Who am I?

Piotr Stapp

• Unique name - just sing a song: "Don't Stapp me know" ;)
• CEO @ Dotnetomaniak
• VP @ devWarsztaty
• ex - Senior software/DevOps/Architect @mBank/@FinAi/@Allegro
• Software Architect @ Demant Technology Center
• M.Sc (distction) Oxford Brooks University in Web Tech
• M.Sc. Warsaw University of Technology in Computer Science
• And ......

https://www.linkedin.com/in/piotrstapp/

Context

Numbers

• 5k - 50k - 500k ? (Wembley Stadium == 90k)
• A few important LIVE sessions (e.g. contest finals)
• Peak usage
• $$$ is very important

Architecture

TODO list

• Hosting
• Database
• Users data
• To SPA or not to SPA? That is the question!
• Man power

User Data Storage

Old days

Receipe

• Take one technology that you <3
• Apply the first tutorial about user accounts
• Or copy some stuff from previous project

My case

• .NET Framework (a good one)
• Avoided problems:
  • Passwords with base64
  • SQL injection
• In PHP, NodeJS, Java, .... - situation is simmilar

Seriously!

source

Today

The incomplete list

• Dedicated tools for user management:
  • Active Directory
  • OpenLDAP
  • ...
• Ready to deploy and use:
  • Keycloak,
  • Identity Server 4
  • ...
• SaaS:
  • Auth0
  • Userbase
  • Azure B2C

Elimination

• $$$ - now and in the future
• Implementation problems with UI/UX requirements ;)
• The escape path (or migration possibility)
• Administration cost

Elimination time

Candidates

• Active Directory / OpenLDAP / ...
• My own with NuGet / Maven / NPM / pip / ... support
• Keycloak / Identity Server 4 / ...
• SaaS: Auth0, Userbase, Azure B2C

Candidates

• Active Directory / OpenLDAP / ...
• My own with NuGet / Maven / NPM / pip / ... support
• Keycloak / Identity Server 4 / ...
• SaaS: Auth0, Userbase, Azure B2C

Candidates

• Active Directory / OpenLDAP / ...
• My own with NuGet / Maven / NPM / pip / ... support
• Keycloak / Identity Server 4 / ...
• SaaS: Auth0, Userbase, Azure B2C

Candidates

• Active Directory / OpenLDAP / ...
• My own with NuGet / Maven / NPM / pip / ... support
• Keycloak / Identity Server 4 / ...
• SaaS: Auth0, Userbase, Azure B2C

Candidates

• Auth0
• Azure B2C
• Userbase

Trust

• Auth0
• Azure B2C
• Userbase

Features

• Facebook / Twitter / Github / .... login
• MFA with application and SMS
• FIDO2
• Custom domain
• Custom CSS
• ....

Money

• https://auth0.com/pricing
• https://azure.microsoft.com/en-us/pricing/details/active-directory/external-identities/

Result

Hosting

The incomplete list

• Azure Storage + Azure CDN + ...
• Azure Functions
• Azure SignalR + static web page + X
• Virtual Machine
• Azure Container Instances
• Azure Kubernetes Service (AKS)
• Azure Web App in 3 flavors

The incomplete list

• Azure Storage + Azure CDN + ...
• Azure Functions
• Azure SignalR + static web page + X
• Virtual Machine
• Azure Container Instances
• Azure Kubernetes Service (AKS)
• Azure Web App in 3 flavors

The incomplete list

• Azure Storage + Azure CDN + ...
• Azure Functions
• Azure SignalR + static web page + X
• Virtual Machine
• Azure Container Instances
• Azure Kubernetes Service (AKS)
• Azure Web App in 3 flavors

The incomplete list

• Azure Storage + Azure CDN + ...
• Azure Functions
• Azure SignalR + static web page + X
• Virtual Machine
• Azure Container Instances
• Azure Kubernetes Service (AKS)
• Azure Web App in 3 flavors

The incomplete list

• Azure Storage + Azure CDN + ...
• Azure Functions
• Azure SignalR + static web page + X
• Virtual Machine
• Azure Container Instances
• Azure Kubernetes Service (AKS)
• Azure Web App in 3 flavors

