helpful!


More Information:


Environment variables are a set of dynamic named values that can affect the way running processes will behave on a computer.

They are part of the operating environment in which a process runs.

 For example, a running process can query the value of the TEMP environment variable to discover a suitable location to store temporary files, or the HOME or USERPROFILE variable to find the directory structure owned by the user running the process.

System path variables[citation needed] refer to locations of critical operating system resources, and as such generally are not user-dependent.

%PATH%This variable contains a semicolon-delimited (do not put spaces in between) list of directories in which the command interpreter will search for an executable file that matches the given command. Environment variables, that represent paths, may be nested within the %PATH% variable, but only at one level of indirection.

If this sub-path environment variable itself contains an environment variable representing a path, %PATH% will not expand properly in the variable substitution.

%ProgramFiles%, %ProgramFiles(x86)%, %ProgramW6432%The %ProgramFiles% variable points to the Program Files directory, which stores all the installed programs of Windows and others.

The default on English-language systems is "C:\Program Files". In 64-bit editions of Windows (XP, 2003, Vista), there are also %ProgramFiles(x86)%, which defaults to "C:\Program Files (x86)", and %ProgramW6432%, which defaults to "C:\Program Files". The %ProgramFiles% itself depends on whether the process requesting the environment variable is itself 32-bit or 64-bit (this is caused by Windows-on-Windows 64-bit redirection).



Articles about the environment Variables. --Environment Variables --Recognized Environment Variables --Command shell overview --How to propagate environment variables to the system --Add or change environment variables


More to come soon!


Suganya Natarajan

Windows Core Team

Video tutorials on setting up Direct3D, and a D3D Store app called Gravviti

MSDN Blogs - 4 hours 5 min ago

If you've done Direct3D programming, or if you've taken a peek at the DirectX project templates in Visual Studio, then you'll know that there's a series of steps to follow to get everything set up before you can even think about rendering. I recently published a few videos in a playlist (Programming/D3D setup) that walk through the code involved in this setup work. In them, I've tried to explain what each step and piece does, and why it's needed. You might find the videos interesting if you're new to Direct3D. And even if you're not new to Direct3D, if it's been a while since you thought about or looked at those steps then you might be interested in a refresher.

I use my own codebase as an example, which consists of source files that can be built for Win32 and Windows Runtime (Windows Store and Windows Phone Store), both with and without XAML integration. The videos are meant to convey ideas, and techniques, and principles. The idea is not to give you a fish, but instead to show you some ways of fishing. Once you know what to do, and why you're doing it, writing the code is not that hard; and writing it your way is a lot of fun. Besides, there's loads of code on MSDN, in the DirectX SDK samples, in the Visual Studio project templates, and just generally on the web.

I intend to build on this beginning, and the videos to follow will deal with beginning to get pixels on the screen. There's a lot more in my codebase that I want to demonstrate.

On the same video channel, but in a different playlist (Gravviti tutorials) are demonstrations of the Windows Store app that I published most recently. With Gravviti, you can design cool and fascinating planets and stars (and other unusual abstract, kaleidoscopic effects) and then set them in graceful motion as you fly through them in space. Either sit and watch, or stand your Surface on a shelf among your picture frames, set a slow speed, and enjoy a unique motion decoration. Gravviti is both design and entertainment. It will appeal to the creative and the curious. It's somewhere between an app, a game, and an art tool. It offers a chance for creativity, interaction, entertainment, discovery, decoration, and the enjoyment of a moving art form. You mix together gradients on various visual layers to put together an overall effect of color and light, luminance, shadow, etc. You can make traditional-looking celestial bodies or you can push the math inside the gradient calculators to the limits and see what kind of otherworldly and psychedelic effects you can achieve.

You can get the Gravviti app at

Interactive Visualizations

MSDN Blogs - 7 hours 2 min ago
I was looking at a recent article which provided data visualizations that were rather difficult to understand and analyze. Here is the Washington Post article that I refer to: LINK . This set me thinking about how interactive visualizations empower the reader to engage with the visualization to better understand the data as well as make their own discoveries with it. I found the original data for the article at LINK and selected the Supplemental Table 1 for my experiment with Excel & Power BI...(read more)

A Windows 8 tablet for under $90?

MSDN Blogs - 7 hours 3 min ago

This seems incredible to me! Coles have a 7” Windows 8 touch tablet, with Office 365 Personal, for $89.

It’s just one of a few surprises that I have seen this year, as more and more low-cost laptops, tablets and convertibles (tablets with detachable keyboards) have been appearing. But I never expected a tablet under $100 with Office 365 included (which means it also comes with 1TB OneDrive online storage and 60 monthly Skype minutes).

My daughter’s school is going BYOD for next year, and I’d already decided that I was going to invest in a Surface Pro 3 for her (because of the power of the pen, and because since I got my Surface Pro, it’s made a massive difference to my own notetaking). But my concern was that she may not look after it and it would end up being dragged around without its case.

But seeing the $89 Pendo Pad in Coles, and then watching Top Gear over the weekend, I’ve hit on the perfect plan! She’s going to be receiving a Surface Pro 3 and a Pendo Pad. The Surface will be her main device, and the Pendo Pad is for some lightweight reading, surfing and Skype. But if the Surface gets damaged, then the Pendo Pad is going to be her main machine whilst the Surface is out of action.

I got this inspired idea from Top Gear, where the lads are tailed on their journeys in top marque sports cars by a driver in a surprisingly ordinary car. And if they break down, they are forced to switch into the backup car. Imagine the shame of ditching the Ferrari for a 2 door hatchback. Hoping that same challenge will work for my daughter.

See you at Coles

Using the Docker client from Windows and getting AspNet vNext running in a Docker Container

MSDN Blogs - 7 hours 43 min ago

As Docker progress as a native application on Windows, and Asp.NET progresses direct from Microsoft for running on Linux, I wanted to see how far I could get using what’s out there today. While there are some challenges, there are a couple of simple steps that you can use to get around some initial blockers.

There are known issues in the Docker Windows implementation [Github pull request 9113] – specifically, the use of Path separators – in that in Linux we have ‘/’ and in Windows it’s ‘\’. While GO has a constant for this, the Docker client and server are not handling this platform translation just yet. The trick for this is just TAR up your directory first, then use the ADD Dockerfile command which can handle TAR files natively.

The other key change is downgrading the VERSION number so the client matches the Boot2Docker versions.  While I didn’t see any API changes that would impact this other than the version number.

Here’s an image of it running on a Docker host container (running on Hyper-V Windows 8.1).  Getting here was a bit challenging, but worth it

github repo here:


Here are the general steps that I followed:

Follow boot2docker on Hyper-V setup steps

In the post here you can use that to get Docker via Boot2Docker running in HyperV. Again, all you need is a Docker host, but if you want to be all HyperV this is a way to do it.

Modify Docker client version ‘server 1.15’ (HACK)

Follow the steps to install GO, then clone the Docker git repo – and make a small change to the version number so you’ll be able to attach with the Native client (which is being built against the dev branch from Docker’s Github repo. The Boot2Docker server is still at the prior version.  See the comments in the pull request above where some folks have indicates similar approach.

C:\gopath\src\\docker\docker\api\common.go const ( APIVERSION version.Version = "1.15" Build Docker client with GO

Once you have the docker.exe built, you can put it away safely and kill the repo if you want.

Turn off TLS if you like a simple command line

I turn off TLS for development.  see

“disable it by adding DOCKER_TLS=no to your/var/lib/boot2docker/profile file on the persistent partition inside the Boot2Docker virtual machine (use boot2docker ssh sudo vi /var/lib/boot2docker/profile).”

if you don’t turn it off, you can use TLS and just copy over to your Windows machien the following files then reference them from the ‘docker’ command line or set the environment variables.

If using TLS ‘steal’ the following files from your boot2docker host

The following files sit on the Docker host in /var/lib/boot2docker

  • cert.pem
  • key.pem
  • ca.pem

If you need to SSH into the Docker image:

ssh docker@

Password: tcuser


Run docker client to verify access to your Docker host

Using the Docker client that you built from the GO source (and the hacked version #)

If you set an environment variable, you can avoid passing command line parms each time.

Note that the non-secure port is 2375 by default, and the secure port is 2376.

E:\gitrepos\dockerAspNet>set dock DOCKER_HOST=tcp://

If you’re running via TLS, you can use the Certificate files that are located on the Server and mentioned above:

docker --tls --tlscert="e:\\temp\\docker\\cert.pem" --tlskey="e:\\temp\\docker\\key.pem" --tlscacert="e:\\temp\\docker\\ca.pem" ps Getting ASP.NET vNext running

Now for the fun part.

First, grab (clone) the github repo at:

git clone

Tar files into 1 archive

Then in the ./samples/HelloMvc directory using a tool (such as 7-zip) to ‘tar’ up all the files so you have a ‘HelloMvc.tar’ file. This step is needed until the Docker client/daemon properly addresses File Separator differences between Windows and Linux.

Create a ‘Dockerfile’ with the following: FROM microsoft/aspnet # copy the contents of the local directory to /app/ on the image ADD HelloMvc.tar /app/ RUN ls -l # set the working directory for subsequent commands WORKDIR app RUN ls -l # fetch the NuGet dependencies for our application RUN kpm restore # set the working directory for subsequent commands # expose TCP port 5004 from container EXPOSE 5004 # Configure the image as an executable # When the image starts it will execute the “k web” command # effectively starting our web application # (listening on port 5004 by default) ENTRYPOINT ["k", "kestrel"]

Once this is done the directory should look like this:

Build the Docker package

Now, from the root of the repo (./dockerAspNet/samples in my example) execute the following:

docker build -t myapp samples/HelloMvc

At this point, you should see Asp.NET and all the supporting dependencies fly by in the build interactive console. It will take a bit a time the first time as it will install the ‘microsoft/aspnet’ docker package too. Once that is done, future updates will be faster just for you’re package.

