Hey ISVs, build your own oAuth2 service :-)

Are you a SaaS Software Vendor? Do you have the idea of providing your customers an API first approach? Do you want to offer a scalable solution in the cloud? Why the h… do you need an oAuth2 server?

Many successful SaaS vendors offer an identity infrastructure based on oAuth2. Good examples are Digital Oceans, Microsoft, Amazon or Matrix42 with MyWorkspace. This article intends to explain the reasons why you should offer your own oAuth2 infrastructure when you publish a SaaS application to the world.

Five reasons to offer an oAuth2 service

  • Adapt the Micro-Service-Architecture
    SaaS applications today are different to Web applications 10 years ago. The most vendors are following the micro services architecture pattern. Let’s re-cap what Micro-Services intend to be. At the end this architecture pattern means that a vendor offers many different web services independent from each other for a specific offering. Have a look on the big ones like Microsoft Azure: They offer the Azure Resource Manager, the Storage API or the Office 365 Graph API as independent services. Compared to that public ones, Matrix42 with MyWorkspace offers services for handling identity, files, workflows and BI dashboards. Azure Costs, the service the author is also working on, is divided in separate small services for processing spending information, handling trend analytics or managing teams. All these are good examples for Micro Service and they have something together.jwt
    A session cookie based approach would not work, because this means every web service needs to take care of the session. A token based approach for authorization is a better option and the best option to provide a token is the JWT (LINK to Blog) token.

    How to get the JWT:
    Just use an oAuth2 service you provide for your micro service infrastructure. Check out different offerings in the IDaaS market or write your own.

  • State of the art Single Sign On (SSO) and federated security
    Today customers expect single sign on for their workforce. This means every SaaS application needs to support various flavours of federated security and single sign on. A better approach is to totally rely on JWT tokens and delegate the complex identity work to your oAuth2 service. The oAuth2 service should talk to the different company directories like Active Directory, Azure Active Directory or SAML2. This keeps your micro service infrastructure simple, clean and scalable again and you can drive them with just one concept and not multiple.

    How to connect to other directories:
    There are solutions in the market like Matrix42 MyWorkspace acting as identity bridge. Integrating these solutions reduces the work in your oAuth2 service to mitigate between the different identity providers.

  • Customer requires API First approach
    When talking with customers and the customer likes your solution often the second or third question is “How can I integrate …”. Translated into the language of developers this means “Do you have an API we can easily adapt?”.

    { REST }

    Because of that API first is an approach every SaaS vendor should follow. Remind the first bullet point in this article and assume your API relies totally on JWT tokens. You need to deliver a special JWT token to your customers for integration. Normally this tokens are called app-only tokens and can be used with a client credentials against an oAuth2 service. Azure Costs, as a simple example, explains how to deal with app-only tokens in the this article.

    How to issue customer integration API tokens:
    Provide a separate oAuth2 service that supports the client credentials flow incl. app-only tokens.

  • Support for mobile, web and fat clients required
    Today’s market is not focused on a special operating system or platform anymore. Even Microsoft changed their mind dramatically and now they offer with Azure one of the best cloud platforms for all kind of devices including IOT devices. Mostly every SaaS application has sooner or later the requirement to integrate different clients. The compelling event for this is normally the requirement for a mobile app but also the requirement to support a browser extension or just the integration in an embedded device. oAuth2 delivers different permission grant flows to support any kind of device and use case. This means offering an oAuth2 service gives you the freedom to support any new device because your identity infrastructure is decoupled from your micro services infrastructure.

    How to connect a mobile app to my service:
    Provide a separate oAuth2 service which support, the so called indirect flow. Normally you should not use the code flow but you need to provide some kind of device management.

  • Stay scalable for your access
    Last but not least, scalability or better the option to be ready for growing your company is a key success criteria every SaaS vendor should have an eye on. The micro-service architecture and the decoupled identity infrastructure gives you the freedom the split and combine services on different services in different clouds and in different locations.

    How to stay scalable:
    Decouple identity from resource services and enjoy the freedom to let the infrastructure grow by business needs.