The incomplete list

• Azure Storage + Azure CDN + ...
• Azure Functions
• Azure SignalR + static web page + X
• Virtual Machine
• Azure Container Instances
• Azure Kubernetes Service (AKS)
• Azure Web App in 3 flavors

The incomplete list

• Azure Storage + Azure CDN + ...
• Azure Functions
• Azure SignalR + static web page + X
• Virtual Machine
• Azure Container Instances
• Azure Kubernetes Service (AKS)
• Azure Web App in 3 flavors

The incomplete list

• Azure Storage + Azure CDN + ...
• Azure Functions
• Azure SignalR + static web page + X
• Virtual Machine
• Azure Container Instances
• Azure Kubernetes Service (AKS)
• Azure Web App in 3 flavors

What?

Database

Small recap

• Usage won't be "stable"
• There will be usage peaks
• A few days will have much more load than the rest of month/year

Conclusions

• We cannot predict what will happen
• Performance should be stable, but usage is a time function
• Probably a lot of data will be static and can be handled by cache

NoSQL

• Great, isn't it?
• New, isn't it?

SQL

• Solid, isn't it?
• Well known, isn't it?

Options

• Self-hosted "custom" one on VM's
• Azure Storage
• Cosmos DB
  • "Native"
  • Mongo
  • GraphQL
  • ....
• SQL as a Service
  • MSSQL
  • Postgres
  • MySQL
  • MariaDB

Custom stuff on VM's

Before you decide, you should know

• why PaaS DB won't work for you
• how to manage this custom stuff

Azure Storage

• Very cheap
• Simple key-value or "file database"
• Limit for maximum number of operations
• Used by https://haveibeenpwned.com/

In other words, if I want 100GB of storage and I want to hit it 10 million times, it’ll cost me $8 a month.

Azure SQL for ...

• MSSQL, MySQL, MariaDB and Postgres
• What about Oracle? DB2? ...
• Pricing:
  • DTU versus vCore (Pricing)
  • Single Server vs. Flexible vs. Hyperscale (Pricing) 
• Dynamic scaling? Yes, but ...

Cosmos DB

• "SQL", API for MongoDB, Gremlin, Cassandra, Table, ...
• Key-vaule, Column-Family, Documents, Graph
• Pricing:
  • Standard
  • Auto-scale
  • Serverless
• Dynamic scaling? Yes!!
• No relations 🙊🙉🙈

Options

• Self-hosted "custom" one on VM's
• Azure Storage
• Cosmos DB
• SQL as a Service

Small things

14 Rules by Steve Sounders

1. Make Fewer HTTP Requests
2. Use a Content Delivery Network
3. Add an Expires Header
4. Gzip Components
5. Put Stylesheets at the Top
6. Put Scripts at the Bottom
7. Avoid CSS Expressions
8. Make JavaScript and CSS External
9. Reduce DNS Lookups
10. Minify JavaScript
11. Avoid Redirects
12. Remove Duplicate Scripts
13. Configure ETags
14. Make AJAX Cacheable

Small "things"

• HTTP/2 (or even HTTP/3)
• SSL certificate
• First Contentful Paint
• CDN++
• And some points from 14 Rules for Faster-Loading Web Sites

Costs

Cloudflare

1. Make Fewer HTTP Requests - ✅
2. Use a Content Delivery Network - ✅ 
3. Add an Expires Header - ✅
4. Gzip Components - ✅
5. Put Stylesheets at the Top - ⚠️
6. Put Scripts at the Bottom - ⚠️
7. Avoid CSS Expressions - ❌
8. Make JavaScript and CSS External - ❌
9. Reduce DNS Lookups - ✅
10. Minify JavaScript - ✅
11. Avoid Redirects - ✅/⚠️
12. Remove Duplicate Scripts - ✅
13. Configure ETags - ✅
14. Make AJAX Cacheable - ❌

Cloudflare - cost

• For above - 0$
• Results:
  • Static page (from GitHub pages) is 16% faster
  • Dotnetomaniak - serves 50% request from cache
  • "Have I been pwned?" - crazy results - don't even ask

The end?