After a bit, you should see something like the following. 


Startup the Container

Now we’re ready to start our MVC app on ASP.NET in our Docker Container on Linux!!!!

docker run -d -t -p 8080:5004 myapp

Navigate to your IP address of your Linux instance:

As Martha Stewart would say – “It’s a good thing…”

Kom godt i gang med C5/NAV 2015 sammen med Firebrand

MSDN Blogs - 9 hours 43 min ago

Kære Partner,

Microsoft og Firebrand afholder i fælleskab tre forskellige kurser rettet mod C5 partnere. Formålet med kurserne er at hjælpe konsulenter og udviklere med erfaring fra tidligere versioner af C5 til at komme godt i gang med C5/NAV 2015.

Vi sætter særligt fokus på de funktioner og opgaver, som konsulenter og udviklere oftest skal løse. Kurserne afvikles som følger: 

Introduktion til konsulent-rollen i C5/NAV 2015
Instruktør: Gitte Lützen
Herning: 15. – 16. januar + 20. – 21. januar 2015                            
København: 29. – 30. januar + 4. – 5. februar 2015

C5/NAV 2015 konsulent-rollen videregående
Instruktør: Gitte Lützen
Herning: 23. – 24. februar 2015                            
København: 5. – 6. marts 2015 

Introduktion til Udvikling i C5/NAV 2015
Instruktør: Palle Arentoft
Herning: 18. – 20. februar 2015                            
København: 2. – 4. marts 2015

Agenda for dagens samt pris for deltagelse lægges snart ud - så følg med på Bloggen.

Med venlig hilsen

Dynamics Teamet

Sale: Save up to 55% on all books & eBooks

MSDN Blogs - 14 hours 30 min ago

Now is the time to load your library with new and top-selling titles from Microsoft Press! Buy 1, Save 35% | Buy 2 or more, Save 55% off the list price of all books and eBooks. Enter discount code SAVEONPRESS during checkout to apply savings. Shop the entire store. Offer ends November 29, 2014.

The Microsoft Press Store offers free U.S. shipping every day. When you purchase an eBook you receive three formats -- PDF, EPUB, and MOBI -- to use on your computer, tablet, and mobile devices.

Cairo Security Camp raffle

MSDN Blogs - 16 hours 54 min ago

Cairo Security Camp raffle

As successful technologists never stop learning and great technology never stops evolving, so don’t miss your chance to be one of the MVA members and win valuable prizes with Microsoft

Microsoft Virtual Academy (MVA) offers you free online training delivered by Microsoft experts to help you continually learn with hundreds of online courses and provides you with certificate for each course that you complete on MVA

Not only do we want to help you learn and increase your knowledge, but we also want to give you the chance to win valuable prizes through our raffle.

The raffle is open to any Developer and IT Professional resident in Egypt

How to participate:

In order to enter the raffle, you need to

  1. Take one of the MVA ( ) courses from the below list to learn
    more & develop your technical skills
  2. Bring the certificate to our booth at Nile university on Friday 28th & Saturday 29th to enter the raffle


List of MVA courses:


  • Microsoft Azure IaaS Deep Dive Jump Start
  • Windows Azure Pack: Infrastructure as a Service Jump start
  • DevOps: An IT Pro Guide
  • Office 365 ProPlus Deployment for IT Pros
  • Expanding Office 365 with Enterprise Mobility Suite
  • Server Virtualization with Windows Server Hyper-V and System Center
  • VMware to Hyper-V Migration
  • What's New in System Center 2012 R2 Jump Start
  • Virtualizing Your Data Center with Hyper-V and System Center
  • System Center 2012 R2 Operations Manager Management Pack
  • Licensing Windows Server 2012 R2
  • Security Fundamentals
  • Understanding Active Directory
  • What's New in Windows Server 2012 R2 Jump Start
  • Advanced Tools & Scripting with PowerShell 3.0 Jump Start
  • Microsoft Desktop Virtualization
  • Windows Server 2012 R2 Essentials
  • The Microsoft Hybrid Cloud: Best Practices Guidance
  • Windows 8.1 User Readiness Toolkit
  • Windows 8.1 Update for Enterprise Jump Start
  • What’s New in Windows® 8.1 for IT PROFESSIONALS?
  • Small Business: Migrating from Windows XP to Windows 8.1
  • Windows 8.1 To Go
  • Windows Performance Jump Start


In these rules “Microsoft”, “we”, “our”, and “us” refer to Microsoft Egypt a Limited Liability Company, the Sponsor of the Competition. “You”, “yourself” refers to an eligible Competition entrant.


AGREEMENT: In order to enter the raffle, you must agree to these Official Rules (“Rules”). Therefore, please read these Rules prior to entry to ensure you understand and agree.

Entry in the Competition constitutes your acceptance of these official rules.

ELIGIBILITY: To be eligible to enter the raffle, you must
be: above the age of 18 (Eighteen) in Egypt at the time of entry. Raffle is
void in all countries except Egypt. Employees, interns, contractors, and
official office-holders of Microsoft and their parent companies, subsidiaries,
affiliates, and their respective directors, officers, employees, advertising
and promotion agencies, representatives, agents, and Judges are ineligible to
participate in this raffle. Microsoft reserves the right to verify eligibility
and to adjudicate on any dispute at any time.

If you are entering as part of a company or on behalf of your employer, these
rules are binding on you, individually, and/or your employer. If you are acting
within the scope of your employment, as an employee, contractor, or agent of
another party, you warrant that such party has full knowledge of your actions
and has consented thereto, including your potential receipt of a prize. You
further warrant that your actions do not violate your employers or company’s
policies and procedures.

Participants will be excluded immediately if:

  1. Their MVA certificate is not within the date of the raffle

SELECTION OF WINNERS:  Raffle will take place in our booth at Nile University during the Cairo Security Camp for all Eligible Entries and winners will be selected.

Microsoft’s Privacy Policy available at will
apply to this Competition and to all information that we receive from your
entry. Entrants agree that personal data entered during the registration,
including name, mailing address, phone number, and email address may be
processed, stored, shared and otherwise used for the purposes and within the
context of the raffle. Entrants also understand this data may be used by
Microsoft in order to verify an entrant’s identity, address and telephone
number in the event an entry qualifies for a prize.


By accepting a
prize, Entrant agrees and consents to Microsoft and their agencies use of
entrant’s place of residence, name, and/or likeness to name the entrant for a
reasonable time after completion of the raffle in promotional and advertising
material of Microsoft (or its agents) as a winner of the raffle without
additional compensation, unless prohibited by law.

accepting a prize, entrant agrees to Microsoft and its agencies use of his or
her name and/or likeness for advertising and promotional purposes without
additional compensation, unless prohibited by law.


INDEMNIFICATION: To the maximum extent permitted by
law, each entrant indemnifies and agrees to keep indemnified Raffle Entities at
all times from and against any liability, claims, demands, losses, damages,
costs and expenses resulting from any act, default or omission of the entrant
and/or a breach of any warranty set forth herein. To the maximum extent
permitted by law, each entrant agrees to defend, indemnify and hold harmless the
Raffle Entities from and against any and all claims, actions, suits or
proceedings, as well as any and all losses, liabilities, damages, costs and
expenses (including reasonable attorneys’ fees) arising out of or accruing from
(a) any App or other material uploaded or otherwise provided by the entrant
that infringes any copyright, trademark, trade secret, trade dress, patent or
other intellectual property right of any person or defames any person or
violates their rights of publicity or privacy, (b) any misrepresentation made
by the entrant in connection with the Raffle; (c) any non-compliance by the
entrant with these Rules; (d) claims brought by persons or entities other than
the parties to these Rules arising from or related to the entrant’s involvement
with the Raffle; (e) acceptance, possession, misuse or use of any prize or
participation in any Raffle-related activity or participation in this Raffle;
(f) any malfunction or other problem with the Raffle Site; (g) any error in the
collection, processing, or retention of entry information; or (h) any
typographical or other error in the printing, offering or announcement of any
prize or winners.


The Raffle is governed by the laws of Egypt and you consent to the exclusive
jurisdiction of the Cairo courts for any disputes arising out of this raffle.


false information provided within the context of the raffle by any entrant
concerning identity, address, telephone number, email address, ownership of
right or non-compliance with these Rules or the like may result in the
immediate elimination of the entrant from the Raffle.


RIGHT TO CANCEL, MODIFY OR DISQUALIFY: If for any reason the Raffle is not capable of running as
planned, including infection by computer virus, bugs, tampering, unauthorized
intervention, fraud, technical failures, or any other causes which corrupt or
affect the administration, security, fairness, integrity, or proper conduct of
the Raffle, Microsoft reserve the right at their sole discretion to cancel,
terminate, modify or suspend the Raffle. Sponsors further reserve the right to
disqualify any entrant who tampers with the submission process or any other
part of the Raffle. Any attempt by an entrant to deliberately damage any web
site, including the or undermine the legitimate operation of the Raffle is a
violation of criminal and civil laws and should such an attempt be made,
Microsoft reserves the right to seek damages from any such entrant to the
fullest extent of the applicable law.