Yes we can! Get your own oAuth2 service

When you think about building an oAuth2 service for your application you can start by building your own stuff. This is a great option when you need to stay under control of everything. There are also IDaaS providers on the market like Matrix42 with MyWorkspace, Auth0 or Azure Active Directory. These providers are a good starting point for your identity management project.

A hybrid approach is often the most practical. This means your engineers will provide a home grown oAuth2 service to support existing user accounts. This service should act as identity proxy to an IDaaS provider to open up the world of federated security and Single Sign On for your enterprise customers. Never waste time and budget on building an infrastructure for federated security by your own.

This article covered many technical topics on a very high level perspective. If you like it, let me know, as I think about creating a series out of it, to cover topics in more technical depth. Feel free to follow this blog to never miss an update about the upcoming series.

A more powerful azure costs portal

After several months of constant improvements in the new azure costs spending portal it now becomes the standard user interface for all of your spendings.

compare-final

The new portal offers a lot of new features and improvements to make your day by day work much easier. In this article we would like to highlight only the most important ones, to make your start with the new azure costs spending dashboard as easy and fast as possible:

Overall Spendings
The new overall spendings widget allows you to stay informed instantly. The widget always contains all spendings accumulated over the last 12 months.

azure costs - azure cloud cost optimization made easy 2016-08-28 15-40-35

azure costs - azure cloud cost optimization made easy 2016-08-28 15-47-31

Daily Burn Rate
An important indicator especially in cost optimization projects but also when you observe your costs on a regular basis is the daily burn rate. It’s easy to oversee what the short and mid term trend is.

Responsible Persons for Subscriptions
With this new functionality you are able to assign responsible persons to one or more subscriptions. This helps team administrators to oversee who is the single point of contact (SPOC) in case of unusual spendings.

resp-person

azure costs - azure cloud cost optimization made easy 2016-08-28 15-53-42

Switch Team – Multi Team Support
For service providers and administrators who would like to oversee the spendings of several teams, the Multi Team support makes it super easy to handle spendings over different organisations in a single portal.

Smart Compare
Smart Compare allows you to conveniently compare monthly cloud costs with the costs of any previous month. azure costs highlights cost spikes & deflections, so that you can focus on the costs you are really interested in.

compare-final.png (2880×1471) 2016-08-28 16-29-04

azure costs - azure cloud cost optimization made easy 2016-08-28 16-15-23

Full Screen Mode
Every widget can be used in the full screen mode as well. This gives you enough space to work on more complex spending optimization projects without scrolling and moving around. The full screen mode is optimized for working with a huge amount of different data.

Interested in the new feature?
Try the new feature today by simply logging into your azure costs account. The feature is part of any plan.

Any questions, wishes or ideas? Try our feedback portal or drop a mail to help@azure-costs.com.

Assign responsible persons to subscriptions

We feel very lucky to have  engaged users who tell us about their cloud data management challenges and the functionality that they’d like to see added to azure costs. And we listen.

We’re continually deploying additional features that our users have been asking for to azure costs and here’s a great new functionality.

Assign responsible persons to subscriptions:
With the new functionality our users are able to assign responsible persons to one or more subscriptions. This helps team administrators to oversee who is the single point of contact (SPOC) in case of unusual spendings.

resp-person.png

This enables every team administrator to act instantly on cost spikes what keeps cloud costs under control.

Interested in the new feature?
Try the new feature today by simply logging into your azure costs account. The feature is part of any Enterprise plan in our dashboards.

Any questions, wishes or ideas? Try our feedback portal or drop a mail to help@azure-costs.com.

Feature Announcement: Smart Compare

We’re very excited today, to announce the release of a game-changing new feature for azure costs: Smart Compare.

Smart Compare allows our customers to conveniently compare their monthly cloud costs with the costs of any previous month. By simply choosing the relevant months, azure costs now highlights cost spikes and deflections, so that our customers can focus on the costs they are really interested in – and ignore those they’re not.

compare-final.png
These results can then be sorted and powerful filters allow our customers to limit what they see, to only what they’re interested in.

filter-demo.png

We are sure that this great feature will help our costumers to identify the real cost drivers and make informed decisions on cost optimization strategies.

