This is a continuation of a previous article on cloud resources, their IaC, shortcomings and resolutions with some more exciting challenges to talk about. When compared with a variety of load balancer options, the Azure Front Door aka AFD we cited in the previous article often evokes misunderstanding about the term global. It is true that an instance of the Azure Front Door and CDN profile is not tied down to a region and in fact, appears with the location property set to the value global. But it is really catering to edge load balancing. When clients connect to it from a variety of different locations, AFD provides the entrypoint based on where the nearest edge location is. As a contrast and for a cross region or global load balancer, that’s always entering Azure from the same endpoint, so the entrypoint is what it decides as what is closest to that endpoint. Based on this entrypoint, clients from two different locations, an Azure cross region or global load balancer  will route in the same exact way. An AFD will determine the edge location and it doesn’t matter where the azure call was made but what is closest to the FD Edge location, and this provides higher control over latency. Having called out the difference, the similarity is that it uses anycast protocol and slip TCP. It is layer 7 technology and is solely internet facing.

One of the challenges from an internet facing resource is its addressability and the best practice to overcome limitations with ip address is to use DNS names always. This brings into consideration DNS caching where the nameserver goes down, but the time-to-live aka TTL helps to keep the routing going albeit to an unhealthy endpoint. A retry or re-resolve would fix this issue and again that falls under the best practices. Some other best practices are about determining whether the client needs a global or a regional solution, where the traffic enters Azure or if it is latency sensitive, what is the type of workload – on-premises or cloud or hybrid.

When the choice for Azure Front Door is determined, the above plays a big role in connecting destination cloud resources as origins in an origin group. Cloud solution architects are surprised when they connect app services with ip access restrictions behind the Front Door. No matter whether they specify one rule or another, or whether they include the ipv4 and ipv6 addresses that the Front Door endpoint resolves to, they will encounter a 403.  AFD leverages 192 edge locations across 109 metro cities – a vast global network of points of presence (POP) to bring the applications closer to the end users. When there are such multiple POP servers involved, all those POP servers must be allowed in the ip access restrictions in the Azure App Services. It is also possible to allowlist based on virtual networks.

Lastly, securing the access restrictions on the app services when it involves IP ACLs, is not complete without setting X-Azure-FDID header check to have the value of the Front Door’s unique identifier in the form of a universal identifier (GUID). This check prevents spoofing.

 This is a continuation of previous articles on IaC shortcomings and resolutions. One of the primary concerns with cloud-based deployment is cost and there are several built-in features at all levels of resource hierarchy and management portal to become more efficient.  Some of the mitigations translate back into the IaC where, for example, existing app services in Azure public cloud that were behind several regional Application Gateways may need to be directly associated with a consolidated global FrontDoor. Such transitions must be carefully planned as there is a chance this will affect ongoing traffic. Both source and destination might have their own DNS aliases and callers may need to eventually move to the global FrontDoor.

The steps can be easily articulated in the form of azure cli commands as requiring the creation of a new origin group within the FrontDoor backend and adding the app services as origin within the group, then creating the ruleset and route to associate with the origin group which are listed in the addendum below.

However, care must be taken to ensure that the resources with private links are not mixed with the resources without private links. So, the organization of app services might differ from the source. Another difference might be the creation of appropriate ruleset where the rules articulate a more fine-grained redirect than was possible earlier. That said, Front Door offers fewer rewriting capabilities than the source, so some selection might be involved.

Finally, it is important to prepare for the contingency of region failures so the FrontDoor can divert traffic between regions. Configuration that prevents this will likely not help with Business Continuity and Disaster Recovery initiatives. Also, probes, logging, private network access, and continuous monitoring for usage and costs will be incurred.

Addendum: steps for automation

# assuming a FrontDoor already exists that can be displayed with:

# az afd profile show --name my-fd-01 --resource-group rg-afd-01

 

az afd origin-group create \

    --resource-group rg-afd-01 \

    --origin-group-name my-fd-01-og-02 \

    --profile-name my-fd-01 \

    --probe-request-type GET \

    --probe-protocol Https \

    --probe-interval-in-seconds 120 \

    --probe-path / \

    --sample-size 4 \

    --successful-samples-required 3 \

    --additional-latency-in-milliseconds 50

 

az afd origin create \

    --resource-group rg-afd-01 \

    --host-name web-app-01.azurewebsites.net \

    --profile-name my-fd-01 \

    --origin-group-name my-fd-01-og-02 \

    --origin-name web-app-01 \

    --origin-host-header web-app-01.azurewebsites.net \

    --priority 2 \

    --weight 1000 \

    --enabled-state Enabled \

    --http-port 80 \

    --https-port 443

 

