Rohan Chakravarthy

Threat Modeling (for beginners)

Threat Modeling (for beginners)

You need to identify threats before you can secure your application. This post covers the fundamentals of threat modeling and how to incorporate it into your existing software development lifecycle

AWS VPC Subnet Groups

AWS VPC Subnet Groups

The L2 VPC cdk construct accepts a list of Subnet Groups. This post explains how subnet groups work, and the reason for some defaults.

Lets Encrypt + Haproxy

Lets Encrypt + Haproxy

I recently found this great docker image that encapsulates haproxy and cert renewal into a single container

AWS Subscription Required: The AWS Access Key Id needs a subscription for the service

AWS Subscription Required: The AWS Access Key Id needs a subscription for the service

I hit an odd error while bootstrapping a new account through cdk bootstrap: SubscriptionRequiredException

Moving Towards High-Value Health Care in the US (Introduction)

Moving Towards High-Value Health Care in the US (Introduction)

It's taken me way too long to do an in-depth study of the current state of healthcare in the US considering building software solutions to provide quality care is now my full time job! I think we all know something is wrong with the healthcare system in the US. The

Interesting announcements at Ignite 2018

I thought I'd share some of the announcements at Microsoft Ignite 2018 that I found really interesting. Obviously this is a subset of announcements, related only to products I've used or am planning to use in the future. IoT Hub/Edge: 1. There’s a Jenkins plugin for edge modules

Generate valid signed X509 client certificates with pyopenssl

I spent a while today trying to figure out why a certificate deemed valid by the openssl verify command was invalid on my Windows machine. Errors such as: * "This certificate has an invalid digital signature." * "The integrity of this certificate cannot be guaranteed. The certificate may have been corrupted or

Active Directory

SSSD with Active Directory on Ubuntu

We're in the middle of deploying multiple Hadoop clusters with different flavors. Since many of Azure's larger customers use an on-prem Active Directory forest for authentication, extending those identities and permissions to their Hadoop clusters was an important requirement. Once the Hadoop cluster's been Kerberized, various security/identity features including

Deploying an AWS EMR cluster with on-prem/cross-cloud Active Directory Authentication

Deploying an AWS EMR cluster with on-prem/cross-cloud Active Directory Authentication

If you're ever in the enviable position of having to get your AWS Elastic Map Reduce (EMR) cluster authenticating against an on-prem/cross-cloud Active Directory instance this post is for you! Let's break this down into the separate pieces we're going to need: 1. A VPN/Direct-Connect connection to the

Monitoring Kubernetes with Prometheus 2.1+, Grafana 5.1+ and Helm

Monitoring Kubernetes with Prometheus 2.1+, Grafana 5.1+ and Helm

I recently deployed a new Kubernetes cluster and needed to get my usual Prometheus + Grafana monitoring set up. For my last few deployments I've used a Helm chart that is at least 6 months old, so I thought I'd go with the latest and greatest this time around - and

Kubernetes for Everything! Part 2 - On demand Jenkins build agents

When I found out Kubernetes had support for Windows containers, I was pretty excited. I work with applications running on both Operating Systems so this opens up a lot of opportunities. I plan to explore building a CI/CD pipeline that can scale based on load, set up monitoring (both

Kubernetes for Everything! (With Windows and Linux on Azure) Part 1 - Jenkins

When I found out Kubernetes had support for Windows containers, I was pretty excited. I work with applications running on both Operating Systems so this opens up a lot of opportunities. I plan to explore building a CI/CD pipeline that can scale based on load, set up monitoring (both