How to get started?
Comparing cloud costs is this simple: The Smart Compare and sorting functionality can be used right now as part of our Preview UI. Just select multiple months as shown above, to identify cost drivers, spikes and deflections.

Interested in the SmartCompare feature?
Try the new feature today by simply logging into your azure costs portal. Smart Compare is part of every paid plan, starting with the Professional subscription.

Any questions, wishes or ideas? Try our feedback portal or drop a mail to help@azure-costs.com.

Git rid of your XAML builds – Migrate now

Have you recently migrated from TFS to Visual Studio Team Services?
Are you happy with that decision but the existing XAML based build definitions sucks? Then this article might help, as it explains the structure of the agent based build system, which is very powerful especially for companies with cross platform projects.

The Architecture

In the former days the XAML based build system used a dedicated build controller which was able to trigger a build via push. This meant that the build agent needed to be available from the build controller. Hosting build agents in the cloud or better build agents dynamically, was always a pain.

With the new step-based build system of Visual Studio Team Services, Microsoft simplified the architecture and removed the build controller out of the game. The only component which is required is a simple agent that needs to be installed. Based to Web-Sockets this agent does not need to be available from outside because the agent dials into the VSTS services and offers triggering build runs. This makes adding and removing build agents dynamically a breeze. Just prepare your AMI, VHD or other image and spin off new virtual machines if needed.

The Step System

The described new architecture also delivers a brand-new step-based build system. Editing complex XML based workflows in Visual Studio is not required any more. The author of a build-process can pick and choose pre-defined activities to execute a very specific build-step, e.g. compile source code, generate a web deploy package or sign files.

vso-build-def.png

At the end every build step is nothing more then a command line tool, that is executed in the context of the current build. Because of that, also the Command-Line-Activity is one of the most important actions in the step-based build system when it comes to more complex workflows.

vso-build-tasks.png

Cross-Product-Groups/Departments will love the possibility to create new custom activities, which can be used from other teams and groups within the company. This makes complex build tasks really easy to use for other teams. There is an important idea behind the new build system: “Let developers create the build, get rid of your dedicated build team.” In an Agile world we are talking so much about cross functional teams, that build management should become part of it.

Advanced features you should know about

Microsoft also delivers a couple of features in the new step-based build system to target more complex scenarios.

Multiple Build Agents on the same machine

There are no reasons for using just a single machine per registered build agent. If you would like to get the most out of your existing infrastructure, just install the Microsoft build agent multiple times on your build servers.

Tip: We are using 3 build agents on the same virtual machine which gives us a good utilisation regarding CPU and RAM. On Linux we switched to machines backed via SSD because of I/O intensive docker and Java builds

Release Processes vs. Build Processes

The new release process feature in VSTS is a great option to differentiate between building a pice of software and delivering a piece of software. Especially when the vendor works with a test chain it’s possible to move SaaS software through different states. Especially codeship becomes popular with this kind of feature set.

Push to HockeyApp

Microsoft acquired HockeyApp, a leading vendor in crash dump collection and beta app deployments for Android, iOS and Windows.

hockeyapp-integration.png

Related to this acquisition the Visual Studio Team Services team offers a seamless integration, which allows to upload your build directly to HockeyApp. This works on all required platforms, also on XCode builds for iOS or OS X. At Microsoft Build 2016 the HockeyApp team announces that Xamarin Insights becomes part of HockeyApp. Related to this check our the technical presentation of the HockeyApp team here.

Summary

With the new step-based build system Microsoft introduced in Visual Studio Team Services, a more flexible and simple-to-use option. Especially when you start with new projects, just use the step-based build system and do not invest in the old XAML builds. Software vendors who are writing software for different platforms can now use VSTS as a cloud based management tool, which means to get the most out of your MSDN benefits. Also when you are owning XAML based builds, invest in the migration. Microsoft recently announced that the XAML builds will be discontinued after 2016, so it’s time act.

Azure Costs now supports Azure Rate Plans and Pay-as-you-Go subscriptions

The Azure Costs Team is happy to announce the launch of the new support for Azure Rate Plans & Pay-as-you-Go subscriptions. After an extensive beta together with many interested users, we are now ready to make this new feature globally available for everyone.

pay-go-plan-add

This feature completes Azure Costs and allows you to manage any subscription type and pricing model that Microsoft offers in the different regions for the Azure cloud.

