Posts

Application Delivery in the cloud

Traditional load balancers have lately evolved to become intelligent application delivery controllers (ADC) which implement various techniques to improve performance along with balancing load across a group of backend servers. Some of the techniques include caching content, compression of assets (js files, images etc.), taking over SSL related process from web servers, providing security from DDoS, SQL injection, XSS etc.. ADCs are like one-stop-shop for providing performance and security.  Load balancers for non-HTTP(s) workloads: Azure Traffic Manager: Is a global non-HTTP(s)/DNS load balancer. DNS load balancers provide IP address of an healthy endpoint based on the configured rules. The endpoint can be an application gateway or a load balancer depending on whether SSL offloading or application layer processing is required or not. Azure Load Balancer: is a non-HTTP(s) global (cross-region)  load balancer (aka network load balancer) operates at layer 4 (transport layer of OSI model

Pixy tokens for public clients

PKCE ("pixy"),an extension of Authorization Grant Type of OAuth 2.0, is now recommended for Single-Page Applications ( public clients)  and mobile apps where access tokens might be intercepted.  Implicit grant type , which was typically used for these types of apps, has some  security concerns . Remember: Client==Application Resource Owner==User Confidential Clients (running on server) = can securely store secrets Public Client (running in browser/SPA/mobile apps) = cannot store secrets securely PKCE Flow: The  Proof Key for Code Exchange  (PKCE) extension requires the calling application to generate a cryptographically random code verifier and a BASE64 encoded hash (SHA256) of code verifier called the code challenge on the fly before initiating the authorization flow. Application adds the code challenge to the request going to the authorization server to get the authorization code. Authorization server stores the code challenge and sends a one time us authorization code. Th

Cloud Messaging Services

AWS & Azure Messaging Services Messaging services enable disparate systems to communicate and exchange information. AWS and Azure both provide highly available and reliable services to build real-time and non-real time event driven architectures. Event driven architectures use events (small messages) to invoke a service and pass information between systems in near real time. Typical components in a EDA are event producers/publishers, event routers and event consumers/subscribers.  All  the services  push messages (or at least support) to consumers in near real-time automatically. Consumers need not poll anymore, which introduces latency, consumes CPU cycles, etc. In some cases you might want to poll for messages when you don't want to handle messages in real-time or have downstream systems that don't scale well. Amazon MQ: Is an enterprise grade fully managed service to run Apache Active MQ or Rabbit MQ message brokers. It provides all the features of the underlying messag

Observability

A system should be testable, usable and observable. Observability is an attribute of a system which is supported by: Metrics In computers metrics is made up of timestamp, a values and some contextual metadata. For example: 0101200112:00:00 75% CPU [server name] [envronment]  0101200112:00:00 75% RAM [server name] [envronment]  Logs Are discrete events written by OS, applications/processes running on a system. They typically contain,  date/time stamp, severity level, system name, message of event.  Traces Follow a request's path through a system capturing input/output values and execution duration along the way. They are used by developers to identify code path during troubleshooting. Using APM tools like Dynatrace, New Relic, AppDynamics makes this a lot easier. Observability provides detailed insights into what happened to the system and why.

High Availability vs Fault Tolerance

Reliability/Resiliency: Trait of an application/system to avoid or recover from failure with minimal manual intervention. Availability: Is measure of reliability or the duration of time that a system is performing as expected. If there's performance degradation it implies low availability. Redundancy (multiple machines) enables loose coupling (achieved using load balancers) which improves performance and availability. Performance and availability are directly proportional; good availability, good performance, and vice versa.  High Availability (HA) and Fault Tolerance (FT) are used interchangeably when talking about keeping systems running with little or no degradation in their availability. Though the goal of HA and FT is the same the difference lies in how they are achieved. HA typically aims at keeping the systems available with a slight degradation of SLAs and can tolerate some downtime . HA is achieved by either provisioning fixed number of servers (typically at least 2 or mo

Azure Storage Static Website vs Azure Static Web Apps

Azure first came up with static websites in storage then released Azure Static Web App Service. Azure Static Web Apps Integrated with GitHub actions - deployed as soon as code is checked in. Custom domains names with free SSL cert Supports Azure Functions Built in security policies Azure Storage Website Cheap Use CDN for custom domain names and SSL I've used Azure Storage website for : hosting static pages generated by DocFX. You don't really need a vanity domain for an internal document site. Click-once deployment packages for desktop applications

Dynamic/SPA/Static Websites

Websites contain static content (html, css, images etc.) whereas web applications are more complex and interactive, i.e. user read and update data. Dynamic Apps Web server creates html pages (Server Side Rendering) with data using a  server-side programming language  and sends it in response to requests coming from the clients (browser). The server interacts with APIs or databases directly to get the data for the pages. Use ASP.NET Core MVC, Java Spring frameworks to build dynamic web applications. SPA (Single Page Applications) The web server (you could use a CDN to deliver too) on the first request from the client returns a main/base html page (like a container) along with all the JavaScript's needed to generate subsequent html pages (Client Side Rendering) on the client side(browser). JavaScript's call backend APIs for required data to weave into the html.  SPA is good choice for SaaS business applications because you don't really need search engine crawling. Angular, Vu