Random Technology Posts

The below services let you   take public cloud infrastructure, private data centers or mix both to build a private cloud on-prem. AWS Outposts and Azure Stack are quite similar in that they essentially take public cloud computing services and extend them into on-premises data centers.  Using these frameworks, services available in public clouds like AWS EC2 , or Azure Virtual Machines can be run on on-premises data centers. You can also use the same monitoring and management tools that you would in the public cloud. Azure Stack Hub Azure Stack Hub brings core cloud services to customers' data centers, like virtual machines, storage, networking, VPN gateway and load balancing, as well as services like functions, containers and database. Certified hardware can be purchased from  a variety of partner vendors, such as HPE, Dell EMC, Cisco, Huawei and Lenovo.   Users need to manage their infrastructure, but professional support from Microsoft is available as part of the p...

Traditional load balancers have lately evolved to become intelligent application delivery controllers (ADC) which implement various techniques to improve performance along with balancing load across a group of backend servers. Some of the techniques include caching content, compression of assets (js files, images etc.), taking over SSL related process from web servers, providing security from DDoS, SQL injection, XSS etc.. ADCs are like one-stop-shop for providing performance and security.  Load balancers for non-HTTP(s) workloads: Azure Traffic Manager: Is a global non-HTTP(s)/DNS load balancer. DNS load balancers provide IP address of an healthy endpoint based on the configured rules. The endpoint can be an application gateway or a load balancer depending on whether SSL offloading or application layer processing is required or not. Azure Load Balancer: is a non-HTTP(s) global (cross-region)  load balancer (aka network load balancer) operates at layer 4 (transport laye...

PKCE ("pixy"),an extension of Authorization Grant Type of OAuth 2.0, is now recommended for Single-Page Applications ( public clients)  and mobile apps where access tokens might be intercepted.  Implicit grant type , which was typically used for these types of apps, has some  security concerns . Remember: Client==Application Resource Owner==User Confidential Clients (running on server) = can securely store secrets Public Client (running in browser/SPA/mobile apps) = cannot store secrets securely PKCE Flow: The  Proof Key for Code Exchange  (PKCE) extension requires the calling application to generate a cryptographically random code verifier and a BASE64 encoded hash (SHA256) of code verifier called the code challenge on the fly before initiating the authorization flow. Application adds the code challenge to the request going to the authorization server to get the authorization code. Authorization server stores the code challenge and sends a one time us authoriz...

AWS & Azure Messaging Services Messaging services enable disparate systems to communicate and exchange information. AWS and Azure both provide highly available and reliable services to build real-time and non-real time event driven architectures. Event driven architectures use events (small messages) to invoke a service and pass information between systems in near real time. Typical components in a EDA are event producers/publishers, event routers and event consumers/subscribers.  All  the services  push messages (or at least support) to consumers in near real-time automatically. Consumers need not poll anymore, which introduces latency, consumes CPU cycles, etc. In some cases you might want to poll for messages when you don't want to handle messages in real-time or have downstream systems that don't scale well. Amazon MQ: Is an enterprise grade fully managed service to run Apache Active MQ or Rabbit MQ message brokers. It provides all the features of the underlying ...

A system should be testable, usable and observable. Observability is an attribute of a system which is supported by: Metrics In computers metrics is made up of timestamp, a values and some contextual metadata. For example: 0101200112:00:00 75% CPU [server name] [envronment]  0101200112:00:00 75% RAM [server name] [envronment]  Logs Are discrete events written by OS, applications/processes running on a system. They typically contain,  date/time stamp, severity level, system name, message of event.  Traces Follow a request's path through a system capturing input/output values and execution duration along the way. They are used by developers to identify code path during troubleshooting. Using APM tools like Dynatrace, New Relic, AppDynamics makes this a lot easier. Observability provides detailed insights into what happened to the system and why.

Reliability/Resiliency: Trait of an application/system to avoid or recover from failure with minimal manual intervention. Availability: Is measure of reliability or the duration of time that a system is performing as expected. If there's performance degradation it implies low availability. Redundancy (multiple machines) enables loose coupling (achieved using load balancers) which improves performance and availability. Performance and availability are directly proportional; good availability, good performance, and vice versa.  High Availability (HA) and Fault Tolerance (FT/continuously available) are used interchangeably when talking about keeping systems running with little or no degradation in their availability. Though the goal of HA and FT is the same the difference lies in how they are achieved. HA typically aims at keeping the systems available with a slight degradation of SLAs and can tolerate some downtime . HA is achieved by either provisioning fixed number of servers (typ...

Azure first came up with static websites in storage then released Azure Static Web App Service. Azure Static Web Apps Integrated with GitHub actions - deployed as soon as code is checked in. Custom domains names with free SSL cert Supports Azure Functions Built in security policies Azure Storage Website Cheap Use CDN for custom domain names and SSL I've used Azure Storage website for : hosting static pages generated by DocFX. You don't really need a vanity domain for an internal document site. Click-once deployment packages for desktop applications