A software vulnerability dubbed Heartbleed has made a lot of press this week – and with good reason. It likely affects more Internet servers than any other issue found before. What does it mean for us at Gibraltar Software? After reviewing a range of scenarios we’re glad to report that none of the software we distribute (VistaDB or Loupe) or our infrastructure are subject to this vulnerability.
Since our internal systems are nearly all Windows-based our exposure to this particular issue was likely to be small but we do use Linux systems in a few places – notably our firewalls and load balancers. We’ve confirmed with the vendors of these products that our particular software versions aren’t subject to the vulnerability. We’ve also reviewed our publically-accessible internal systems and confirmed that none of them use software affected by this issue either.
That said, we’d encourage you to assess your own internal systems. When you sit back and consider that you could be exposed by any application that implements SSL in your environment that list of systems can be considerable.
We’ve seen a big increase in the number of requests to run Loupe Server on Azure in the last few months. The good news is this has been possible ever since Azure introduced Virtual Machine support – as long as you installed SQL Server on the VM. The better news is that as of Loupe 3.5.6 you can use SQL Azure. This provides a lower cost, simpler to maintain way of hosting Loupe Server in Azure.
To get up and running you’ll need to provision:
- One Windows 2012 R2 Virtual Machine: This will host the Loupe Server software – including the web site and Windows service.
- One SQL Azure Database: You can create just the Server instance and user at this time and let Loupe create the database if you like.
For our testing, we used a Small instance VM and a Web instance DB with a limit of 1GB. This means the operating cost would be just $77 per month (a lot less if you have other Azure services). A small instance is pretty tight – so for a bit more room to grow pick a Medium instance and it’s still just $122 per month.
Preparing the SQL Azure Database
When you create a new SQL Azure Database you can pick an existing SQL Server on your account or create a new SQL Server. It’s important you create the SQL Server and the Virtual Machine in the same Azure region for the best performance. When you create the database you’ll also specify the SQL Administrator account which you’ll use during the installation.
In this screenshot you can see we’ve created a database on a new server which has been assigned the name “drhv5sztg2″. In the lower right you’ll see the full server name in the management URL which is what we’ll need for the Loupe Server to connect to it: drhv5sztg2.database.windows.net.
Once the database has been created you’ll need to adjust the access rules for it to be sure the Virtual Machine can get access to it. The simplest way to do this is to enable the Azure Services access.
In the example above we’ve enabled Windows Azure Services, and in this case my home address and one of our data centers, just for some additional testing I performed. If you want to access the database from your own desktop or data center, you can add the relevant IP addresses to the list.
Setting Up the Virtual Machine
To start, request a new Virtual Machine from Microsoft’s image library. We recommend the latest Windows server image – Windows 2012 R2 at this moment. You’ll want to create this as a new cloud service which will let you assign the public name your Loupe Server. Be sure to pick the same Azure region that your database server is in.
In the example above the Loupe Server’s cloud service has the name installhubtest.cloudapp.net. If you want to use a different name you can set up a CNAME on your domain and point it at this name.
Once the VM is running you can configure the necessary endpoints. These create connections through the Azure firewall infrastructure to map traffic from the public IP address to your virtual machine. To enable all Loupe capabilities including Live Sessions we’ll need to set up three endpoints:
- HTTP: The web server itself. There is an endpoint in the list for this in Azure which has the correct port. You may also choose to add HTTPS if you want to install an SSL certificate.
- Loupe Agent: The port used for Agents to send live update data to the server. By default, this is port 29971.
- Loupe Client: The port used for Clients to subscribe to live update data from the server. By default, this is port 29970.
The example above shows all three endpoints configured, along with the default endpoints Azure makes so you can remotely access and manage the server.
Once you’ve requested the VM from Microsoft’s image library and it has started, log in using RDP to set it up just like you would your own virtual or physical server. With Windows 2012 (and 2012 R2) all of the dependencies for Loupe are readily available. To install all of the dependencies, select the following roles:
- Application Server
- Web Server (IIS)
Customize the Application Server role by selecting Web Server (IIS) Support under Role Services.
Once this configuration has been completed, you’re ready to download the Loupe installation to the server and run it normally.
Configuring Loupe Server
After the Loupe installation completes it will automatically launch the Loupe Server Administrator. This will in turn start the first time configuration wizard.
When configuring the SQL Server, be sure to provide the complete DNS name of the SQL Azure Server. Enter the database name you previously created (or another name, in which case the database will be automatically created for you) and select SQL Authentication, providing the credentials from when you created the database. The schema will be loaded into the database by the Loupe Server Administrator at the end of the wizard.
When asked for the Web Site configuration, provide the public name of your cloud service that was assigned when the Virtual Machine was created. This information is used to create links in emails and some security features.
Enable the Live Sessions feature so you can view log sessions in real time. If you want you can select different ports than the defaults, in which case you’ll need to change the Azure VM endpoint configuration that was previously set up.