Interested in managing Azure Rate Plans or Pay-as-you-Go subscriptions?
Try the new subscription support today by simply logging into your Azure Costs service. We also designed new plans explicitly for our users without an Enterprise Agreement. Customers who are currently using a payed plan, can connect additional subscriptions for free.

Any questions, wishes or ideas? Try our feedback portal or drop a mail to help@azure-costs.com.

 

 

More payment options

The azure costs  team is pleased to announce the support of more payment options, which goes live today. From now on, you are able to pay with all major credit cards, e.g. Visa, MasterCard or American Express. In addition we support Paypal as a very comfortable way to pay as well.

payments01

The payment is processed from our partner FastSpring who is one of the most reliable and successful payment providers in the world.

fs_logo_large

You stay in control and can upgrade or terminate your subscription at any time directly in our billing portal or in your FastSpring account.

Any questions, wishes or ideas? Try our feedback portal or drop a mail to help@azure-costs.com.

See clear

Thanks to your feedback, we were able to constanly improve the Azure Costs user interface in the last weeks and months. One special hint we got from you, was the fact that it sometimes can be pretty confusing, when it comes to multiple Microsoft and Azure Active Directory accounts.

As we’re continually deploying additional features that you have been asking for to azure costs and here’s a small but very useful new functionality:

tooltip

From now on, you’ll get the mail address that was used for logging into Azure Costs, whenever you move your mouse cursor over the avatar. This ensures, that you’ll never be confused anymore about different accounts or dashboards without data.

Interested in the feature?
Try the new feature today by simply logging into your azure costs service and move the mouse cursor over your avatar. The feature is part of plan it doesn’t matter if you are using the Basic, Professional or Enterprise plan.

Review: GitHub vs. Visual Studio Team Services (VSTS) – Should you switch?

Disclaimer: This article is about Visual Studio Team Services (VSTS) and GitHub. The author has a very positive opinion about both services and does not get any offers from Microsoft or GitHub writing this article. The whole article is written IMHO.

Over the last years GitHub has become a success factor for projects related to git repositories for me personally. I also tested several other solutions but mainly I struggeled with the performance or the usability. About 2 years ago I started using Visual Studio Team Services (VSTS) with a work related project. The service looked promising but had a lot of early release issues, so in the last 24 months it was interesting to see how a promising solution became adult. Last week I decided to move away from GitHub for all my closed source projects and rely on Visual Studio Team Service (VSTS). This article gives a deeper look on the main reasons of why I did the move and may help deciders to get detailed information before implementing:

Git-Repository sprawl
Nowadays thanks to bower, npm, bundler or NuGet the amount of Git repositories are growing steadily. When you are focused on component based software development Git is a great helper but the amount of repositories is sprawling because very often every component has its own live in a separated Git repository, which means you have a separate release cycle and a different versioning compared to your main project.

vsts-git

I guess this is the secret source of component managers which are working closely together with git repositories. Of course VSTS and GitHub are supporting multiple git repositories but GitHub lets you pay on a package on git repositories, VSTS lets you pay for users. Especially for small teams paying for users is the better deal, compared to paying for repositories. At the end Microsoft offers a smaller groups of 5 everything for free. This fact stopped my permanent GitHub problem: Having too less private repository space.

GitHub:
O – Allows to have as many GitHub repositories as needed
+ – Generates releases out of tags automatically (good semver integration)
– – Charging base is the count of private git repositories

VSTS:
O – Allows to have as many GitHub repositories as needed
+ – Comes with unlimited git repositories, plans are user based
– – Repository management is not that intuitive as it is in other solutions

Pull Requests and Forks
Forks and pull requests are the most important features GitHub introduced very early to support community driven development. I would say in the open source world Github is the platform when it comes to forks and pull requests. Currently I would never think about moving open source repositories away from GitHub because of this great feature.

pull-request.png

When it comes to closed source projects, forking and pull requests are becoming only important in bigger teams with different products or product lines. We are using this feature strongly in our teams at my company. Smaller startups or teams will not use these workflows often but nevertheless it is a road blocker for me to do the 100% switch to VSTS. I guess it took Microsoft around 12 month to deliver it in a more simple way GitHub is doing this.