NOT AN OFFER OR CONTRACT OF EMPLOYMENT: Under no circumstances shall the submission of the certificate to
the raffle, the awarding of a prize, or anything in these Rules be construed as
an offer or contract of employment with Microsoft. You acknowledge that you
have submitted your certificate voluntarily and not in confidence or in trust.
You acknowledge that no confidential, fiduciary, agency or other relationship
or implied-in-fact contract now exists between you and Microsoft and that no
such relationship is established by your submission of the certificate under
these Rules.

  • RAFFLE PERIOD: The Raffle will take place on November 29th 2014 (“Raffle Period”) at Nile University.

           Entries must be received within the Raffle Period to be eligible.

IMPORTANT NOTICE: Each entrant has the responsibility to review and
understand its policies regarding its eligibility to participate in this raffle.
If an individual is participating in violation of Entrant's policies or any
applicable law or regulation, that Entrant may be disqualified from this raffle
at the Organizer’s sole discretion.


  • 1 Nokia Lumia 620
  • 1 Trolley laptop bag
  • 1 Hard Disk
  • 1 Power bank
  • 2 laptop back pack
  • 2 Wireless Mouse

Microsoft Egypt reserves the right to substitute the Prizes for other prizes of equal or greater value.

  • Prize cannot be exchanged for cash or any other prize
  • Microsoft Egypt will not be viable for any corrupted prize once the prize has been given to the winner.
  • The winner must present the National ID
  • All prizes must be collected from the Microsoft booth during the raffle time otherwise a new winner will be selected
  • Microsoft reserves the right to delay the submission of the prize in case of shipping issues.


The winner will be announced at Microsoft booth in Nile University during Cairo Security Camp


  • No correspondence will be entered into regarding either this raffle or these Terms and Conditions.
  • In the unlikely event of a dispute, Microsoft Egypt decision shall be final.
  • Microsoft Egypt reserves the right to amend, modify, cancel or withdraw this raffle at any time without notice.
  • Microsoft Egypt cannot guarantee the performance of any third party and shall not be liable for any act or default by a third party.
  • Participants in this raffle agree that Microsoft Egypt will have no liability whatsoever for any injuries, losses, costs, damage or disappointment of any kind resulting in whole or in part, directly or indirectly from acceptance, misuse or use of a prize, or from participation in this raffle.
  • Microsoft reserves the right to disqualify any participant that does not adhere to the terms and conditions or make any change to the terms and conditions at any point of the raffle.


避免由于Windows Update自动安装安全补丁导致VM意外重启

MSDN Blogs - 19 hours 51 min ago

最近我们遇到一些客户报告他们的Windows VM被意外重启导致了其服务中断,我们查看了Event Log发现这个重启的操作时由于Windows update自动安装了安全补丁导致的重启操作。默认情况下基于Microsoft的安全最佳实践,我们建议客户定期检查并安装安全更新。通常在企业内部可以通过Windows Server Update Service(WSUS)或其他的方式集中安装经过测试的Windows更新包,但是在Microsoft Azure环境下为了保证客户Windows VM的安全性,我们默认启用了自动安装Windows补丁的功能,所以出现了这种由于安装安全更新导致到VM重启。当然这些配置都是可以控制和修改的,目前在VM创建的过程中我们并没有在界面上提供相关的选项来关闭这种更新,如果需要更改可以登录VM手工修改Windows Update策略。如果VM在域环境中,也可以通过组策略的方式进行修改,具体操作方法可以参考 。在创建VM的时候我们还可以通过Powershell来完成,这个时候可以通过在Add-AzureProvisioningConfig cmdlet的 DisableAutomaticUpdates 参数进行配置,例如


对于在Microsoft Azure上的VM来说,同样需要注意更新安全补丁,只不过需要特别注意这种默认设置是基于Microsoft的安全最佳实践,并不能适用于所有的客户和场景,大家在使用的过程中需要注意在创建完成虚拟机之后还需要根据企业的需求和配置进行检查,以确保所有的设置是满足业务需求和场景。


如何修复在Microsoft Azure中“虚拟机防火墙打开,关闭RDP的连接端口”问题

MSDN Blogs - 19 hours 53 min ago


我们在使用Microsoft Azure 中Windows 虚拟机,有时会发生错误打开防火墙或一些管家软件错误的关闭了“远程桌面” ,会发生无法再次使用MSTSC.exe 连接到虚拟机的情况。

在下面的步骤中我假定无法RDP的虚拟机名字为VM01, 管理员为Azureuser, 密码为Password, Cloud Service 名为

  1. 在Azure管理网站上创建新的VM (ExtraSmall), 机器名RecoverVM, 用户名 为Azureuser 密码为Password, 放入同一个Cloud service下面。 如
  2. 远程桌面访问 RecoverVM, RDP 端口为 : xxxxx
  3. (关键) RecoverVM内打开REGEDIT,
    使用远程注册表连接到vm01, (可以打开的,原因a. 同一个cloud service下的VM在IP层面是互联互通的,b. Windows中,相同用户名,相同密码在工作组级别是相同安全级别的)

    EnableRDP:  C:\Windows\RemoteDesktopEnabler.cmd (REG_SZ)

    \VM01\HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon               
    AutoAdminLogon : 0x1  (REG_DWORD)
    DefaultUsername: Azureuser (REG_SZ)               
    DefaultPassword: Password (REG_SZ)
  4. (关键)在recoveryvm  用notepad.exe 生成RemoteDesktopEnabler.cmd 复制到 \\vm01\c$\windows
  5. 生成 RemoteDesktopEnabler.cmd 仅适用于英文和简体中文的Windows , Vista 和以上的版本 附件 ::0.Enable Fileshare/WinRM

    netsh advfirewall Firewall set rule group="Remote Administration" new enable=yes

    netsh advfirewall Firewall set rule group="Windows Remote Management" new enable=yes

    netsh advfirewall Firewall set rule group="File and Printer Sharing" new enable=yes

    netsh advfirewall firewall set rule group="Remote Desktop" new enable=yes

    netsh advfirewall firewall set rule group="远程桌面" new enable=yes

    netsh advfirewall firewall set rule group="远程管理" new enable=yes

    netsh advfirewall firewall set rule group="Windows 远程管理" new enable=yes

    netsh advfirewall firewall set rule group="文件和打印机共享" new enable=yes

    ::2 Enable RDP/RDP Firewall

    REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 00000000 /f
  6. 回到management.windowsazure.cn管理网站,重新启动VM01
  7. 等待5~10分钟,使用RDP



  1. 第3步中加入注册表的明文密码,如果担心将来管理不安全,可以去掉,使用Control userpasswords2 来设置自动logon可以不在注册表内写明文的密码
  2. 如果第3步(注册表修改),第4步(文件添加)无法执行,(可能情况,防火墙关闭了所有的端口)。我们可以这样操作。把虚拟机在管理网站中删除(保留磁盘方式)用Recover
    VM加载数据盘方式对 VM01的系统盘进行离线修改。
  3. 使用上述步骤后,将来再次关错防火墙,只要重启一下机器, 虚拟机就可以解决这个问题。



MSDN Blogs - 19 hours 55 min ago

在Windows Azure早期版本中,用户要在某台Azure平台之外的机器与Azure平台内部的机器建立专用连接,可以借助Azure Connect这个功能。当前的Azure版本,已经没有Azure Connect功能,取而代之的是Azure P2S (Point-to-Site) VPN. 新的功能P2S VPN较之以前提高了传输速率。但也有一点不足:之前的Azure Connect支持连接断开后的自动重连,而P2S VPN要求用户通过微软拨号软件手动操作VPN的连接/断开。 

由于这样那样的原因,P2S VPN有时会断开连接。例如网络的不稳定,操作系统休眠,过多的远程桌面连接等等。如果每一次断开,都需要人工操作来重新连接,那是非常麻烦的。在有些场景中,也是不可接受的。例如两台数据库服务器之间借助VPN进行不间断的数据同步。


rasdial "Your VPN name" /phonebook:%userprofile%\AppData\Roaming\Microsoft\Network\Connections\Cm\Your-VPN\Your-VPN.pbk"


rasdial TestVN /PHONEBOOK:C:\Users\shiwang\AppData\Roaming\Microsoft\Network\Connections\Cm\TestVN\TestVN.pbk
timeout 120
goto loop


Connecting to test...
Verifying username and password...
Registering your computer on the network...
Successfully connected to test.
Command completed successfully.


You are already connected to test.
Command completed successfully.