Once the wizard completes the only other thing to configure that’s Azure specific is the time zone – since all Azure VM’s have their time zone set to UTC you’ll inevitably want to tell Loupe to use a different default time zone. To do this, select the Repository node in the tree view.
In the above example I’ve changed the default to US Eastern Standard Time which is the time zone we use for our internal reporting.
Accessing Your Loupe Server
Before you can log into your Loupe Server the first time you’ll need to create an administrator. Using the Loupe Server Administrator, click on Users and you can add your first user. It will default to being an Administrator. Once you’ve added this user you can use the web interface to add the rest of the users you need.
Now that you’ve set up your server, you can access it anywhere in the world using the DNS name set up for the Azure service. You should see the web page come up within 15 seconds (giving some time for it to spin up the application for the first time). If it doesn’t show up, go back and verify that you set up the HTTP endpoint for the Virtual Machine.
Log in using the administrator account you configured and you’ll be greeted with a blank dashboard. As you send sessions to it you’ll see the applications show up on this dashboard.
Limitations and Notes Unique to Azure
There are a few caveats to hosting in Azure in the configuration described above. The first is that Microsoft will automatically restart the host underlying the virtual machines every four to eight weeks, generally without notice. When they do this your Loupe server will be unavailable for 20 minutes or so. This doesn’t affect the SQL Azure database but will affect the virtual machine.
Additionally, due to a limitation in SQL Azure compared to SQL Server there is a delay in performing background processing of up to 15 seconds. This will cause a short delay before dashboard metrics and email alerts are generated compared to using a full SQL Server.
We’ve just released VistaDB 5.0.3 – a maintenance release to VistaDB 5.0. This includes a rollup of all the fixes for defects reported on 5.0 as well as some improvements. You can run over and download the release right now or read on for more of what’s inside!
NuGet Packages for Entity Framework and Logging
You can now add VistaDB Entity Framework support and VistaDB Logging support for Loupe directly from NuGet. This is particularly useful for Entity Framework because it automatically updates your application configuration file with the appropriate entries, adds the correct version of EF, and adds the provider assembly for VistaDB in one pass.
For Logging you get a similar ease of use – add the NuGet package and it’ll automatically pull in the Loupe Agent as well. Then you just need to add one line of code to activate the agent:
For more information on what you get with logging support, see Developer’s Guide – Logging to Loupe in the online documentation.
We encourage you to use the NuGet distribution where feasible because fixes and enhancements are occasionally released to NuGet prior to the next full product release.
Data Builder Usability Updates
Based on support questions since 5.0 shipped we made Data Builder a bit smarter about when it shows obsolete configuration options (notably about column encryption) so they don’t appear when you access a VistaDB 5 database since they don’t apply. We also made binary values show using a fixed-width font to ease comparison between rows. We also brought back the extended area display for long text columns which had inadvertently gotten dropped in 5.0.
SELECT UNION with ORDER BY
If you had a SELECT UNION query and did an ORDER BY it wouldn’t return the correctly ordered results if it was able to optimize the ORDER BY with an index on the last SELECT query. This was introduced in 5.0 and is now fixed.
OUTER JOIN can return too few matching records
If you have an OUTER JOIN with a peer INNER JOIN VistaDB would return just the first null row, not one null row for every INNER JOIN match. For example:
SELECT * FROM A LEFT JOIN B ON B.A_Id = A.Id INNER JOIN C ON C.A_Id = A.Id
The correct result would use NULL for values from table B when it couldn’t find any matching row for every matching row in table C. Instead, it would return just the first match. We verified this issue goes back at least as far as VistaDB 4 and predates the Gibraltar Software acquisition of VistaDB.
We’ve just released Loupe 3.5.6 – a maintenance release to Loupe 3.5. This includes a rollup of some hotfixes provided to affected customers and other items discovered in our internal testing. We’ve already updated the Loupe Service to this release and now it’s available for you to download and take advantage of.
Loupe Server Now Supports SQL Azure
We’ve supported monitoring applications on Microsoft Azure from day one but deploying Loupe Server meant creating virtual machines and installing SQL Server. This is more complicated and expensive than ideal, so in this release we’ve done extended testing to be sure the entire application can support SQL Azure. It still requires a single Virtual Machine for the Loupe Server itself but no SQL Server is required. We’ll be publishing an article shortly on how to set up Loupe Server in Azure covering all the details.
Enhanced Notification Emails
Based on customer requests we’ve added extended details for the most recent occurrence of an application event or issue to the email notifications that get generated. While how you react to an application event or issue should be based on the application versions (and whether it’s a release version or internal version) in fact a problem in production or on a particular set of systems often outranks the same problem happening on a test system or somewhere less critical.
We’ve changed the Loupe Server web interface to automatically redirect security pages to SSL if SSL is enabled for the web site and to do other actions to encourage SSL access when it is available. To take advantage of this feature you need to set up the web site in IIS to use SSL and then use the Loupe Server Administrator to indicate SSL is available.
New Documentation on Loupe Server Events and Issues
We’ve added a new Loupe Server User’s Guide covering:
We hope this helps you and your team take advantage of Loupe Server!