このポストは、6 月 17 日に投稿した VNet-to-VNet: Connecting Virtual Networks in Azure across Different Regions の翻訳です。概要
TechEd 2014 では、マルチサイト VPN、リージョン内の VNET 間接続、複数のリージョン間での VNET 間接続などの機能が公開されました。ここではミニ シリーズ記事として今回から数回にわたり、VNET 間接続を使用して Virtual Network を接続するための構成手順と例をご紹介します。
VNET 間接続では Azure VPN ゲートウェイを利用し、IPsec/IKE S2S VPN トンネルによって 2 つ以上の Virtual Network 間にセキュアな接続を確立します。マルチサイト VPN と併用することで、Virtual Network とオンプレミスのサイトをビジネス ニーズに適したトポロジで接続することができます。以下の図は、Virtual Network とオンプレミスのサイト間で完全に接続されたトポロジの簡単な例を示しています。
この接続を確立できるシナリオは複数あります。以下の 3 つはその一例です。
VNET 間接続の要件および考慮事項の詳細については、こちらのページ (英語) を参照してください。ここでは、主要なポイントのみをご紹介します。
以上を踏まえて、Virtual Network を接続する簡単な例をゼロから構築してみましょう。1 つのサブスクリプション内で 2 つの Virtual Network を接続する
ある Azure Virtual Network から別の Virtual Network への接続は、Site-to-Site (S2S) VPN 経由でオンプレミス ネットワークに接続する場合と基本的には同じです。ここでは、1 つの Azure サブスクリプション内で Virtual Network と VPN ゲートウェイをゼロから作成して接続します。以下の手順を実行します。
以下の図のように、VNet1 と VNet2 という 2 つの Virtual Network を作成して接続します。
この例では、Azure PowerShell コマンドレットを使用します。以下の Azure PowerShell ページの手順に従って、PowerShell 環境をインストールおよび構成してください。
ここで説明するような単純な VNET 間接続のセットアップの場合は、Azure 管理ポータルを使用して、以下の手順 1 と 2 を実行できます。今回 PowerShell を使用している理由は、今後も継続的に Virtual Network に接続を追加する場合 (マルチサイト VPN など)、現時点ではこれらの機能の構成に Azure PowerShell コマンドレットまたは REST API しか使用できないためです。[手順 1] VNet1 と VNet2、およびこれらに対応するローカル ネットワークを作成する
最初に、2 つの Virtual Network と、それぞれに対応するローカル ネットワークを作成します。一方の Virtual Network (VNet1) から見ると、もう一方の Virtual Network (VNet2) は単に Azure プラットフォームで定義された VPN 接続の 1 つにすぎません。そのため、以下の接続を作成および定義する必要があります。
Virtual Network サイトの定義
接続先のローカル ネットワーク サイト
各 Virtual Network はそれぞれ 2 度定義する必要があります。1 度目は Azure Virtual Network として、2 度目はもう一方の Virtual Network に接続するローカル ネットワークとして定義します。両方の定義で指定されるアドレス空間は同じである必要があります。アドレス空間が異なると、2 つの Virtual Network 間のコミュニケーションが正常に機能しません。わかりやすくするために、この例では Virtual Network とローカル ネットワークの両方の定義に同じ名前を使用します。これは必須ではありませんが、この方が定義がわかりやすくなります。
以下の PowerShell コマンドレットにより、2 つの Virtual Network に 2 つのアフィニティ グループを作成します。お望みの場合は、同一のリージョンの既存のアフィニティ グループを再利用することもできます。
PS D:\> New-AzureAffinityGroup -Name WestUS -Location "West US"
PS D:\> New-AzureAffinityGroup -Name NorthEurope -Location "North Europe"
アフィニティ グループを作成したら、以下のコマンドレットを使用して現在のネットワーク構成ファイル (NETCFG.XML) をエクスポートします。
PS D:\> Get-AzureVNetConfig -ExportToFile "D:\MyCurrentNETCFG.XML"
2 つの Virtual Network と対応するローカル ネットワークを作成するには、メモ帳などのテキスト エディターを使用して、NETCFG ファイル (この例では MyCurrentNETCFG.XML) に次のセグメントを挿入します。
<VirtualNetworkSite name="VNet1" AffinityGroup="WestUS">
<Connection type="IPsec" />
<VirtualNetworkSite name="VNet2" AffinityGroup="NorthEurope">
<Connection type="IPsec" />
上記のセグメントでは、VNet1 と VNet2 という 2 つの Virtual Network と、VNet1 と VNet2 という 2 つのローカル ネットワークを定義しています。次の手順に進む前に、以下の事項を確認してください。
上記の手順を完了したら、新しい NETCFG に “MyNewNETCFG.XML” という名前を付けて保存し、以下の PowerShell コマンドレットを使用して、更新した NETCFG ファイルを Azure サブスクリプションにアップロードします。
PS D:\> Set-AzureVNetConfig -ConfigurationPath D:\MyNewNETCFG.XML
この手順が完了するまでには数分かかります。完了すると、Azure 管理ポータルに Virtual Network とローカル ネットワークが表示されます。[手順 2] 各 Virtual Network に Dynamic Routing VPN ゲートウェイを作成する
Virtual Network を作成し、対応する VPN 接続を確立したら、次に各 Virtual Network に Azure VPN ゲートウェイを作成します。この手順には、Azure 管理ポータルまたは Azure REST API を使用できます。サポートされているゲートウェイは、Dynamic Routing ゲートウェイのみです。ただし現在、Azure PowerShell コマンドレットの “New-AzureVNetGateway” では、Dynamic Routing ゲートウェイの作成はサポートされていません (マイクロソフトはこの問題に現在対応中です。この Azure PowerShell の動作の問題が解消されるまで今しばらくお待ちください)。
Azure 管理ポータルで [Networks] ページに移動してから、VNet1 と VNet2 の両方の [Dashboard] ページに移動します。以下の図のように、各ページの下部の [Networks] をクリックして [Dynamic Routing] を選択します。
両方のゲートウェイを作成すると、Azure 管理ポータルまたは以下のコマンドレットを使用して、2 つの VPN ゲートウェイのパブリック IP アドレスを取得できるようになります。
PS D:\> Get-AzureVNetGateway -VNetName VNet1 | ft VIPAddress
PS D:\> Get-AzureVNetGateway -VNetName vnet2 | ft VIPAddress
xxx と yyy には実際の数字が入りますが、当然のことながら、セキュリティ上の理由により伏せてあります。ゲートウェイのパブリック IP アドレスを取得したら、NETCFG セグメントの VNet1 と VNet2 の LocalNetworkSite 定義を NETCFG ファイル (MyNewNETCFG.XML) の IP アドレスと一致するように更新します。<LocalNetworkSite name=“VNet1”>
その後、更新した NETCFG ファイルを再度アップロードします。
PS D:\> Set-AzureVNetConfig -ConfigurationPath D:\MyNewNETCFG.XML
最後に、同じ IPsec/IKE の事前共有キーを設定します。この手順には、Azure REST API または Azure PowerShell コマンドレットを使用できます。以下の例では、PowerShell コマンドレットを使用してキーの値を A1b2C3d4 に設定しています。
PS D:\> Set-AzureVNetGatewayKey -VNetName VNet1 -LocalNetworkSiteName VNet2 -SharedKey A1b2C3d4
PS D:\> Set-AzureVNetGatewayKey -VNetName VNet2 -LocalNetworkSiteName VNet1 -SharedKey A1b2C3d4
上記の手順を完了すると、IPsec/IKE によって S2S VPN トンネルが確立され、VNet1 と VNet2 が接続されます。以下のコマンドレットにより、接続の状態を表示します。
