Cluster computing

Tuesday, April 30, 2024

This is a continuation of previous articles on IaC shortcomings and resolutions. One of the primary concerns with cloud-based deployment is cost and there are several built-in features at all levels of resource hierarchy and management portal to become more efficient. Some of the mitigations translate back into the IaC where, for example, existing app services in Azure public cloud that were behind several regional Application Gateways may need to be directly associated with a consolidated global FrontDoor. Such transitions must be carefully planned as there is a chance this will affect ongoing traffic. Both source and destination might have their own DNS aliases and callers may need to eventually move to the global FrontDoor.

The steps can be easily articulated in the form of azure cli commands as requiring the creation of a new origin group within the FrontDoor backend and adding the app services as origin within the group, then creating the ruleset and route to associate with the origin group which are listed in the addendum below.

However, care must be taken to ensure that the resources with private links are not mixed with the resources without private links. So, the organization of app services might differ from the source. Another difference might be the creation of appropriate ruleset where the rules articulate a more fine-grained redirect than was possible earlier. That said, Front Door offers fewer rewriting capabilities than the source, so some selection might be involved.

Finally, it is important to prepare for the contingency of region failures so the FrontDoor can divert traffic between regions. Configuration that prevents this will likely not help with Business Continuity and Disaster Recovery initiatives. Also, probes, logging, private network access, and continuous monitoring for usage and costs will be incurred.

Addendum: steps for automation

# assuming a FrontDoor already exists that can be displayed with:

# az afd profile show --name my-fd-01 --resource-group rg-afd-01

az afd origin-group create \

--resource-group rg-afd-01 \

--origin-group-name my-fd-01-og-02 \

--profile-name my-fd-01 \

--probe-request-type GET \

--probe-protocol Https \

--probe-interval-in-seconds 120 \

--probe-path / \

--sample-size 4 \

--successful-samples-required 3 \

--additional-latency-in-milliseconds 50

az afd origin create \

--resource-group rg-afd-01 \

--host-name web-app-01.azurewebsites.net \

--profile-name my-fd-01 \

--origin-group-name my-fd-01-og-02 \

--origin-name web-app-01 \

--origin-host-header web-app-01.azurewebsites.net \

--priority 2 \

--weight 1000 \

--enabled-state Enabled \

--http-port 80 \

--https-port 443

az afd origin create \

--resource-group rg-afd-01 \

--host-name web-app-02.azurewebsites.net \

--profile-name my-fd-01 \

--origin-group-name my-fd-01-og-02 \

--origin-name web-app-02 \

--origin-host-header web-app-02.azurewebsites.net \

--priority 2 \

--weight 1000 \

--enabled-state Enabled \

--http-port 80 \

--https-port 443

az afd route create \

--resource-group rg-afd-01 \

--endpoint-name my-fd-01-ep \

--profile-name my-fd-01 \

--route-name my-fd-01-route-02 \

--https-redirect Enabled \

--origin-group my-fd-01-og-02 \

--supported-protocols Https Http \

--link-to-default-domain Enabled \

--forwarding-protocol MatchRequest \

--patterns-to-match /* \

--custom-domains my-fd-01-cd

az afd rule-set create \

--profile-name my-fd-01 \

--resource-group rg-afd-01 \

--rule-set-name ruleset02

az afd rule create \

--resource-group rg-afd-01 \

--rule-set-name ruleset02 \

--profile-name my-fd-01 \

--order 1 \

--match-variable UrlPath \

--operator Contains \

--match-values web-app-01 \

--rule-name rule01 \

--action-name UrlRedirect \

--redirect-protocol Https \

--redirect-type Moved \

--custom-hostname web-app-01.azurewebsites.net

az afd rule create \

--resource-group rg-afd-01 \

--rule-set-name ruleset02 \

--profile-name my-fd-01 \

--order 2 \

--match-variable UrlPath \

--operator Contains \

--match-values web-app-02 \

--rule-name rule02 \

--action-name UrlRedirect \

--redirect-protocol Https \

--redirect-type Moved \

--custom-hostname web-app-02.azurewebsites.net

Monday, April 29, 2024

This is an article on when to go local for hosting automation and apps before eventually moving it to the cloud. In the era of cloud-first development, this still holds value. We take the specific example of building copilots locally. The alternative paradigm to local data processing is federated learning and inferences which helps with privacy preservation, improved data diversity and decentralized data ownership but works best with mature machine learning models.

