by Scott Muniz | Sep 11, 2020 | Uncategorized
This article is contributed. See the original author and article here.
We will have our Service Fabric Community Q&A call for this month on Sep 17th 10am PDT.
Starting Aug 2020, we introduced a framework for our monthly community session. In addition to our normal Q&A in each community call we will focus on topics related to various components of the Service Fabric platform, provide updates to roadmap, upcoming releases, and showcase solutions developed by customers that benefit the community.
Agenda:
- Service Fabric Backup Explorer(Preview)
- Service Fabric Roadmap
- Q&A
Join us to learn about roadmap and ask us any questions related to Service Fabric, containers in Azure, etc. This month’s Q&A features one session on:
As usual, there is no need to RSVP – just navigate to the link to the call and you are in.
by Scott Muniz | Sep 11, 2020 | Uncategorized
This article is contributed. See the original author and article here.
This last week, I found an interesting issue. Our customer exported a database to bacpac file using SQLPackage .NET Core.
To import the data to another SQL Server, our customer tried to use SQLPackage for Windows but, they got an error reading the bacpac file with the following error message: File contains corrupted data.
During our investigation we found that we have a known issue using SQLPackage for Windows to import a bacpac file that was created using SQLPackage .NET Core. As a workaround, download SQLPackage .NET Core software in your Windows Server Machine and execute it instead of SQLPackage for Windows or SQL Server Management Studio.
We hope to have the fix very soon.
Enjoy!
by Scott Muniz | Sep 11, 2020 | Uncategorized
This article is contributed. See the original author and article here.
This week I worked on a very interesting service request about a deadlock issue when our customer is running 32 threads at the same time inserting data. I saw an important thing that may prevent a deadlock.
Background:
- Our customer has two tables with the following structure:
CREATE TABLE [dbo].[Header]
(
[Id] UNIQUEIDENTIFIER NOT NULL,
CONSTRAINT [PK_Header] PRIMARY KEY CLUSTERED([Id])
)
GO
CREATE TABLE [dbo].[Detail]
(
[Id] UNIQUEIDENTIFIER NOT NULL,
[HeaderId] UNIQUEIDENTIFIER NOT NULL,
CONSTRAINT [PK_Detail] PRIMARY KEY CLUSTERED([Id]),
CONSTRAINT [FK_Detail_Header]
FOREIGN KEY ([HeaderId])
REFERENCES [dbo].[Header] ([Id])
)
GO
- In our customer code, they create a transaction that insert a new row in the header table and after insert around 1000 rows in the detail table. This operation is running by 32 threads at the same time.
- During the execution we saw some deadlocks because 2 transactions block each other from continuing because each has locked a database resource that the other transaction needs. SQL Server handles deadlocks by terminating and rolling back transactions that were started after the first transaction. In this situation it is a KeyLock.
Solution:
- We saw that the deadlock is happening when these a transaction needs to lock a resource that the other transaction has in exclusive mode.
- We have two options:
- Retry the operation about the transaction that was killed by SQL Server.
- Create a new Partition Key based on the number of threads running.
My suggestion suggested was to create a partitioned table based on the numbers of threads, for example:
- Create a partition function for the 32 threads, running the following command:
CREATE PARTITION FUNCTION [PartitioningByInt](int) AS RANGE RIGHT FOR VALUES (1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17..32)
- Create the partition schema based on the function defined:
CREATE PARTITION SCHEME [PartitionByinT] AS PARTITION [PartitioningByInt] TO ([PRIMARY], [PRIMARY], [PRIMARY], [PRIMARY], [PRIMARY], [PRIMARY], [PRIMARY], [PRIMARY], [PRIMARY], [PRIMARY], [PRIMARY], [PRIMARY], [PRIMARY], [PRIMARY], [PRIMARY], [PRIMARY], [PRIMARY], [PRIMARY], [PRIMARY], [PRIMARY]...)
- For the table header perform two operations:
- First, include the partition key.
- Second, include the PK to have the referential integrity with Detail table.
CREATE TABLE [dbo].[Header](
[Id] [uniqueidentifier] NOT NULL,
[IdPartition] [int] NOT NULL)
CREATE CLUSTERED INDEX [ClusteredIndex_on_PartitionByinT_637343967904700811] ON [dbo].[Header]
( [IdPartition])
WITH (SORT_IN_TEMPDB = OFF, DROP_EXISTING = OFF, ONLINE = OFF) ON [PartitionByinT]([IdPartition])
create UNIQUE nonclustered INDEX [PK_Header] ON [dbo].[Header]
([Id] ASC,iDpARTITION)
WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, SORT_IN_TEMPDB = OFF, IGNORE_DUP_KEY = OFF, ONLINE = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON) ON [PartitionByinT]([IdPartition])
- In the detail table, include the IdPartition column to maintain the same referential integrity with header table.
CREATE TABLE [dbo].[Detail](
[Id] [uniqueidentifier] NOT NULL,
[HeaderId] [uniqueidentifier] NOT NULL,
[IdPartition] [int] NOT NULL,
CONSTRAINT [PK_Detail] PRIMARY KEY CLUSTERED
(
[Id] ASC
)WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON) ON [PRIMARY]
) ON [PRIMARY]
GO
ALTER TABLE [dbo].[Detail] WITH CHECK ADD CONSTRAINT [FK_Detail_Header] FOREIGN KEY([HeaderId], [IdPartition])
REFERENCES [dbo].[Header] ([Id], [IdPartition])
GO
ALTER TABLE [dbo].[Detail] CHECK CONSTRAINT [FK_Detail_Header]
GO
But, what is the outcome?