PS D:\> Get-AzureVNetConnection -VNetName VNet1 | ft LocalNetworkSiteName, ConnectivityState
PS D:\> Get-AzureVNetConnection -VNetName VNet2 | ft LocalNetworkSiteName, ConnectivityState
これで、VNet1 と VNet2 が接続されていることを確認できました。Virtual Network に既に VM が存在する場合は、2 つの Virtual Network 間でトラフィックの送受信が開始されます。
Azure プラットフォームでは、ConnectivityState は 5 分に 1 回しか更新されません。そのため、キーが適切に設定されてから通常 1 分以内に接続は確立されますが、状態が更新されて “Connected” と表示されるまでには最長で 5 ～ 7 分ほどかかる場合があります。予告
次回もこの単純なトポロジを利用して、異なるサブスクリプション間での VNET 間接続を確立する方法をご説明します。また、マルチサイト VPN 機能についてもご紹介する予定です。
DOWNLOAD new version
Do you need to spend extra bucks on pedometer when you already have a phone? Now with SensorCore technology in select Windows Phones, your phone can work as the best social pedometer and count your steps, whether walking or running 24x7. With apps like Active Fitness which already has millions of active users, adding step counter in addition to GPS Tracking adds a battery efficient way and yet another dimension to measuring your sport performance. In this and following posts I’ll share my experience on developing the app with this amazing ground breaking technology.
IMPORTANT: To benefit from SensorCore you need to have Windows Phone 8.1 with hardware supporting SensorCore, like Lumia 1520, Icon, 930, 630, 635. Active Fitness will work on any other Windows Phone in standard mode.
It all started with an app. Like many developers, I have an app that perfectly fits the profile for SensorCore. Active Fitness is my Swiss Army knife of anything sports. It has millions of active users, is fun and friendly, very social and motivating.
Now with new SensorCore technology, Active Fitness adds battery friendly Pedometer function. Simply take your phone with you and it’ll automatically count steps whole day long! Very little battery consumed. Other features include: multiple activities from a comprehensive library, music, action photos, GPS tracking, goals, training module powered by professional instructors and more!
If you used Active Fitness, you’ll notice that if your device has SensorCore enabled, you’ll immediately see a tile for a pedometer. So now in addition to GPS tracking you can also measure your daily steps. Now the magic comes here: without running the app! Yes, that’s the beauty of SensorCore, you don’t need to run the app continuously in the background (you can for detailed GPS tracking, but you don’t have to for step tracking). This is genius!Detailed charts of your activity
Active Fitness allows you to drill from monthly to weekly to daily view and then more into every split of your run! Windows Phone brings a clean fresh consistent design and everything about this fitness app looks great.
Speech is probably the topic I’m most passionate about when it comes to app development (ok, I have a soft spot for GIS too). From HAL900 in 2001: A Space Odyssey and Joshua in WarGames, to Star Trek computers, Siri and Cortana, having conversations with a semi-sentient computer using natural language and speech is probably the ultimate frontier of technology. But speech can also be a responsibility for us developers to make sure our apps are usable by all, and to keep our users – and those around them – safe. This talk is one of my favorite. It’s about using Speech Recognition & Speech Synthesis to build the next generation of mobile apps.
I recently presented this talk at Philly Code Camp 2014 last weekend, and at the Microsoft Mobile App Devs of New Jersey (MMAD) Meetup. I’ve also presented it at Internet Week NY 2014 last month, and I’ve done variations of this talk at other events in the past including VSLive, CodePalousa, DevTeach, DVLUP Day Boston and M3 Conference.Session Description
Our society has a problem. Individuals are hooked on apps, phones, tablets and social networking. We created these devices and these apps that have become a core part of our lives but we stopped short. We failed to recognize some of the problematic situations where our apps are used. People are texting, emailing and chatting while driving. Pedestrians walk into busy intersections and into sidewalk hazards because they refuse to put their phone down. We cannot entirely blame them. We created a mobile revolution, and now we just can’t simply ask them to put it on hold when it’s not convenient. It’s almost an addiction and too often it has led to fatal results.