az afd origin create \

    --resource-group rg-afd-01 \

    --host-name web-app-02.azurewebsites.net \

    --profile-name my-fd-01 \

    --origin-group-name my-fd-01-og-02 \

    --origin-name web-app-02 \

    --origin-host-header web-app-02.azurewebsites.net \

    --priority 2 \

    --weight 1000 \

    --enabled-state Enabled \

    --http-port 80 \

    --https-port 443

 

az afd route create \

    --resource-group rg-afd-01 \

    --endpoint-name my-fd-01-ep \

    --profile-name my-fd-01 \

    --route-name my-fd-01-route-02 \

    --https-redirect Enabled \

    --origin-group my-fd-01-og-02 \

    --supported-protocols Https Http \

    --link-to-default-domain Enabled \

    --forwarding-protocol MatchRequest \

    --patterns-to-match /* \

    --custom-domains my-fd-01-cd

 

az afd rule-set create \

    --profile-name my-fd-01 \

    --resource-group rg-afd-01 \

    --rule-set-name ruleset02

 

az afd rule create \

    --resource-group rg-afd-01 \

    --rule-set-name ruleset02 \

    --profile-name my-fd-01  \

    --order 1 \

    --match-variable UrlPath \

    --operator Contains \

    --match-values web-app-01 \

    --rule-name rule01 \

    --action-name UrlRedirect \

    --redirect-protocol Https \

    --redirect-type Moved  \

    --custom-hostname web-app-01.azurewebsites.net

 

az afd rule create \

    --resource-group rg-afd-01 \

    --rule-set-name ruleset02 \

    --profile-name my-fd-01  \

    --order 2 \

    --match-variable UrlPath \

    --operator Contains \

    --match-values web-app-02 \

    --rule-name rule02 \

    --action-name UrlRedirect \

    --redirect-protocol Https \

    --redirect-type Moved  \

    --custom-hostname web-app-02.azurewebsites.net

 This is an article on when to go local for hosting automation and apps before eventually moving it to the cloud. In the era of cloud-first development, this still holds value. We take the specific example of building copilots locally. The alternative paradigm to local data processing is federated learning and inferences which helps with privacy preservation, improved data diversity and decentralized data ownership but works best with mature machine learning models. 

As a recap, a Copilot is an AI companion that can communicate with a user over a prompt and a response. It can be used for various services such as Azure and Security, and it respects subscription filters. Copilots help users figure out workflows, queries, code and even the links to documentation. They can even obey commands such as changing the theme to light or dark mode. Copilots are well-integrated with many connectors and types of data sources supported. They implement different Natural Language Processing models and are available in various flagship products such as Microsoft 365 and GitHub. They can help create emails, code and collaboration artifacts faster and better.    

  

This article delves into the creation of a copilot to suggest IaC code relevant to a query. It follows the same precedence as a GitHub Copilot that helps developers write code in programming languages. It is powered by the OpenAI Codex model, which is a modified production version of the Generative Pre-trained Transformer-3 aka (GPT-3). The GPT-3 AI model created by OpenAI features 175 billion parameters for language processing. This is a collaboration effort between OpenAI, Microsoft and GitHub.    

  

A copilot can be developed with no code using Azure OpenAI studio. We just need to instantiate a studio, associate a model, add the data sources, and allow the model to train. The models differ in syntactic or semantic search.  The latter uses a concept called embedding that discovers the latent meaning behind the occurrences of tokens in the given data. So, it is more inclusive than the former.  A search for time will specifically search for that keyword with the GPT-3 but a search for clock will include the references to time with a model that leverages embeddings.  Either way, a search service is required to create an index over the dataset because it facilitates fast retrieval. A database such as Azure Cosmos DB can be used to assist with vector search.   

  

At present, all these resources are created in a cloud, but their functionality can also be recreated on a local Windows machine with the upcoming release of the Windows AI Studio. This helps to train the model on documents that are available only locally. Usually, the time to set up the resources is only a couple of minutes but the time to train the model on all the data is the bulk of the duration after which the model can start making responses to the queries posed by the user. The time for the model to respond once it is trained is usually in the order of a couple of seconds.  A cloud storage account has the luxury to retain documents indefinitely and with no limit to size but the training of a model on the corresponding data accrues cost and increases with the size of the data ingested to form an index.   