As a recap, a Copilot is an AI companion that can communicate with a user over a prompt and a response. It can be used for various services such as Azure and Security, and it respects subscription filters. Copilots help users figure out workflows, queries, code and even the links to documentation. They can even obey commands such as changing the theme to light or dark mode. Copilots are well-integrated with many connectors and types of data sources supported. They implement different Natural Language Processing models and are available in various flagship products such as Microsoft 365 and GitHub. They can help create emails, code and collaboration artifacts faster and better.   

This article delves into the creation of a copilot to suggest IaC code relevant to a query. It follows the same precedence as a GitHub Copilot that helps developers write code in programming languages. It is powered by the OpenAI Codex model, which is a modified production version of the Generative Pre-trained Transformer-3 aka (GPT-3). The GPT-3 AI model created by OpenAI features 175 billion parameters for language processing. This is a collaboration effort between OpenAI, Microsoft and GitHub.   

A copilot can be developed with no code using Azure OpenAI studio. We just need to instantiate a studio, associate a model, add the data sources, and allow the model to train. The models differ in syntactic or semantic search.  The latter uses a concept called embedding that discovers the latent meaning behind the occurrences of tokens in the given data. So, it is more inclusive than the former.  A search for time will specifically search for that keyword with the GPT-3 but a search for clock will include the references to time with a model that leverages embeddings.  Either way, a search service is required to create an index over the dataset because it facilitates fast retrieval. A database such as Azure Cosmos DB can be used to assist with vector search.  

At present, all these resources are created in a cloud, but their functionality can also be recreated on a local Windows machine with the upcoming release of the Windows AI Studio. This helps to train the model on documents that are available only locally. Usually, the time to set up the resources is only a couple of minutes but the time to train the model on all the data is the bulk of the duration after which the model can start making responses to the queries posed by the user. The time for the model to respond once it is trained is usually in the order of a couple of seconds.  A cloud storage account has the luxury to retain documents indefinitely and with no limit to size but the training of a model on the corresponding data accrues cost and increases with the size of the data ingested to form an index.  

Sunday, April 28, 2024

This is an article about the hosting of automation and apps in the public cloud versus the private datacenters given that source code repository and pipelines are not part of the cloud. When it comes to hosting automation and apps, there are some key differences between the public cloud and private datacenters. Let's break it down: 1. Infrastructure Ownership: o Public Cloud: In the public cloud, the infrastructure is owned and managed by a third-party provider like Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform (GCP). Users can access and use this shared infrastructure on a payas-you-go basis. o Private Datacenters: Private datacenters, on the other hand, are owned and operated by the organization itself. This means that the organization has full control over the infrastructure and can customize it based on their specific requirements. 2. Scalability: o Public Cloud: Public cloud providers offer virtually unlimited scalability, allowing users to easily scale their resources up or down based on demand. This elasticity enables organizations to handle spikes in traffic or resource requirements without having to invest in additional hardware. o Private Datacenters: Private datacenters typically have finite resources, and scaling can be more complex and time-consuming. Organizations need to plan and provision resources in advance, which may require upfront investments. 3. Maintenance and Management: o Public Cloud: Public cloud providers handle the maintenance and management of the underlying infrastructure, including server hardware, networking, and security. This allows organizations to focus on developing and deploying their applications without worrying about infrastructure management. o Private Datacenters: In private datacenters, the organization is responsible for maintaining and managing the infrastructure, which includes tasks like hardware maintenance, security, and software updates. This requires dedicated IT personnel and can be more resource-intensive. 4. Security and Compliance: o Public Cloud: Public cloud providers invest heavily in security and compliance measures to protect customer data. They offer various security services and certifications, making it easier for organizations to achieve compliance with industry standards and regulations. o Private Datacenters: With private datacenters, organizations have more control over security measures and can implement their own security protocols. However, this also means they are solely responsible for ensuring compliance and maintaining a secure environment. It's worth mentioning that while the hosting of automation and apps can be done in the public cloud or private datacenters, the source code repository and pipelines are not inherently part of the cloud infrastructure. These components are typically managed separately, either on-premises or using cloud-based services like GitLab, GitHub, or Bitbucket. Ultimately, the choice between public cloud and private datacenters depends on factors such as scalability needs, control requirements, security considerations, and budgetary constraints. Organizations often opt for a hybrid cloud approach, leveraging both public and private infrastructure to achieve a balance between flexibility, control, and cost-effectiveness Sample automation: https://github.com/raja0034/booksonsoftwarets

Saturday, April 27, 2024

This is a summary of the book “Anatomy of a Breakthrough – How to get unstuck when it matters the most” written by Adam Alter and published by Simon and Schuster in 2023. This book is about the framework for getting unstuck given that everyone can get stuck including celebrities like Brie Larson, Brian Chesky and Jeff Bezos. It is full of psychological research, anecdotes and practical tips. His roadmap to getting energized for the long run positions us for our breakthrough. This involves not giving up too quickly, identifying and solving problems now, focusing on reducing anxiety, challenging ourselves in the right increments, simplifying complex problems, and remaining curious and questioning our views. We regain momentum by getting active and boosting our motivation.