关于Azure Auto Scale的高级属性配置

MSDN Blogs - 19 hours 57 min ago

Auto Sacle是一种自动化管理云服务负载的功能,系统可以根据预先制定的规则,在满足条件的情况下对计算实例的数量进行增减从而可以用来优化使用Azure的计算资源,可以适用于Cloud Service、VM、WebSite以及Mobile Service。

Auto Scale有3种主要时间类型的配置,固定时间、周期性时间及无时间配置。每个配置需要指定最小、最大和默认实例数。

  • 固定时间配置多用于一些可预知的固定事件,例如春节、世界杯决赛等负载可预知的情况。
  • 周期性时间配置主要用于负载具有比较明显的时间特征,例如一些业务应用在工作时间负载较高,而在非工作时间上负载非常低。
  • 无时间配置主要用于对系统的负载无法通过时间进行预测,需要根据其他的度量值来进行调整。


度量值触发器主要是用来描述通过如何收集某种度量信息并在满足何种条件下出发扩展操作。在度量值方面VM的CPU,Storage的blob\queue\table, Service Bus的queue\topics\notification hubs等多种度量信息,关于Auto Scale可以支持具体信息可以参考Azure Service Management REST API Reference。



最近在一些项目中客户反馈Auto Scale的延迟较大,也就是说高负载出现后系统并没有及时的进行扩展,其中主要的问题是并没有对系统的默认值进行修改,如果需要Auto Scale在出现系统压力后尽快的进行扩展并可以将TimeGrain和TimeWindow的值修改的更小一些。但是在设置的时候也需要考虑到增加或减少实例也是需要一定的时间,如果时间设置的过短可能并不能很好的应对负载增加的情况,例如突发在20分钟里出现高峰但是当完成一次增加实例后峰值可能已经过去,这样并不能有效的应对并节约成本。所以在调整TimeGrain和TimeWindow时需要对扩展的实例所需的时间以及应对的场景进行评估。

这些高级配置并不能通过Management Portal进行直接设置,需要通过REST API进行设置或者也可以通过Windows Azure Compute Management Library 进行配置。由于 Windows Azure Compute Management Library目前还是Preview的版本,所以需要通过在Visual Studio中的Nuget Console中通过命令行添加进行引用

PM> Install-Package Microsoft.WindowsAzure.Management.Compute -Version 0.9.0-preview -Pre

下面的方法可以用来显示在指定云服务中相应角色的Auto Scale配置

private static void ShowProfile(string subscriptionId,string base64EncodedCertificate,string cloudServiceName,string roleName)


var autoscaleClient = new AutoscaleClient(GetCredentials(subscriptionId, base64EncodedCertificate), new Uri(ManagementEndpoint));

string resourceId = AutoscaleResourceIdBuilder.BuildCloudServiceResourceId(cloudServiceName, roleName, true);

var autoscaleSettingGetResponse = autoscaleClient.Settings.Get(resourceId);

foreach (var profile in autoscaleSettingGetResponse.Setting.Profiles)


Console.WriteLine("Profile:{0}", profile.Name);

Console.WriteLine("Capacity: Default-{0},Max-{1},Min-{2}", profile.Capacity.Default, profile.Capacity.Maximum, profile.Capacity.Minimum);


Console.WriteLine("Fixed date: start-{0} End-{1} timezone-{2}", profile.FixedDate.Start, profile.FixedDate.End, profile.FixedDate.TimeZone);

if (profile.Recurrence != null)


Console.WriteLine("Frequency:{0}", profile.Recurrence.Frequency);





foreach (var day in profile.Recurrence.Schedule.Days)


Console.Write(day+" ");




foreach(var hour in profile.Recurrence.Schedule.Hours)


Console.Write(hour + " ");




foreach (var min in profile.Recurrence.Schedule.Minutes)


Console.Write(min + " ");





if (profile.Rules != null || profile.Rules.Count > 0)


foreach (var rule in profile.Rules)


ConsoleColor c = Console.ForegroundColor;

Console.ForegroundColor = ConsoleColor.Green;


Console.ForegroundColor = c;






Console.WriteLine("Threshold:{0}", rule.MetricTrigger.Threshold);




Console.ForegroundColor = ConsoleColor.Green;


Console.ForegroundColor = c;









下面的方法用于更新指定云服务中相应角色的Auto Scale的配置

private static void UpldateAutoScaleWindow(string subscriptionId,string base64EncodeCertificate, string cloudServiceName,string roleName,int timeGrain,int timeWindow,int cooldown)


var autoscaleClient = new AutoscaleClient(GetCredentials(SubscriptionId,Base64EnCodedCertificate), new Uri(ManagementEndpoint));

string resourceId = AutoscaleResourceIdBuilder.BuildCloudServiceResourceId(cloudServiceName, roleName, true);

var setting = autoscaleClient.Settings.Get(resourceId).Setting;

foreach (var profile in setting.Profiles)


foreach(var rule in profile.Rules)


rule.MetricTrigger.TimeGrain = TimeSpan.FromMinutes(timeGrain);

rule.MetricTrigger.TimeWindow = TimeSpan.FromMinutes(timeWindow);

rule.ScaleAction.Cooldown = TimeSpan.FromMinutes(cooldown);



var parameter = new AutoscaleSettingCreateOrUpdateParameters();

parameter.Setting = setting;

autoscaleClient.Settings.CreateOrUpdate(resourceId, parameter);


Auto Scale并不是银弹也会有一定的使用场景和限制,如果对系统的性能有很高要求时,需要通过严格的性能测试来评估系统的容量及性能并合理设置相关的度量数据收集时间间隔以及相关的阀值,另外还需要结合对于系统负载产生的过程建立合理的时间计划,这样才能更好的发挥Auto Scale的功能。


在Azure中使用Load Runner测试TCP最大并发连接数

MSDN Blogs - 20 hours 6 min ago

对于Azure中的每一台虚机,它所能支持的TCP最大并发连接数是50万(参考微软官网:。在绝大部分情况下,应用程序不会触及这一限制,从而感觉不到这个限制的存在。但是,在一些极端情况,例如我们设计这样一个测试案例:在Azure中创建一台虚机,并安装Nginx服务器。使用多台Load Runner客户端,持续向Azure中的这台服务器发送HTTP请求。当Load Runner的客户端机器个数足够多,并且网络环境良好,这样的测试有可能会达到50万并发连接数的限制。


1. Azure作为公有云平台,是一个共享的平台。我们不希望个别用户或者虚机,占用了绝大部分的平台资源。这样,对平台上的其他用户是不公平的。

2. 根据我们的调研,绝大部分应用程序在这个限制下完全可以正常工作。


1. 横向扩展应用服务器。例如一台服务器支持50万,那么两台就是100万。这个数字跟随机器数的增加而线性增长。

2. 调整建立TCP连接的方法。例如建立长连接或连接池。




在同一个公有云平台的区域中,使用1台2核虚拟机作为服务器, 4台4核的虚拟机作为客户端分别对服务器进行压力测试。


在服务器上,运行Ubuntu 操作系统。此外安装Nginx 1.4.6作为Web Server。统一部署一个4个字节的index.html文件,用作测试网页的下载。

在客户端上,运行Windows操作系统, 安装HP Load Runner 11,针对服务器的地址进行压力测试。每台客户端上,Load Runner 模拟200个用户同时向服务器发送5分钟请求,获取所有的事务tps信息,包括成功,失败和中止。

在Load Runner下,编写如下脚本进行测试。其中[URL]的部分根据不同的环境进行修改。


return 0;
} 例如: 网络环境:

笔者通过两种方式进行了这项测试,得到同样的测试结果。第一种方式,我们将Load Runner安装在Azure平台的虚机中。第二种方式,通过本地数据中心的Load Runner向Azure中的虚机发起请求。网络拓扑结构如下。请注意,这里画出的四台客户机只是示意,在实际的测试中,我们使用了2台、4台、6台和8台的多种场景。


在测试初期,我们将Load Runner跑在Azure中,得到了如下的TPS图形。

从上面的途中我们在一台Load Runner中看到,当每秒处理的事务数达到430的时候(这时我们共有6台机器,服务器端的TPS在430x6=2500TPS左右),服务器突然不接受任何新的请求,TPS骤然间变成了0。经过排查,我们发现该测试触及了另一个限制 - 每个云服务开放的TCP源端口不得超过64000。



1. 将Load Runner放到不同的云服务中。

2. 为每台测试机指定Public IP。

为虚机指定了Public IP后,或者使用本地机房的物理机所谓客户端,我们即得到了下面的测试结果:



在实际的应用程序设计中,我们可以根据具体的应用程序场景,运用本文谈到的测试方法,来得到系统的指标 - 一台服务器可支持的并发事务处理数(TPS)。通常,服务器处理的瓶颈并不在于TCP并发连接数,而是系统的处理能力,例如数据库查询等。接下来,我们需要检验自己的应用程序是否可以横向扩展,通过增加多台服务器,比较测试结果,我们就可以了解横向扩展的性能变化。根据这两个指标(单台机器处理能力,横向扩展性能指标),我们就可以预估系统的规模。


Windows Azure案例分析: 选择虚拟机或云服务?

MSDN Blogs - 20 hours 18 min ago

作者 王枫 发布于2013年6月27日

随着云计算技术和市场的日渐成熟,企业在考虑IT管理和运维时的选择也更加多样化,应用也从传统部署方式,发展��私有云、公有云、和混合云等部署方式。作为微软核心的公有云平台,Windows Azure提供了三种计算模式(虚拟机、云服务和网站),允许客户快速的构建、部署和管理云端应用程序。本文旨在对如何选择虚拟机和云服务给出一些建议和指导。


虚拟机(Virtual Machines)是Windows Azure基础设施即服务(IaaS)的重要组成部分,支持Windows和Linux操作系统,并提供了多款模板供用户选择。其特点有(不限于):

  1. 自服务式申请并快速的创建虚拟机
  2. 灵活的镜像移动,支持从本地到云端,或者从云端到本地
  3. 自建虚拟机镜像,批量构建统一的应用环境
  4. 快速的挂接和卸载数据磁盘
  5. 支持Windows Azure虚拟网络(Virtual Network),构建局域网络
  6. 完备的管理接口,如管理门户、PowerShell、RESTFul等

云服务(Cloud Services)是Windows Azure平台及服务(PaaS)的重要组成部分,提供两种计算角色(Web Role和Work Role),可构建高可用的分布式云应用程序或服务,并支持自动化应用部署和资源的弹性伸缩。其特点有(不限于):

