Cloud as a Story - Vunvulea Radu

 I finished the review and scoring for Imagine Cup - Epic Challenge 2023. I found exciting ideas and ways in which technology helps us to make the world better. I realised that from 2018 until now, I was part of the judging team for more than 18 different Imagine Cup events, including the semifinal and finals. As always, it is an honour to be part of this event.

  Today I was recognized for my mentoring of startup founders, some of whom are operating in emerging markets and are in under-resourced communities. This has been one of the most personal and impactful ways we at Microsoft can support and enable these founders, that is, sharing our startup experience and industry knowledge through mentorship. I hope this inspires startups to turn to Microsoft where we can truly democratize access to resources and channels that can help founders grow and scale their businesses. 

The last 4 weeks were a joy from the community's point of view. Even if the interaction was mainly online, I had the chance to discover and meet many people at 6 different conferences. I would like to share a short summary of each event: Microsoft Ignite Spotlight on Romania  (Bucharest, December 8th): The in-person event took place in Bucharest in a fantastic location (Nord Events Center by Globalworth). It gathered Microsoft and Cloud specialist from the local market. During the conference, I had the opportunity to share my experience related to resilience and performance tests on Microsoft Azure using the new Microsoft tools like Azure Chaos and Azure Load Testing. Conf42 DevSecOps 2022  (online, December 1st): The online conference is focused on DevSecOps aspects related to the cloud and Kubernetes. I was invited by Conf42 team to deliver a session about security tools that need to be used when you build an application on Microsoft Azure.  Connect.IT Sibiu  (Sibiu, November 24t

The last two weeks were like a marathon. I was part of and delivered content to six conferences in the last 14 days. Three of them were in-person, so I had the opportunity to enjoy the social interaction between humans in IT (smile). I had a great of fun, and I learned a lot of new things.   I would like to share a short summary of each event: TestCon Europe (Oct 27th, online): TestCon is one of Europe's biggest software testing conferences, with over 2000 attendees, 4 tracks and 40 different sessions. Testing is part of our day-to-day life, and everyone in the IT industry should be aware of it. During my session, I shared my experience related to cloud testing, the tools that can facilitate testing in the cloud, and the learning and certification path for a tester on Microsoft Azure. Peak IT 005 (Nov 3rd, online): A free online conference organised by the AgileHub community from Brasov. The three days event included sessions, workshops and panels. My talk was about cloud securit

The last article was about shared responsibility between the three parties that are involved Microsoft Azure, Kubernetes (AKS) and the customer. In today's post, we tackle Azure Kubernetes Services and where the workload would need to run. Azure Kubernetes Services (AKS) runs all the payloads where card data are decrypted and processed. It is required to run in a private cluster with no direct access to the internet. All the traffic must be limited to the private network, without direct access to and from the internet. It applies for workloads that process card data (in-scope) A dedicated node pool with a subnet is used for in-scope components (services handling card data). The payload runs in isolated node pools, isolated from the rest of the system. Additional node pools can be created for workloads that are not out-of-scope of PCI-DSS. Using such a topology, we can move the services from out-of-scope to in-scope seamless without significant changes in the architecture of the inf

In the previous article, we talked about the core concepts of PCI-DSS and the impact of storing, processing and transmitting credit card data.  This article focus on the shared responsibility concept and the importance of having all the parties at the same table. I promise that starting with the next article of this series, we will go on the technical side, but for now, we need to have a clear understanding of who the players are and what the responsibility level of each of them is. The solution we plan to build is built around Microsoft Azure, Azure Kubernetes Services (AKS), Azure SQL and Azure CosmosDB. Considering these services, there are 3 main parties at the table: Microsoft Azure Kubernetes (AKS) The solution owner (the customer) Depending on the solution, a shared responsibility exists between all of them, covering five main aspects: Infrastructure, Access control, Network Security, Data protection, Malware detection. The combination of these five main aspects and the three pa

This is the first article from a series of them about how to build a PCI-DSS-compliant application on top of Microsoft Azure and Kubernetes. Together we cover the journey of building a PCI-DSS compliant application. The final output is a blueprint that can be used as a starting point to build an application. What is PCI-DSS? Payment Card Industry Data Security Standard is a regulatory requirement that aims to secure credit and debit card transactions against data theft and fraud. The compliance is divided into 4 levels depending on the number of transactions. Level 1 starts at 6M transactions per year compared to Level 4, with less than 20k transactions per year.  Each level involves different levels of audit, as we can see below: Level 4: yearly SAQ assessment + quarterly PCI scan (may be required) Level 3: yearly SAQ assessment + quarterly PCI scan (may be required) Level 2: yearly SAQ assessment + quarterly PCI scan (may be required) Level 1: yearly an internal audit by an authoriz

