This document discusses options for integrating on-premises systems with Azure-based applications. It describes network-based options like virtual networks and non-network options like Azure Relay and the On-Premises Data Gateway. Azure Relay offers WCF Relay and Hybrid Connections. Hybrid Connections use port forwarding while WCF Relay relies on WCF. The document also provides examples of how to connect web/mobile apps, VMs, and SaaS services to on-prem resources and compares different approaches.
Load Balancers vs IIS ARR or a Web Application Proxy (WA) for HAKemp
Understanding the differences between a load balancer and software features like Microsoft IIS's ARR and a Web Application Proxy (WAP) can be confusing. We compare the full feature set of a Load Balancer appliance / ADC (Application Delivery Controller) versus Application Request Routing, especially for High Availability
Network and Security Reference Architecture For Driving Workstyle TransformationMatsuo Sawahashi
Many companies have began to use multiple cloud services as usual. However, enterprise network has been built around the data center and it is a topology centered on the data center. The bandwidth of the Internet gateway on the data center becomes short. The access line from the site is also tight with massive data due to increase in use of SaaS such as O365 or Box.
Meanwhile, employees have worked in various places such as office, outside and home. Business partners also want to access the enterprise network to collaborate business with the company. They want to use enterprise applications on both on-premise and cloud as same procedure.
To solve above problems, we need to change our mind.
- The data center is no longer the center, but the network becomes the center.
- The Internet is dangerous, however if we use it well, it is cheap, we can build a strong network against failure or disaster
- Boundary protection is no longer able to protect enterprises from recent threats, it does not accept diverse usage patterns – beyond various boundaries
So, please look at the deck for understanding the solution
Kubernetes Ingress to Service Mesh (and beyond!)Christian Posta
Kubernetes users need to allow traffic to flow into and within the cluster. Treating the application traffic separately from the business logic allows presents new possibilities in how service to service traffic is served, controlled and observed — and provides a transition to intra cluster networking like Service Mesh. With microservices, there is a concept of both North / South traffic (incoming requests from end users to the cluster) and East / West (intra cluster) communication between the services. In this talk we will explain how Envoy Proxy works in Kubernetes as a proxy for both of these traffic directions and how it can be leveraged to do things like traffic shaping, security, and integrate the north/south to east/west behavior.
Christian Posta (@christianposta) is Global Field CTO at Solo.io, former Chief Architect at Red Hat, and well known in the community for being an author (Istio in Action, Manning, Istio Service Mesh, O'Reilly 2018, Microservices for Java Developers, O’Reilly 2016), frequent blogger, speaker, open-source enthusiast and committer on various open-source projects including Istio, Kubernetes, and many others. Christian has spent time at both enterprises as well as web-scale companies and now helps companies create and deploy large-scale, cloud-native resilient, distributed architectures. He enjoys mentoring, training and leading teams to be successful with distributed systems concepts, microservices, devops, and cloud-native application design.
Load Balancers vs IIS ARR or a Web Application Proxy (WA) for HAKemp
Understanding the differences between a load balancer and software features like Microsoft IIS's ARR and a Web Application Proxy (WAP) can be confusing. We compare the full feature set of a Load Balancer appliance / ADC (Application Delivery Controller) versus Application Request Routing, especially for High Availability
Network and Security Reference Architecture For Driving Workstyle TransformationMatsuo Sawahashi
Many companies have began to use multiple cloud services as usual. However, enterprise network has been built around the data center and it is a topology centered on the data center. The bandwidth of the Internet gateway on the data center becomes short. The access line from the site is also tight with massive data due to increase in use of SaaS such as O365 or Box.
Meanwhile, employees have worked in various places such as office, outside and home. Business partners also want to access the enterprise network to collaborate business with the company. They want to use enterprise applications on both on-premise and cloud as same procedure.
To solve above problems, we need to change our mind.
- The data center is no longer the center, but the network becomes the center.
- The Internet is dangerous, however if we use it well, it is cheap, we can build a strong network against failure or disaster
- Boundary protection is no longer able to protect enterprises from recent threats, it does not accept diverse usage patterns – beyond various boundaries
So, please look at the deck for understanding the solution
Kubernetes Ingress to Service Mesh (and beyond!)Christian Posta
Kubernetes users need to allow traffic to flow into and within the cluster. Treating the application traffic separately from the business logic allows presents new possibilities in how service to service traffic is served, controlled and observed — and provides a transition to intra cluster networking like Service Mesh. With microservices, there is a concept of both North / South traffic (incoming requests from end users to the cluster) and East / West (intra cluster) communication between the services. In this talk we will explain how Envoy Proxy works in Kubernetes as a proxy for both of these traffic directions and how it can be leveraged to do things like traffic shaping, security, and integrate the north/south to east/west behavior.
Christian Posta (@christianposta) is Global Field CTO at Solo.io, former Chief Architect at Red Hat, and well known in the community for being an author (Istio in Action, Manning, Istio Service Mesh, O'Reilly 2018, Microservices for Java Developers, O’Reilly 2016), frequent blogger, speaker, open-source enthusiast and committer on various open-source projects including Istio, Kubernetes, and many others. Christian has spent time at both enterprises as well as web-scale companies and now helps companies create and deploy large-scale, cloud-native resilient, distributed architectures. He enjoys mentoring, training and leading teams to be successful with distributed systems concepts, microservices, devops, and cloud-native application design.
Navigating the service mesh landscape with Istio, Consul Connect, and LinkerdChristian Posta
Service mesh has hit the cloud native computing community like a storm, and we’re starting to see gradual adoption across the enterprise. There are a handful of open source service mesh implementations to choose from, including Istio, Consul Connect, and Linkerd.
