Skip to main content

Posts

[Post Event] DataPlatformGeeks Online Session, 2020 - Azure Data Security

Recent posts

A subjective feature comparison between Terraform and Azure ARM / AWS CloudFormation

The most common question when you start a cloud project is “Shall I use Terraform or a native tool like ARM or CloudFormation?”
No answer fits all needs, and there are many things that we need to consider. In this article, we tackle this topic from multiple dimensions, creating awareness related to things that we need to consider and what are the pros and cons of different approaches. The feedback was collected from various teams that have experience with Terraform and ARM or CloudFormation.
Configuration Language The ARM language is based on JSON, that it is easy to be used, but sometimes can be a little cumbersome. Even so, because it is a notation language, you can separate the configuration in multiple files (e.g. having variables separately, nested templates). The support for conditions makes ARM super powerful - once you learn the notation language. CloudFormation is using YAML or JSON, that is pretty powerful, but the feedback in comparison with ARM is that people would pr…

Improving the upload experience inside an Azure web application

In most of the cases, the latency problems are from the backend to our customers. They want to be able to access our data as fast as possible. Sometimes things are different, and the real challenge is to find ways how you can provide a reliable and fast way for customers to upload their content to the backend system.
Imagine that you have a system where agents around the world upload insurance policies every few minutes. The system is hosted in only one Azure Region – UK West. From the quality attributes of the system, there is no need to deploy the solution in multiple locations and building a native application or plugin for this purpose it is not acceptable (there is no business justification). Even so, agents are all around the world and the latency and internet speed, it’s a fact that needs to be handled. At a high level, the system uses Azure Storage and Azure CosmosDB to store information that it is uploaded by agents. Agents are using a web portal and some REST API that runs …

Azure Spring Cloud and DMZ

Starting from 2019, we can find a new service in Azure portfolio - Azure Spring Cloud. Microsoft together with Pivotal joined their forces by offering the capability of running Spring Boot applications inside Azure seamless.
Azure Spring Cloud is a SaaS, that is managed by Pivotal offering 100% compatibility with any type of Java application that was built for Spring Boot. It might not sound a big WOW, but having the ability to migrate the line of business applications that are running inside on-premises systems to a full managed Spring Boot environment is awesome. 
If you want to find about this service I invite you to check the service page.

A common discussion that arises when you need to take the on-premises application and put them inside Azure Spring Cloud is related to network security - more exactly DMZ. There are two different worlds that usually collide and it is important to understand both concerns and limitations. 

Azure Spring Cloud is running on top of Azure Kubernetes …

Demystifying system-assigned managed identity and user-assigned managed identity for Azure Resources

Managing credentials and access rights across services it is always a challenge inside the cloud. Storing them inside the applications can be painful, even when they are encrypted. Managing all of them from one central location can be done quickly using managed to identify feature build on top of Azure AD.
Because it is so easy to see and the number of features is high, many people forget to understand better what option they should use depending on the use case. Let’s take a look at some questions that you should ask yourself when you need to manage the identity of cloud services inside Azure.
Q: What is the username password when I’m using user-assigned manage identity R: When you create a user-assigned managed identity, there is no used as you have for Azure AD. Even if the name contains the word ‘user’, it does not mean that you manage a user. You have an identity that can be operated independently of the service instance that receives the identity.
Q: I want to be able to assign t…

[Post Event] Winter ITCamp Community Event – Cluj-Napoca, 2019

This week we had a great local ITCamp Community event in Cluj-Napoca. The event was supported by Micro Focus and Transilvania Cloud and more than 50 people joined the event.
We had 3 sessions where we talk about KEDA, running Windows Services inside Docker and what a developer shall be aware of when security and cloud meet. I had the opportunity to talk about the last subject - Cloud Security Fundamentals - Developer View. The topic is complex because it is hard to separate automation and infrastructure from development inside a cloud project. The lines are thin and sometimes very grey.

You can find more about my bellow.
Title: Cloud Security Fundamentals - Developer View
Abstract: Do you want to improve cloud security? I thought so. Then why not join this session and build your fundamentals knowledge related to cloud security from a developer perspective. We have a lot of demos and hands-on expertise from Microsoft Azure and AWS.
Slides:

Cloud Security Fundamentals - Developer View from

Implementing an ETL process in AWS and Azure that fetch data from FTP

Have you ever had to automate the data ingestion from an FTP (SFTP) to cloud? The challenge is not to read data from an (S)FTP. The challenge is to do this reliably with minimal investment. In an ideal world, you would go with an approach where you would use an ETL or orchestration solution provided by the cloud. The reality is that you don’t have cloud services that are fully integrated with (S)FTP. On top of this, you need to fight with the network connectivity that might not be so reliable as you think.
Let’s see how we can design a solution that: 1.Access (S)FTP content that it is on-premises2.Process and transform the data 3.Push the content to a MySQL database and updates a cache.
The requirements are specific to an ETL process, where we need to extract data from a repository, transform the data and store it inside the database.
Running the solution on Microsoft Azure The first Microsoft Azure service that we should take into account is the Azure Data Factory. It is an ETL serv…