Furthermore, mobile applications are not always easy to work with due to the small screen and on-screen keyboard. Other people struggle to use traditional computing devices due to handicaps. Using our voice is a natural form of communication amongst humans. Ever since 2001: A Space Odyssey, we’ve been dreaming of computers who can converse with us like HAL9000 or the Star Trek computers. Or maybe you’re part of the new generation of geeks dreaming of Halo’s Cortana? Thanks to the new advances and SDKs for speech recognition and synthesis (aka text-to-speech), we are now several steps closer to this reality. Siri is not the end game, she’s the beginning.
This session explores the design models and development techniques you can use to add voice recognition to your mobile applications, including in-app commands, standard & custom grammars, and voice commands usable outside your app. We’ll also see how your apps can respond to the user via speech synthesis, opening-up a new world of hands-free scenarios. This reality is here, you’ll see actual live cross-platform demos with speech and you can now learn how to do it. Speech support is not just cool or a convenience, it should be a necessity in many apps.Session Slides, Demos & Resources
My name is David Bélanger, and I’m a program manager on the Remote Desktop team working on Remote Desktop apps for the different Windows platforms. On May 12th, we announced the availability of the preview for the Microsoft Azure RemoteApp service. Today, I am pleased to announce that the service is now available on Windows RT devices like the Microsoft Surface 2 through the Microsoft RemoteApp client.
The desktop apps you publish through the Azure RemoteApp service, including Office and additional LOB apps can now be accessed from Windows RT devices where they otherwise can’t be installed. While the RemoteApp programs will appear to run locally, they are actually running in Azure and you can interact with them from your Windows RT device, helping keep your corporate data safe.Installing the app
Getting started is as simple as going to the Microsoft Azure RemoteApp site from your Windows RT device and clicking the Install Client option in the top right of the page. This will go through a quick installation process to deploy the client on your device. The installation does not require user input or administrative privileges. It can be installed by any users.
Figure 1: Microsoft Azure RemoteApp site to start the installation
Figure 2: Microsoft RemoteApp installation progressLaunching the app
Once the installation has completed, the client can be accessed through the Windows app list by looking for Microsoft RemoteApp under the Microsoft RemoteApp group or by simply searching for RemoteApp from the Start Screen and selecting Microsoft RemoteApp.
Figure 3: Launching Microsoft RemoteApp from the Windows app list
Figure 4: Launching Microsoft RemoteApp from searchUsing the app
Whether you are using the 32-bit, 64-bit or RT version of Windows, you can easily access the Microsoft Azure RemoteApp service directly from within the Microsoft RemoteApp client. Upon launching the app and navigating past the Welcome page, you will first be asked to provide the ID you want to use to connect to the service. Note: this can either be a personal Microsoft Account (Live ID) or an Org ID provided by your employer based on the resources you are trying to access.
New to Azure RemoteApp and don’t have application available for you yet? Don’t worry, you can try the demo experience to get started.
Figure 5: Welcome page of the Microsoft RemoteApp client
Figure 6: Sign in page of the Microsoft RemoteApp client. Provide LiveID or OrgID
Next, follow the prompts on the screen to finish the sign in process and access apps available to you. Note: The experience will differ if you are using an OrgID or a LiveID.
Once you are signed in, you will be presented with the Connection Center which shows the list of applications available to you. If you do not have apps assigned to you already, you will be presented with a list of demo applications allowing you to test drive the service for 5 minutes.
Figure 7: Connection center showing the list of demo applications
You’re all set, double-click one of the apps to get started using the Microsoft Azure RemoteApp service on your Windows device.Try it now
Head on over to the Microsoft Azure RemoteApp site and get started today from any of your Windows devices.
Interested in trying out the service on your other devices? It’s just as simple. Navigate to the Azure RemoteApp site from that device and click the Install Client link in the top right to install the appropriate client. The RemoteApp service is currently supported in the iOS, Android and Mac OS X Remote Desktop apps, with support for the Windows Phone app on Windows Phone 8.1 coming in later this summer.
Interested in providing feedback on your Azure RemoteApp experience? We’d love to hear from you.
As of today (June 23rd, 2014) BizTalk 2013 R2 is available on MSDN! In keeping with some previous posts (and because I need to start deploying this) I'm posting links to the OS-specific BtsRedist.cab file locations as listed in the setup(_64).xml files should you need to get a copy outside of the normal Setup.exe process.
You’ve probably noticed that for the most part, managing multiple test plans and test cases are more convenient when they’re part of the same Team Project in TFS/VSO. For one thing, area paths and iteration paths just work much more cleanly.
If you’re working across multiple Team Projects, though, the story changes slightly. Things can still work just fine, but you need to be even more aware of the differences between working with existing test cases, and copying them.
Let’s look at the differences.Using an Existing Test Case (by reference)
When adding test cases that exist in another TFS/VSO Project entirely (not just another test plan in the same project), you are basically creating a reference back to the main test case, not a copy. That is, you can’t modify the area or iteration fields to represent the target project. Because it is a reference, when the test case is opened it is opened as it resides in the source test plan/project. You can’t modify the area or iteration fields because they are scoped to the project in which the test case resides.
Consider this example:
I have two projects: Project A and Project B. I created a test plan in Project A called “Master Test Plan”, and inside that plan created a test case named “Test Case from Master Test Plan in Project A” (just to make it easy to reference). It has an ID of 13.
In Project B, I create a test plan named “Project B Test Plan”. In this plan, I want to reference the test case from Project A. So I select “Add existing” from the toolbar, and query VSO for the test case.
I select the test case and click “Add test cases”, which adds it to my plan in Project B, as seen below:
If I open the test case, I am only able to set the iteration path (and the area path for that matter) to a value that is within the scope of the plan which we referenced.
Because we are referencing the test case, any changes made here will be reflected back in the Master Test Plan in Project A. This is because we are working with a single instance of the test case, we’re just referencing it from a different location.Copying a Test Case across Projects
If you wish to have a discrete copy of a test case, test cases, or test suites across projects (to a test plan that resides in a different project), you can perform a “clone” across projects via the command line (tcm.exe).