Christian Posta details why and when you may want to use a service mesh versus when you may want to just stick with a library, Netflix OSS, or application approach. He digs into three popular open source service mesh implementations and explores their goals, strengths, and weaknesses. You’ll come away with a good foundation from which to explore service mesh technology and ask the right questions to get to the right answer for them.
In this SOA workshop in Colombo, Sri Lanka (September 17, 2009), Paul Fremantle, CTO and Co-Founder, WSO2 presented about SOA and discussed why SOA is the basis of all modern Enterprise Architecture.
Modern application architectures are embracing public clouds, microservices, and container schedulers like Kubernetes and Nomad. These bring complex service-to-service communication patterns, increased scale, dynamic IP addresses, ephemeral infrastructure, and higher failure rates. These changes require a new approach for service discovery, configuration, and segmentation. Service discovery enables services to find and communicate with each other. Service configuration allows us to dynamically configure applications at runtime. Service segmentations lets us secure our microservices architectures by limiting access. In this talk, we cover these challenges and how to solve them with Consul providing as a service mesh.
Microservices and the Cloud-Based Future of IntegrationBizTalk360
The software integration market is heating up with many new-entry cloud-based vendors and a sea-change in customer expectations. What does this means for traditional Enterprise Application Integration? How do modern integration tools add value and where is the integration market heading? Microsoft is leading the charge forward with a new emphasis on microservice-based integration. What are microservices? How do they relate to iPaaS and what does the Azure-based microservice ecosystem offer? How will this emerging world transform integration in the future?
Integrating Alfresco @ Scale (via event-driven micro-services)J V
Alfresco DevCon 2018 (Lisbon) - https://devcon.alfresco.com/
Alfresco provides a rich set of options for integrating third-party systems with services across the Digital Business Platform. We will deep-dive into the architecture of the new Alfresco Integration Services framework – a set of event-driven micro-services that can be easily deployed & scaled.
https://www.youtube.com/watch?v=TyB-t7wsDEE
Solution for using AWS cloud on the fly for an application deployed in data centre. Dynamically start additional instance in AWS using monitoring and triggers from A10 Lightning Application Delivery Service (ADS) and AWS Lambda.
Multicluster Kubernetes and Service Mesh PatternsChristian Posta
Building applications for cloud-native infrastructure that are resilient, scalable, secure, and meet compliance and IT objectives gets complicated. Another wrinkle for the organizations with which we work is the fact they need to run across a hybrid deployment footprint, not just Kubernetes. At Solo.io, we build application networking technology on Envoy Proxy that helps solve difficult multi-deployment, multi-cluster, and even multi-mesh problems.
In this webinar, we’re going to explore different options and patterns for building secure, scalable, resilient applications using technology like Kubernetes and Service Mesh without leaving behind existing IT investments. We’ll see why and when to use multi-cluster topologies, how to build for high availability and team autonomy, and solve for things like service discovery, identity federation, traffic routing, and access control.
The exploration of service mesh for any organization comes with some serious questions. What data plane should I use? How does this tie in with my existing API infrastructure? What kind of overhead do sidecar proxies demand? As I've seen in my work with various organizations over the years "if you have a successful microservices deployment, then you have a service mesh whether it’s explicitly optimized as one or not."
In this talk, we seek to understand the role of the data plane and how to pick the right component for the problem context. We start off by establishing the spectrum of data-plane components from shared gateways to in-code libraries with service proxies being along that spectrum. We clearly identify which scenarios would benefit from which part of the data-plane spectrum and show how modern service meshes including Istio, Linkerd, and Consul enable these optimizations.
Scaling micro-services Architecture on AWSBoyan Dimitrov
In this talk we are going to explore how Hailo evolved a monolithic LAMP stack into micro-services platform based on Go. We are going to share the challenges we faced and some of the design patterns that helped us scale our system. We will take a peek into our internal orchestration architecture and the tooling we built to help us automate and manage our platform
Service-mesh options with Linkerd, Consul, Istio and AWS AppMeshChristian Posta
Service mesh abstracts the network from developers to solve three main pain points:
How do services communicate securely with one another
How can services implement network resilience
When things go wrong, can we identify what and why
Service mesh implementations usually follow a similar architecture: traffic flows through control points between services (usually service proxies deployed as sidecar processes) while an out-of-band set of nodes is responsible for defining the behavior and management of the control points. This loosely breaks out into an architecture of a "data plane" through which requests flow and a "control plane" for managing a service mesh.
Different service mesh implementations use different data planes depending on their use cases and familiarity with particular technology. The control plane implementations vary between service-mesh implementations as well. In this talk, we'll take a look at three different control plane implementations with Istio, Linkerd and Consul, their strengths, and their specific tradeoffs to see how they chose to solve each of the three pain points from above. We can use this information to make choices about a service mesh or to inform our journey if we choose to build a control plane ourselves.
Understanding the New Enterprise Multi-Cloud Backbone for DevOps EngineersDevOps.com
IT infrastructure and apps are moving en masse to public clouds – AWS, Azure, Google – understanding leveraging infrastructure as code to provision the network services, connectivity and security to maximize simplicity, security and performance is critical to DevOps success in building and managing the new Enterprise Multi-Cloud Backbone.