GitHub
+ – Cross repository forking
+ – Pull requests incl. discussion thread and a lot of community features

VSTS:
O – Supports pull request on repository level

Agile Process support with EPiCs, features and backlogs
When it comes to bigger teams or more structure, people are having the option that to implement a process is the key. This brings me to the biggest enterprise blocker I see in GitHub, the Issue-Tracking system. Companies who migrated to an agile framework like SCRUM or KANBAN need to have the option to work with features, backlogs or bugs. Microsoft delivers with VSTS a highly customizable and adaptable work item management system. The SCRUM and KANBAN template makes perfect sense for agile teams but also the traditional waterfall model can be implemented (even if I don’t understand why someone should do this.)

backlog.png

GitHub
– – It’s just an Issue Tracker
+ – Has good integration into many cloud services

VSTS:
+ – Offers customisable work item management
+ – Comes with templates for agile team structures

Handle your Test-Cases
Even if your projects comes with a great code coverage and good unit tests, the requirements to execute manual tests or just to orchestrate automated integration tests exists. VSTS implements based on the work item management a test case management which has the option to integrate it with automation bots via WinRM and other protocols.

bot

The ability to document test cases and write specific step by step guides how to verify a feature is a big plus esp. in small teams where no dedicated QA resources are hired.

GitHub
O – Ability to integrate with external QA services
– – No integrated test case management

VSTS:
O – Ability to integrate with external QA services
+ – Test Case management is part of the work item management

Centralised Source Code management as migration path
For a couple month Microsoft offers virtual TFS collection, which allows companies that want to go pave the road for git based repositories to stay with the existing centralised source code management besides new git repositories. In the early day VSTS just supported a TFS collection per project space but now maintaining TFS collection is that easy as it is creating new git repositories. This will become very important features for existing TFS customers.

new-repo.png

Revised Build-System incl. Linux Support
I guess Microsoft learned very fast that the XAML file based build system was very inflexible and complicated for a SaaS service like VSTS. Because of that a couple month ago a new step based build system was introduced which will orchestrate the build agent out of VSTS

build-task.png

Since Microsoft supports Windows, Linux and Mac build agents there are no road blockers anymore, besides that the hosted build services for VSTS are very rare. There is a build server Microsoft offers out of the box but from my experience you will get more problems customizing that. When you are focused on Azure check also what the Azure App Services can do for you because KuduSync offers out of the box build for your .NET application during deployment.

 GitHub
+ – Many different build services available with GitHub integration (CodeShip, T..)
– – Build definitions are not part of the code project
– – No release management to aggregate several projects 

VSTS:
– – Hosted build services for VSTS rare
+ – Build definitions are part of the code project
+ – Release Management allows to aggregate several sub projects

Other services and options:
There are also other options and products on the market and I guess one of the most popular one is Assembla which is pretty comparable to Visual Studio Team Services. Also the products from Atlassian (Jira, BitBucket) are great options supporting your development cycle. This article had the intention to support companies who are dealing with GitHub and / or On Premise TFS and now are thinking about combining the positive of both.

I personally think GitHub could become a great option for enterprises as well, when the Issue-Tracker problem is solved which was mainly the reason why I searched for an alternative!

Get notified about new team members

The azure costs team is pleased to announce the launch of the team admin notification support.
The new feature enables team managers and administrators to get notified when a team member activates his account. A team administrator gets a message when a user accepts the invitation or is joined automatically when accessing the service via Azure Active Directory account.

settings-team

How to get started?
The team administrator notification feature is part of every enterprise subscription. Enabling the notification in azure costs is this simple: 

1) Log in to the azure costs Dashboard and if you don’t have a team account migrate to a team (optional): 

team-02-migrate-team

2) Select “Manage Team”  in the drop down on the avatar and open the newly introduced settings page.

3) Just switch the notification on with the displayed checkbox:

settings-team

Interested in the team notification feature?
Try the new feature today by simply logging into your azure costs service and migrate to a team account. The feature is part of any enterprise plan and part of any trial.