Thursday, 4 April 2013

No SSL on Azure WebSites (maybe in May 2013?), and shy SSL deployments are so hard

As with the dozen comments in the SSL and Windows Azure Web Sites thread, at SI we are also in the same situation, where we want to host a couple TeamMentor sites on Azure, but can’t do it properly without SSL.


It is quite shocking that it is taking the Azure team more than 9 months to add this feature, specially when there is quite overwhelming demand for it.

Also worrying is the lack of coordinated voice and response by the Azure team on such important topics. As KickStartCV mentions (see below) it is crazy that the only way to find such answer, is to search on google and look in the middle a post!


Interestingly, I don’t understand why Azure competitors (like AppHarbor) are not taking advantage of this and taking the opportunity to gain market share. They should be matching Azure's pricing and adding features to match Azure’s WebSite workflow.

My instinct (and I don’t have any inside information), is that Azure’s management infrastructure is starting to be to so heavy and bloated that any changes now take a long time. The real sign of an agile and slick development workflow is the speed of new releases and how inter-dependent (or not) the code is (i.e. the more code dependencies exist, the harder it is to test them and to push changes)

Ultimately the reality is that deploying SSL is still hard today, because it requires a combination of two worlds that don’t usually go work together: Application and Infrastructure.

This is another good example of ‘Security as Tax’ where adding security to an application becomes a hard problem (although in this case, this SSL feature should be added by the host provider (Azure) and not its users)