In this webinar, you’ll learn more about critical use cases such as (1) Using Terraform to spin up transit networking services in AWS, (2) profile-based secure cloud access for developers, and (3) VPC secure egress filtering to meet compliance, including deeper dives into:
Deploying the network as code using automation tools
Addressing specific operational challenges for high availability, across multiple VPCs
Isolating environments for dev and test easily
Design pattern details and the pros and cons of each approach
Understanding the limitation of native services and how to add value and capabilities with advanced services
How to architect an Enterprise Multi-Cloud Backbone to support all your cloud use case
Distributed microservices introduce new challenges: failure modes are harder to anticipate and resolve. In this session, we present a “Chaos Debugging” framework enabled by three open source projects: Gloo Shot, Squash, and Loop to help you increase your microservices’ “immunity” to issues.
Gloo Shot integrates with any service mesh to implement advanced, realistic chaos experiments. Squash connects powerful and mature debuggers (gdb, dlv, java debugging) to your microservices while they run in Kubernetes. Loop extends the capability of your service mesh to observe your application and record full transactions for sandboxed replay and debugging.
Come to this demo-heavy talk to see how together, Squash, Gloo Shot, and Loop allow you to trigger, replay, and investigate failure modes of your microservices in a language agnostic and efficient manner without requiring any changes to your code.
The Hitchhiker’s Guide to Hybrid ConnectivityBizTalk360
Organisations are increasingly becoming aware of the immense power afforded by hybrid application architectures. Enterprise businesses can now leverage the scale, elasticity, economy and global reach afforded by Microsoft Azure whilst still retaining the investment and security of their on-premises LOB systems, helping them to maintain a competitive edge in a world where businesses are no longer constrained by geographic boundaries. Yet with so many options available for connecting systems, which one should you choose? In this session we will discuss the various Microsoft offerings for hybrid connectivity including Hybrid Connections, the On-Premises Data Gateway, Virtual Private Network, Service Bus WCF Relay and the new Azure Relay – and when best to use which.
azure track -06- cloud integration patterns for it-pros - itproceedITProceed
by Sam Vanhoutte
In the new scenarios where cloud is getting used, integration becomes very important. Luckily, the Windows Azure platform provides a lot of different capabilities and services to make a secure link between your local systems and the Windows Azure services or machines.
In this session, an overview will be give of the different technologies and the scenarios to which these technologies are best applicable. The following technologies will be demonstrated and discussed:
•Messaging: Service Bus Messaging, BizTalk Services
•Services: Service Bus Relay
•Mobile: Service Bus Notification Hubs, SignalR
•Data: SQL Data Sync
•Networking: Windows Azure Virtual Networking
•Security: Active Directory integration
Navigating the service mesh landscape with Istio, Consul Connect, and LinkerdChristian Posta
Service mesh has hit the cloud native computing community like a storm, and we’re starting to see gradual adoption across the enterprise. There are a handful of open source service mesh implementations to choose from, including Istio, Consul Connect, and Linkerd.
Christian Posta details why and when you may want to use a service mesh versus when you may want to just stick with a library, Netflix OSS, or application approach. He digs into three popular open source service mesh implementations and explores their goals, strengths, and weaknesses. You’ll come away with a good foundation from which to explore service mesh technology and ask the right questions to get to the right answer for them.
In this SOA workshop in Colombo, Sri Lanka (September 17, 2009), Paul Fremantle, CTO and Co-Founder, WSO2 presented about SOA and discussed why SOA is the basis of all modern Enterprise Architecture.
Modern application architectures are embracing public clouds, microservices, and container schedulers like Kubernetes and Nomad. These bring complex service-to-service communication patterns, increased scale, dynamic IP addresses, ephemeral infrastructure, and higher failure rates. These changes require a new approach for service discovery, configuration, and segmentation. Service discovery enables services to find and communicate with each other. Service configuration allows us to dynamically configure applications at runtime. Service segmentations lets us secure our microservices architectures by limiting access. In this talk, we cover these challenges and how to solve them with Consul providing as a service mesh.
Microservices and the Cloud-Based Future of IntegrationBizTalk360
The software integration market is heating up with many new-entry cloud-based vendors and a sea-change in customer expectations. What does this means for traditional Enterprise Application Integration? How do modern integration tools add value and where is the integration market heading? Microsoft is leading the charge forward with a new emphasis on microservice-based integration. What are microservices? How do they relate to iPaaS and what does the Azure-based microservice ecosystem offer? How will this emerging world transform integration in the future?
Integrating Alfresco @ Scale (via event-driven micro-services)J V
Alfresco DevCon 2018 (Lisbon) - https://devcon.alfresco.com/
Alfresco provides a rich set of options for integrating third-party systems with services across the Digital Business Platform. We will deep-dive into the architecture of the new Alfresco Integration Services framework – a set of event-driven micro-services that can be easily deployed & scaled.
https://www.youtube.com/watch?v=TyB-t7wsDEE
Solution for using AWS cloud on the fly for an application deployed in data centre. Dynamically start additional instance in AWS using monitoring and triggers from A10 Lightning Application Delivery Service (ADS) and AWS Lambda.
Multicluster Kubernetes and Service Mesh PatternsChristian Posta
Building applications for cloud-native infrastructure that are resilient, scalable, secure, and meet compliance and IT objectives gets complicated. Another wrinkle for the organizations with which we work is the fact they need to run across a hybrid deployment footprint, not just Kubernetes. At Solo.io, we build application networking technology on Envoy Proxy that helps solve difficult multi-deployment, multi-cluster, and even multi-mesh problems.