The TCM tool contains various options to control what gets copied, and new values to set (i.e. area and iteration). (It can also be used to run automated tests)
For this example, I’ll copy/clone my test cases (in the root test suite) of Project A to a newly-created project, Project C (in which I have a test plane named “Project C Test Plan”). Since this is a basic example, all that exists is that single test case.
Here is the command line I will run:
tcm suites /clone
/overridefield:”IterationPath”=”Project C\Release 1\Sprint 1”
/overridefield:”Area Path”=”Project C”
When I execute this for the current scenario, I’m telling the tool to copy the test suite (with ID: 1, the root test suite in my “Master Test Plan”) from Project A to Project C (to the suite with ID: 3, the root test suite in Project C’s test plan (named “Project C Test Plan”)). I’m also instructing to the tool to set the Iteration Path of the copied test cases to “Project C\Release 1\Sprint 1”, and the Area Path to “Project C”.
After running this, if I look at my test plan in Project C, I see this:
I can see the copied test suite (“Master Test Plan”), and the test case it contains. If I open that test case, note the new values of Area and Iteration:
Also note the new ID (14) as a sign that this is an actual copy of the original test case (ID 13).
Because I’ve actually made a copy of this test case (not a reference, as in the first scenario), any changes I make to this test case will NOT affect the original from Project A. To illustrate this, I modified the title of the test case in (Project C) to reflect that it has been changed in Project C. Compare that change (top) with the original test case back in Project A (bottom):
To help with reference, the command line tool created a link between the two so users can see where the test case came from, and gain context as to why it’s there.Additional notes
Thanks for reading!
When we announced the new OneDrive in February this year, Microsoft had a simple goal: we wanted to give our users one place to store all of their important photos, videos and documents on the devices they use every day. With data being built, saved and stored faster than ever before, every one of our users wanted and needed the same thing: enough storage space for anything and everything in their lives.
Since OneDrive launched, the amount of data our customers are uploading to OneDrive has been growing in leaps and bounds. We think that photos and files are better in the cloud, allowing people to store, sync and share that content from any device. Today we’re excited to announce the following changes to OneDrive:
1. OneDrive will come with 15 GB for free (up from 7 GB)
Our data tells us that 3 out of 4 people have less than 15 GB of files stored on their PC. Factoring in what they may also have stored on other devices, we believe providing 15 GB for free right out of the gate – with no hoops to jump through – will make it much easier for people to have their documents, videos, and photos available in one place.
2. All versions of Office 365 will come with 1 TB of OneDrive storage (up from 20 GB)
Soon users will get 1 TB of OneDrive storage with their subscription to Office 365. This means you will get the power of the world’s most popular productivity suite, Office, along with apps for your laptop, smartphone, and tablet, plus an enormous amount of storage, for an unbelievably low price.
In Australia, for Office 365 Home (AU$12.00/month) you’ll get 1 TB per person (up to 5 people) and with Office 365 Personal AU$9.00/month) and University (AU$99.00/4year) you will get 1 TB per subscription. This is a great follow on to our April announcement that all OneDrive for Business customers will also get 1 TB of cloud storage per person.
3. We are dropping storage prices by over 70%
Of course, we also want to give you as much flexibility as possible, so if you need more storage, but don’t need an Office 365 subscription, we will also provide monthly subscription storage options – at dramatically reduced rates.
The new monthly prices for Australian users will be:
All of these updates will take effect in the next month. For current subscribers, you are all set and will be automatically moved to the lower prices.
Whether it is making sure you never lose those baby photos, or simply want to keep track of all of your receipts for upcoming tax time (is it that time of year already?), with these updates we wanted to make sure you have all the room you need to store all of your photos, videos, documents and other files in one easy-to-use and easy-to-access place. If you haven’t yet signed up for OneDrive, check it out today at http://onedrive.com/.
Product Marketing Manager- Consumer Apps & Services
This is blog is broken up into a 3 part series covering the following areas:
Part 1: Setting up the infrastructure for Provider Hosted Apps + Development
Part 2: Create a basic Provider Hosted App in Visual Studio
Part 3: Package and Deploy the App
This is a guide for On Premise SharePoint 2013 environments. I decided to write this blog because I believe a complete guide should exists that gives clarity to building the infrastructure for provider hosted apps for on premise deployments. Before diving into the steps, it’s worthwhile to quickly recap what are Provider Hosted Apps. While SharePoint 2013 on premise will still support fully trusted solutions, the strong recommendation is to leverage the app model and start building apps. The reasons are plentiful but mainly the code itself will run client side and not server side. This frees up resources on the SharePoint boxes since the custom code processing now happens on the client. When everything is on premise including the servers hosting the apps you have two different app models to choose from.
SharePoint Hosted Apps
With SharePoint Hosted Apps, everything including the app files are stored within SharePoint. When an app is installed to a site from the app catalog, a sub- site (sub-web) is created that stores the files that make up the app. This is usually referred to as an appweb. Things like pages, java script, etc... When a user leverages the app within SharePoint, the client will automatically fetch the app contents from the sub-web and client processing occurs to render whatever the app does. In this case, it’s not possible to run servers side code and app processing occurs client side.
Provider Hosted Apps
Provider Hosted App is one where the app is hosted outside of SharePoint. For Example, a server hosting IIS can host the app contents in a site. This is referred to as a remoteweb. This is more of a hybrid in that it can run a mix of both client and server side code. Plenty of documentation exists diving into the differences between both app models. Feel free to read up here for more details.
Question: Why use Provider Hosted Apps and not SharePoint Hosted Apps?
Answer: I see two answers to this question. The first is you need to run some server side code which is not possible with a SharePoint hosted app. The second is if SAML Claims authentication provider is setup with ADFS 2.0. This isn’t compatible with SharePoint hosted apps so you must use Provider Hosted Apps.
