July 2018 – Devlicious.net

Use Azure Key Vault from a Web App

prerequisites:

NuGet packages

Install-Package Microsoft.IdentityModel.Clients.ActiveDirectory 
Install-Package Microsoft.Azure.KeyVault

web.config

<!-- ClientId and ClientSecret refer to the web application registration with Azure Active Directory -->
<add key="ClientId" value="clientid" />
<add key="ClientSecret" value="clientsecret" />

<!-- SecretUri is the URI for the secret in Azure Key Vault -->
<add key="SecretUri" value="secreturi" />
<!-- If you aren't hosting your app as an Azure Web App, then you should use the actual ClientId, Client Secret, and Secret URI values -->

Utility code

//add these using statements
using Microsoft.IdentityModel.Clients.ActiveDirectory;
using System.Threading.Tasks;
using System.Web.Configuration;

//this is an optional property to hold the secret after it is retrieved
public static string EncryptSecret { get; set; }

//the method that will be provided to the KeyVaultClient
public static async Task<string> GetToken(string authority, string resource, string scope)
{
    var authContext = new AuthenticationContext(authority);
    ClientCredential clientCred = new ClientCredential(WebConfigurationManager.AppSettings["ClientId"],
                WebConfigurationManager.AppSettings["ClientSecret"]);
    AuthenticationResult result = await authContext.AcquireTokenAsync(resource, clientCred);

    if (result == null)
        throw new InvalidOperationException("Failed to obtain the JWT token");

    return result.AccessToken;
}
// Using Client ID and Client Secret is a way to authenticate an Azure AD application.
// Using it in your web application allows for a separation of duties and more control over your key management. 
// However, it does rely on putting the Client Secret in your configuration settings.
// For some people, this can be as risky as putting the secret in your configuration settings.

Retrieve the secret on Application Start

//add these using statements
using Microsoft.Azure.KeyVault;
using System.Web.Configuration;

// I put my GetToken method in a Utils class. Change for wherever you placed your method.
var kv = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(Utils.GetToken));
var sec = await kv.GetSecretAsync(WebConfigurationManager.AppSettings["SecretUri"]);

//I put a variable in a Utils class to hold the secret for general application use.
Utils.EncryptSecret = sec.Value;

Setup Azure Key Vault

In this post will be simple walk through how to setup Azure Key Vault to be used from a web site not hosted on Azure. Reference

Get an Azure account

Go to http://portal.azure.com and set up an account.

Get Powershell and Azure powershell

Go to install Powershell

After installation is complete open a Powershell command prompt and run.

Install-Module -Name AzureRM

Sign in

# Import the module into the PowerShell session
Import-Module AzureRM
# Connect to Azure with an interactive dialog for sign-in
Connect-AzureRmAccount

Create a new resource group

New-AzureRmResourceGroup –Name 'MyResourceGroup' –Location 'East US'

Create an Azure Key vault

New-AzureRmKeyVault -VaultName 'MyKeyVault' -ResourceGroupName 'MyResourceGroup' -Location 'East US'

Vault URI: https://mykeyvault.vault.azure.net/. Apps the use the REST API to access the vault. Note: the vault has to have globally unique name, mykeyvault is already taken, so use something different.

Add a secret to the Azure Key Vault

$secretvalue = ConvertTo-SecureString '!Passw0rd' -AsPlainText -Force

$secret = Set-AzureKeyVaultSecret -VaultName 'MyKeyVault' -Name 'MyPassword' -SecretValue $secretvalue

Secret URI:

https://mykeyvault.vault.azure.net/secrets/MyPassword

To display the URI for this secret, type:

$secret.Id

To view your secret, type:

Get-AzureKeyVaultSecret –VaultName 'MyKeyVault'

Authorize app to access the Azure Key Vault

Note: the service principle name will be the client ID (sometimes referred to as the application ID).