Everyone gets stuck at some point in life, whether in a job, hobby, relationship, creatively or personally. Even successful individuals, such as Brie Larson, Airbnb founders, Amazon founder Jeff Bezos, and Game of Thrones fans, have experienced long periods of stuckness. People often feel isolated and believe they are victims of terrible luck, not realizing the universal experience. Psychological phenomena underpin this skewed perception, as people tend to focus on their own difficulties while overlooking those facing others. Headwinds/tailwinds asymmetry is a phenomenon that causes people to overestimate their hardships and underestimate their good fortune.

People usually get stuck in the middle of a project or when they reach a plateau. To avoid a midcourse slump, eliminate the middle as much as possible by using narrow bracketing techniques. However, be cautious of relying on these techniques for too long, as they can lose their power over time. Success takes time and effort, and people's best ideas usually come late in the process.

Identify and solve problems early to avoid trapping you later. Three common traps can hinder problem-solving: failing to see a problem exists, assuming a problem is too small to need attention, and believing the problem is too remote to matter. To avoid these traps, slow down, notice snags, and challenge assumptions. Perform frequent reviews to prevent small problems from growing too large. Focus on reducing anxiety to move beyond paralysis and avoid perfectionism. Instead of aiming for perfection, strive for excellence and set achievable standards. Avoid the expectation of complete originality and focus on finding optimally distinct ideas. Challenge yourself in the right increments, not too much too fast. Researchers found a sweet spot in the ratio of success to failure, where one failure out of every five or six attempts is optimal. Accept failure as a natural part of progress and view it as a signal for stepping out of your comfort zone and engaging with challenges that foster learning.

Challenges can come with hardships, such as discomfort or fear. To increase your capacity to undertake challenges, apply the "hardship inoculation" approach, which involves a small dose of a virus before full exposure to the disease. This approach can help overcome discomforts like fear and disappointment.

Simplify complex problems by conducting a "friction audit," which helps identify friction points that cause bottlenecks, struggles, waste, or failure. By removing or simplifying these points, you can move towards a solution.

Remaining curious and questioning your views can reduce the chances of getting stuck. Experimenting to reveal new techniques and strategies can lead to breakthroughs. Questioning and wondering can help revive curiosity and help you learn.

Regain momentum by becoming active and boosting motivation. Focus on taking actions where you excel, such as observing, identifying problems, and collecting data. By applying these strategies, you can overcome obstacles and move forward in life.

Friday, April 26, 2024

Integer Arrays A and B are grid line co-ordinates along x and y-axis respectively bounded by a rectangle of size X * Y. If the sizes of the sub-rectangles withing the bounding rectangle were arranged in the descending order, return the size of the Kth rectangle.

   public static int getKthRectangle(int X, int Y, int K, int [] A, int[] B){
        int[] width = calculateSideLength(A, X);
        int[] height = calculateSideLength(B, Y);

      Arrays.sort(width);
        Arrays.sort(height);
        int start = 1;
        int end = width[width.length-1] * height[height.length-1];
        int result = 0;
        while (start <= end) {
            int mid = (start + end)/2;
            if (greater(X, Y, mid, width, height) >= K) {
                start = mid+1;
                result = mid;
            } else {
                end = mid - 1;
            }
        }
        return result;
    }

    public static int greater(int X, int Y, int mid, int[] width, int[] height){
        int N = width.length;
        int result = 0;
        int j = N-1;
        for (int i = 0; i < N; i++){
            while (j >= 0 && width[i] * height[j] >= mid) {
                j--;
            }
            result += N-1-j;
        }
        return result;
    }

public static int[] calculateSideLength(int[] X, int M) {
    int[] length = new int[X.length+1];
    for (int i = 0; i < X.length; i++){
        if ( i == 0) {
            length[i] = X[i] - 0;
        } else {
            length[i] = X[i] - X[i-1];
        }
    }
    length[X.length] = M - X[X.length-1];
    return length;
}

A: 1 3 X: 6

B: 1 5 Y: 7

width: 1 2 3

height: 1 4 2

K’th rectangle size: 6
The calculation of the side length remains the same for both X-axis and Y-axis.