Note: If customer is using ADFS 3.0, they can leverage and use SharePoint Hosted Apps. See the following blog here for more information.
Part 1 walks one through setting up S2S authentication, Remote Web, Visual Studio 2013, and SharePoint prerequisites. I don’t cover setting up the App Domain although it’s still a requirement to have setup for Provider Hosted Apps. This guide is to illustrate and walk you through hooking up the foundational pieces in order to author, deploy, and use Provider hosted apps. The app in this guide does nothing special and simply redirects to a page on the remote web. The point of this guide isn’t to show you how to do x and y with apps but rather to ensure one is developing on a solid platform and understands the basics with building, packaging, and deploying provider hosted apps. When we talk about deploying Apps you have two different approaches.
A site with the Developer Site template is created. This site is used by a developer to deploy and debug his/her app. When starting a new app project in Visual Studio, it prompts you with the following:
After testing the app using approach 1, the app is ready to be packaged and deployed. This involves packaging both the app package and appweb (remote web) package and steps one through deploying both packages making the app available in the app catalog and ready for production use. This blog series will focus on Approach 2 only.
SharePoint Central Admin Prerequisites
SharePoint you must have the following service applications provisioned and started:
Setup Remote Web
1. Remote Web can be a Windows 2008/2012 box running IIS. (Ensure you include asp.net or apps won't work)
2. Need to download and install web deploy from here.
3. Configure Authentication for the default site - (Note these steps came from MSDN)
a. When a new web application is installed in IIS, it is initially configured for anonymous access, but almost all high-trust app for SharePoint are designed to require authentication of users, so you need to change it. In IIS Manager, highlight the web application in the Connections pane. It will be either a peer website of the Default Web Site or a child of the Default Web Site.
b. Double-click the Authentication icon in the center pane to open the Authentication pane.
c. Highlight Anonymous Authentication and then click Disable in the Actions pane.
d. Highlight the authentication system that the web application is designed to use and click Enable in the Actions pane. If the web application's code uses the generated code in the TokenHelper and SharePointContext files without modification, then the web application is using Windows Authentication, so that is the option you should enable.
e. If you are using the generated code files unmodified, you also need to configure the authentication provider with the following steps:
i. Highlight Windows Authentication in the Authentication pane.
ii. Click Providers.
iii. In the Providers dialog, ensure that NTLM is listed above Negotiate.
iv. Click OK.
Remote Web Certificate and Bindings Setup
It’s possible to use a self-signed certificate but this isn’t a common practice in production environments. Instead I setup AD Certificate Services and leverage that to obtain a certificate. It’s a fairly simple process to set it up and plenty of documentation exists which walks one through it. For this reason, I won’t include it in the steps. Assuming you have it setup, go to the servers hosting the remote web and perform the following steps:
1. Grab a domain certificate.
Steps are the following:
a) On the Remote Web, Go to IIS and click the server object and double-click on certificates
b) On the right, click on Create Domain Certificate
d) Click next, and click Select and choose the AD Certificate authority and click OK
e) Type in a Friendly name for the Cert
f) Click Finish and your cert should be present:
2. Finish Setting up Default IIS Site (I assume you know how to do this)
a) Set the Default IIS Site for SSL and set new certificate by going to into Site Bindings
b) While in Site Bindings, Export the certificate to CER by going to View\Details tab and click "Copy to File"
c) Drop the exported file in the c:\certs folder
d) Copy the c:\certs folder to SharePoint box
SharePoint Token Issuer Setup
At this point, the certificate is now copied over. This certificate we will need to register to the root authority as well as register it as an official token issuer. If the app hosted in IIS as a remote web needs to call into SharePoint, it uses the certificate to retrieve an access token from SharePoint. It then uses that access token to retrieve data within SharePoint assuming that is how the app is authored. Without the SharePoint Token Issuer, this functionality wouldn’t exists.
The following PowerShell should be run on SharePoint:
##Grab the cert and create the object##
$publicCertPath = "C:\Certs\remotewebapps.cer"
$certificate = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($publicCertPath)
##Certificate treated as root authority##
New-SPTrustedRootAuthority -Name "remoteweb" -Certificate $certificate
##Setup token issuer which is the certificate itself##
$realm = Get-SPAuthenticationRealm
$specificIssuerId = [System.Guid]::NewGuid().ToString()
$fullIssuerIdentifier = $specificIssuerId + '@' + $realm
New-SPTrustedSecurityTokenIssuer -Name "IssuerforRemoteWeb" -Certificate $certificate -RegisteredIssuerName $fullIssuerIdentifier –IsTrustBroker
Very Important: The IssuerID is needed each time you create apps in Visual Studio so put it somewhere safe.
In my case its: 8cb8c3db-5bfd-4a7a-8b18-189000065ad0
Visual Studio 2013 Setup
Install Visual Studio 2013 Professional or later on a SharePoint box.
Ensure you check web developer tools when you install
After installing Visual Studio 2013, download and install the Office Developer Tools for Visual Studio 2013 - May 2014 Update.
In addition, you’ll need the SharePoint 2013 Client Components SDK but that comes included in the update above!
For Example here is what installed after I applied the update:
Other important MISC guidance regarding Visual Studio 2013 setup
· When you install Visual Studio 2013, check web developer tools option.
· Install the Office Developer Tools for Visual Studio 2013 - May 2014 Update. The download link is found here.
· When app is deployed from Visual Studio, you must do so with an account other than the system account. Next, you must drop the saved project in a generic directly and give this non system account full control perms.
· In order to debug apps from Visual Studio 2013, you must create a development site and target that when creating the VS project.
Create a New Web App and Developer Site
In SharePoint 2013 Central Administrator, I created a new web app and set it to 443 (create IP, host header, and dns record) and updated IIS Bindings. I assume you know how to do this. Finally, I created a Site Collection using the Developer Site template. The Developer Site is used by Visual Studio to test and debug an app and doesn't facilitate what so ever with deployment of app package to the app catalog. These are additional steps you must perform in Visual Studio. I outline those in Part 3.