  • 支持多种开发语言,例如C#,VB,C++,Java,PHP,Node.js,Python
  • 支持分层架构,以构建大型复杂的分布式应用系统
  • 提供本地模拟器,便于开发人员本地调试和测试
  • 部署流线式和自动化,快速将应用部署到Windows Azure的测试(Stage)或生产环境中
  • 在无业务中断情况下,运行时修改资源配置
  • 支持Windows Azure虚拟网络(Virtual Network)
  • 提供Diagnostics功能,从运行的应用程序收集诊断数据


不同的企业所处的行业、IT成熟度、对数据安全和成本的敏感度等方面存在着差异,所以,在面对Windows Azure上运行什么应用这个问题时,各企业也有着不同的判断依据和规划。总体上说,当应用需要具有以下特征时,可以更好的利用Windows Azure的能力和特性,降低总体拥有成本(TCO)。

  1. 高可用——Windows Azure的虚拟机和云服务提供了99.9%的SLA
  2. 高扩展性——Windows Azure的虚拟机提供了垂直扩展(Scale-up)能力,云服务提供了横向和垂直扩展(Scale-out和Scale-up)能力
  3. 互联网接入——Windows Azure的虚拟机和云服务可部署在微软全球数据中心中







如果是新建的应用系统,所使用的开发语言在云服务所支持的范围内,建议使用云服务(Cloud Services);


当通过改造遗留系统迁移到云服务时,需遵循无状态的设计原则,使用Windows Azure缓存服务管理会话,使用Windows Azure存储服务保存和读取非结构化数据,使用SQL Database或者SQL IaaS存取结构化数据。




如果应用系统需要安装软件,例如Active Directory、SharePoint、SQL Server、MySQL、MongoDB等,适合选择虚拟机。




在部署应用时,虚拟机或者云服务并不是二选一的问题,可以考虑采用混合的方式。例如,将数据库部署到虚拟机中,应用服务部署到云服务中。通过Endpoints实现互联互通,也可以通过虚拟网络(Virtual Network)组成一个内部网络。


我们帮助过一家安防领域的企业将其视频监控系统迁移到Windows Azure上。该系统收集远程摄像头发送的实时视频流,由流媒体服务器接受并保存;用户通过浏览器访问门户,可以查看实时视频或监控录像,管理员登录管理服务器对整个系统进行管理和监控。传统的本地部署方式要求客户具备数据机房以部署和运行后台系统,并确保摄像头和数据机房的网络连接,造成项目施工周期长,并产生相应的固定资产投入和运维成本,系统的可靠性、安全性也难以保证,从而增加了项目总拥有成本;同时,一些中小型客户尚不具备硬软件环境和运维能力。所以,为了实现业务覆盖更多的地区,服务更多的客户,提供更加优质的服务,该企业决定采用Windows Azure实现系统集中化部署和运维。

作为一个基于Java架构、经过多年发展已经成熟稳定的应用系统,需要在现阶段快速、平稳的迁移到Windows Azure。因此,我们决定采用虚拟机服务实现这一目标,技术架构如下图所示:

图1 视频监控系统技术架构图

  1. 首先,创建一个地缘组(Affinity Group),确保虚拟机被部署在同一个数据中心中;
  2. 使用地缘组,创建一个虚拟网络(Virtual Network),用于形成一个内部网络,降低系统模块间的数据访问网络延迟;
  3. 创建虚拟机(Virtual Machine), 将所有虚拟机放置在该虚拟网络中,并安装系统组件;
  4. 为提高系统可用性,选择使用两台虚拟机运行管理服务器,并将它们放置在一个可用性组中(Availability Set),确保99.95%的高可用性;
  5. 为提高数据库可用性,使用两台虚拟机运行MySQL数据库,采用Active/Standby模式,默认情况下,主数据库服务器运行;
  6. BS服务器和管理服务器虚拟机上配置终结点(Endpoints),确保普通用户和管理员可以访问相应的门户。

Windows Azure支持CentOS、Ubuntu和SUSE等类型Linux操作系统,提供多种可选的虚拟机配置规格,例如Extra Small、Small、Medium、Large、Extra Large等。在系统迁移过程中,并根据组件对操作系统、计算资源和带宽要求,我们选择了CentOS系统,以及Medium和Large两种配置,通过Windows Azure的管理门户或者Powershell命令,在数分钟内即可创建一台虚拟机,然后,将系统原封不动地安装到虚拟机上。

与传统方式使用本地磁盘作为视频文件的存储介质不同,我们选择使用Windows Azure的数据磁盘(Data Disk)保存视频文件。Data Disk作为页Blob存储在存储帐号的Blobs服务中,利用Windows Azure的云存储技术,确保数据持久性、性能、扩展性和稳定性。但必须清楚的是,Data Disk实际上是一种可以挂接在虚拟机上的网络磁盘,磁盘读写(Disk I/O)性能不可避免的会受到网络延迟影响,另外,由于Blobs服务是多租户的,Windows Azure对Data Disk的磁盘读写进行了限制。所以,单块Data Disk的读写性能显然会弱于本地磁盘读写。

因此,为满足系统的业务指标,我们对磁盘做了优化,采用多块Data Disk挂接在视频服务器上,组建Raid 0磁盘阵列,通过这种横向扩展的方式以提供磁盘读写吞吐量。测试结果显示,这种方式是可行并有效的,例如使用Large规格虚拟机(带宽限制是400Mbps),挂接8块Data Disk组成Raid 0磁盘阵列,可以支持50路8Mbps带宽的视频流,丢包率控制在3%左右,满足业务要求。

目前,我们将系统部署在北部数据中心,将来也可以利用Windows Azure虚拟机的可移动性,将虚拟磁盘(VHDs)拷贝至东部数据中心,并快速的搭建系统,提供业务的敏捷性。同时,Windows Azure的数据中心支持多家主流运营商的网络接入,以应对企业和客户可能面临的网络带宽和延迟问题。



近年来随着移动互联的发展,某电视台除了为观众播放节目内容和资讯外,希望引入实时双向的交流模式,以增强节目与观众的互动性。因此,电视台决定将一年一度的选美比赛开发的投票系统运行在Windows Azure上,观众可以投票支持他们喜欢的佳丽角逐奖项,而投票结果在节目中实时公布。

这套系统的挑战是显而易见的:数百万观众在十几分钟内通过手持设备提交投票,意味着系统需要支撑每秒数千个请求以确保投票的稳定运行。这是一种典型的云计算模式(Predictable Burst),可以预见到在节目时间段系统的工作量将急速上升,与平时相比,需要增加大量的基础架构资源来提高系统的吞吐能力,确保系统能够正常的处理用户请求,避免请求拒绝、响应时间过长,甚至系统宕机等异常发生。为了降低前期投资,快速的开发应用,能够短时间处理激增流量,我们选择了具有高扩展性和可用性的云服务来构建和运行该系统。

图2 在线投票系统技术架构图

  1. ASP.NET Web Role负责接收来自客户端的请求。值得注意的是,客户往往会认为只要将现有应用运行在云计算上,就天然的具备了横向扩展能力,其实不然,尽管Windows Azure提供了支持横向扩展的基础架构和服务,但在应用架构设计时,应遵循角色实例无状态性(Stateless)原则。也就是说,应用在Web Role实例中不应存取本地文件或数据,而是将会话状态和缓存保存在独享缓存服务(Dedicated Caching)中,其它数据可以通过投票服务保存到数据库或者Windows Azure存储服务中。这样一来,Web Role实例在本地不存储数据,当动态增加或减少角色实例时,负载均衡设备通过轮询机制可能将请求路由到不同的实例上,但处理结果应该是一致的;
  2. 投票服务Web Role负责统计和查询投票信息,校验投票的有效性,记录投票信息等。与ASP.NET Web Role的分离设计,可以确保无论在界面层还是业务处理层,都可以根据预计负载情况进行横向扩展;
  3. 短信网络由电信运营商提供,所以投票系统利用虚拟网络(Virtual Network)在投票系统与短信网络之间建立VPN通道,保证短信发送的可靠性及降低网络时延;
  4. 使用了Windows Azure SQL Database保存和读取用户权限、投票等所有数据。
  5. 观众通过手机、平板或电脑访问ASP.NET Web Role投票页面,投票结果经过后台处理被保存到数据库中。而主办方在节目现场通过客户端应用可以浏览和统计投票结果,决定奖项的归属。


  • 分层设计,系统由界面层(ASP.NET Web Role)、业务处理层(投票服务Web Role)和数据库层(SQL Database);
  • 无状态设计,为了支持ASP.NET Web Role实例的横向扩展,采用Windows Azure缓存服务管理会话状态;业务数据放置在SQL Database中,投票服务Web Role实例不保存任何业务数据,同样支持横向扩展;
  • 数据分片设计,考虑到SQL Database单实例的容量和并发连接限制,采用SQL Federation实现投票数据的水平分片(Horizontal Partition),数据查找逻辑由投票服务Web Role进行控制。

经过性能和压力测试,系统部署使用了上千个CPU核数(Cores),合计上百台虚拟机。投票系统从设计、开发、测试到上线,仅用了六个星期。活动举办期间,Windows Azure数据中心和投票系统运行正常,未接到延误或故障情况出现的报告。


通过这篇文章,希望更多的朋友能够了解Windows Azure的虚拟机和云服务,并在制定应用的Windows Azure迁移计划时选择合适的服务,以满足应用设计目标,并最大化利用Windows Azure提供的服务能力。