Time flies fast when you enjoy what you do and the people around you. Here I am, in Munich airport, returning home from Microsoft Ignite . In this post, I would like to share the highlights and a summary of this great conference. This week I had the fantastic opportunity to be part of Microsoft Ignite. The in-person event took place in Seattle and was the first in-person edition after 2020. The format of Microsoft Ignite shifted from a conference focused on technical sessions and Microsoft technologies to an event- riven by partners and community, where networking becomes the first class citizen. In total, there were more than 200.000 that joined the event virtually and 7500 in-person. Microsoft Ignite is a great place to connect and discover how Microsoft technologies are used by partners and companies to shape the world where we live. During the conference, I led 3 sessions focused on Infrastructure-as-a-Service, Microsoft Cloud for Financial Services and application modernization us

 At the beginning of this month, I had the fantastic opportunity to be part of InfoShare 2022 . The two days conference gathers people from all over Poland that share a common passion - technology. Gathering more than 6500 people in the in-person event, InfoShare is the largest IT Conference from CEE. I was invited to deliver a session about cloud security and the tools we need to be aware of to secure our cloud systems. Below you can find more information about my session.  Title : Secure Application Development Description : This session aims to identify the tools that help us build secure applications and environments for Azure during the development journey. The focus is on the developers and the tools we can use to ensure that our code is secure and aligned with all the available best practices and recommendations. Deck :

The learning journey for Microsoft technologies was consolidated in one story - Microsoft Learn . The consolidation of all learning resources, certification paths, events and community in one place provides a central location from where we can learn and develop our skills.  Four main pillars are provided by  Microsoft Learn : Discover new ways to use technology   - See how to apply Microsoft technology to achieve your goals and reach your potential.   Learn by doing  -  Learn by doing through interactive learning experiences and technical resources that help you build skills and solve problems.   Showcase your skills  -  Advance in your field by earning certifications and completing challenges that demonstrate your expertise.   Connect with the community   - Engage with other learners for inspiration, resources, and networking. Remember that all resources are provided for free and cover not only fundamental knowledge but also the specialization and advanced level.   When should you use

Container-based solutions were one of the best ways to reduce running costs and improve the quality attributes of a product five years ago. Nowadays, IT departments are complaining about the running cost of containers and pushing serverless as the next step to reduce the running costs. It is important to identify why a container-based solution is seen as expensive and what are the cost vectors before saying that a serverless approach using containers is less expensive.  A container-based solution already provides us with a degree of flexibility, allowing us to spin up & down the number of instances of services. Microsoft Azure, like other cloud vendors, provides the flexibility to run our container-based solution in dedicated or shared clusters. At this stage, I would like to mention a few available options: (1) Dedicated cluster: Azure Kubernetes Services (cost are driven by the cluster size) (2) Serverless approach: Azure Container App (cost are driven by the computation usage) (

Do you remember what a LOB (Line of Business) application used to look like 15 years ago? One or multiple virtual machines, .NET 3.5, web and desktop applications and a SQL Server database.  Cloud was one of the catalysts that helped large organisations to change how a LOB application is built and designed. In this article, we do a radiography of a modern LOB application.  Nowadays, we build IT solutions using container-based technologies. What we will use in 10 years, we don't know. Technology is changing so fast to understand how serverless will impact the ways of designing and building a new generation of software. But for now, microservices, together with Kubernetes and managed cloud services, change how we build, run and manage our software.  Front Office The front office runs on top of a Kubernetes cluster and exposes an API for internal and external users and systems. An Azure Load Balancer is configured on top of the cluster with Azure API Management, with a preconfigured a

In today's post, we talk about the flavours of Redis Cache for Microsoft Azure and how to decrypt undocumented errors that we can receive from Redis during the provisioning phase. When using Microsoft Azure, we have two main options for using Redis Cache: - Azure Cache for Redis : a SaaS service provided by Microsoft that uses OSS Redis (Redis open-source) - Azure Cache for Redis Enterprise : fully managed by Microsoft that uses Redis Enterprise In 90% of the cases, Azure Cache for Redis it's the best-managed cache solution available in Microsoft Azure, offering a 99.9% availability SLA, supporting 120 GB of memory and 40k client connection. I had a great experience with it, as long as you understand the connection concept of Redis. Azure Cache for Redis Enterprise provides more power, up to 13TB of memory, 2M client connection, a 99.999 availability SLA, 1M operations per second and all the features of Redis Enterprise like active-geo, modules, time series support and Redis on

