Tuesday, October 20, 2020

AWS - Security Token Service (STS)

Sources from where users can come to access AWS services

  1. Federations
  2. Federations with Mobile
  3. Cross Account Access 

Federations : Grouping of users of multiple domains like IAM, Facebook, Google etc.
Identity Broker :  An AWS service used to connect an user to a federation.
Allows to take an user from point X and join it to point Y.
Identity Store : Services having their won users db, like Facebook, Google
Identity : An user


Steps to Remember :
  1. Create Identity Broker that will connect to organisation's LDAP directory and AWS STS.
  2. Identity Broker first connect to organisation's LDAP to verify user then it will connect to AWS Security Token Service (STS).
  3. Call to STS
    Scenario 1:
    Identity Broker calls getFedrationToken function with IAM credentials, IAM policy, duration (1-36 hrs: validity of new token) and a policy that contains which permissions to be assigned.
    Scenario 2:
    If Identity Broker get an IAM role associated with user from LDAP then Identity Broker calls STS and returned token will contains permissions based on the role's permissions.
  4. STS returns a temporary token with a Access Key, Secrete Access Key, a Token and its Duration (Lifetime of token).
  5. Then Application uses this token to call S3 bucket.
  6. S3 confirms permission from IAM and allow application to access bucket. 

- No comments:
Labels:

Tuesday, September 29, 2020

Azure - Queues

Azure Queue Storage provides cloud messaging between application components. In designing applications for scale, application components are often decoupled, so that they can scale independently. Queue storage delivers asynchronous messaging for communication between application components, whether they are running in the cloud, on the desktop, on an on-premises server, or on a mobile device. Queue storage also supports managing asynchronous tasks and building process workflows.

 It is a FIFO approach

Storage Account > Queue > Messages

 Important Classes & Methods

Class: CloudStorageAccount
Method: CreateCloudBlobClient

Class: CloudQueueClient

Class:CloudQueue
Method: CreateIfNotExist
Method: PeekMessge
Method: UpdateMessge
Method: DeleteMessge

---Dequeue--
Method:GetMessage
Method:GetMessages - Read all visible messages or no. of messages you passed as parameter of the queue.

Message visibility to other clients, time is 30 sec by default. While Fetching message with GetMessage or updating with UpdateMessage you can change default visibility time and set as you wish, with passing a TimeSpan object as a parameter.

A message must be processed by one client only 




 Dequeue a message
GetMessage   >  Process Message > Delete Message

GetMessage: Fetch message and block that message to other clients that means it will not visible to other clients for visibility time.
You need to process and delete this message before visible time finishes. Because after that, the message will be visible to other clients and another client may block that.

PeekMessage: It returns first available message of queue and do not block that message like GetMessage method.
It means parallel other clients may also read the same message. 

Class: CloudQueueMessage
Method: SetMessageContent
Property: Id
Property: PopupReceipt
- No comments:
Labels:

Saturday, September 19, 2020

Azure - Azure Storage Table (AZ)

Azure tables are ideal for storing structured, non-relational data. Common uses of Table storage include:
  • Storing TBs of structured data capable of serving web scale applications
  • Storing datasets that don't require complex joins, foreign keys, or stored procedures and can be denormalized for fast access
  • Quickly querying data using a clustered index
  • Accessing data using the OData protocol and LINQ queries with WCF Data Service .NET Libraries

    Retreive Entity
    TableOperation TO = TableOperation.Retreive(PartitionKey, Rowkey);
    TableResult TR = TableEmp.Execute(TO);
    EmpEntity emp = TR.Result;

    Update Entity
    Update proprties of emp
    TableOperation TO = TableOperation.Replace(emp);
    TableEmp.Execute(TO)

    Delete Entity
    TableOperation TO = TableOperation.Delete(Entity)
    TableEmp.Execute(TO)


    Optimization Techniques

  1. Read First: Read first the entity using Partition name + Row key
  2. Multiple Keys: Keep multiple keys, if data is duplicating no worries
  3. Compound Key: You can make Row key as a compound key
    Ex. If you store 2 values (Id and Email) in Row key, you can search with any of the mob. or email, this is a compound key. Id_<Id> and Email_<Email>

    PartitionKey
    RowKey
    EmpName
    Employee
    Id_1001
    Megha
    Employee
    Id_1002
    Renuka
    Employee
    Email_tomar@gmail.com
    Tomar
    Employee
    Email_mukesh12@gmail.com
    Mukesh
  4. Avoid unnecessary tables: Try to keep all related entities in one table separated by Partition key. Makes transactions smooth (commit/rollback)
    Ex. Emp, EmpDetails
  5. Inter Partition Pattern: Keeping multiple type values in row key
    Keeping multiple values to divide search load, like people searching with email id will search with a key like "Email_ %"

    Compound Key example (point no.3) is an Inter Partition pattern example.
  6. Intra Partition Pattern: Dividing search by using multiple Partition key is Intra Partition Pattern.

