Cloud as a Story - Vunvulea Radu

  Today I was recognized for my mentoring of startup founders, some of whom are operating in emerging markets and are in under-resourced communities. This has been one of the most personal and impactful ways we at Microsoft can support and enable these founders, that is, sharing our startup experience and industry knowledge through mentorship. I hope this inspires startups to turn to Microsoft where we can truly democratize access to resources and channels that can help founders grow and scale their businesses. 

The last 4 weeks were a joy from the community's point of view. Even if the interaction was mainly online, I had the chance to discover and meet many people at 6 different conferences. I would like to share a short summary of each event: Microsoft Ignite Spotlight on Romania  (Bucharest, December 8th): The in-person event took place in Bucharest in a fantastic location (Nord Events Center by Globalworth). It gathered Microsoft and Cloud specialist from the local market. During the conference, I had the opportunity to share my experience related to resilience and performance tests on Microsoft Azure using the new Microsoft tools like Azure Chaos and Azure Load Testing. Conf42 DevSecOps 2022  (online, December 1st): The online conference is focused on DevSecOps aspects related to the cloud and Kubernetes. I was invited by Conf42 team to deliver a session about security tools that need to be used when you build an application on Microsoft Azure.  Connect.IT Sibiu  (Sibiu, November 24t

The last two weeks were like a marathon. I was part of and delivered content to six conferences in the last 14 days. Three of them were in-person, so I had the opportunity to enjoy the social interaction between humans in IT (smile). I had a great of fun, and I learned a lot of new things.   I would like to share a short summary of each event: TestCon Europe (Oct 27th, online): TestCon is one of Europe's biggest software testing conferences, with over 2000 attendees, 4 tracks and 40 different sessions. Testing is part of our day-to-day life, and everyone in the IT industry should be aware of it. During my session, I shared my experience related to cloud testing, the tools that can facilitate testing in the cloud, and the learning and certification path for a tester on Microsoft Azure. Peak IT 005 (Nov 3rd, online): A free online conference organised by the AgileHub community from Brasov. The three days event included sessions, workshops and panels. My talk was about cloud securit

The last article was about shared responsibility between the three parties that are involved Microsoft Azure, Kubernetes (AKS) and the customer. In today's post, we tackle Azure Kubernetes Services and where the workload would need to run. Azure Kubernetes Services (AKS) runs all the payloads where card data are decrypted and processed. It is required to run in a private cluster with no direct access to the internet. All the traffic must be limited to the private network, without direct access to and from the internet. It applies for workloads that process card data (in-scope) A dedicated node pool with a subnet is used for in-scope components (services handling card data). The payload runs in isolated node pools, isolated from the rest of the system. Additional node pools can be created for workloads that are not out-of-scope of PCI-DSS. Using such a topology, we can move the services from out-of-scope to in-scope seamless without significant changes in the architecture of the inf

In the previous article, we talked about the core concepts of PCI-DSS and the impact of storing, processing and transmitting credit card data.  This article focus on the shared responsibility concept and the importance of having all the parties at the same table. I promise that starting with the next article of this series, we will go on the technical side, but for now, we need to have a clear understanding of who the players are and what the responsibility level of each of them is. The solution we plan to build is built around Microsoft Azure, Azure Kubernetes Services (AKS), Azure SQL and Azure CosmosDB. Considering these services, there are 3 main parties at the table: Microsoft Azure Kubernetes (AKS) The solution owner (the customer) Depending on the solution, a shared responsibility exists between all of them, covering five main aspects: Infrastructure, Access control, Network Security, Data protection, Malware detection. The combination of these five main aspects and the three pa

This is the first article from a series of them about how to build a PCI-DSS-compliant application on top of Microsoft Azure and Kubernetes. Together we cover the journey of building a PCI-DSS compliant application. The final output is a blueprint that can be used as a starting point to build an application. What is PCI-DSS? Payment Card Industry Data Security Standard is a regulatory requirement that aims to secure credit and debit card transactions against data theft and fraud. The compliance is divided into 4 levels depending on the number of transactions. Level 1 starts at 6M transactions per year compared to Level 4, with less than 20k transactions per year.  Each level involves different levels of audit, as we can see below: Level 4: yearly SAQ assessment + quarterly PCI scan (may be required) Level 3: yearly SAQ assessment + quarterly PCI scan (may be required) Level 2: yearly SAQ assessment + quarterly PCI scan (may be required) Level 1: yearly an internal audit by an authoriz