Russ Maxwell, MSFT
Today’s Web relies on passwords as a form of authentication, which means people have to log into a variety of different services every day. Not only is typing passwords on touch devices cumbersome, but people are creating weak passwords and using the same password for every site, making them more vulnerable to identity theft. Having a secure, reliable password manager is the best method for encouraging people to create strong, unique passwords for every site.
With Internet Explorer 11, we’ve done work to make signing into sites faster and more reliable as well as give users more control when saving credentials. In addition, IE11 will now roam credentials to IE11 on Windows Phone 8.1!
Reliable Login form detection
You can now save and roam passwords to IE11 on Windows Phone 8.1
With IE11, we’ve beefed up our login form detection which means that IE will now prompt to remember passwords on over 90% of login forms on the Web. This is a significant improvement over previous versions of IE.You decide if you want to save your password
We are giving control back to the user when deciding to save passwords on a given site. IE11 will now prompt the user to save passwords even if the autocomplete=off attribute is set on login forms. IE will continue to honor this attribute on all other form fields (e.g. username, credit card, address, name, etc.). There are two main reasons for doing this. One is to address the user confusion around why IE won’t remember passwords on certain sites. The second is because we believe that encouraging users to create strong, unique passwords is more important than honoring the autocomplete=off attribute on forms. Users should be able to decide for themselves if it is safe to save a password on a given device and situation.Sign in faster
IE will save you time by automatically pre-populating your credentials after the page has loaded, when it is safe to do so. Previously, users were required to click or tap in the username field and then click or tap again to select the username to populate the password. This presented problems on touch devices—triggering double-tap to zoom—and on sites that pre-populated usernames from cookie information. This change in Autocomplete behavior on login forms is secure, as IE will revert back to its old tap-and-select behavior when the site does not meet certain security criteria. This design is a result of our focus on keeping the user secure.
For tablet users, double-tap-to-zoom has now been disabled on input elements to address the issue where tapping and selecting an Autocomplete item triggered optical zoom. Last, to allow sites to detect when the username and passwords have been filled, IE will now fire the ‘input’ and ‘change’ events when pre-populating credentials in the form.Sign in once, everywhere
With Windows 8.1 and Windows Phone 8.1, users don’t have to re-enter their credentials for the same domain in a Windows or Windows Phone Store app that they’ve previously saved in IE. This significantly speeds up your sign in experience across apps and devices. In IE11, Windows will use your IE saved credentials for that same domain hosted in Store app via the Web Authentication Broker. As always, Store apps will never be able to read the credentials stored in IE.
Windows will user your sign in info from IE11 for the same domain hosted in a Windows Store app
Windows Store apps using the Web Authentication Broker today will automatically get this experience with no additional markup required. And, your site and app credentials will roam between your PC and mobile devices as well.Managing passwords
IE11 on Windows 8.1 stores credentials in the Windows Credential Locker. Web site passwords can be managed in the Credential Manager desktop control panel on Windows 8. With IE 11 on Windows 8.1, you can now also manage your Web accounts directly from the modern Internet Options. To do this from the modern IE, swipe from the right to open the Charm and tap Settings. From there, you can open your accounts and manage your credentials without switching to the desktop.
Managing your Web site accounts can now be done directly within the browser
And, as previously mentioned, all credentials can be roamed to all your Windows 8.1 devices.
Please try IE11 on Windows 8.1, Windows Phone 8.1 or Windows 7 to try out these new experiences for yourself! Looking forward to your feedback.
— Amy Adams, Senior Program Manager, Internet Explorer
Some developer notes:
In order for your site to work with IE 11’s password manager, the login form must meet the following criteria:
Visual Studio SQL Database Projects are super cool projects that let you create and manage your SQL databases in Visual Studio. They produce a .dacpac file that you can deploy to a SQL Database using msdeploy or other tools.
Visual Studio Web Projects are a great way to create a web site (duh).
Recently I was deploying my VS Web Project to a “web package .zip” file. And then using the .zip file to publish my web site to Azure (using some Azure PowerShell cmdlets mainly).
This was going great, until I wanted to publish the Database Project and the Web Project at the same time. To do this I figured I’d just put the .dacpac file INSIDE of my web package .zip file.
Well, I couldn’t figure this out for the longest time and didn’t find much help online.
So I better write it down here, or who knows if I’ll ever remember it.Simplest Walkthrough Ever – Make a dacpac
First you’ll want to make a SQL Database Project. This is pretty straightforward.
Create a New Project in Visual Studio and select “SQL Server Database Project”. After it’s created, right click the project and select “Add Table”. Add whatever kind of table you want here.
In the solution explorer, double click on “Properties”. For this example we are going to change the “Target Platform” type to be “SQL Azure Database”.
Now “Build” the solution. In your \bin\debug folder you will find the output which will be a “.dacpac” file. Save this for later.Simplest Walkthrough Ever – Make a web project
Now we’ll make a simple web project. Create another project, and select “ASP.NET Web Application”. Let’s make an “Empty” web project here. We don’t need anything fancy.
Just build this project when it’s done creating. The output will also be in the bin\debug folder.Simplest Walkthrough Ever – Make a Manifest.xml file
We need to make a “Manifest.xml” file now. This file will contain some parameters about are web package that we are going to build. And we will give the manifest.xml file as input to MSDEPLOY.exe
The manifest file will be called Manifest.xml and will look like this:<sitemanifest> <iisApp path="C:\Users\matt\Documents\Visual Studio 2013\Projects\YourSolution\YourWebProject" /> <dbDacFx path="C:\Users\matt\Documents\Visual Studio 2013\Projects\YourSolution\DBProj\bin\Debug\DBProj.dacpac" /> </sitemanifest>
Alright, next thing is to write a MSDEPLOY command to consume this manifest file and output a web deploy package.