 This is an article about the hosting of automation and apps in the public cloud versus the private datacenters given that source code repository and pipelines are not part of the cloud. When it comes to hosting automation and apps, there are some key differences between the public cloud and private datacenters. Let's break it down: 1. Infrastructure Ownership: o Public Cloud: In the public cloud, the infrastructure is owned and managed by a third-party provider like Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform (GCP). Users can access and use this shared infrastructure on a payas-you-go basis. o Private Datacenters: Private datacenters, on the other hand, are owned and operated by the organization itself. This means that the organization has full control over the infrastructure and can customize it based on their specific requirements. 2. Scalability: o Public Cloud: Public cloud providers offer virtually unlimited scalability, allowing users to easily scale their resources up or down based on demand. This elasticity enables organizations to handle spikes in traffic or resource requirements without having to invest in additional hardware. o Private Datacenters: Private datacenters typically have finite resources, and scaling can be more complex and time-consuming. Organizations need to plan and provision resources in advance, which may require upfront investments. 3. Maintenance and Management: o Public Cloud: Public cloud providers handle the maintenance and management of the underlying infrastructure, including server hardware, networking, and security. This allows organizations to focus on developing and deploying their applications without worrying about infrastructure management. o Private Datacenters: In private datacenters, the organization is responsible for maintaining and managing the infrastructure, which includes tasks like hardware maintenance, security, and software updates. This requires dedicated IT personnel and can be more resource-intensive. 4. Security and Compliance: o Public Cloud: Public cloud providers invest heavily in security and compliance measures to protect customer data. They offer various security services and certifications, making it easier for organizations to achieve compliance with industry standards and regulations. o Private Datacenters: With private datacenters, organizations have more control over security measures and can implement their own security protocols. However, this also means they are solely responsible for ensuring compliance and maintaining a secure environment. It's worth mentioning that while the hosting of automation and apps can be done in the public cloud or private datacenters, the source code repository and pipelines are not inherently part of the cloud infrastructure. These components are typically managed separately, either on-premises or using cloud-based services like GitLab, GitHub, or Bitbucket. Ultimately, the choice between public cloud and private datacenters depends on factors such as scalability needs, control requirements, security considerations, and budgetary constraints. Organizations often opt for a hybrid cloud approach, leveraging both public and private infrastructure to achieve a balance between flexibility, control, and cost-effectiveness Sample automation: https://github.com/raja0034/booksonsoftwarets 

 This is a summary of the book “Anatomy of  a Breakthrough – How to get unstuck when it matters the most” written by Adam Alter and published by Simon and Schuster in 2023. This book is about the framework for getting unstuck given that everyone can get stuck including celebrities like Brie Larson, Brian Chesky and Jeff Bezos. It is full of psychological research, anecdotes and practical tips. His roadmap to getting energized for the long run positions us for our breakthrough. This involves not giving up too quickly, identifying and solving problems now, focusing on reducing anxiety, challenging ourselves in the right increments, simplifying complex problems, and remaining curious and questioning our views. We regain momentum by getting active and boosting our motivation.

Everyone gets stuck at some point in life, whether in a job, hobby, relationship, creatively or personally. Even successful individuals, such as Brie Larson, Airbnb founders, Amazon founder Jeff Bezos, and Game of Thrones fans, have experienced long periods of stuckness. People often feel isolated and believe they are victims of terrible luck, not realizing the universal experience. Psychological phenomena underpin this skewed perception, as people tend to focus on their own difficulties while overlooking those facing others. Headwinds/tailwinds asymmetry is a phenomenon that causes people to overestimate their hardships and underestimate their good fortune.

People usually get stuck in the middle of a project or when they reach a plateau. To avoid a midcourse slump, eliminate the middle as much as possible by using narrow bracketing techniques. However, be cautious of relying on these techniques for too long, as they can lose their power over time. Success takes time and effort, and people's best ideas usually come late in the process.

Identify and solve problems early to avoid trapping you later. Three common traps can hinder problem-solving: failing to see a problem exists, assuming a problem is too small to need attention, and believing the problem is too remote to matter. To avoid these traps, slow down, notice snags, and challenge assumptions. Perform frequent reviews to prevent small problems from growing too large. Focus on reducing anxiety to move beyond paralysis and avoid perfectionism. Instead of aiming for perfection, strive for excellence and set achievable standards. Avoid the expectation of complete originality and focus on finding optimally distinct ideas. Challenge yourself in the right increments, not too much too fast. Researchers found a sweet spot in the ratio of success to failure, where one failure out of every five or six attempts is optimal. Accept failure as a natural part of progress and view it as a signal for stepping out of your comfort zone and engaging with challenges that foster learning.

Challenges can come with hardships, such as discomfort or fear. To increase your capacity to undertake challenges, apply the "hardship inoculation" approach, which involves a small dose of a virus before full exposure to the disease. This approach can help overcome discomforts like fear and disappointment.

