I am planning to use Bluemix for a ReST API development using Java. I wanted to use Application Security on Cloud for scanning the application to eliminate security concern.
Can I use it? Is there something more appropriate?
You can use the Static analysis feature of Application Security on Cloud to scan Java applications for security vulnerabilities. To accomplish this, a small utility needs to be downloaded to convert the application byte code files into an Intermediate Representation (IRX) of the code. This IRX file is uploaded to the server and scanned using trace analysis to find security vulnerabilities (the IRX file is encrypted to keep your data safe). IRX files can be generated using a small client command-line interface (CLI) that you need only download and extract to your local disk. In addition, you can run a small installer that adds static analysis plug-ins to Eclipse or Maven. Note that the Client Utility and cloud service versions must be compatible.
Take a look at Getting started with Application Security on Cloud for more information.
Related
I see GNU EFI is a tool chain to compile applications, but it doesn't seem to come with many libraries.
Tianocore EDK2 comes with a lot of code, with modules and drivers that I'm still figuring out. By default, it builds a full firmware image that I use as a BIOS.
What I need to do is, develop a network-capable application that will query a server for boot instructions, and then prepare the next steps. The idea is to control the boot process from the management server, so the client should be able to follow the instructions to boot from TFTP, or from local storage, or update local storage etc.
You have two main options for writing UEFI network applications.
Managed Network Protocol has the firmware trying to autoconfigure your network and download files as appropriate via TFTP/PXE or HTTPS.
Simple Network Protocol gives you raw access to a packet interface if you want to handle things yourself.
I'm planning to do an automated deployment of a website,but im kind of stuck at this moment. I have looked at MS-Deploy, it got all the functions for deploying Website. I have a created a Web application package (.ZIP file) and I tested this on my local machine it is deploying website i.e
Create Web application under default website
Publishing files in c:\inetpub\wwwroot directory
Set ACLs on directories,etc
But i want to achieve few more extra steps for example:
Check whether Web application exists in Default Website, if not
create a Web application
Check whether Application pool exists, if not create a App pool
(given name) with a specific credentials and Assign App-pool to Web
application
Before it deploys take a backup copy of existing Web application (IF
exists)
publish offline page (app_offline.htm)
publishing the files to application directory
Replace the AppSettings section(in web.config file) to with actual values
Encrypt Web.config connection string
If there is any error whilst installing web application, rollback the web application to its previous version
The question is whether can i achieve all these functions via MS-Deploy or do i need to write any script, please suggest me what scripting language should i use
Please let me know if you need more information.
Thanks in advance
I'm not an expert on this topic but have been doing a bit of research on automated deployment with MSDeploy lately, and think I can offer the following;
This is default behaviour if you use the iisApp provider.
I know you can do this with the appPoolConfig provider, but I'm unsure as to how you would run this and #1 together as part of the same package. Perhaps as part of a pre- or post-sync command?
This is standard in v3, as long as it's set up on the server. Not used it myself, but read this anyway.
Fiddly. Not supported in MSDeploy, but you can vote for it if you want. Also, check out this SO answer (and also worth checking out PackageWeb, but the same answers' author).
Not sure I follow. This is done as part of a successful deployment, surely?
Use web.config transforms and optionally the aforementioned PackageWeb for a neat way to do this. Also check out Web Publish Profiles.
Difficult. My understanding is that the encryption is based on the machine.config, so you'd either have to run a post-sync script which would run some sort of remote Powershell script on the remote server to encrypt the web.config using aspnet_regiis, or you'd have to encrypt the config as part of your build process and then muck about with custom keys and the RSA provider (some info here).
I hope that helps. As I said, I'm no expert, so happy to be corrected by those more knowledgeable. Maybe also worth mentioning that MSDeploy is a lot more powerful if you use it via the command-line rather than creating packages from VS, although there is a bit of a learning curve to go with it.
What is currently the "best" way to develop a back-end system in Azure Mobile Services?
Specifically, what tools are available? From what I've seen, most examples just go to the Management portal and manually add a few lines into the script window. This is worse than using just Notepad, and doesn't have any concept of version control...
Is there any way to make a project in VS 2012 that contains all the Node.js code that will run in the Azure Mobile service? Is there a way of fully running that code on a local development environment that mimics the Mobile Services?