Windows Server基础架构云参考架构:硬件之上的设计

MSDN Blogs - 20 hours 48 min ago

作者 王枫 发布于2014年1月27日


毫无疑问,移动互联网、社交网络、大数据和云计算已经成为IT发展的四个大的趋势。其中云计算又为前三个提供了一个理想的平台。今天不仅互联网公司,很多传统行业的大中型企业也在建设自己的私有云。本文旨在介绍一个基于Windows Server 2012和System Center 2012 SP1构建基础架构云其硬件部分的参考架构。


  • 从运维角度,整个架构应该易于扩展,从小到4个机柜至大到整个数据中心可以方便的进行扩展和容量规划。
  • 从用户的角度,整个架构应该可以兼容不同的应用类型,比如对计算敏感型,大内存型,和IO密集型等不同类型。
  • 从服务交付的角度,整个架构应该能够满足不同的服务等级需求,如需要高可用的和无需高可用的。
  • 从经济型角度,整个架构应该不依赖特定的硬件厂商或产品。

Windows Server基础架构云的参考架构

Windows Server基础架构云的参考架构如下:

图1 Windows Server基础架构云的参考架构



图2 Windows Server基础架构云的硬件架构模型

标准IaaS SKU

企业内部系统传统上主要通过冗余来实现高可用,例如对于一台服务器,所有的组件能冗余的都要冗余(比如内存、硬盘、网卡、电源),有的系统甚至实现了主板、CPU的冗余,但这样一来就意味着要投入昂贵的硬件。与此不同的是,市场上主流的公有云服务商为了给大部分客户提供低成本的服务,将高可用的责任很多时候交给用户来处理,比如要求用户的应用需要具备弹性能力(resilience),将相同角色的多个实例部署在不同的Fault Domain/Update Domain中来提高整个服务的高可用性。在本设计中我们借鉴了公有云的这一经验,不要求采用如此高度冗余的设备,相反我们的故障单元是机柜而不是里面某台服务器或存储,也就是说我们关注的是跨机柜的可靠性,包括了基础架构、平台、应用和数据。但同时考虑到对于私有云,更多的时候面临的是将企业现有的应用迁移到云上,这些应用很可能不能很好的处理stick session等问题,很难通过横向扩展多个无状态的实例来实现高可用,故而私有云IaaS在设计时还是应该考虑到为传统应用,甚至为传统上很难实现高可用的应用提供基础架构层级的高可用性服务。在这个设计中对于没有高可用性需求的用户,也可以在下面的设计中增加非群集的Hyper-V服务器和存储服务器来提供不同服务等级的服务。

图3 标准IaaS SKU的构成


对于计算节点我们设计了两组网络,所有的虚拟机发生的网络访问流量都走租户网络上的虚拟网络,而虚拟机发生的存储访问流量都重定向到物理机操作系统通过数据中心网络使用具备SMB Direct的SMB3协议直接同文件服务器群集通讯。

图4 计算节点的实现



  • 租户到租户的通讯
  • 租户到外部的通讯


  • 到存储节点的通讯(也就是到文件服务器,使用RDMA网卡)
  • 虚拟机的实时迁移
  • 虚拟机存储的实时迁移
  • 群集心跳线





Intel Sandy Bridge CPU, 2 Socket x 6 cores (ES2640, Core frequency 2.5 GHz) = 12 cores


16 DIMM x 8 GB = 128 GB


内置 200 GB SSD (eMLC)


2 x 10 GbE onboard (虚拟机所用的网络)

2 x 10 GbE mezzanine with RDMA (用于访问存储节点、管理和实时迁移)

 表1 计算节点的标准配置


本设计中采用的存储架构是基于Windows Sever 2012的故障转移群集。以两节点来实现连续高可用(Continuous Availability)。为了提高性能,减少对于主机CPU的压力,采用了RDMA网卡,借助Windows Server 2012的SMB3文件服务器为计算节点提供Hyper-V虚拟机的存储。

图5 存储节点的实现

存储节点通过SAS HBA卡连接了共享的SAS接口硬盘柜,每个节点到磁盘柜额带宽高达48Gb/s (2x4x6Gb/s)。


  • 到计算节点的通讯
  • Storage Space重定向流量
  • 备份和复制流量





Intel Sandy Bridge CPU, 2 Socket x 6 cores (Core frequency 2.5 GHz) = 12 cores


16 x 8 GB = 128 GB


2 x 10 GbE mezzanine with RDMA


132 x 2.5” 10K SAS 900 GB Drives

2 x JB9

表2 存储节点的标准配置


图6 计算节点和存储节点的连接



  • 每个数据中心2个汇聚层交换机
  • 每个机柜2个租户网络交换机
  • 每个机柜2个数据中心网络交换机


  • 4 x 10 GbE租户网络接口聚合
  • 4 x 10 GbE 数据中心网络接口聚合 -> Aggregate
  • 16 x 10 GbE 聚合到核心交换


图7 网络的冗余设计


企业在设计自己的基础架构云时可以考虑采用或者部分采用上面的设计,事实上微软自己的很多产品已经采用了上面的设计,比如微软SQL Server 2012的并行数据仓库(PDW)就采用了类似的架构。微软自己的模块化数据中心也是采用一样的架构。




浅析基于微软SQL Server 2012 Parallel Data Warehouse的大数据解决方案

MSDN Blogs - 21 hours 9 min ago

作者 王枫发布于2014年2月19日   


随着越来越多的组织的数据从GB、TB级迈向PB级,标志着整个社会的信息化水平正在迈入新的时代 – 大数据时代。对海量数据的处理、分析能力,日益成为组织在这个时代决胜未来的关键因素,而基于大数据的应用,也在潜移默化地渗透到社会的方方面面,影响到每一个人的日常生活,人们日常生活中看到的电视节目、浏览的网页、接收到的广告,都将是基于大数据分析之后提供的有针对性的内容。

微软在大数据领域的战略重点,在于更好地帮助客户“消费”大数据,让所有的用户都能够从几乎任何规模任何类型的任何数据当中获得可以转化为业务执行的洞察力。基于这一战略���微软发布了新一代并行数据仓库一体机SQL Server Parallel Data Warehouse(简称PDW),提供大规模并行处理并具备灵活线性横向扩展能力的数据仓库平台,其主要新特性主要体现在以下3个方面:

  • 为大数据而建: 通过Polybase这一数据处理的突破性技术统一查询结构化、半结构划和非结构化数据,帮助用户使用最熟悉的标准SQL语言即可轻松实现Hadoop表和关系型数据库表的关联查询。同时,由于目前大部分常用的商业智能分析工具都无法直接查询Hadoop, 而Polybase技术通过从数据库平台层面对Hadoop的集成,使用户可以采用熟悉的现有商业智能工具即可实现对大数据的灵活分析和展现。例如,用户可以利用熟悉的Microsoft Excel在同一表格中分析结构化和非结构化的数据。
  • 新一代性能与规模:采用可更新的 xVelocity 聚集列存储技术,实现高至50倍的性能提升。基于大规模并行处理引擎技术,提供从几个TB到PB级数据的线性横向扩展能力。
  • 最优化的软硬件价值:SQL Server 并行数据仓库一体机具备预装的硬件和软件,集成了目前微软最新一代的软件创新技术如xVelocity 列存储、Polybase、Windows Server 2012 Hyper-V虚拟化技术,Storage Spaces存储技术等驱动精简高效的硬件架构,提供性价比优势。

本文将深入介绍SQL Server 2012 Parallel Data Warehouse的Polybase技术,并结合具体业务场景示例讲解Polybase技术如何为业务人员提供简单易用的大数据解决方案。



  • 用一个外部表来定义Hadoop中数据的结构。
  • 通过运行SQL语句实现对Hadoop数据的查询。
  • 通过PDW可关联查询Hadoop数据与关系型数据库PDW中的表,实现Hadoop与PDW数据的整合。
  • 通过运行SQL命令来查询Hadoop并将结果集保存到PDW的表中,轻松实现将Hadoop数据导入到PDW。
  • Hadoop也可以作为PDW的一个在线数据归档系统,通过运行简单SQL命令即可将PDW中的数据导出到Hadoop,并随时通过PDW对归档在Hadoop中的数据进行在线查询。


首先,在PDW关系型数据库中可以创建一张表[dbo].[nws_ffg7],存储来自于美国海洋气象局National Oceanic and Atmospheric Administration(简称NOAA)的数据。与SQL Server 2012的体验相同,我们可以通过标准的SQL Server Data Tools工具来连接PDW,如下图所示。基于[dbo].[nws_ffg7]表可以创建一个视图CREATE VIEW flashflood AS SELECT * FROM [dbo].[nws_ffg7]。通过查询flashflood视图返回的结果集可以看到,这张表里面主要存储美国各个州的名称、地理属性信息如经度、纬度,以及各州在未来多个时间段的降雨量预测信息,如未来1小时(HR1列)、3小时(HR3列)、6小时(HR6列)等等。

然后在Hadoop环境当中,我们将来自于另外一个数据源 – 美国人口调查局US Census Bureau的数据导入到Hadoop环境中,这个数据主要包括美国各州的具体人口分布信息。

为了便于进一步深入分析各州的降雨量预测与人口分布情况的关联,我们需要将Hadoop中的数据与PDW的数据进行联合查询及分析。如下图所示,我们首先需要在PDW中创建一个外部表External Table,将这个外部表的数据源地址指向Hadoop集群中存放人口分布数据文件的路径,并定义一些相关的元数据信息。外部表在PDW中只存储关于Hadoop中数据的一些元数据信息,并不会物理保存Hadoop的数据。