In this webinar, we’re going to explore different options and patterns for building secure, scalable, resilient applications using technology like Kubernetes and Service Mesh without leaving behind existing IT investments. We’ll see why and when to use multi-cluster topologies, how to build for high availability and team autonomy, and solve for things like service discovery, identity federation, traffic routing, and access control.
The exploration of service mesh for any organization comes with some serious questions. What data plane should I use? How does this tie in with my existing API infrastructure? What kind of overhead do sidecar proxies demand? As I've seen in my work with various organizations over the years "if you have a successful microservices deployment, then you have a service mesh whether it’s explicitly optimized as one or not."
In this talk, we seek to understand the role of the data plane and how to pick the right component for the problem context. We start off by establishing the spectrum of data-plane components from shared gateways to in-code libraries with service proxies being along that spectrum. We clearly identify which scenarios would benefit from which part of the data-plane spectrum and show how modern service meshes including Istio, Linkerd, and Consul enable these optimizations.
Scaling micro-services Architecture on AWSBoyan Dimitrov
In this talk we are going to explore how Hailo evolved a monolithic LAMP stack into micro-services platform based on Go. We are going to share the challenges we faced and some of the design patterns that helped us scale our system. We will take a peek into our internal orchestration architecture and the tooling we built to help us automate and manage our platform
Service-mesh options with Linkerd, Consul, Istio and AWS AppMeshChristian Posta
Service mesh abstracts the network from developers to solve three main pain points:
How do services communicate securely with one another
How can services implement network resilience
When things go wrong, can we identify what and why
Service mesh implementations usually follow a similar architecture: traffic flows through control points between services (usually service proxies deployed as sidecar processes) while an out-of-band set of nodes is responsible for defining the behavior and management of the control points. This loosely breaks out into an architecture of a "data plane" through which requests flow and a "control plane" for managing a service mesh.
Different service mesh implementations use different data planes depending on their use cases and familiarity with particular technology. The control plane implementations vary between service-mesh implementations as well. In this talk, we'll take a look at three different control plane implementations with Istio, Linkerd and Consul, their strengths, and their specific tradeoffs to see how they chose to solve each of the three pain points from above. We can use this information to make choices about a service mesh or to inform our journey if we choose to build a control plane ourselves.
Understanding the New Enterprise Multi-Cloud Backbone for DevOps EngineersDevOps.com
IT infrastructure and apps are moving en masse to public clouds – AWS, Azure, Google – understanding leveraging infrastructure as code to provision the network services, connectivity and security to maximize simplicity, security and performance is critical to DevOps success in building and managing the new Enterprise Multi-Cloud Backbone.
In this webinar, you’ll learn more about critical use cases such as (1) Using Terraform to spin up transit networking services in AWS, (2) profile-based secure cloud access for developers, and (3) VPC secure egress filtering to meet compliance, including deeper dives into:
Deploying the network as code using automation tools
Addressing specific operational challenges for high availability, across multiple VPCs
Isolating environments for dev and test easily
Design pattern details and the pros and cons of each approach
Understanding the limitation of native services and how to add value and capabilities with advanced services
How to architect an Enterprise Multi-Cloud Backbone to support all your cloud use case
Distributed microservices introduce new challenges: failure modes are harder to anticipate and resolve. In this session, we present a “Chaos Debugging” framework enabled by three open source projects: Gloo Shot, Squash, and Loop to help you increase your microservices’ “immunity” to issues.
Gloo Shot integrates with any service mesh to implement advanced, realistic chaos experiments. Squash connects powerful and mature debuggers (gdb, dlv, java debugging) to your microservices while they run in Kubernetes. Loop extends the capability of your service mesh to observe your application and record full transactions for sandboxed replay and debugging.
Come to this demo-heavy talk to see how together, Squash, Gloo Shot, and Loop allow you to trigger, replay, and investigate failure modes of your microservices in a language agnostic and efficient manner without requiring any changes to your code.
The Hitchhiker’s Guide to Hybrid ConnectivityBizTalk360
Organisations are increasingly becoming aware of the immense power afforded by hybrid application architectures. Enterprise businesses can now leverage the scale, elasticity, economy and global reach afforded by Microsoft Azure whilst still retaining the investment and security of their on-premises LOB systems, helping them to maintain a competitive edge in a world where businesses are no longer constrained by geographic boundaries. Yet with so many options available for connecting systems, which one should you choose? In this session we will discuss the various Microsoft offerings for hybrid connectivity including Hybrid Connections, the On-Premises Data Gateway, Virtual Private Network, Service Bus WCF Relay and the new Azure Relay – and when best to use which.
azure track -06- cloud integration patterns for it-pros - itproceedITProceed
by Sam Vanhoutte
In the new scenarios where cloud is getting used, integration becomes very important. Luckily, the Windows Azure platform provides a lot of different capabilities and services to make a secure link between your local systems and the Windows Azure services or machines.
In this session, an overview will be give of the different technologies and the scenarios to which these technologies are best applicable. The following technologies will be demonstrated and discussed:
•Messaging: Service Bus Messaging, BizTalk Services
•Services: Service Bus Relay
•Mobile: Service Bus Notification Hubs, SignalR
•Data: SQL Data Sync
•Networking: Windows Azure Virtual Networking
•Security: Active Directory integration
In this session, Sam will give an overview of the new Hybrid Connections feature. With this feature, customers can easily connect their cloud services with their existing on premises resources. Sam will demonstrate the various capabilities of this new service and will discuss the advanced features, such as load balancing, Always On connectivity, connection cardinality, automation and performance.
A clear picture of building hybrid solution using the Microsoft Integration Stack. Hybrid Solutions: Integration BizTalk Server 2013, Windows Azure Service Bus, BizTalk Services and REST.