I need to have server-side code with much more complexity than is shown in most of the Mobile Services samples or documentation that I've been able to find.
I have a web site, and a Win 8 Store App that need to authenticate against, and access relatively complex data structures from a back-end database. The solution being pushed right now all seem to include Mobile Services at the center of it, using simple REST against raw tables, but all the examples are too simple to be useful.
Can someone point me to a "real-life" sample of using Mobile Services, and a "mature" way of developing and testing such a system using the tools in Visual Studio?
Thanks.
Why you have no other option than the Management portal is really beyond me. It seems very awkward for a C#/.NET developer to go back to Notepad style programming with console.log() debugging.
What I would love to see is some Node.js entry points that you could connect to a regular C# assembly which could fulfill the request (as in ASP.NET MVC or Web API) having the full .NET Framework at your disposal.
What I could see as a possible architecture is to have:
ASP.NET MVC hosted on Azure
--- writes processed data with logic to --->
Azure SQL DB <--- reads from --- Azure Mobile Services ---- bridge to ---> Mobile devices
Or
Cloud Worker Role on Azure ---- crunching/processing ----> Azure SQL DB <---- reading/writing raw data ---- Azure Mobile Services ---- bridge to ---> Mobile devices
You can use the Mobile Services facility for mobile devices facilities, scheduling and push notifications with limited code and do most of the coding in a managed .NET environment.
The AMS (Azure Mobile Services) along with Azure has advanced dramatically since this post was written and the replied answers.
Some of this stuff still holds true. If you have a ton of node.js written not in the Azure cloud portal, you will want to copy and paste to the portal online, custom api calls section and even perhaps sql backend tables for CRUD operations.
The hope for C# developers is that it is NOW in preview mode in which YOU CAN skip node.js and build everything without node.js very shortly... Some bugs to work out, but in 6 months this will be fairly solid.
I had questions and issue and a guy named Carlos carlosfigueira was very helpful.
Azure Mobile Services - Getting more user information
Josh covers unit testing server-scripts here: http://www.thejoyofcode.com/Unit_testing_Mobile_Services_scripts_Day_7_.aspx
In this tutorial, he uses the Mocha testing framework for JS (id TDD mode) and walks through an example for testing an INSERT script that encrypts the value of a particular property (text) and a read script that decrypts it (value is encrypted at rest in SQL db).
You can also find aggregation of links and tutorials here.
I would suggest that you build this solution using Windows Azure Mobile solutions especially it supports the Node JS NPM right now, which means you can create the API you want on the Windows Azure using the Node JS NPM and can work with it using WAMS easily. have a look on the following link it will help you understand what I want to say more.
http://weblogs.asp.net/scottgu/archive/2013/06/14/windows-azure-major-updates-for-mobile-backend-development.aspx
For the Client I also suggest that you build it using SignalR which is designed for cases such yours where real time applications require a lot of transactions from the server side.
http://www.asp.net/signalr
you can also find more details about how you can integrate both of them in the following link: http://hhaggan.wordpress.com/2013/07/12/signalr-node-js/
I hope these help you, let me know if you need anything else.
For running locally, the mobile service has the same Kudu environment available in azure websites, so you can browse to https://your_service_name.scm.azure-mobile.net If you navigate to the Debug Console from the top nav, you can download everything running in the site/wwwroot folder.
You can run this nodejs project locally (On windows only if you require the SQL Server npm package). Your code is in App_Data/config/scripts. If you replace the downloaded content with your current local git working copy, you can develop and debug locally, and then push changes as usual.
Tools I use:
Eclipse with JS environment (or any nodejs IDE).
Git
Postman
Steps:
Enable source control to your azure mobile service.
Pull to your local and create a eclipse project with the source.
Make changes and push.
Test with POSTman
This procedure allows me to develop really fast and eclipse tell me the common JS errors. But it has obvious downside:
No debugging (I use console.log)
The project ended up with a lot of commits (its hard to use git for proper source control)
I just did a blog post on running Azure Mobile Services locally: http://www.mikelanzetta.com/2014/09/running-azure-mobile-services-locally/ - basically it interrogates the API and starts up express, and allows you to run mocha yourself locally. It's a bit cleaner than pulling down the full wwwroot from the scm link, and I found using my local runner as a git submodule made it easy to work with (and easy for me to use VSO for managing my tests).