To get secrets

Set-AzureRmKeyVaultAccessPolicy -VaultName 'ContosoKeyVault' -ServicePrincipalName 8f8c4bbd-485b-45fd-98f7-ec6300b7b4ed -PermissionsToSecrets Get

To access keys

Set-AzureRmKeyVaultAccessPolicy -VaultName 'ContosoKeyVault' -ServicePrincipalName 8f8c4bbd-485b-45fd-98f7-ec6300b7b4ed -PermissionsToKeys decrypt,sign

Demand Forecasting: Performance influencers

In this blog post we will explain the key performance influences for the Demand Forecasting feature for Microsoft Dynamics 365 for Finance & Operations, which are under the user’s control.

It is important to read and understand this blog if you are implementing Demand Forecasting for Microsoft Dynamics 365 for Finance & Operations or if you are experiencing the a timeout during generation of the statistical baseline. The error message will be:

Forecast generation in Azure Machine Learning timed out

Number of enabled forecasting dimensions

The Forecasting dimensions are accessible via Demand forecasting parameters form under the Master planning menu, as illustrated below:

Enable only the must have forecasting dimensions. If you experience a timeout in the Azure Machine Learning when generating the statistical baseline forecast, one of the first things to consider is, if any of the enabled forecasting dimensions can be disabled.

Number of items in Item allocation keys

The Item allocation key form is accessible under the Master planning menu, as illustrated below:

Each allocation key will currently be executed in isolation on the Azure Machine Learning web service, this implies that the number of items in each allocation key, will have a direct impact on the performance of processing each allocation key.

Typically, which items are assigned to which item allocation key is a business decision, however to the extent possible try to keep number of items in each group below 1 thousand or at least in the low thousands.

Historical Horizon

The historical horizon is assigned before running the generation of the statistical baseline forecast.

The size of the historical horizon has a direct impact on the performance of the generation of the statistical forecast.

It is worth considering if historical data is representative of what is expected in the future. For example, 3 years of historical data may be available, but in some cases it can be better (result in a more accurate forecast) to use just last year’s historical data. It requires insight into the historical data to make this decision but is something that should be considered.

Selecting a single forecast model

As a last resort a single forecast model can be selected, the options are:

STL
ARIMA
ETS

Product Configuration: What's new in 2018

In this post we will summarize what is new in Product configuration for Microsoft Dynamics 365 for Finance & Operations in 2018.

Performance

The Z3 Solver strategy is now available in Microsoft Dynamics 365 for Finance & Operations.

For details on the Z3 Sovler strategy read the dedicated blog post here: LINK

Usability

The configuration dialog can now be configured to have a multi column layout.

For details on the multi column layout read the dedicated blog post here: LINK

Product Configuration: Performance with Z3

Introduction

In the spring release of 2018 for Microsoft Dynamics 365 for Finance & Operations a significant investment in improving performance of the constraint evaluation has been made.

The result of this investment is the introduction of the Z3 sovler strategy. Z3 is a theorem prover from Microsoft Research, that has won several awards and has an active open source community.

The Microsoft Dynamics 365 for Finance & Operations team, teamed up with the Microsoft researches to develop new algorithms targeted at the Product configuration scenarios for Microsoft Dynamics 365 for Finance & Operations.

Microsoft Dynamics AX 2012 R3

The Z3 solver strategy is also available for Microsoft Dynamics AX 2012 R3 with the following KB article numbers:

4341629 - Additional performance improvement of loading models

4046549 - Performance improvement of loading models

4034024 - Fix to support customization related to system defined table constraints

4012892 - Introduction of the Z3 Solver strategy

Usage

The applied solver strategy for a product configuration model is selected by accessing the Model properties form.

From the Model properties form the Z3 solver strategy can be selected as illustrated below:

The Z3 solver strategy will currently not have a functional impact, the impact will be on performance.

Product Configuration: Multi-column dialog layout

In the spring release of 2018 for Microsoft Dynamics 365 for Finance & Operations, Multi-column layout is now available for the Product configurator’s runtime dialog.

To enable this functionality, select a model and open the Model properties form.

In the Model properties form, there is now a new field Maximum number of columns. This field allows you to specify how many columns should be used display the attribute groups of each component of the selected product configuration model.

Now, when the model is loaded in the configuration dialog in Test or via any of the order forms (Sales, Purchase etc.) it will look like this:

With this feature more of the user interface real estate is being put to use, to providing a better overview of the attributes of the selected component.

I hope you find this useful