    PartitionKey
    RowKey
    EmpName
    EmployeeId
    1001
    Megha
    EmployeeId
    1002
    Renuka
    EmployeeEmail
    tomar@gmail.com
    Tomar
    EmployeeEmail
    mukesh12@gmail.com
    Mukesh
     
  7. Delete Partition Pattern: This enables bulk delete. When you delete data based on the partition key.
    Ex. you can delete any month data in a single operation.

    PARTITIONKEY

    ROWKEY

    EMPNAME

    EMPLOYEE-JAN20
    1001
    Megha
    EMPLOYEE-JAN20
    1002
    Renuka
    EMPLOYEE-JAN20
    1003
    Tomar
    EMPLOYEE-FEB20
    1004
    Mukesh
    EMPLOYEE-FEB20
    1005
    Kailash

  8. Large Entity Pattern: In case you are storing image/binary data you can use blog to store 
  9. Long table Pattern: In case you have large no. of columns in your entity
- No comments:
Labels:

Azure - Azure Storage (AZ)

Azure categories storage items in 4 categories
  1. File    
    Used for files storage like text file, word file, pdf file, etc.
  2. Blob 
    Used for the binary data store like an image file or library files etc.
  3. Table
    Used to store key-value pairs
  4. Queue
    Used to store queue messages. It works in a FIFO manner.


Account Kind of Storage
  1. Storage (General Purpose v1)
    A general-purpose and used for legacy deployable (stuff build before 2014) that can be used to store file, blob, table and the queue.
  2. StorageV2 (General Purpose v2)
    Recommended as it has the latest features and option to choose Access Tier as well
    A general-purpose and used to store file, blob, table and the queue.
  3. Blob Storage
    Storage accounts with premium performance characteristics for block blobs and append blobs. Recommended for scenarios with high transaction rates, or scenarios that use smaller objects or require consistently low storage latency.


Replication or Data Redundancy
There are multiple options available for your requirements of Durability and High Availability
  1. LRS(Locally Redundant Storage)
    Stores 3 copies of your data locally in a single physical location synchronously of the primary region.
    Cheapest option
    Not recommended for applications required high availability
  2. ZRS(Zone-Redundant Storage)
    Copies your data synchronously across three Azure availability zones in the primary region. For applications requiring high availability. with economic rates.
    Durability: 99.99999999999 (11 9's)
  3. GRS(Geo Redundant Storage)
    Copies 3 local copies synchronously using LRS of your data in the primary region and in a different geo-location asynchronously in the secondary region. you can think it as Geo Locally Redundant Storage.
    Durability: 99.999999999999 (12 9's)
  4.  GZRS(Geo-Zone-Redundant Storage)
    Copies data in 3 Azure Availability zones synchronously in the primary region and in different Geo location asynchronously in the secondary region.
    Durability: 99.9999999999999999 (16 9's)
  5. RA-GRS(Read Access Geo Redundant Access) Not supported currently
    Copies 3 local copies synchronously using LRS of your data in the primary region and in a different geo-location asynchronously in the secondary region. you can think it as Geo Locally Redundant Storage with reading access to secondary region data.
    Secondary region data is available to read in case your primary region unavailable.
  6. RA-GZRS(Read Access Geo Zone Redundant Access) Not supported currently
    Copies data in 3 Azure Availability zones synchronously in the primary region and in different Geo location asynchronously in the secondary region. This replication avail read access to secondary region data. You can access secondary region data in case of primary unavailable.
    Durability: 99.9999999999999999 (16 9's)
Performance
This section basically define disk type which would use to store data
  • Standard: Data backed into magnetic HDD drives, it offers cheap rates.  
  • Premium: Data backed into solid-state drives SDD, provides high IOPS rate with 99.9% SLA.