I’ve written out below the necessary steps I used to create a package using MSDEPLOY:
CALL "c:\Program Files (x86)\IIS\Microsoft Web Deploy V3\msdeploy.exe" ^
-declareParam:name="IIS Web Application Name",defaultValue="YourAzureWebSiteName",tags="IisApp" ^
-declareParam:name="IIS Web Application Name",kind=ProviderPath,scope="IisApp",match="^c:\\yourWebProjPath\\obj\\Debug\\Package\\PackageTmp$" ^
-declareParam:name="IIS Web Application Name",kind=ProviderPath,scope="setAcl",match="^c:\\yourWebProjPath\\obj\\Debug\\Package\\PackageTmp$" ^
-declareParam:name="DefaultConnection-Web.config Connection String",defaultValue="Data Source=azureserver.database.windows.net;Initial Catalog=azuredb;Persist Security Info=True;User ID=yourUser;Password=yourPW" ^
-declareParam:name="DefaultConnection-Web.config Connection String",kind=ProviderPath,scope=dbDacFx,match="^C:\\pathToYourDBProject\\bin\\Debug\\DBProj.dacpac" ^
-declareParam:name="DefaultConnection-Web.config Connection String",kind=XmlFile,scope="c:\\pathToYourWebProject\\obj\\Release\\Package\\PackageTmp\\Web\.config$",match="/configuration/connectionStrings/add[@name='DefaultConnection']/@connectionString"
Put that into a .BAT script, or type it from a command prompt.
This is going to create a web package, and correctly set the parameters for us inside of the web package.
After this is done, you will have a Web Deploy Package .ZIP file that contains your dacpac AND your web project!Publish it
Before you publish it, make sure you’ve already create an Azure Web Site and an Azure Database with the correct names as you’ve specified. You can do this right through the Azure Portal (http://manage.windowsazure.com).
The easiest way in the whole world to publish a web project to an Azure Website is to just use the Azure PowerShell cmdlets.
Here’s how you do that:
1) Download the Web Platform Installer - www.microsoft.com/web/downloads/platform.aspx
2) Search on “Azure PowerShell” and install it (you “may” have to reboot after install).
3) Open up Azure PowerShell as an Administrator.
-Set your execution policy for PowerShell using “Set-ExecutionPolicy RemoteSigned”
-Run “Add-AzureAccount” to add your Azure subscription to the session
-Run “Publish-AzureWebsiteProject –Name yourwebsite –Package .\yourwebpackage.zip”
4) Wait around 20 seconds
That should be it. Check it out on Azure and you should see that your database was update and the website was updated.Help, it didn’t work!
If it didn’t work here’s a couple things to try…
-Use the KUDU service to examine the data logs and see what the actual error was (navigate down to the .\data\msdeploy\ folder.
-Also you can try opening up the web deploy .zip package you made. Look at the “Parameters.xml” file in there. Make sure there’s no obvious path errors or anything like that. Also, make sure you don’t have “^^” double caret symbols either. If you do, you can easily just extract the zip file to a folder. Modify the parameters.xml file. And then ZIP the whole thing up again back into a .zip file.
I hope this was helpful. Let me know if it worked or didn’t work for you.
FOLLOW ME too – http://twitter.com/trampsanstom
Event Overview - Code Camps are a free, one day learning event for programming professionals and students with a focus on Microsoft Development Technologies. Code Camps are “grass roots” mini application platform developer conferences, free of charge to attendees and open to presenters of all stripes and experience. WinDevCamp follows our simple motto “give a man a fish feecxc d him for a day, teach him to fish feed him for a lifetime”.
Please register at http://www.tampacodecamp.net/ .
Want to get started building your own app but have been intimidated by steep learning curves? Check out this post from Mary Branscombe on Pluralisight talking about App Studio, Some of Its latest features and how you can use it to help launch your own genius app ideas.
Mary Starts out by Saying; Microsoft’s App Studio just got a whole lot more powerful. In the latest version, you can make universal apps that run on Windows Phone 8.1 and Windows 8.1, as well as Windows Phone 8 apps – you can also include maps, music and RSS feeds. Even better, you can speed up the whole process by getting started in App Studio and then opening your code in Visual Studio.
This is a game changer! If you have not signed up for your free online storage with OneDrive yet, now is the time!
Was ist Windows App Studio?
Windows App Studio ist ein kostenloses, einfaches, Web-basiertes Entwicklungstool, um Apps für Windows Phone und Windows 8.1 zu erstellen – ohne Programmierkenntnis.
Windows App Studio ist im August 2013 gestartet worden und in den ersten 9 Monaten gibt es über 1 Million User und sie haben über 370,000 App Projekte damit erstellt – davon sind tatsächlich über 20,000 in den Store gekommen.
Die Zielgruppe für Windows App Studio ist eigentlich Anfänger, Studenten oder Hobbyisten aber Profi Entwickler kann Windows App Studio als Rapid Prototyping-Werkzeug auch verwenden und ihre Entwicklungszeit verringern.
Welche Art von Apps können wir mit Windows App Studio erstellen?
App Studio eignet sich für „Information and Promotion“ Apps. Das sind Apps, die Information darstellen und Users müssen keine oder wenig Daten eingeben.
Inhalte für diese Apps können von dem Internet kommen oder eingebettet in der App sein.
Hier sehen wir ein typisches App Development Lifecycle.
Mit Windows App Studio müssen wir nach wie vor mit Design und Planung anfangen aber wenn wir unsere App erstellt haben, haben wir 3 verschiedene Möglichkeiten. Wir können den Quellcode von unserer App herunterladen und in Visual Studio erweitern oder verbessern. Wir können unsere App via Side-Loading auf einem Gerät testen. Oder wir können das Publish-Package von unserer App runterladen und direkt in den Store bringen.
Hier sehen wir eine typische Windows App Studio Windows Phone App mit einem Panorama Steuerelement.