Microservices and the Cloud based future of integration finalBizTalk360
The software integration market is heating up with dozens of new cloud-based vendors and a sea-change in customer expectations. What does this means for traditional Enterprise Application Integration? What do modern integration tools give us and where is this all heading. The answer is cloud-based microservices PaaS, and Microsoft is leading the charge forward. What are microservices, what is the next-generation Azure PaaS platform all about and how will this transform the world of application and service integration in the future?
Overview of azure microservices and the impact on integrationBizTalk360
On the back of Integrate 2014, Sam Vanhoutte will discuss view on some of the implications of the announcements made at the conference and talk about how this might affect the future for integration professionals
WSO2Con USA 2017: Implement an Effective Digital Platform Using WSO2 IntegrationWSO2
The WSO2 integration platform offers a high performance, lean, enterprise-ready solution to solve integration and innovation challenges faced by connected businesses. This platform offers modern integration technologies that empower enterprises to build a digital business by seamlessly connecting mobile apps, services, multiple data repositories, social media, and cloud and on-premise systems. This is all done to enhance your customers’ experience and increase internal productivity.
One of the primary focuses in modern integration is to think in terms of the network-effect in terms of reliability in resilience, scalability, affordability, and adaptability. The session will focus on
Under the hood: Integration server architecture
Mediation catalog
Architectural styles for integration
Enhancing
Hybrid integration with WSO2
Debugging and troubleshooting your integration
Deployment
Performance tuning
Production hardening
Going to the cloud with Microsoft and ITAdviser_Windows Azure overview for IT...Olimpia Oancea
We really believe that cloud is the new normal. For anyone who is looking to develop software, using a public cloud like Azure is a no-brainer. In the last year, we have not come across even a single scenario where a customer is looking to build a new innovative product, and they are going to deploy that in their own datacenter…
Olimpia Oancea, Co-Founder and CEO, ITAdviser
Cloud integration: what's in it for you? (Toon Vanhoutte & Massimo Crippa at ...Codit
This session focuses on the great opportunities that cloud integration brings to your business. Common challenges and pitfalls for hybrid messaging-based and API-based integration are discussed. Next to that, Codit's added-value approach to hybrid integration is presented, which combines a solid foundation of 15 years integration experience with an innovative and rapidly moving Azure cloud platform.
Azure Cloud Application Development Workshop - UGIdotNETLorenzo Barbieri
Based on Global Black Belt Azure CAD Workshop, this material was used during ugidotnet.org CAD Lab in June 2017.
Azure VMs, AppService, Functions, Logic Apps and Service Fabric were demoed during the day.
Best Practices for couchDB developers on Microsoft AzureBrian Benz
This presentation covers best practices for collecting, storing, analyzing and distributing data across a scalable data layer on Windows Azure using CouchDB, JSON, and MapReduce. Highlights include best practices for Windows Azure security, performance, accessibility and reliability.
Similar to The Hitchhiker’s Guide to Hybrid Connectivity (20)
Azure Logic Apps & AI - Building Integration & AI SolutionsDaniel Toomey
Presentation delivered at the Brisbane Data & AI Bootcamp on Saturday, 18 May 2024. Covers Workflow Assistant and new Azure OpenAI and AI Search connectors.
Private DNS Infrastructure Support in Hybrid ScenariosDaniel Toomey
A discussion of DNS private resolver architecture, how it is leveraged for private resolution for Azure <-> Azure and Azure <-> On-Prem and other things including private DNS zones and conditional forwarding rules.
As presented to the Brisbane Azure Group by Rachel Calleia (https://www.linkedin.com/in/rachel-calleia-669439144/)
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
3. Integrating the DigitalEnterprise
What This Talk is NOT About
• Integration Patterns
– Specifically focuses on connectivity options
– Excludes async patterns (i.e. Service Bus queues / topics)
• Demos
– Theoretical talk only due to time constraints
• Network Level Connectivity
– Mentioned as an option, but not the primary focus
– Concentrates on non-network options
7. Integrating the DigitalEnterprise
Azure Virtual Network
image: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-overview
Types:
– Point to Site (P2S)
– Site to Site (S2S)
– ExpressRoute
P2S, S2S
ExpressRoute
8. Integrating the DigitalEnterprise
VNET Integration for Web / Mobile Apps
• Requires Standard or Premium
App Service Plan
• VNET must be in same
subscription as ASP
• Must have P2S enabled
• Must have Dynamic routing
gateway
image: https://docs.microsoft.com/en-us/azure/app-service-web/web-sites-integrate-with-vnet
9. Integrating the DigitalEnterprise
VNET with API Management
• Added layer of security
• All the benefits of APIM
NSG
Corporate Network
Application
Server
BizTalk Server
Database
Server
Virtual Network
API Mgmt
Application
Gateway
VPN
Gateway
NSG
External
Client
11. Integrating the DigitalEnterprise
Relay – An Alternative Approach
• Relay underpins all of the non-network connectivity options
– Azure Relay
• WCF Relay
• Hybrid Connections
– On Prem Data Gateway
12. Integrating the DigitalEnterprise
Load Balancer
Network Address Translation
Router
H/W FIrewall
S/W FIrewall
Why the Relay?
• Traffic OUT is not usually a problem
• Traffic IN – different story!