Access Tier

  • Hot: Can be used to store frequently accessed data. 
  • Cool: Can be used if data access is infrequent. 
  • Archive: Can be used to store data that accessed rarely. Only for blob.
    Can't be set on the storage level
    Can set at the blob level 

Premium Performance
Hot tier
Cool tier
Archive tier
Availability
99.90%
99.90%
99%
Offline
Availability
(RA-GRS reads)
N/A
99.99%
99.90%
Offline
Usage charges
Higher storage costs, lower access and transaction cost
Higher storage costs, lower access, and transaction costs
Lower storage costs, higher access, and transaction costs
Lowest storage costs, highest access, and transaction costs
Minimum object size
N/A
N/A
N/A
N/A
Minimum storage duration
N/A
N/A
30 days1
180 days
Latency
(Time to first byte)
Single-digit milliseconds
milliseconds
milliseconds
hours2


- No comments:
Labels:

Saturday, September 12, 2020

Azure - Some Basic Concepts of Azure

Some Basic Terminologies 

SAAS: Software as a service
PAAS: Platform as a service
IAAS: Infrastructure as a service


2 O's of Cloud:
  1. On-Demand
  2. Out Sourced


 Resource Group: A logical grouping of resources.
Location: The location on which you create a resource group is metadata of resources, not actual resources.

Ex. You are creating a website for hr management than you can create a resource group HR-Management and keep all the resources you would create for this website in this group.


 Deployment: There are 4 options available in VS.

  1. Deploy on FTP
  2. Deploy in a local directory
  3. Deploy on Azure: You can deploy the site directly over Azure.
    If you will use an Azure profile, no need to provide credential every time you would deploy


 App Service Editor: This is the online VS Code tool that you can use to edit files at the cloud.


- No comments:
Labels:

Monday, June 15, 2020

AZR - Availability Zone

(Same like Availability zone in AWS)

 Availability Zones is a high-availability offering that protects your applications and data from datacenter failures. Availability Zones are unique physical locations within the Azure region. Each zone is made up of one or more data centers equipped with independent power, cooling, and networking.
To ensure resiliency, there's a minimum of three separate zones in all enabled regions.
The physical separation of Availability Zones within a region protects applications and data from datacenter failures.
Zone-redundant services replicate your applications and data across Availability Zones to protect from single-points-of-failure.
With the Availability Zones, Azure offers industry best 99.99% VM uptime SLA.

 Availability zones are subscription-based, which means AZ1 in a specific region of a subscription might be different to AZ1 of the same region in a different subscription.


Availability Zone Support available by Oct 19

Availability set Support
America
Europe
Asia Pacific
Central US
East US
East US 2
West US 2
France Central
North Europe
UK South
West Europe
Japan East
Southeast Asia
Australia East
Compute
Linux Virtual Machines
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Windows Virtual Machines
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Virtual Machine Scale Sets
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Azure App Service Environments ILB
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Azure Kubernetes Service
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Storage
Managed Disks
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Zone-redundant Storage
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Networking
Standard IP Address
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Standard Load Balancer
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
VPN Gateway
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
ExpressRoute Gateway
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Application Gateway(V2)
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Azure Firewall
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Databases
Azure Data Explorer
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
SQL Database
Y
Y
Y
Y(Preview)
Y
Y(Preview)
Y
Y
Y
Y
Y
Azure Cache for Redis
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Azure Cosmos DB
Y
Y
Y
Y
Y
Y
Y
Analytics
Event Hubs
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Integration
Service Bus (Premium Tier Only)
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Event Grid
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Identity
Azure AD Domain Services
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y


- No comments:
Labels:
Subscribe to: Comments (Atom)

CI/CD - Safe DB Changes/Migrations

Safe DB Migrations means updating your database schema without breaking the running application and without downtime . In real systems (A...

  • Understanding XML Schema - XSD
    XML Schema - An XML schema describes the structure of an XML document. XML schema language also referred as XML schema definition(XSD). ...
  • Architecture - Some Important Concepts of DDD
    ✅ 1. Domain Events Domain events model things that happen inside the domain and allow other parts of the system to react. Use cases Send em...
  • Web API Facts
    Web Api is REST based service on web works on http or https. REST - Representational State Transfer  Facts  Rest Facts Client-Server model: ...