It was my second meetup/event in 3 days (I went to the Dutch Azure Meetup on Thursday evening). DotNed Saturday is a .NET community day-long event that is held on the last Saturday of January. It is the 4th edition. This happens to be my second time and I am hooked. The concept is a keynote and 5 timeslots with 3 sessions in parallel, all given in Dutch, regarding .NET.
About 200 ‘developers’ showed up and we were welcomed by Dennis Vroegop from the DotNed community. He showed a clip from 2013 with Microsoft’s vision of the future. It happens that many technologies have been realized, ranging from augmented navigation within Google Maps and working on the same file on different devices in a blink of an eye.
Let’s see what this day full of inspiration will bring for the coming decade.
Music and software is everywhere
During the last part of the Keynote, there was a surprise act/presentation from Hanno Embregts. Hanno is a developer who also likes to make music with his electric guitar. Code and music fuse and flows through his veins and he expresses it with code examples and performing on his guitar on the stage. For an impression you can check out this video from YouTube.
The crowd really liked his geek humor and we were pumped and energized for the rest of the agenda.
Configuration in Azure. Done right
When I was deciding which sessions I would like to attend, I thought that this one will be about Configuration making use of
appsettings.json and the
Options pattern. Boy, what was I wrong. Instead, Rick van den Bosch introduced me to the
Azure App Configuration Service. It was already shown earlier on the .NET Conf 2019 free virtual event September. You can watch it here:
So, what is the
Azure App Configuration (AAC) service?
Azure App Configuration is a managed service that helps developers centralize their application and feature settings simply and securely.https://docs.microsoft.com/en-us/azure/azure-app-configuration/
Characteristics of the Azure App Configuration service are:
- Universal, fully managed configuration store
- Fast retrieval of configurations for any Azure application
- Complete data encryption, at rest or in transit
- Native integration with popular frameworks such as .NET and Java Spring
In short, the AAC service is Microsoft’s new take on managing settings, like features, configuration, keys, secrets, etc. centrally within Azure. The strength lies in that it makes use of the
Managed Identity. Rick showed us that when you are logged in Visual Studio, it uses that identity to access your ACC resource. In this way, there are no keys that can be accidentally stored in your source control, which can leak when your source code leaks or is compromised.
Examples from Rick were
- you can easily create multi-tenant solutions with it and the same setting,
- same setting but different values for your test, acceptance and production environment.
If you use
Azure KeyVault, you can reference it within AAC. The benefit is that you use the strength of the Azure KeyVault, which can periodically generate secrets, but accessed from a central place. When you use AAC in your application you do not have to implement the
Azure KeyVault anymore.
Another benefit Rick mentioned was that the history of configuration is stored, so you can easily compare and switch back to the working configuration state after a deployment.
If it sounds pretty vague, I am sorry, check out the video.
The AAC service is now in public preview, which means you can check it out, but it is not production-ready yet. When it becomes Generally available, I expect that it will take a huge flight with adaption. It is expected that the service will reach GA in the first quarter of 2020.
Rick introduced me to the cool web application the urlist. At the end of presentations, you see a slide with many links for further reading and to the code. People make a screenshot and have to type it out. This old way is history. Welcome to the future! The bunch of links is replaced with 1! link, with the description for each link. Their tag line should be “The one link to rule them all”.
Reducing third-party security risk in .NET Core applications
Niels Tanis gave a presentation about third-party risks. When you make use of NuGet packages, you introduce risks. Maybe you trust the package you use, but the package makes use of other packages. This can introduce your application to dozen of other packages you are not aware of but poses security risks. Niels calls these transitive dependencies.
The advice is to peek in your dependencies, analyze them and keep track if there are new dependencies introduced when you do an upgrade.
Niels also mentioned the tool
Application Inspector. The tool is very new, I just heard it last week and Niels also has not yet had time to investigate it.
ZDNet wrote about it and describes it as “Microsoft offers up the security tool it uses to probe untrusted third-party software components in its applications”. A presentation from Security Program Manager Guy Acosta from Microsoft. If you want to try it out visit it on Github.
How to build resilient applications in Microsoft Azure
This presentation was given by Sander Molenkamp, he is also a co-host of the Dutch Azure Meetup group. Sander introduced the 3 types of service levels, namely
- Service-Level Indicator (SLI): The failure rate of orders… (for example 1 out of 10.000 fails)
- Service-Level Objective (SLO): … must be less than 0.01% measured every 5 minutes. (1 out of 10.000 orders may fail every 5 minutes)
- Service-Level Agreement (SLA): … otherwise, there’s some penalty.