Application
Server
Client Network Target Network
Application
Server
13. Integrating the DigitalEnterprise
Application
Server
Client Network Your Network
Application
Server
Relay
Service
How Relay Works
• Concepts:
– Secured listener endpoint in the
cloud
– Opened via an outbound
connection from within corporate
network
– Clients send messages via the
listener’s endpoint
– No changes to corporate firewall or
network required
• As long as it allows outbound
traffic on
port 80/443
14. Integrating the DigitalEnterprise
Azure Relay
• Generally Available as of 27 March 2017
• One of the three Service Bus offerings
• Comprised of two services:
– WCF Relay
– Azure Relay Hybrid Connections
15. Integrating the DigitalEnterprise
WCF Relay
WCF Service
Application
Server
Client Network
Microsoft
Azure
Your Network
WCF Relay – How It Works
• WCF Relay point within a Service Bus namespace
• Outbound connection from an on-prem WCF service
• Uses WCF relay bindings:
– NetTcpRelayBinding
– BasicHttpRelayBinding
– WS2007HttpRelayBinding
– NetOnewayRelayBinding
– NetEventRelayBinding
– WebHttpRelayBinding
– NetMessagingBinding
• Security via Shared Access Signatures (SAS)
• Accessible from a variety of services & locations
BizTalk Server
API Management
Azure
Function
Web App
BizTalk Server
16. Integrating the DigitalEnterprise
WCF Relay – Constraints
• Needs a self-provided listener
service
• Relies on Windows / .NET
framework
• Optimised for XML messaging
BizTalk Server
API Management
Azure
Function
Web App
BizTalk Server
WCF Relay
WCF Service
Application
Server
Client Network
Microsoft
Azure
Your Network
17. Integrating the DigitalEnterprise
WCF Relay – Pricing
WCF RELAY PRICING
Relay hours $0.10 for every 100 relay hours
Messages $0.01 for every 10,000 messages
The monthly prices are calculated based on 744 hours of use. Connections will be charged in one hour increments.
MONTHLY USAGE SCENARIO:
1 connection x 744 hours + 1 million messages** = US $1.74*
*Excludes data egress charges
**Message size up to 64KB
18. Integrating the DigitalEnterprise
Hybrid Connections
• Works at the transport level (web sockets)
• Relies on port forwarding (hostname + port)
• Requires only a Service Bus namespace (no MABS)
• Cross Platform (Windows & Linux)
• Codeless experience for Web Apps / Mobile Apps
• API accessible for other scenarios
19. Integrating the DigitalEnterprise
Hybrid Connections – How It Works
• Connection created in Azure (Service Bus)
• Hybrid Connection Manager installed on prem
Web App
Mobile App
Corporate Network
Microsoft SQL Server
Hybrid Connection
Other published resources
Hybrid Connection
Manager
20. Integrating the DigitalEnterprise
Hybrid Connections – Scalability
• Connection created in Azure (Service Bus)
• Hybrid Connection Manager installed on prem
Web App
Mobile App
Corporate Network
Microsoft SQL
Server Cluster
Hybrid Connection
Hybrid Connection
Manager
21. Integrating the DigitalEnterprise
Hybrid Connections – Using the API
• Port Bridge code option (running as a Windows
service)
Azure VM
Corporate Network
Microsoft SQL Server
Hybrid Connection
Other published resources
Server
Samples: github.com/Azure/azure-relay-dotnet/
22. Integrating the DigitalEnterprise
Azure Relay Hybrid Connections
Constraints:
• Maximum 10,000 relay endpoints per namespace
• Maximum 25 listeners per relay
• Best for Azure-hosted clients
• Codeless experience limited to Web/Mobile Apps
– … but plenty of examples of the rest on GitHub!
github.com/Azure/azure-relay-dotnet/
23. Integrating the DigitalEnterprise
Azure Relay Hybrid Connections – Pricing
HYBRID CONNECTION PRICING
Connection Charge (includes 5 GB of data/month) US $10 per Listener
Data Transfer Overage (Data exceeding the included 5
GB/month)*
US $1/GB
*The data transfer limit of 5 GB covers total data transfer across all listener units.
MONTHLY USAGE SCENARIO:
2 HC listeners + 10 GB data = US $25.00 [ ($10 x 2) + $ 5 data overage ]
3 HC listeners + 100 GB data = US $125.00 [ ($10 x 3) + $ 95 data overage ]
24. Integrating the DigitalEnterprise
Which Azure Relay to Use?