Thursday, April 25, 2024

Generative Artificial Intelligence (AI) refers to a subset of AI algorithms and models that can generate new and original content, such as images, text, music, or even entire virtual worlds. Unlike other AI models that rely on pre-existing data to make predictions or classifications, generative AI models create new content based on patterns and information they have learned from training data.

One of the most well-known examples of generative AI is Generative Adversarial Networks (GANs). GANs consist of two neural networks: a generator and a discriminator. The generator network creates new content, while the discriminator network evaluates the content and provides feedback to the generator. Through an iterative process, both networks learn and improve their performance, resulting in the generation of more realistic and high-quality content.

Generative AI has made significant advancements in various domains. In the field of computer vision, generative models can create realistic images or even generate entirely new images based on certain prompts or conditions. In natural language processing, generative models can generate coherent and contextually relevant text, making them useful for tasks like text summarization, translation, or even creative writing.

However, it is important to note that generative AI models can sometimes produce biased or inappropriate content, as they learn from the data they are trained on, which may contain inherent biases. Ensuring ethical and responsible use of generative AI is an ongoing challenge in the field.

Generative AI also presents exciting opportunities for creative industries. Artists can use generative models as tools to inspire their work or create new forms of art. Musicians can leverage generative AI models to compose music or generate novel melodies.

Overall, generative AI holds great potential for innovation and creativity, but it also raises important ethical considerations that need to be addressed to ensure its responsible and beneficial use in various domains.

Some examples of text generation models include ChatGPT, Copilot, Gemini, and LLaMA which are often collectively referred to as chatbots. They generate human-like responses to queries. Image generation models include Stable Diffusion, Midjourney, and DALL-E which create images from textual descriptions. Video generation models include Sora which can produce videos based on prompts. Other domains where Generative AI finds applications are in software development, healthcare, finance, entertainment, customer service, sales, marketing, art, writing, fashion, and product design.

In Azure, a copilot can be developed with no code using Azure OpenAI studio. We just need to instantiate a studio, associate a model, add the data sources, and allow the model to train. The models differ in syntactic or semantic search. The latter uses a concept called embedding that discovers the latent meaning behind the occurrences of tokens in the given data. So, it is more inclusive than the former. A search for time will specifically search for that keyword with the GPT-3 but a search for clock will include the references to time with a model that leverages embeddings. Either way, a search service is required to create an index over the dataset because it facilitates fast retrieval. A database such as Azure Cosmos DB can be used to assist with vector search.

Wednesday, April 24, 2024

This is a continuation of previous articles on IaC shortcomings and resolutions. In this section, we discuss the IP restrictions between sender and receiver in cloud resources. Let us take the example of an application gateway and app services behind the gateway. As a layer 7 resource, http proxy and http request rewrite capabilities, the gateway routes traffic by path to different app services. These app services can allow promiscuous web traffic or specify origin ip restrictions via ip restriction rules. With the rules specifying origin as gateway, there is some hardening but there is no restrictions to who the caller are behind the gateway and app services have the potential to determine that as well.

This is where some co-operation is needed between the application gateway and the app services. The gateway automatically adds additional headers to indicate the source ip of the traffic. The app services would have a rule for the gateway indicating the source ip block for the gateway typically in an ip-address-with-/32 prefix notation and additional filters for matching the values of anticipated source ip ranges behind the gateway. There are four headers in all out of which the x_forwarded_host and x_forwarded_for bear the hostnames and the ip ranges.

The x_forwarded_host seldom works when the gateway hostname is specified. This is not a shortcoming but header is used to identify the original host requested by the client in the Host HTTP request header and since name to ip resolutions might involve several layers of resolution, the values specified in the header for the clients might not agree. It is useful in the case where the reverse proxies such as load balancers or CDNs are involved, the host names and ports may differ from the origin server handling the request. With SSL termination, the source IP becomes that of the gateway and so this header preserves the original url’s location. Leaving this header blank and using the other header works in most deployments.

The X-Forwarded-For header provides information about the client’s IP address (or a chain of proxy IP addresses) that initiated the request. When requests pass through multiple proxies or load balancers, each proxy adds its own IP address to the X-Forwarded-For header. Azure App Services can use this header to determine the original client IP address, even if the request came through intermediate proxies. Specifying the CIDR for IP ranges in a comma separated string works in most deployments to match the clients with the requests and allow them selectively through the gateway’s firehose traffic.

Together with source ip restrictions, these headers enable sufficient hardening to the web traffic at the app service.