Sander had beautiful slides mentioning how to make the infrastructure and the compute resiliently. When the slides are available I will update this post.
A great slide about allowed SLA downtime:
Since you do not use Azure services in isolation, you have to multiply all the SLAs of each service for your whole system in order to determine if you meet your desired SLA. Service A has an SLA of 99.95% and Service B has an SLA of 99.99%. The total SLA is 99.95% * 99.99% = 99.94%.
Another aspect of resilience is that your data is safe in the cloud. For different Azure services, there are different backup policies.
Azure Cosmos DB is that the database is backed up every 4 hours, which is an advantage. The latest 2 backups are stored. What you have to be aware of is that this introduces a disadvantage, you only have 8 hours to (contact Azure support) to fix your production issue. After 8 hours, the backups contain the breaking changes.
Sander also demonstrated Polly.
Polly introduces itself on Github as:
Polly is a .NET resilience and transient-fault-handling library that allows developers to express policies such as Retry, Circuit Breaker, Timeout, Bulkhead Isolation, and Fallback in a fluent and thread-safe manner.https://github.com/App-vNext/Polly
I have seen several presentations with a demonstration of Polly in it, but somehow it is still not widely used. This triggers me to try it out.
I am not going to mention all the benefits of implementing Polly. But the most shown ones are the
Retry policy and the
Circuit Breaker policy . With the
Retry policy, you consume another API and when it fails, you can easily configure how many times you want to retry with exponentially growing delays in-between.
Another policy I want to mention is the
Circuit Breaker policy. If the API you are calling does not respond after many tries, because maybe it is too busy, it does not help to keep spamming it with requests. Let it catch its breath and retry later. With the
Circuit Breaker policy
, you can implement this.
Azure Application Insights service is part of the
Azure Monitor service. If you select the Pay-As-You-Go option, you only can write 5 GB each month for free, click here. So, when there is an outage, unexpected event or retries to communicate with an API, be aware that you can fill your logs fast. You can set a limit in your Azure Portal, to prevent unpleasant billing surprises. But you make me as a micro-stakeholder in the Microsoft stock happy, thank you for the generous donations:-)
A shoutout to a free event Sander co-organizes is AzureFest on Thursday 28 May 2020 spanning the afternoon and evening. Hosted at InfoSupport in Veenendaal.
Logging, instrumentation, dashboards & alerts
The fourth presentation was given by Henry Been.
He showed us how we can combine all the different metrics into beautiful dashboards. I look forward to his code on Github account which can provision all the charts he has used in the presentation.
Use your source code as documentation for your stakeholders
The last presentation was given by Michaël Hompus. In the description of the talk, it mentions “create documentation with Markdown, PlantUML, and AsciiDoc”. Ok, Markdown, I write it occasionally and PlantUML, I have used at my last project at Van Lanschot Kempen. So, I know a thing or two.
For the people who attempt to write documentation, kudos, good job, thumbs up! The problem is keeping it up-to-date and also readable for non-technical stakeholders.
I was in awe, this is an expert at work, creating art in the form of documentation and I was blown away with what Michaël showed us. Michaël is showing us how to create what he calls Living documentation, documentation which is always up-to-date. The ingredients for the tool are:
- Roslyn, the .NET Compiler Platform is a set of open-source compilers and code analysis APIs for C# and Visual Basic .NET languages from Microsoft.
- PlantUML, a tool allowing users to create UML diagrams from a plain text language. The language of PlantUML is an example of a Domain-specific language. It uses Graphviz software to layout its diagrams.
- AsciiDoc, is a human-readable document format, semantically equivalent to DocBook XML, but using plain-text mark-up conventions.
You provide a project to the
LivingDocumentation analyzing tool. Roslyn analyzes the code and makes use of
PlantUML to create diagrams and
AsciiDoc to create a document.
This is not the example Michaël has shown us, but to give you an idea:
You can find it on Github.
Every time, code changes, within the build pipeline, the documentation is re-generated, and you always have the latest version available. This is so powerful, I look forward to exploring this solution and make the lives for the team and stakeholders easier.
I have really enjoyed the day. It has planted a lot of seeds for exploration in the fast-evolving landscape of .NET development.
Thanks to InfoSupport to provide the place and all the sponsors for making this possible. And last but not least the speakers, preparing and providing great content.