Die Information von der App wird in Sections (Bereiche) dargestellt und in der App zu navigieren, kann ein User nach rechts oder links wischen, um die verschiedenen Bereiche zu sehen. In Windows App Studio können wir verschiedene Datenquellen benutzen, um den Inhalt für die Bereiche zu setzten. Für die “About Us” Bereich haben sie ein HTML5 Datenquelle verwendet, wo man Text-Input oder HTML-Markup benutzen kann. Für die “Team” und “Catalog” Bereiche haben sie ein Collection Datenquelle verwendet. Ein Collection ist eine kleine Datenbank in der App und kann mit statische oder dynamische Inhalt gefüllt werden. Die “News” Bereich ist eine Bing Suche und Suchergebnisse sind hier gelistet worden. Die “Contact Us” Section ist ein Menu, wo wir Menü-Aktionen setzten können. Und was steckt hinter diese App? Der Code, den Windows App Studio generiert, wenn wir unsere App erstellen, ist C# und XAML.
Über den nächsten Tage werde ich ein Windows App Studio Step-by-Step Tutorial veröffentlichen.
Sonst können Sie auch ein Windows App Studio MVA Kurs machen.
Chart of accounts
Part 1 of this series provided a high level overview of the components that make up the chart of accounts in Microsoft Dynamics AX 2012. This posting is going to focus on the actual chart of accounts entity in AX 2012 as well as the impact of upgrading from a previous version of AX. The components I will discuss in this blog are the following from the conceptual model provided in Part 1:
First let me define the chart of account as to its definition in regards to this post. The chart of accounts is a list of main accounts. A main account is used to classify the financial information in the general ledger. These represent the financial amounts of your assets, liabilities, equity, revenues and expenses.
So how many charts of accounts do you need to set up in AX 2012? That is a great question. The answer is, it depends. A couple questions you need to ask:
Answering "yes" to either of the questions does not necessarily mean you need to create multiple charts of accounts. If the industries represented in the implementation are different, what does that mean? Assuming the different industries are in the same partition (charts of accounts are not shared across partitions), how different is the chart of accounts? If the differences are small, you can always use account structures or suspend an account for specific companies to get around having to create multiple charts of accounts.
In a future post, I'll describe the account structures in more detail. In this post, I'll describe some ways to set up a main account so that it is only available for specific companies. As you can see in the conceptual drawing, there is the ability to override some data at a company level. The following fields can be overridden to be more restrictive than the shared main account:
Entering an active from/to date range that is more restrictive for a specific company than at the shared level will prevent users from posting to those main accounts in that company. They will still display in the lookup during data entry.
Selecting an active main account to be suspended for a specific company will hide the suspended main account from the lookup when entering the account on source documents or journal entries (as of AX 2012 R2) and will also prevent a user from posting to that account in the company. It does NOT hide the account from the lookup when setting up default accounts in forms such as the various posting profiles.
Some additional information, such as the default financial dimension values and default tax codes are set at the company view of a main account and not at the shared level. To view the company level, set the "Select the level of main account to display" field to be 'Companies'. Then in the "Companies" field, select the company you are setting parameters for. If no companies are in the dropdown, select the green plus (+) dropdown to select a company. One important think to note - the "Select the level of main account to display" setting does not associate a main account to a specific company for posting. that is done using the account structures. This field only provides the ability to override certain fields and set up specific parameters for the main account at a company level.
If you determined that the organization does require generating financial reporting using a statutory chart of accounts that is different than the organization's chart of accounts, you may need to create additional charts of accounts depending on the needs of the organization. If the need is to do the data entry in the statutory chart of accounts, complete with drill down into the subledger from the statutory account, one option is to create and support multiple charts of accounts. You can map to the organization's chart of accounts using the consolidation account setup or through Management Reporter. You can then use Management Reporter to generate the financial reports using either chart of accounts. If you need to consolidate, you can consolidate to a consolidation company using either chart of accounts or consolidate using Management Reporter with the appropriate account mapping.
A second option to support a statutory chart of accounts is to set up a financial dimension that represents the statutory chart of accounts. The values of the financial dimension would be the "accounts". You can then map the organization's main accounts to the statutory chart of accounts financial dimension using the fixed dimension functionality. To set this up on a main account, change the view of the main account to the company view and select the appropriate company. On the Financial dimensions fast tab, enter the dimension value that represents the mapped statutory account for the statutory chart of accounts financial dimension. Then set the financial dimension default to be 'Fixed'. The system will always automatically include this financial dimension value in the account number when the main account is posted to the General Ledger. You can then generate financial reports in Management Reporter for this financial dimension.
To help with the setup and maintenance of main accounts, Dynamics AX 2012 also provides support for main account templates. Creating a new main account based on a template will default the setup based on the template. You can also map an existing main account to a template on the main account form. Then if you need to make a change that you want replicated across the similar accounts, such as the assignment of the account category, you can change the setup on the template and roll down the change to the associated main accounts. A single template can be used by main accounts across multiple charts of accounts. Using main account templates will help drive consistency in the setup of the accounts by defaulting all or part of the account number and description, as an example.
If you are upgrading from a release prior to AX 2012 (such as AX 4 or AX 2009), if supporting a shared chart of accounts is important to your organization, you may want to consider re-implementing for AX 2012 instead of upgrading. Upgrading from AX 4 or AX 2009 to AX 2012 will create a separate chart of accounts for each company. For example, if you have 10 companies, the upgrade will create 10 different charts of accounts - one for each company. And once you have posted to the general ledger, you cannot change the chart of accounts used by a specific company. So an upgrade will not allow you to take advantage of the AX 2012 shared chart of accounts functionality. If you had set up your chart of accounts in AX 4 or AX 2009 using a virtual company, the upgrade will create the chart of accounts and associate it to the companies using the virtual company. In that scenario, the chart of accounts will still be shared.
The next post for this blog series will focus on the Financial dimensions.