Hybrid Connections
(TCP, Port Forwarding)
WCF Relay
(WCF Application Stack)
Application
Layer
Transport
Layer
25. Integrating the DigitalEnterprise
On-Premises Data Gateway
• Generally Available as of 4th May 2017
• Acts as a bridge between Azure PaaS and on-prem
resources
• Works with connectors for Logic Apps, Power Apps,
Flow & Power BI:
• BizTalk Server
• DB2
• File System
• Informix
• MQ
• MySQL
• Oracle Database
• PostgreSQL
• SAP Application Server
• SAP Message Server
• SharePoint for HTTP
only, not HTTPS
• SQL Server
• Teradata
26. Integrating the DigitalEnterprise
On-Premises Data Gateway – How It Works
• Download and install the gateway
on-premises
• Create and associate a data
gateway in Azure
• Connect Logic App / Power App /
etc to gateway
• Can run over ExpressRoute
26
27. Integrating the DigitalEnterprise
On-Premises Data Gateway – Constraints
• Accessible only from within managed connectors (no API)
• Only one gateway installed per machine
• Cannot be hosted on a domain controller
• Requires Windows host (Win 7 / 2008 R2 or later)
• Must use Azure school or work account
• No current support for High Availability (but on roadmap)
27
28. Integrating the DigitalEnterprise
On-Premises Data Gateway – Pricing
ON-PREMISES DATA GATEWAY PRICING
FREE!! (but you pay for the services that use it)
MONTHLY USAGE SCENARIO:
Logic App Action Quantity / month Price Cost
Polling trigger (1 min interval) 43,200 0.0008 $ 34.56
Execution shape (first 250K) 206,800 0.0008 $ 165.44
Execution shape (next 750K) 750,000 0.0004 $ 300.00
TOTAL COST: $ 500.00
31. Integrating the DigitalEnterprise
Scenario 1: Azure Web/Mobile App to On-Prem
Corporate Network
Hybrid Connection Hybrid Connection
Manager
Web App
Microsoft SQL Server
32. Integrating the DigitalEnterprise
Scenario 1: Azure Web/Mobile App to On-Prem
Alternatives:
WCF Relay Point 2 Site
VNET
Logic App +
OPDG
Expose resources at a fine-grained level
Leverage WCF stack features
Use Active Directory Authentication X X
Move large amount of data
Minimise ongoing cost
34. Integrating the DigitalEnterprise
Scenario 2: IaaS Server (VM) to On-Prem
Corporate Network
Microsoft SQL Server
Hybrid Connection
Other published resources
Port Bridge
ServerVM
35. Integrating the DigitalEnterprise
Scenario 2: IaaS Server to On-Prem
Alternatives:
WCF Relay Logic App +
OPDG
Site 2 Site
VNET
Expose resources at a fine-grained level
Leverage WCF stack features
Use Active Directory Authentication X X
Move large amount of data
Minimise ongoing cost
Leverage managed connector(s) X
38. Integrating the DigitalEnterprise
Scenario 3: SaaS Service to On-Prem
Alternatives:
API Gateway
w/VNET
WCF Relay Hybrid
Connection
Expose resources at a fine-grained level
Leverage WCF stack features X
Move large amount of data () X
Minimise ongoing cost
Protocol translation X
Tracking / Monetization
40. Integrating the DigitalEnterprise
Corporate NetworkPartner Network
Logic App On-Prem Data
Gateway
OPDG Manager
Enterprise Integration Pack
Maps TPMSchemas
Scenario 4: Business to Business
41. Integrating the DigitalEnterprise
Scenario 4: Business to Business
Alternatives:
API Gateway
w/VNET
WCF Relay Hybrid
Connection
Expose resources at a fine-grained level
Leverage WCF stack features X
Move large amount of data () X
Minimise ongoing cost
Protocol translation X
Tracking / Monetization
43. Integrating the DigitalEnterprise
Scenario 5: Service Fabric Cluster to On-Prem
Corporate Network
Microsoft SQL Server
Hybrid Connection
Other published resourcesPort Bridge
Server
Service Fabric
{}
{}
{}
44. Integrating the DigitalEnterprise
Scenario 5: Service Fabric Cluster to On-Prem
Alternatives:
WCF Relay Logic App +
OPDG
Site 2 Site
VNET
Expose resources at a fine-grained level
Leverage WCF stack features
Use Active Directory Authentication X X
Move large amount of data
Minimise ongoing cost
Leverage managed connector(s) X
45. Integrating the DigitalEnterprise
Use <this> technology when…
VPN • Multiple
resources and
protocols
require
connectivity
• Integration with
a single AD is
required
• High bandwidth
low latency
demands
• Network
reconfiguration
is justified
WCFRelay
• Client is outside
of Azure
• Client is not a
Web Site or
Mobile Service
• Fine-grained
exposure of
WCF services
required
• Desire to
leverage
features of the
WCF stack
• Ongoing costs is
a factor
HybridConnections
• Client is a Web
App or Mobile
App (codeless)
• Target is a port
based
connection to
an application
server
• Connecting to a
TCP resource
that is not .NET
or even
Windows
• Administrators
want fine-
grained control
and auditing
On-PremDataGateway
• A fully PaaS
solution is
desired
• LOB is one of
the supported
managed
connection
types
• Supporting
B2B/EDI via
Logic Apps &
EIP
• Tracking is
required
46. Integrating the DigitalEnterprise
Cost/Effort Comparison
D
E
V
E
F
F
O
R
T
O N G O I N G M O N T H L Y C O S T
26
4
1
3
5
7
$10 $100 $200 $500 $750 $1000
Dev effort pertains to hybrid integration part only, not application functionality
Scale is non-linear
ID Description Operational Qty/mo
1 WCF Relay 1 relay, 1m msgs
2 OPDG w/Logic App 5x actions, 1 min trigger
3 VNET w/Web App Std ASP S1, 1 Web App
4 VNET w/APIM APIM Std
5 VNET w/APIM & App Gateway & WAF APIM Std, AG Med
6 HC w/Web App 1 listener, 10GB data, Std ASP
7 HC w/VM 1 listener, 10GB data + D2 v2 VM
High
Med
Low
47. Integrating the DigitalEnterprise
References
• The New Azure Hybrid Connections
https://www.mexia.com.au/the-new-azure-hybrid-connections/
• Hybrid Connectivity Options in the Microsoft Cloud
https://www.biztalk360.com/integrate-2014/hybrid-connectivity-options-microsoft-cloud/
• Why use Service Bus Relay now I have Hybrid Connections?
http://microsoftintegration.guru/2014/07/07/use-service-bus-relay-now-hybrid-connections/
• On-Premises Data Gateway
https://docs.microsoft.com/en-us/azure/analysis-services/analysis-services-gateway
• What Is Azure Relay?
https://docs.microsoft.com/en-us/azure/service-bus-relay/relay-what-is-it
• Understanding Azure Relay
https://www.servicebus360.com/blogs/understanding-azure-relay/
• Azure Relay Samples on GitHub
https://github.com/Azure/azure-relay/tree/master/samples/WCF%20Relay
Gold Partner in Cloud Platform and Application Integration
Microsoft Australian Partner of the Year!