外部表创建完毕后,为了方便后续查询,我们可以基于这个外部表创建一个视图Create View census AS SELECT * FROM [dbo].[census_external]。通过直接运行标准的SELECT语句即可查询Hadoop中的人口分布数据信息,如下图所示。我们从返回的结果集可以看到,Hadoop中的数据包括美国各州的人口数量、家庭数量、以及超过69岁以上的人口(Pop_Age_Over_69列)等信息,如下图红色圈出。


下面我们基于常用的Microsoft Excel作为商业智能分析客户端,利用Excel的PowerPivot和PowerView功能来进行一些数据分析和决策支持。首先可以打开Excel 2013的PowerPivot管理界面,选择从SQL Server数据源导入数据。



下图是一张业务人员通过Excel 2013的PowerView制作的报表,报表中集成了Hadoop中的人口分布数据与PDW中的各州降雨量预测数据,以图形化的方式清晰展现出Sandy飓风即将袭击范围内各州超过69岁的人口分布状况并结合未来6小时的降雨量预测。





数据消费的用户大部分其实是业务人员,而并非IT技术人员, 能够使业务人员直接消费Hadoop当中的数据也就是Polybase技术的设计初衷。Parallel Data Warehouse的Polybase技术作为关联Hadoop与传统关系型数据库的一个桥梁 (如下图所示),从底层平台层面使两边的数据能够互联互通,为业务人员提供了自助分析的便利,并且集成来自不同数据源包括Hadoop数据,业务或技术人员都无需学习编写复杂的Map Reduce脚本,只需要使用最熟悉的标准SQL语言或者是商业智能分析工具如Excel, 即可实现对大数据的灵活分析和展现,方便快捷地响应业务需求并支持业务决策。






审计署选择了基于微软SQL Server并行数据仓库的大数据云平台方案,用于解决海量数据大规模并行分析处理、分布式存储及管理问题。


注: 本文中所引用的Polybase示例来自于Insight through Integration - A demonstration of integrating data from Hadoop and SQL Server Parallel Data Warehouse to visualize demographics for Hurricane Sandy, by Murshed Zama. Murshed Zaman现任职微软SQL产品组 Customer Advisory Team客户咨询部高级项目经理,专注于SQL Server Parallel Data Warehouse, ColumnStore, Hadoop, Hive and IAAS等技术。 12年以上包含多个行业如电信、零售、网络问题、供应链管理等的数据仓库经验。



在Windows Azure公有云环境部署企业应用

MSDN Blogs - 21 hours 35 min ago

作者 王枫 发布于 2014年4月5日        


Windows Azure已经成为众多IT服务提供商们热议的话题,其中,有的认为只有提供互连网用户服务的应用才适合放在公有云环境内运行。然而,事实上,在当前Windows Azure环境上,有许多企业也把企业内部的应用放在公有云上,它们包括

Web/Brower架构。Web服务器直接放在Windows Azure环境中,方便企业内员工通过HTTPS方式连接到企业内网或互联网访问。特别在跨国企业环境中,这样做可减少公司内部不同国家的办公室之间网络流量。

Client/Server架构。应用服务器放在Windows Azure环境中,用户端的应用可以部署在PC或移动设备上,方便用户访问。如果考虑网络安全,还可以加上VPN或其他安全保护机制。

本文主要介绍某个企业将原本在企业数据中心的应用的迁移到Windows Azure上部署的案例。在该企业的数据中心里,该应用是让企业购买软件后自行部署到物理机的,企业要安排IT人员到客户端去协助维护与更新软件。迁移到Windows Azure中部署成在线服务之后,可以节省原本要另外购买服务器硬件的成本,同时也减少了IT对客户服务的工作量,以后升级及维护的工作可以通过脚本直接在Windows Azure环境中对所有虚拟机和软件进行配置。本文主要内容有:对迁移前的应用架构的关键点分析、部署过程中需要调适的配置、可能的不同部署方式等。Windows Azure应用部署原则按照应用实际运行的最佳环境需求设计。

以下内容先介绍针对要迁移的应用的架构环境进行调研,然后介绍迁移到Windows Azure的过程。调研工作主要从从硬件、网络、存储、应用等四个方面进行,了解原有环境存在的缺点与客户期望的改进。然后说明迁移到Widnows Azure后的优点以及实现了哪些改进。




迁移到Windows Azure虚拟机环境后可以提高服务器的硬件资源使用效率。


默认情况下,网络环境应该把不同客户的虚拟机网络都隔离开来,可以使用Vlan ID在同交换机上隔离网络通道。但是因为需要在所有服务器上打补丁(应用本身的补丁与Windows Server, SQL Server的补丁),所以必须与管理服务器连接,这在物理交换机上很容易实现。但是,迁移到Windows Azure环境里之后,就只能使用Azure本身的Virtual Network来做,解决方案会在后面详述。






这是典型的符合从物理机转换到虚拟化环境然后再迁移到Windows Azure的场景。本文主要讨论如何使用Windows Azure解决方案满足客户的期望。以下是四个方面是主要且常见的需求:

  • 物理机资源使用率提高与虚拟机容错
  • 网络可以隔离,但是管理环境的网络必须连接到每一部服务器
  • 数据存储高可用性提升
  • 应用与数据库扩容



在Windows Azure环境里不需要去考虑物理机硬件,因为物理机的管理已经由Azure完全负责。




  • 客户数量增加时,虚拟网络的数量管理变得复杂
  • 实际压力测试结果,当虚拟机数量增加时,通过公网在所有虚拟机上打补丁会影响到客户用公网连接网站服务器的效能
  • 考虑上面两点,在此环境的最佳作法是
  • 减少虚拟网络数量,依照打补丁虚拟机群的设计区分虚拟网络(并非隔离)。在虚拟网络之下新增子网络数量,不同客户的虚拟机放在不同的子网络(仍未隔离)。虚拟机服务器隔离的配置是在增加新的虚拟机时执行配置脚本,用Windows虚拟机本身的防火墙配置开启相同客户的服务器还有管理服务器连接同时阻绝其他的服务器
  • 因网络层并未隔离,所以打补丁可以走虚拟网络完成工作,不会影响公网的客户连接


此项目在不同城市的数据中心设置了两个Windows Azure的存储帐号,并把客户的数据在两个Azure数据中心同步,以满足基本的高可用性需求。


  • 比较安全的作法是把数据放在公司网络,网站与应用服务器放在Azure,中间通过Azure的Connect功能建立VPN连接保护资料传输。这种作法安全性高,但是降低了网络效率。
  • 数据拷贝一份到Azure的存储,部署到Azure里的数据库虚拟机里设置为只读,仅提供查询。要写入的数据仍然导向VPN连接到公司网络的数据库服务器上处理。此种方法应用代码修改多,数据更新稍慢。


此部分是此项目进行中最精华的部分。原有应用已经有了负载均衡功能,但关键是要有网络硬件的负载平衡器来分配多并发的连接要求,在Windows Azure默认的部署方式默认支持公网IP地址负载平衡,只要在加入新的虚拟机时选取,可取代原有环境中的硬件负载平衡器。

图为原有环境中使用WCF服务器的负载平衡,但是如果内部虚拟网络IP地址也有负载平衡的需求,则可以在修改应用代码让网站应用本身去选择连接多部后端服务器。虽然Web Role与Worker Role能够通过虚拟网络内的通道直接进行通讯,但Windows Azure在内部虚拟网络的环境中没有提供负载平衡的功能。要做到内部网络IP地址也能有负载平衡,我们可以自行编写代码完成,

举例说明:端口10101对应第一个实例,端口10102对应第二个实例,依此类推。Windows Azure SDK 1.7版本内有一个功能——InstanceInput,这个功能可以让用户端应用(或前端网站服务器)直接连接到后端的服务器实例(任选Web Role或是Worker Role)。以下是完整的InstanceInput功能导览:

  1. 用Administrator帐号启动Visual Studio
  2. 建立一个新的”Cloud Service”后,建立一个WCF服务的Web Role命名为WCFServiceRole
  3. 用以下的代码建立一个角色实例 public string GetData(int value) { return string.Format("From {0} - You entered: {1}", RoleEnvironment. CurrentRoleInstance.Id, value); }
  4. 然后,在服务部署的地方加代码来关闭地址过滤功能 [ServiceBehavior(AddressFilterMode = AddressFilterMode.Any)]


  5. 在此Solution内部新建一个控制面板命名为”WCFClient”
  6. 按 Ctrl+F5来运行一次这个Solution
  7. 在WCFClient上右单击后点选Add Service Reference…
  8. 在Add Service Reference的对话框内输入服务地址http://,然后单击Go,再接着单击ok
  9. 把下方代码加到Main方法,解决命名空间的解析: Service1Client client = new Service1Client(); Console.WriteLine(client.GetData(100)); client.Close(); Console.ReadLine();
  10. 右单击WCFClient后点选Debug->Start new instance客户端应该显示From WCFServiceRole_IN_0 – You entered: 100。在控制台窗口中按[Enter],停止客户端。


  11. 关闭浏览器来停止云服务实例。
  12. 在云服务项目内,双击WCFServiceRole令其弹出属性页。
  13. 点击Endpoint选项卡,然后单击”添加“来添加一个端点。更改端点类型为InstanceInput,再把Private Port改为80,Public Port保留为默认值。这些端口设置可以有所不同。使用此端口范围,以便对应个别实例 -第一个值对应第一个实例,第二个值对应第二个实例,等等。
  14. 点击Configuration选项卡,并更改实例计数为2。
  15. 部署到Azure Cloud Service。
  16. 等到Cloud Service部署完成后,在WCFClient中编辑app.config文件,把客户端复位向到新的服务端点 <endpoint address="http://{your application}" binding="basicHttpBinding"bindingConfiguration=" BasicHttpBinding_IService1" contract="ServiceReference1. IService1"name="BasicHttpBinding_IService1" />
  17. 右单击WCFClient,然后选择Debug->Start new instance客户端应该像步骤10一样运行。如果多运行客户端几次就可以发现,请求会由不同的角色实例接受。
  18. 在上述端点配置修改地址,并使用不同的公共端口InstanceInput端点,以对应到指定的实例。例如,如果公共端口范围为10105至10109,然后http:// {您的应用程序}。可解析到第一个实例,http:// {您的应用程序}。可解析到第二个实例。


直接使用Windows Azure的功能就可以快速将企业内部应用迁移到公有云环境。Windows Azure SDK提供了方便好用的代码修改与直接部署应用的环境。


Taking a dump of a VM running on Hyper-V

MSDN Blogs - 21 hours 36 min ago

If you have contacted Microsoft support for Virtual Machine hang issues, you would be familiar with the vm2dmp tool. This tool lets you convert a Hyper-V Virtual Machine snapshot to a memory dump, which can then be analyzed to root cause the hang. vm2dmp is a nifty tool, but unfortunately the tool is no longer available for download.

