cloudification: emergent problems

Photo by Stephan Seeber on Pexels.com
Photo by Stephan Seeber on Pexels.com
 

The great philosopher of science, Sir Karl Popper said that all problems are either like clock or clouds. The former can the taken apart and its sub problems can be addressed independently. The latter is more complicated, dynamic; and their sub parts are inter-related and inter-locked. We need solutions for clouds problem as a whole and not solely for its parts. In the field of computer science, many problems are clock based, we are trained to break complex problems apart, model them and find good algorithms and/or heuristics to get solutions. However, cloudification may be an emergent one because a cloud solution usually contains many different subcomponents and they are inter-related. Any changes in one of these components affect the other ones.

Hosting solutions in the cloud (not the clouds that Sir Popper was referring to) may be an emergent problem; and cloud vendors are providing tools to alleviate the situations. In this article, we share some of the challenges, solutions and talking points.

It is evident that the contributions of Hashicorp to Terraform is driving many successes of cloud deployments. Almost all the software vendors are embracing Terraform by adding and maintaining Terraform modules. These modules can be tested independently and reused so that automated infrastructure deployments can be developed with scripts and maintained. Human errors can be eliminated; and scripts can be reviewed and versioned (git is usually used). We often hear about Infrastructure as Code (IaC) and it is the pre-requisite for cloud infrastructure deployments for many enterprises.

It is nice to automate setting up and tearing down cloud infrastructures. This naturally leads us to this question: “Who is/are authorized to perform these tasks?”. Authorization is needed otherwise someone who does not have the right permissions can

  • bring up a huge deployment and the organization has to pay for it
  • bring out a deployment abruptly and cause chaos

Service principal (or technical user) and an entity can be given the permissions to act accordingly. This requires careful thinking and proper policy enforcements. The authorization model shall be different for different scenarios such as Production, Canary, Development, QA, etc. It is obvious that this can be a complicated thing to deal with if we do not have proper procedures in place. Fortunately, in many large enterprises, authorization models are designed and implemented in a comprehensive manner. The security experts grant the correct permissions which are provided by cloud vendor to a group of users/identities. This goes beyond granting permissions for infrastructure deployments; it includes granting identities (which can be users, applications, etc.) to perform other tasks such as approving git‘s pull requests; creating new pipelines; etc. Then the next thing to consider would be Authentication and Identity Management. For Microsoft, Azure Active Directory is usually the Identity Service Provider (IdP) and there may be an Authentication Layer such as OAuth 2.0 and SAML2 on top of it.

From these few points (we have not touched on many other compositions in the cloud), it is obvious that different components are inter-related. Infrastructure is related to Authorization which depends on Authentication and Identity Management. Any changes in authentication and authorization may affect infrastructure. On the other hand, changes in infrastructure may need change in authorization.

It is crucial for component owners to understand the inter-dependencies and requirements as we need to constantly adapt to the dynamic environment. Therefore, new cloud deployment needs time to stabilize as administrators continuously monitor the cloud activities. The good news is that all major cloud vendors have monitoring tools and dashboards for tracking cloud related activities; and we can create triggers for abnormalities.

We like to think that we can bring in different components into our cloud infrastructure; and they would work together as a whole. In fact, we need to add more layers for orchestration, authorization (for component to component communication), notifications, triggers, etc. Moreover, there are often more that one way to do these; and we need to weigh the advantages and disadvantages of these solutions.

Transitioning to the cloud can be a mountainous task if we do not know the procedures and available tools. I suggest that you reach out to your cloud vendors for assistance; and they can provide you with more insights and best practices. In my opinion, deploying a cloud solution is not the most difficult task. People are struggling with debugging and handling logistic matters (such as renewing .X509 certificate). Many components are inter-related; failure in one component may have a domino effect. It is important to carry out what-if analysis, simulated failures, and testing.


Comments

Post a Comment

Popular posts from this blog

OpenAI: Functions Feature in 2023-07-01-preview API version

Image
  Image from https://www.pexels.com/@pavel-danilyuk/ One of the cool features of OpenAI version 2023-07-01 is its custom Functions feature. This feature is close to me because I am working on a project where we require OpenAI to generate JSON responses. We always want the generated JSON to be consistent, otherwise, we need to do some post-processing tasks to get the JSON object in the correct schema. In the blog, we observe the completion with and without this new feature. Development Setup python -m venv .venv poetry init poetry shell poetry add openai poetry add python-dotenv poetry add pydantic I am using Python version 3.11 Create .env file OPENAI_API_TYPE="azure" OPENAI_API_BASE="<OpenAI endpoint>" OPENAI_API_KEY="<OpenAI secret>" OPENAI_API_VERSION="2023-07-01-preview" OPENAI_DEPLOYMENT_ID="<deployment identifier>" Without OpenAI functions feature We use two sample texts for experimentation. We want to get the na
Read more

Storing embedding in Azure Database for PostgreSQL

Image
  Image from https://www.pexels.com/@tara-winstead/ There are many options to store text embeddings. In this blog, we shall look at storing embedding in Azure Database for PostgreSQL. Installing Azure Database for PostgreSQL Install Azure Database for PostgreSQL Flexible Server.  Once it is deployed, enable two extensions. Install Python modules python -m venv .venv poetry init poetry shell poetry add openai[datalib] poetry add python-dotenv poetry add psycopg2-binary My Python version is 3.10. Create .env OPENAI_API_TYPE="azure" OPENAI_API_BASE="<HTTP endpoint to Azure OpenAI Service>" OPENAI_API_KEY="<secret to Azure OpenAI Service>" OPENAI_API_VERSION="2023-05-15" TEXT_MODEL="<deployment id of text embedding model>" PGHOST="<my-service>.postgres.database.azure.com" PGUSER="<user name>" PGPASSWORD="<secret>" PGPORT="5432" PGDATABASE="< database name
Read more

Happy New Year, 2024 from DALL-E

Image
generated by DALL-E Wishing everyone a happy new year. Year 2023 is great for me because I learned much about OpenAI. I am involved in a live deployment with it, and involved in a handful of interesting user scenarios around it. On top of this, a copilot hackathon. The image above is generated by DALL-E and following is the code. 1. Dependencies python = "^3.10" pydantic-settings = "^2.1.0" openai = "^1.3.8" 2. Environment Parameters OPENAI_AZURE_ENDPOINT="<your azure openai endpoint>" AZURE_OPENAI_API_KEY="<your azure openai secret>" OPENAI_API_VERSION="2023-12-01-preview" OPENAI_DALLE_MODEL="dalle" Note: OPENAI_API_VERSION has to be 2023-12-01-preview otherwise you will get an exception openai.NotFoundError: Error code: 404 - {'error': {'code': '404', 'message': 'Resource not found'}} dalle  is the name of my dall-e-3 deployment model. You need to change it to
Read more