- As we discussed previously, at the moment of the transaction that needs to lock exclusively the PartitionKey of the Primary Key, instead of that all transactions lock the same, every transaction will lock the partition key of the partition, reducing a lot the contention and preventing any deadlock.
Enjoy!
by Scott Muniz | Sep 11, 2020 | Uncategorized
This article is contributed. See the original author and article here.
This week, we bring you more Excel knowledge from MVPs Chandoo, Jan Karel Pieterse, and Jeff Lenning.
Power Query Tutorial – What is it, How to use, Full examples, Tips & Tricks
Chandoo shares a tutorial on Power Query in Excel, including examples and tips & tricks.
Enabling Drag And Drop Between Two Listboxes On A VBA Userform
Jan Karel Pieterse walks through a few lines of VBA code to enable drag and drop between two listboxes on a userform.
Dynamic Arrays (part 1, 2, and 3)
Jeff Lenning provides an overview of dynamic arrays in Excel in this three-part blog series.
Find this useful? Click Like below.
Want to know more about a specific Excel topic? Leave us a comment.
by Scott Muniz | Sep 11, 2020 | Azure, Technology, Uncategorized
This article is contributed. See the original author and article here.
Hello World!
With so many Azure customers relying on native Azure network security tools to secure their networks and applications, it is clear that there is a demand for more information on this topic. We are here to deliver just that. My team is dedicated to helping customers deploy and get the most out of Azure Network Security services, and we will be using Tech Community to amplify our voices.
What are the Azure Network Security services?
Azure network security is a set of native services meant to secure cloud and hybrid networks using the Zero Trust approach. To narrow it down, the primary tools we will cover here are Azure Firewall and Firewall Manager, Azure DDoS Protection, and Azure WAF. Yes, we’re aware that WAF deals with Application Security and not as much Network Security, but we’re bringing the concepts together. Web applications are delivered over networks, right?
Naturally while we are concentrating on these core services, that does not mean others will not be discussed. Quite the opposite, in fact. Building a secure Azure network can involve a vast array of resources. Expect attention to also be paid to Azure Bastion, Network Watcher, NSGs, as well as core networking components ranging from Route Tables to Virtual WAN.
Here’s a quick introduction to our primary tools for those that are unfamiliar:
Azure Firewall
Azure Firewall is the Azure-native PaaS firewall. Not to be confused with NSGs or resource firewalls on other PaaS services, Azure Firewall is built to be a centrally deployed and managed service that handles all the traffic from your regional deployments. Being a PaaS service, it auto-scales to accommodate increasingly demanding workloads, and it can be managed using the tools and methods you are already using to deploy and manage other resources – CLI, API, ARM, or whichever combination of abbreviations suits you best.
Azure Firewall is meant to perform all the same functions as most Network Virtual Appliances (NVAs), including segmenting east-west traffic within your VNets and controlling inbound and outbound traffic. Learn more in the docs.
Azure Firewall Manager
Firewall Manager is a service that serves a growing number of purposes. First, it allows for easy management of multiple Azure Firewalls. By abstracting the Firewall Policy away from each individual Firewall, you can use Firewall Manager to assign a central set of policies to one or many Firewalls across the globe. Additionally, Firewall Manager can be used to manage security services in Azure VWAN Hubs, which can either be more Azure Firewalls or third-party services such as Zscaler and iboss.
Read the docs to get the full story on Firewall Manager.
Azure WAF
Azure Web Application Firewall, as the name implies, is a firewall specifically meant to inspect web application traffic. Azure WAF can be attached to Application Gateway, Front Door, or CDN. There are some differences based on which service WAF is attached to, but the major function is the same – WAF analyzes decrypted traffic to match every request against its rules. These rules can consist of managed rulesets that look for common attacks found in the OWASP Top 10, bot protection rulesets that can block known malicious bot traffic, and custom rules that can look for various combinations of patterns.
To learn more, read some more docs.
Azure DDoS Protection Standard
Every resource that lives in an Azure data center benefits from the inbuilt platform-level DDoS Protection. Our DDoS Protection infrastructure is in place to ensure the availability of each Azure region, and this protection is inherited by every Azure service. For customers that need to ensure that their workloads are protected against every attack, DDoS Protection Standard is available to tune the protection mechanisms to each individual workload. Along with Standard comes several other features, which include cost protection for resources that auto-scale during an attack, high-priority support during attacks, and some great logging to feed to your SOC.
This is the final time in this post that docs will be read.
GitHub Repository
There has been such an appetite among our customers for useful technical content that we decided to create a GitHub repo just for Azure network security. Find it at Aka.ms/AzNetSec. You will find a combination of scripts, Policies, KQL queries, ARM templates, Azure Monitor Workbooks, and other odds and ends. Our goal is to make everything as useful as possible to take the guess work out of using our tools.
We encourage contributions from the community, so if you have something you think may be useful to others, don’t hesitate to fork and send us a pull request. Even if you don’t wish to contribute, please leave us feedback and suggestions for new content to create; we strive for continuous improvement. If you have suggestions or feedback regarding specific product features, please use Azure User Voice. Yes, we do monitor it and use the feedback when planning features.
Tech Community Plans
This has been a quick introductory post to share this team’s focus and areas of interest. We have lots of ideas for things to share in the future based on our experience with customers, but we also want to listen to the feedback we receive here. If there is something you would like to know more about, please leave a comment here or post about it in the Network Security conversations space.
Recent Comments