Looking for alternatives? Then read on :

The easiest way to take a memory dump of a VM running on a Hyper-V host, is by using this free Microsoft Sysinternals tool called livekd.exe. For those of you who are not familiar, livekd is an awesome tool that lets you live kernel debug your machine. It runs the same commands you would use on kernel debuggers like windbg and kd when they are attached to a debuggee/target. However the advantage is that livekd can attach to the same host machine from where you are running livekd. For more information on debugger check out this channel 9 video :


Installing liveKD:


If you install the tools to their default directory of \Program Files\Microsoft\Debugging Tools for Windows, you can run LiveKD from any directory. Otherwise you should copy LiveKD to the directory in which the tools are installed.

If you haven't installed symbols for the system on which you run LiveKD, LiveKD will ask if you want it to automatically configure the system to use Microsoft's public symbol server.



Taking a dump of a running Virtual Machine:

  • Open a command prompt and navigate to the folder where you copied livekd to.
  • Run the following commands:

                livekd -hvl

                This command will list all the virtual machines running on that host

                livekd -hv <VMName> -p -o C:\Memory.dmp

                This will pause the specified VM and then generate a dump of the VM to the path specified.


Hope this helps!


通过Microsoft Azure服务设计网络架构的经验分享

MSDN Blogs - 21 hours 50 min ago

作者 王枫  发布于 2014年4月8日

本文从产品设计和架构角度分享了Microsoft Azure网络服务方面的使用经验,希望你在阅读本文之后能够了解这些服务之间,从而更好地设计你的架构。

Microsoft Azure的网络架构特别针对企业私有云和混合云进行了设计,其中包含三个常用的服务:

  1. 虚拟网络(Virtual Network):连接本地网络与云端基础设施
  2. 流量管理器(Traffic Manager):将用户流量分配到不同的数据中心
  3. 名称解析服务(DNS):使用内部主机名作为云服务的解析

下面,我将着重介绍使用这三个服务时需要注意的地方,以及使用Microsoft Azure网络服务时需要注意的一些其他方面,比如站点对站点VPN的安全设置,私有IP地址和共有IP地址的使用,BGP网络的使用,网络延迟问题如何处理等。


Microsoft Azure使用了一些特有的术语,其中有两个需要特别注意:


DIP(直接IP):DHCP分配的实际IP地址,用来给虚拟网络中的虚拟机使用。此DIP并非NLB DIP。

虚拟网络(Virtual Network


虚拟网络可用于在虚拟机(Virtual Machine)之间建立连接。需要注意的是,你需要先创建好虚拟网络,然后在创建虚拟机的时候将其关联至已经创建好的虚拟网络。同理,虚拟网络也可以在云服务(Cloud Service)之间建立连接,这样做的好处是可以让不同云服务下的虚拟机之间通过私有IPv4地址互相通信。

还有一点需要注意的是,你在首次创建虚拟网络之前必须先创建地缘组(Affinity Group),因为没有关联地缘组的虚拟网络是未经过优化的。地缘组是Microsoft Azure用于定位服务的逻辑分组,比如“中国东部区域”。如果我们未来在同一地缘组内创建存储服务,那么分组内其他云服务使用该存储服务的性能更优化。


Azure在数据中心的出口是使用BGP网路,虚拟网络目前不支持内部使用网关NLB。如果你想实现高可用,只能依赖于其它方法或硬件,例如硬件备份的方式,当主VPN网关失效之后启用备份服务器(如Windows Server 2012路由与远程访问服务RRAS于集群之上)。


在Azure虚拟网络中,虚拟机默认使用DHCP获取IP地址。你可以给虚拟机配置静态IP,但必须使用PowerShell创建VM。如果不使用DHCP的话,Azure虚拟网络系统会认为设备处于未知的状态,从而导致你无法连接虚拟机。不过,尽管虚拟机的IP地址是使用DHCP获取的,但他们在运行过程中的IP地址是不变的——除非你停止(已取消分配)或重新创建。如果你是用Management Portal来"关闭"虚拟机,那计费会停止并会显示"已取消分配"(见下图),使用中的IP会释放。但如果你通过连接虚拟机的操作系统上来关机,则不会停止计费也不会释放IP。



流量管理器(Traffic Manager

流量管理器为Microsoft Azure的另一个重要网络服务。通过使用流量管理器,你可以将用户分配到Azure数据中心的“最优”位置,确保云应用程序的性能、可用性及弹性。

流量管理器使用智能策略引擎处理DNS域名请求。你需要在Management Portal创建配置以使用流量管理器,需要配置的项包括:

  • 属性:包括你所创建的域名前缀,该前缀在Management Portal中可见。
  • 定义:包括策略设置和属性的检测设置。
  • 策略:用来指定负载均衡方法和终端。
  • 监视器:用来规定超时、协议、端口和相关路径。


  1. 性能:根据网络延时,该方法将流量引向最近的数据中心。
  2. 循环:该方法将流量均等地分配到各个数据中心。
  3. 容错:如果主服务出错,该方法将流量引向备份服务或数据中心。

目前流量管理器可支持IPv6,但不支持sticky sessions,在变更策略配置时不会有服务中断。在服务和应用上的使用也必须多注意后端存储配置的一致性。流量管理器适合在网站和不会常变动静态内容的服务等场景下使用。


Microsoft Azure提供域名解析服务,但该服务仅可解析同一云服务下的实例名。如,Service C下的Virtual Machine A和Virtual Machine B之间可以直接通过各自的完全域名(FQDN)互相访问而无需在外部配置DNS服务器。如果你的虚拟机实例运行在不同的云服务下,那么你需要使用外部的DNS解决方案,如公用DNS服务器、ISP的DNS服务器、或者公司网络的DNS服务器。



该方案可以让企业快速安全地在Microsoft Azure上部署虚拟机,其应用前景广阔,可用于开发和测试:你可以设置从本地工作站访问虚拟机来验证和测试程序,资源快速实例化可帮迅速验证待上线的程序以及其它需要在企业内部和公有云上作安全信息传递的服务。

内部网络和Azure虚拟网络之间的站点到站点VPN使用IPSec隧道模式。注意,Azure只支持特定的本地VPN网关设备。如果没有支持的硬件设备,你也可以使用Windows Server 2012路由与远程访问服务(RRAS)去创建一个站点到站点VPN连接。另外, Azure支持用配置脚本去配置你的内部VPN网关。

如果你希望使用Microsoft Azure网关建立站点对站点VPN,则本地VPN设备必须支持IKE v1或者IKE v2。需要注意的是,Microsoft Azure在使用IKE v1时只支持静态路由功能,要使用动态路由功能必须使用IKE v2。



以经典的双层应用程序为例,其原始结构,包括用户、网页服务器和数据库服务器之间的响应时间均为几毫秒。如果我们将网页服务器转移到Microsoft Azure,但数据库服务还在本地,则会给拓扑结构带来超过30毫秒的延迟,而此前的延迟为3毫秒!这个延迟在进行众多操作的同时传输大量数据的情况下尤其严重。我们实施过的一些应用在单独页面点击会发出数百个冗余调用,像这种情况就必须要重新设计。

延迟有时还可能是“最后一公里”的影响。比如我们的程序在数据中心里测试的结果是延迟1毫秒,但当将网络前台移植到Microsoft Azure时,该延迟就变为30毫秒。所以,广泛的测试是必要的。

如果需要新的混合云应用服务,我们在设计时就要考虑到延迟。我们也可以使用Microsoft Azure Cache以及CDN服务,尽量使数据更加接近用户或本地服务器。如果需要移植软件,我们可以通过使用软件网络模拟器来提前了解延迟。虽然很难准确判断延迟影响应用程序的方式,但我们应该对此类问题在设计架构之初就要多加留意。



在过去传统的数据中心,企业如要处理日益增加的需求,就必须在数据中心添加更多的服务器,购买硬件后还要在上面部署新的操作系统和应用程序,当中需要经过预算、硬件采购、等待供应商交货的漫长周期。而在Microsoft Azure平台,企业现在可以轻松地扩展内部部署的数据中心到云端,而Microsoft Azure虚拟网络就是其中的关键所在。




Subscribe to Randy Riness @ SPSCC aggregator
Drupal 7 Appliance - Powered by TurnKey Linux