 What a week!  In the last 2 days, I had the opportunity to join the biggest conference for Developers from Germany -  WeAreDevelopers World Congress . The number of attendees was over 8000, making me remember the good old times before 2020 when I used to join conferences with around 20-30.000 attendees. Most of the time I spend in the expo centre, discussing with companies about their products, challenges and how they adopt cloud inside their organization. As we can imagine, Docker, Kubernetes and cloud is part of the DNA of most companies, from small startups to larger enterprise with more than 300.000 employees. Drawing the line after 2 days of networking about the cloud, I can say that: - 75% of the companies that were at the congress are using AWS - 20% of the companies that were at the congress are using AWS and Azure - 10% of the companies that were at the congress are using Microsoft Azure - 10% of the companies that were at the congress are using Google Cloud -  5% of the comp

 On the 8th of June, I had the great opportunity to talk about the future of cloud security from the application point of view during DevTalks .  More details about my session are available below: Title : The future of secure application development on Microsoft Azure Abstract : To increase the application security it is necessary to use scanning tools and educate the development teams. Join us to discover insights from Romanian market and get hands-on example and experience sharing of Romanian MVP Radu Vunvulea on how to develop more secure applications and how they are integrated with the SDL and CI/CD pipelines. Explore tools like Black Duck, SonarQube, HostedScan, AzSK, and the integration with Azure DevOps. Slides :  https://www.slideshare.net/raduvunvulea/how-romanian-companies-are-developing-secure-applications-on-azurepptx  

This year I had the honour to deliver a session during Microsoft Build . The topic that I talked about was cloud security development inside Microsoft Azure, covering the tools used by local Romanian IT companies to build secure cloud applications.  More content related to my session is available below: Intro : Discover how you can ensure that application secrets are not published to the project repository and what are the tools that can detect and react when this happens. Find out how you can maintain control of governance and security across large deployments using multiple tenants and subscriptions where a central tool is required to scan and manage security and cost economics aspects. Abstract : To increase the application security it is necessary to use scanning tools and educate the development teams. Join us to discover insights from Romanian market and get hands-on example and experience sharing of Romanian MVP Radu Vunvulea on how to develop more secure applications and how th

On the 18th of May, I was invited to deliver training for UBB master's degree students in Computer Science. The main topic was cloud and how cloud vendors will influence IT solutions. The topics that were covered together with the students were: Cloud core concepts How cloud evolve in the last 10 years Cloud trends and market needs I hope that you enjoy the cloud workshop. If you have questions, feel free to contact me. 

 In the first part of May, I had the great opportunity to deliver a session during SQLDay 2022 . During my session, I talk about cloud security and the most important things that a company should take to secure their cloud solutions. RBAC, cloud governance and data security are the top 3 priorities that should be part of your cloud strategy. 

At the end of this month, I am delighted to deliver a session at Microsoft Build . Build is Microsoft's annual developer conference. During the three days of the conference, Microsoft is announcing the most development news, and updates for developers and Microsoft experts around the globe are sharing their experience and knowledge.  My talk is about developing secure applications inside Microsoft Azure. The insights that I plan to share with the audience cover the tools and mechanisms used by development teams from Romania to ensure that they build secure applications, following Microsoft's best practices and recommendations. For example, how we can ensure that application secrets are not published to the project repository, and what are the tools that can detect and react when something like this is happening. Another important aspect that we talk about is maintaining control of governance and security across large deployments using multiple tenants and subscriptions where a

Nowadays, if you use Azure to run your business, there is an 80% chance of using Azure AD as the Identity and Access Management system. The strong integration with on-premises AD tenants, Google, Facebook and Azure AD B2B and Azure AD B2C makes our life much easier.  What if you provide access to an external user that cannot be authenticated using AD, MSA (Microsoft Account) or social identity providers? Or you don't know what kind of IAM the user has. OTP (Email one-time passcode) is your friend in this situation. The feature enables us to share resources or provide access to external users without requesting them to create an account. The only thing that the user needs is an email address and nothing more. The one-time passcode is sent to their email address at the moment in time when they want to access the resource that you shared with them. The passcode is valid for 30 minutes and provides a valid session for the next 24 hours. If the passcode or session expires, there is no p

