Skip to main content

Posts

[Past Event] DevTalks Cluj-Napoca 2017

Recent posts

Azure Cosmos DB | The perfect place for device topology for world wide solutions

In the world of IoT, devices are distributed all around the world. The current systems that are now on the market are offering scalable and distributed systems for communication between devices and our backends.

Context
It is not something out of ordinary if we have an IoT solution distributed to 3 or 5 places around the globe. But behind this performant systems we need a storage solution flexible enough for different schemas but in the same time to be powerful enough to scale at whatever size we want.

Relational database are used often to store data where we have a stable schema. Having different devices across the globe request to have different schemas and data formats. Storing data in non-relational databases is more natural and simple. A key-value, graph or document database is many time more suitable for our needs in IoT scenarios then a relational database.

Current solutions
There are plenty solutions on the market, that are fast, powerful and easy to use. I expect that you heard…

Azure Key Vault | How Secrets and Keys are stored

I'm pretty sure that most of you heard about Azure Key Vault. If not I recommend to take a look over this page that describes in details how Azure Key Vault helps us as a safeguard for our application secrets and cryptographic keys (like certificates).

Scope
The main scope of this post is to take a look on how our secrets are stored. This is important because there are keys that cannot be recovered once generated or stored and we might end up without keys in the case we lose them.

What is HSM?
HSM is an acronym for Hardware Security Module. It is a physical device that can manage digital keys by providing cryptographic capabilities. HSM is playing the role of a safeguard by offering cryptographic capabilities directly by the hardware.

Is the tuple <keys, secrets> stored inside HSM?

No, there is no need to store this information in HSM. Secrets are stored outside the HSM, but they are encrypted using a key chain that terminates inside the HSM.
An analogy related to key chains an…

New Azure role - Azure Billing Reader

There is a small new feature on Azure Billing that made my day great. Small things matters and in this case is 100% applicable.

Problem
Until now there was no mechanism to share ONLY billing information with users. You could forward billing information to specific users. This was useful for last month consumptions, but nothing that you could do directly for the current month.

Current solution
Some shortcuts could be done to make available this information.
The most simple way is  to give to the user the Co-Administrator rights. This will work great, but that user will have access to other resources also, not only to the billing data. Having access to all resources can be a downside, especially if you need to give access to a non-technical person that might click the wrong button (smile). You might reduce the access by using RBAC (Role-Based Access Control), but you would need some extra configuration steps.
Another approach is by exporting billing and cost information using Azure REST …

Control Azure Users Access using Role-Based Access Control

Problem As a customer I want to be able to restrict user access and rights to Azure Resources that are under the same Azure Subscription.
The requirement can be extended a little more by specifying that a user needs to be able to view and access only Azure Resources that he is allowed. He shall be able to create or modify resources only specific resources.    If possible, all resources that user access or create should be under a predefined subnet.
Options There are multiple approaches to a request like this. Even if Role-Based Access Control is a powerful mechanism to control access, the way how we can restrict access is limited and doesn't allow us to restrict fully the user as we need. A classical approach is to allow user to run ARM (Azure Resource Management) scripts only through a custom component that is hosted by us. Having full control on this component we can implement any kind of logic and business restriction. The downside of a solution like this is complexity and cost.…

[Post Event] Global Azure Bootcamp event, Cluj-Napoca, April 22th, 2017

For the 5th year in the row,  ITCamp community from Cluj-Napoca joined Global Azure Bootcamp event. In comparison with other communities events organized by in Cluj-Napoca, Global Azure Bootcamp is different because is purely hands-on lab.
There were 3 different workshops of 90 minutes each where attendees had the opportunity to play and test Azure Functions, Machine Learning and Azure Resources Managers (ARM). We respected this year also the tradition to organize the event at Endava (ISDC) building, where the location is perfect for hands-on labs. Special thank you for our local sponsor - Endava.

Agenda
09:00-09:30 - Sosirea participanților
09:30-11:00 - Azure Functions (Radu Vunvulea)
11:00-12:30 - Machine learning for mere mortals with Azure ML (Silviu Niculita)
12:30-14:00 - ARM Templates, how to create them, and use them in your CD pipeline (Florin Loghiade)

Workshops descriptions
Azure Functions (Radu Vunvulea) 

What are Azure Functions? AWS Lambda from Azure. This is the fastest w…

[Post Event] Microsoft Data Amp—where data gets to work meet-up

Together with ITCamp community from Cluj-Napoca we joined our forces for 2 hours. We wanted to find more about how we can transform our business with our data -Microsoft Data Amp.
A lot of new stuff were announced during the live streaming that can be viewed on https://www.microsoft.com/en-us/sql-server/data-amp.
If you ask me, the game changers are SQL Server 2017 that runs on Linux and the fully integration between SQL Server and other stacks like R. Nowadays you don't need to move your data outside the Database engine to execute ML. You have the ML full support direct in the database engine.