Anyway, for actual development, I use the Git integration and WebStorm - it automatically figures out the tasks in my local Gruntfile and makes it easy to run and test. For once it's deployed, Postman is helpful.
We are working with various cloud platform(like. salesforce etc) and we need sync with server everyday. would like to know is there way that we can in our development box to synchronize all eclipse projects through some script without opening the IDE and open the IDE without much freezing.
This would enable to do clean sync( with cloud server) and refresh with local files.
This would enable to do refresh( for non cloud server ).
running a little ant or some kind of script would have development stable unique environment across all developers?
Any help would be appreciated.
It's going to GREATLY depend on what cloud platforms you are using. HOWEVER, i work with the salesforce platform. They offer (per their dev. docs) an ant API jar that allows you to write ant scripts that can essentially check out everything in your org.
Essentially you can use it to check out and check back in pieces and parts of the website. Though this of course only works for SFDC. For other platforms you will need to refer to their API's or write your own tools.
I love Heroku but I would prefer to develop in Scala rather than Ruby on Rails.
Does anyone know of any services like Heroku that work with Scala?
UPDATE: Heroku now officially supports Scala - see answers below for links
As of October 3rd 2011, Heroku officially supports Scala, Akka and sbt.
http://blog.heroku.com/archives/2011/10/3/scala/
Update
Heroku has just announced support for Java.
Update 2
Heroku has just announced support for Scala
Also
Check out Amazon Elastic Beanstalk.
To deploy Java applications using
Elastic Beanstalk, you simply:
Create your application as you
normally would using any editor or IDE
(e.g. Eclipse).
Package your
deployable code into a standard Java
Web Application Archive (WAR file).
Upload your WAR file to Elastic
Beanstalk using the AWS Management
Console, the AWS Toolkit for Eclipse,
the web service APIs, or the Command
Line Tools.
Deploy your application.
Behind the scenes, Elastic Beanstalk
handles the provisioning of a load
balancer and the deployment of your
WAR file to one or more EC2 instances
running the Apache Tomcat application
server.
Within a few minutes you will
be able to access your application at
a customized URL (e.g.
http://myapp.elasticbeanstalk.com/).
Once an application is running,
Elastic Beanstalk provides several
management features such as:
Easily deploy new application versions
to running environments (or rollback
to a previous version).
Access
built-in CloudWatch monitoring metrics
such as average CPU utilization,
request count, and average latency.
Receive e-mail notifications through
Amazon Simple Notification Service
when application health changes or
application servers are added or
removed.
Access Tomcat server log
files without needing to login to the
application servers.
Quickly restart
the application servers on all EC2
instances with a single command.
Another strong contender is Cloud Foundry. One of the nice features of Cloud Foundry is the ability to have a local version of "the cloud" running on your laptop so you can deploy and test offline.
I started working on the exact same thing as what you said a few weeks ago. I use Lift, which is a great framework and has a lot of potential, on top of Linux chroot environment.
I'm done with a demo version, but Linux chroot is not that stable (nor secure), so I'm now switching to FreeBSD jail on Amazon EC2, and hopefully it'll be done soon.
http://lifthub.net/
There are also other Java hosting environment including VMForce mentioned above.
If you are looking for a custom setup which also has the ease of deployment that heroku offers: http://dotcloud.com. They are invite only right now but I was given access in under three days. I am working on a Lift/MongoDB project there and it works well.
Off the top of my head, only VMForce comes to mind, but its not available yet. This will be a Java-oriented service, so that probably means you'll have to spend a wee bit of time figuring out how to package the app.
For more discussion, there was a debate about this in 2008.
I'm not entirely sure if it's really suitable or not, but people have deployed Scala applications to Google App Engine, for example http://mawson.wordpress.com/2009/04/10/first-steps-with-scala-on-google-app-engine/
Actually you can run scala on heroku right now. You don't believe it?
https://github.com/lstoll/heroku-playframework-scala
I'm not sure the tricks lstoll has used are legit but using the
new cedar platform where you can run custom processes and some
ingenious Gemfile hacking he has managed to bootstrap the Java
play platform into a process. Seems to work as he has a live
site running a test page.
Stax cloud service offers preconfigured lift project skeleton. Also, there is a tutorial on how to deploy lift project to appengine.