People often ask what they should use to secure the connection between Azure PaaS services and VNETs. Today's article talks about the key differences between Azure Private Link and Azure Service Endpoints and when you should use each of them. What is? Azure Service Endpoint provides a direct and secure connection to Azure PaaS services over the Azure backbone network. Even if the traffic leaves your VNET and hits the public endpoint of the Azure PaaS service, it goes over the Azure backbone. Azure Private Link enables you to have a private IP inside your VNET used to hit the endpoint of your Azure PaaS service. The assigned private IP is part of your VNET and ensures that all traffic will stay within your VNET. What about Azure Private Endpoint? It is part of Azure Private Link, enabling you to configure the private IP address and the peering over VPN or VNET.  If you want to expose your own service over  Private Link, you can do this by using Azure Private Link Service , b

On the 28th of April, I had the opportunity to deliver a session during Big Data Technology Warsaw Summit . It was a fantastic experience, meeting great people and discovering a lot of interesting technical content. Thank you for having me! The session that I delivered was about cloud security and how things evolved during the 2 years of the pandemic.  Below, you can find a short summary of the session: Title : COVID-19 is a cloud security catalyst Description : Let's discover together how COVID-19 affected the cloud adoption and what are the most common cloud security mistakes that team are doing. #security #cloud #adotion #architecture

On the 1st of April, I delivered a session during MS Stage 2022 conference where I talked about cloud, Microsoft Azure and security.  The online event had 3 tracks in parallel and covered the most important technologies provided by Microsoft (e.g.. .NET, Azure, Cosmos DB).

This week I enjoyed the Canadian Cloud Summit . An event with more than 48 sessions covering cloud dimensions like D365, Power Platform, SharePoint, Teams, Viva and of course Azure. The audience was very active and interested in the content that was shared. The session that I delivered was covering the Azure Tools that a developer should be aware of. You can find below the deck of my session. If you have questions drop me a line on Twitter or LinkedIn . Title : Developer Tools for Microsoft Azure Abstract : During this session, we’ll take a look at the proactivity tools that can be used to improve our development experience on Azure. We’ll talk about tools from multiple areas like storage, computation, automation, cleaning and many more. All of them are free to use, build by the Azure community or Microsoft to improve the cloud experience. Deck : Developer Tools for Microsoft Azure from Radu Vunvulea

Azure Storage account key rotation is one of the most important things people forget about. Account keys provide full access to your storage; nevertheless, we fail to keep them safe and fresh.  In this article, we talk about the key rotation mechanisms provided by Microsoft Azure.  Why? Azure Storage account provides two account keys that can manage the storage. They provide the user with the full power to read, modify, delete and create content. Not only that we need to keep them safe, but we also need to ensure that we rotate them at specific time intervals.  Key expiration policy A key expiration policy can be easily created from the Azure Portal. When the policy is triggered, a reminder is displayed in the portal to remind us to rotate the keys. Additionally, once you have the key expiration policy defined, you can monitor the compliance of your storage account, including the key rotation. As you can see above, this can be achieved from the Azure Portal or through the Azure CLI or

At the end of January, I delivered a session at  https://dotnetconference.com/ . The main topic of the session was the Azure tools that a developer can use to improve his experience with the cloud. We talked about different tools covering storage, computation, data, migration and message base communication.  It was a pleasure to be part of this event. If you have questions related to the content that I presented, I invite you to drop me a line.

Microsoft supports two large data warehouse and data analytics solutions inside  (1) Azure - Azure Synapse + Data Lake and (2)  Snowflake . Both of them are two mature products that are similar from many points of view.  More than one time, I was in a situation when customers were asking: 'What approach should I have? Should I go with an Azure Synapse centric approach or Snowflake on top of Azure?"  There are a lot of factors that can influence the decision like business, team skills, data strategy, compliance, data model or expected features. The next section of the article covers the differences between Snowflake on Azure and Azure Synapse centric from different dimensions. Based on the public features publicly available on the market at the end of 2021. Both solutions provide: A separate compute and storage pricing Compliant with ANSI-SQL​ Semi-structure and structure data sources​ Data virtualization support Native support for Pause/Resume and Scale of the compute​ LAST E