Skip to main content

Posts

Part 2 - Overengineering of a cloud application

Recent posts

Part 1 - Overengineering of a cloud application

N-tier architecture is seen nowadays as an old. People tends to migrate to event-base or microservice architecture. It's very common to see people that decide an architecture based on the market trends, ignoring the requirements, business needs and budget.

When you combine this with Azure (cloud in general) you will end up easily with a microservice architecture that combines messaging systems and event-driven architectures. Of course, N-tier application has a lot of disadvantages, but when you have a simple web application, there is no sense to create a complex unicorn that will survive for 100 years.

I was shocked to review a solution that was deployed in Azure 2 months ago, that from architures point of view was beautiful, but from the running and development costs become a nightmare.
I will not go in details of the business requirements, but imagine a system that needs to display some static information, allow users to upload small CSV files that are consolidated in a reportin…

[Post Event] ITCamp Conference 2017 - Cluj-Napoca

What a week! ITCamp Conference took place in Cluj-Napoca Speakers all around the globe joined forces with ITCamp Community team and delivered high quality sessions. As in the last years, topics that are covered by ITCamp Conference were from all technologies - JavaScript to Containers, Azure to Raspberry, OOP to Machine Learning.
The speaker list is pretty long and I invite you to check it out. ITCamp Conference had Google employee's, Principal Program Managers from Microsoft and of course a lot of architects and deep technical people from the field.
Being part of such an event it is a delight. Having live high quality sessions in Cluj-Napoca it is a unique opportunity, offered by ITCamp Community each year.
In figures, ITCamp Community looks very interesting - more than 40 speakers, that deliver 40+ sessions during the two days of the conference to more than 500 attendees.

What a great conference! What a week! Great sessions, great speakers, wonderful people - all of them in one…

[Past Event] DevTalks Cluj-Napoca 2017

This week I was invited at DevTalks to talk about cloud infrastructure and how we can isolated a cloud network from public internet.
DevTalks, as a conference is at the 3rd edition. This year there were 6 track in parallel covering the megatrends of 2017.  It was a good conference, with great speakers and interesting sessions.
Below you can find content related to my session.

Title:
Network isolated inside a cloud environment
Abstract: 
It is possible to create a private network inside a cloud environment that is fully isolated from the external world? If you want to find out the response to this question that you should join the session.
Additional to this we will talk about how we can migrate existing infrastructure to cloud (partially or fully) persisting the same security level as you had before.
Slides:

Network isolated inside a cloud environment Radu Vunvulea DevTalks 2017 Cluj Romania from Radu Vunvulea
Pictures:



Azure Cosmos DB | The perfect place for device topology for world wide solutions

In the world of IoT, devices are distributed all around the world. The current systems that are now on the market are offering scalable and distributed systems for communication between devices and our backends.

Context
It is not something out of ordinary if we have an IoT solution distributed to 3 or 5 places around the globe. But behind this performant systems we need a storage solution flexible enough for different schemas but in the same time to be powerful enough to scale at whatever size we want.

Relational database are used often to store data where we have a stable schema. Having different devices across the globe request to have different schemas and data formats. Storing data in non-relational databases is more natural and simple. A key-value, graph or document database is many time more suitable for our needs in IoT scenarios then a relational database.

Current solutions
There are plenty solutions on the market, that are fast, powerful and easy to use. I expect that you heard…

Azure Key Vault | How Secrets and Keys are stored

I'm pretty sure that most of you heard about Azure Key Vault. If not I recommend to take a look over this page that describes in details how Azure Key Vault helps us as a safeguard for our application secrets and cryptographic keys (like certificates).

Scope
The main scope of this post is to take a look on how our secrets are stored. This is important because there are keys that cannot be recovered once generated or stored and we might end up without keys in the case we lose them.

What is HSM?
HSM is an acronym for Hardware Security Module. It is a physical device that can manage digital keys by providing cryptographic capabilities. HSM is playing the role of a safeguard by offering cryptographic capabilities directly by the hardware.

Is the tuple <keys, secrets> stored inside HSM?

No, there is no need to store this information in HSM. Secrets are stored outside the HSM, but they are encrypted using a key chain that terminates inside the HSM.
An analogy related to key chains an…

New Azure role - Azure Billing Reader

There is a small new feature on Azure Billing that made my day great. Small things matters and in this case is 100% applicable.

Problem
Until now there was no mechanism to share ONLY billing information with users. You could forward billing information to specific users. This was useful for last month consumptions, but nothing that you could do directly for the current month.

Current solution
Some shortcuts could be done to make available this information.
The most simple way is  to give to the user the Co-Administrator rights. This will work great, but that user will have access to other resources also, not only to the billing data. Having access to all resources can be a downside, especially if you need to give access to a non-technical person that might click the wrong button (smile). You might reduce the access by using RBAC (Role-Based Access Control), but you would need some extra configuration steps.
Another approach is by exporting billing and cost information using Azure REST …