Skip to main content

Posts

Showing posts from September, 2021

Azure Front Door custom domain quote limit and solutions

When you reach the quotes of Azure Services you need to roll up your sleeves and go back to the design board.  Business context A company has around 20-50 products that are available in the EU, APAC and all US states. Each product can have around 5-15 different presentation web site (including custom domain) in each country.  Technical constraint The customer is using Azure and one of the technical objectives is to use only Azure Services, without any other 3rd party providers. Azure Front Door is in front of their API, used to map all the custom domains redirection to the main domain and to manage the security rules. The security rules are changed often (every day) - at least 3-4 rules per day, making the WAF component of Azure Front Door a goldmine for the operational team. US: 20 products X 10 custom domains X 50 US states =10000 web site and 1 000 custom domains              EU: 20 products X 10 custom domains X 10 EU countries =2000...

[Post Event] DevOps Stage 2021

 On the 24th of September, I had the amazing opportunity to be invited as a speaker at DevOps Stage.  I decided to talk about cloud security and what was the impact on the cybersecurity of the COVID-19 outbreak.  It was a joy to be part of this event and found many session interesting and challenging. Congratulations to all the people that were behind the scene. You have done a great job! Talk : COVID-19 are a cloud security catalyst Abstract : The pandemic brought an increasing number of cyberattacks in the last 18 months (e.g. phishing attacks increased by 350%). The rush to become a cloud-first business combined with remote work and digitalization made companies vulnerable to cyber threats. Failing to embed cloud security inside the business can be seen in the newspapers every day. In this session, we learn together what we should do to make our cloud IT solutions better from the security point of view, or at least to track what a cyber intruder was able to steal ...

HOW MUCH WOULD COST ME TO BUILD A SYSTEM TO RUN ON TWO CLOUD VENDORS SIDE-BY-SIDE?

 One common question that I hear lately is:  HOW MUCH WOULD COST ME TO BUILD A SYSTEM TO RUN ON TWO CLOUD VENDORS SIDE-BY-SIDE? It is a simple question that a business person has. Nevertheless, the response is not simple. Without running a workshop and invest time to understand the business requirements, the current technology stack and expected quality attributes, providing a cost of building the same solution on another CSP (Cloud Service Provider) is hard. There are tools on the market that provide the mechanism to assess costs on each CSP or what would be the cost of running the same on-premises payloads inside a CSP. Analogies and mapping between different CSP services can be made, making running cost estimation an easy job. Useful tools: Azure Pricing Calculator AWS Pricing Calculator Total Cost of Ownership (TCO) Calculator AWS to Azure service mapping The challenge is not the running cost! It is THE EFFORT COST to make a system run on another CSP. It is possible? How m...

Differences between GA, Private and Public Preview on Azure Services and Features

 Let's talk about what are the main differences between Private Preview, Public Preview and General Availability (GA) of Azure Services and Features. This topic is important when you run your workloads in production OR you manage sensitive data in production. Remember that you SHALL NEVER use non-GA services and features for production workloads .  The purpose of Private and Public Preview is only for evaluation purposes. Except for the lack of SLA and formal support, there might be other issues that haven't been discovered or fixed yet. Think about the #ChaosDB vulnerability, which was caused by a CosmosDB feature that was in Public Preview.  Below you can find a list of things that you might want to take into consideration: Area Private Preview Public Preview General Availability SLA        NO     NO YES         ...

[Post Event] Data Platform Summit 2021

This week I had the great opportunity to deliver a session during  Data Platform Summit . It is impressive how the team was able to build a similar experience with the physical one, including the lobby, hall and all other things using VR and 3D rendering.  The session that I delivered during the event was focusing on Azure security best practices and the tools that can be used to secure our cloud solutions. More about the session that I delivered can be found below. Title : Top 13 best security practices for Azure Abstract : Security nowadays is just a buzzword. Even so, by joining this session, we discover together what are the most important security best practices that you need to have in mind when you work inside the cloud – inside Microsoft Azure. Slides:  Top 13 best security practices from Radu Vunvulea

#ChaosDB / Vulnerability in the Azure Cosmos DB Jupyter Notebook

On August 21, 2021, an Azure CosmosDB vulnerability was reported for all Azure CosmosDB instances that are using Jupyter Notebooks. Using an active Jupyter Notebook an attacker was able to put his hands on the Azure CosmosDB keys that could be used to get access to the Azure CosmosDB. Wizz.io describes in detail how somebody can use the vulnerability to steal the primary keys of the Azure CosmosDB instance. The vulnerability is serious because provides full access to Azure CosmosDB instance, including the data itself.  Microsoft Security Response Center provided a response to this vulnerability, including what were the actions that were taken by the Azure team to mitigate the problem. You can find below key facts that we need to be aware when you talk about #ChaosDB If you did not receive a notification over email or from Azure Portal you were not affected  Until now Microsoft was not able to identify CosmosDB customers data that were accessed using this vulnerability by 3rd ...