BizTalk360 partner as well
Must limit scope to fit into 30 minutes
This is about real-time connectivity – not integration patterns
Focussing on non-network solutions (less IP Pro)
Possibly a better title? But not as sexy…
Solutions can be categorised into two groups:
Options based on network level changes
Options that do NOT require network changes
Point-to-site virtual private network (VPN):
Established between a single PC connected to your network and the VNet.
Uses the SSTP protocol to provide encrypted communication over the Internet between the PC and the VNet.
The latency for a point-to-site VPN is less predictable, since the traffic traverses the Internet.
Site-to-site VPN:
Established between your VPN device and an Azure VPN Gateway.
Connection is an IPSec/IKE VPN that provides encrypted communication over the Internet between your on-premises device and the Azure VPN gateway.
The latency for a site-to-site connection is less predictable, since the traffic traverses the Internet.
Azure ExpressRoute:
Established between your network and Azure, through an ExpressRoute partner.
This connection is private. Traffic does not traverse the Internet.
VNET Integration only works with apps in a Standard or Premium pricing plan.
If your target virtual network already exists, it must have point-to-site VPN enabled with a Dynamic routing gateway before it can be connected to an app. Does not support Static routing.
The VNET must be in the same subscription as your App Service Plan(ASP).
The apps that integrate with a VNET will use the DNS that is specified for that VNET.
By default your integrating apps will only route traffic into your VNET based on the routes that are defined in your VNET.
APIM: Caching, security, Agility, Analytics
No reliance on IT Ops, Security governance, etc.
Getting out of your corporate network is usually easy
Getting in is typically very difficult!
Michael Stephenson: “Secure router in the sky”
Quick Win: Hybrid Integration in a day
Service Bus Relay has been “rebranded” as part of Azure Relay (but still basically the same)
Hybrid Connections (v2) has been overhauled and improved tremendously
Service Bus offered relays almost from the beginning of Azure
Built on the WCF capability
Security was originally ACS, but now SAS
can be consumed by lots of different tech, eg biztalk, soap, rest, crm online and is very reusable
FIND OUT: Are there associated data egress charges??
Built on Web Sockets so not confined to Windows
Examples include Apache Thrift
Easy to setup – download the HCM
Codeless solution!
Lift & shift
Multiple instances of the Hybrid Connection Manager can be used on-premises for resiliency and load-balancing.
Using the API to manage port bridge connections
Can connect almost anything!
Watch out for high data usage
This is THE solution for PaaS based integrations!
160+ connectors at the Azure side
Codeless solution
OPDG is just an add-on feature, not an independent service like WCF Relay / Hybrid Connection
Maybe ask the audience:
How many people think that a WCF Relay is the best solution here?
How many think a Hybrid Connection is best?
How many would use an On Prem Data Gateway?
How many think a VNET is the only way to solve this?
Primary Solution: Azure Relay Hybrid Connections
Super easy to configure
Can use multiple HC’s to talk to multiple systems
Very inexpensive
No network reconfiguration
WCF Relay (if need to restrict to a single application/endpoint or wish to use WCF application stack, i.e. Message Security, Reliable Sessions, etc)
VNET integration (if cannot identify system by hostname & port number, or if require Active Directory authentication)
ExpressRoute w/App Service Environment (massive data / bandwidth / low latency requirements)
Primary Solution: Azure Relay Hybrid Connections
Port Bridging service in both IaaS and On-Prem server
Requires some custom code (mostly from GitHub sample)
Deploy a Windows service both on-prem and on IaaS VM
WCF Relay (if need to restrict to a single application/endpoint or wish to use WCF stack)
Logic App + On-Prem Data Gateway (if supported connector exists for the target on-prem system)
S2S VNET (if cannot identify system by hostname & port number OR require Active Directory authentication)
Can use ExpressRoute for massive data / bandwidth / low latency requirements
No-Brainer Solution: On-Prem Data Gateway
Use with Logic App and managed connectors
Fully PaaS solution
On-Prem BizTalk Server improves the story even more! (plug Wagner’s presentation)
API Management (connected to a VNET)
WCF Relay (if client can talk .NET or REST)
Azure Relay Hybrid Connections (via Web App)
Primary Solution: On-Prem Data Gateway
Use with Logic App and Enterprise Integration Pack
Fully PaaS solution
Supports EDI if req’d
API Management (connected to a VNET)
Azure Relay (Hybrid Connections or WCF Relay)
For EDI support, can connect to an on-prem BizTalk Server
Custom solution?
Primary Solution: Azure Relay Hybrid Connections
Port Bridging service hosted in a microservice and an On-Prem server (haven’t tested this…)
Requires some custom code (mostly from GitHub sample)
NOT TESTED!
WCF Relay (if need to restrict to a single application/endpoint or wish to use WCF stack)
Logic App + On-Prem Data Gateway (if connector exists for the target system)
S2S VNET (if cannot identify system by hostname & port number OR require Active Directory authentication)
Can use ExpressRoute for massive data / bandwidth / low latency requirements
Is this slide useful?
This slide attempts to show a relative comparison of ongoing cost and development effort required for each technology.
80% of this course still relevant for the codeless option (ignore MABS setup bit)