Simplify complex problems by conducting a "friction audit," which helps identify friction points that cause bottlenecks, struggles, waste, or failure. By removing or simplifying these points, you can move towards a solution.

Remaining curious and questioning your views can reduce the chances of getting stuck. Experimenting to reveal new techniques and strategies can lead to breakthroughs. Questioning and wondering can help revive curiosity and help you learn.

Regain momentum by becoming active and boosting motivation. Focus on taking actions where you excel, such as observing, identifying problems, and collecting data. By applying these strategies, you can overcome obstacles and move forward in life.

 

Integer Arrays A and B are grid line co-ordinates along x and y-axis respectively bounded by a rectangle of size X * Y. If the sizes of the sub-rectangles withing the bounding rectangle were arranged in the descending order, return the size of the Kth rectangle.                          

   

   public static int getKthRectangle(int X, int Y, int K, int [] A, int[] B){
        int[] width = calculateSideLength(A, X);
        int[] height = calculateSideLength(B, Y);

      Arrays.sort(width);
        Arrays.sort(height);
        int start = 1;
        int end = width[width.length-1] * height[height.length-1];
        int result = 0;
        while (start <= end) {
            int mid = (start + end)/2;
            if (greater(X, Y, mid, width, height) >= K) {
                start = mid+1;
                result = mid;
            } else {
                end = mid - 1;
            }
        }
        return result;
    }

    public static int greater(int X, int Y, int mid, int[] width, int[] height){
        int N = width.length;
        int result = 0;
        int j = N-1;
        for (int i = 0; i < N; i++){
            while (j >= 0 && width[i] * height[j] >= mid) {
                j--;
            }
            result += N-1-j;
        }
        return result;
    }

  public static int[] calculateSideLength(int[] X, int M) {
    int[] length = new int[X.length+1];
    for (int i = 0; i < X.length; i++){
        if ( i == 0) {
            length[i] = X[i] - 0;
        } else {
            length[i] = X[i] - X[i-1];
        }
    }
    length[X.length] = M - X[X.length-1];
    return length;
}

A: 1 3  X: 6

B: 1 5  Y: 7

width: 1 2 3

height: 1 4 2

K’th rectangle size: 6
The calculation of the side length remains the same for both X-axis and Y-axis.

 

Generative Artificial Intelligence (AI) refers to a subset of AI algorithms and models that can generate new and original content, such as images, text, music, or even entire virtual worlds. Unlike other AI models that rely on pre-existing data to make predictions or classifications, generative AI models create new content based on patterns and information they have learned from training data.

One of the most well-known examples of generative AI is Generative Adversarial Networks (GANs). GANs consist of two neural networks: a generator and a discriminator. The generator network creates new content, while the discriminator network evaluates the content and provides feedback to the generator. Through an iterative process, both networks learn and improve their performance, resulting in the generation of more realistic and high-quality content.

Generative AI has made significant advancements in various domains. In the field of computer vision, generative models can create realistic images or even generate entirely new images based on certain prompts or conditions. In natural language processing, generative models can generate coherent and contextually relevant text, making them useful for tasks like text summarization, translation, or even creative writing.

However, it is important to note that generative AI models can sometimes produce biased or inappropriate content, as they learn from the data they are trained on, which may contain inherent biases. Ensuring ethical and responsible use of generative AI is an ongoing challenge in the field.

Generative AI also presents exciting opportunities for creative industries. Artists can use generative models as tools to inspire their work or create new forms of art. Musicians can leverage generative AI models to compose music or generate novel melodies.

Overall, generative AI holds great potential for innovation and creativity, but it also raises important ethical considerations that need to be addressed to ensure its responsible and beneficial use in various domains.

Some examples of text generation models include ChatGPT, Copilot, Gemini, and LLaMA which are often collectively referred to as chatbots. They generate human-like responses to queries. Image generation models include Stable Diffusion, Midjourney, and DALL-E which create images from textual descriptions. Video generation models include Sora which can produce videos based on prompts. Other domains where Generative AI finds applications are in software development, healthcare, finance, entertainment, customer service, sales, marketing, art, writing, fashion, and product design.

In Azure, a copilot can be developed with no code using Azure OpenAI studio. We just need to instantiate a studio, associate a model, add the data sources, and allow the model to train. The models differ in syntactic or semantic search. The latter uses a concept called embedding that discovers the latent meaning behind the occurrences of tokens in the given data. So, it is more inclusive than the former. A search for time will specifically search for that keyword with the GPT-3 but a search for clock will include the references to time with a model that leverages embeddings. Either way, a search service is required to create an index over the dataset because it facilitates fast retrieval. A database such as Azure Cosmos DB can be used to assist with vector search.