Posted on

Lessons Learned Moving From On-Prem to Cloud Native

Recently, I came across a sample e-commerce application that demonstrates how to use Next.js, GraphQL engine, Postgres, and a few other frameworks to build a modern web application. The application supports basic e-commerce capabilities such as product inventory and order management, recommendation system, and checkout function. This made me curious as to how much effort it would take to turn this application from an on-prem to a cloud-native solution.

The original architecture for this sample app looked like the below diagram. You can start the whole setup in a few minutes following this guide.

Posted on

How To Set Up a Scalable and Highly-Available GraphQL API in Minutes

A modern GraphQL API layer for cloud-native applications needs to possess two characteristics: horizontal scalability and high availability. 

Horizontal scalability adds more machines to your API infrastructure, whereas vertical scalability adds more CPUs, RAM, and other resources to an existing machine that runs the API layer. While vertical scalability works to a certain extent, the horizontally scalable API layer can scale beyond the capacity of a single machine. 

Posted on

How to Build a NestJS MVC App With YugabyteDB

The article is the second in a series of posts investigating ways to build applications with NestJS. In Part 1, linked here, we built a two-factor authentication app with NestJS.

In this article, we'll learn more about the model view controller (MVC) architecture by building a NestJS MVC application with YugabyteDB. We will code an eBook store demo project. The code for this tutorial is available on my GitHub repository. Feel free to clone it as you follow the steps. Let's begin!

Posted on

What Java Developers Need to Know About Geo-Distributed Databases

I’ve been working with distributed systems, platforms, and databases for the last seven years. Back in 2015, many architects began using distributed databases to scale beyond the boundaries of a single machine or server. They selected such a database for its horizontal scalability, even if its performance remained comparable to a conventional single-server database. 

Now, with the rise of cloud-native applications and serverless architecture, distributed databases need to do more than provide horizontal scalability. Architects require databases that can stay available during major cloud region outages, enable hybrid cloud deployments, and serve data close to customers and end users. This is where geo-distributed databases come into play. 

Posted on

A Practical Multi-Cloud Distributed SQL Strategy for 2021

In order to meet the needs of the growing demand of businesses, many global enterprises are choosing cloud infrastructure from multiple providers like AWS, Azure, Google, or private data centers. According to a Gartner survey of public cloud users, 81% of respondents are already using multiple clouds. Leveraging multiple clouds to support data infrastructure provides these benefits:

  • Reduced operating and infrastructure costs by avoiding vendor lock-in.
  • Improved application resilience and redundancy with geographically distributed data centers. (Cloud providers suffer from outages so putting all your workloads on one provider’s infrastructure increases the risk of an application becoming downtime.)
  • Improved customer experience and performance optimization by choosing a data center closest to end users that can serve the requested data with minimum latency.
  • Achieving data compliance, such as the EU’s GDPR which requires data to be held in particular geographical locations. (If your primary cloud does not support all the regions where your customers reside, you need to consider a multi-cloud strategy.)
  • Ability to expand into new markets by taking advantage of regional data centers.

Posted on

Using PostgreSQL Aggregate Functions in YugabyteDB to Analyze COVID-19 Data

An article in the Washington Post, published on 23-Oct-2020, argues the case for wearing a mask while the COVID-19 pandemic continues and refers to data from Carnegie Mellon’s COVIDcast, an academic project tracking real-time coronavirus statistics. Look for this:

There’s a simple statistical measure of correlation intensity called 'R-squared,' which goes from zero (absolutely no relationship between the two variables) to 1 (the variables move perfectly in [linear] tandem). The 'R-squared' of CovidCast’s mask and symptom data is 0.73, meaning that you can predict about 73 percent of the variability in state-level COVID-19 symptom prevalence simply by knowing how often people wear their masks.

Posted on

Monitoring YugabyteDB in Kubernetes With the Prometheus Operator and Grafana

Using the Prometheus Operator has become a common choice when it comes to running Prometheus in a Kubernetes cluster. It can manage Prometheus and Alertmanager for us with the help of CRDs in Kubernetes. The kube-prometheus-stack Helm chart (formerly known as prometheus-operator) comes with Grafana, node_exporter, and more out of the box.

In a previous blog post about Prometheus, we took a look at setting up Prometheus and Grafana using manifest files. We also explored a few of the metrics exposed by YugabyteDB. In this post, we will be setting up Prometheus and Grafana using the kube-prometheus-stack chart. And we will configure Prometheus to scrape YugabyteDB pods. At the end, we will take a look at the YugabyteDB Grafana dashboard that can be used to visualize all the collected metrics.

Posted on

Service Mesh Era: Building Modern Apps With YugabyteDB and Istio

Microservices architectures are becoming the de facto way developers are thinking about how their applications are constructed. But security remains a top concern for many organizations. Given the general trends of the proliferation of threats within the production network and the increased points of privileged access, it is increasingly necessary to adopt a zero-trust network security approach for microservices architectures.

One of the most common security approaches is to set up mTLS. While this is an important security tool, it’s often difficult and time-consuming to manage. To start, you have to create, distribute, and rotate keys and certificates to a large number of services. You then need to ensure you are properly implementing mTLS on all of your clients and servers. One of the compelling features of Istio is the ability to uniformly administer mTLS for all of your services without sacrificing developer productivity. While it’s true YugabyteDB provides its own TLS encryption, by having a central tool like Istio service mesh, you can set up an easy and consistent policy where Istio automatically manages the certificate rotation.

Posted on

How to Geo-Partition Data in Distributed SQL

We are excited to announce the availability of row-level geo-partitioning in YugabyteDB, a feature heavily requested by our user community and enterprise customers alike. This feature allows fine-grained control over pinning data in a user table (at a per-row level) to geographic locations, thereby allowing the data residency to be managed at the database level.

Making the nodes of a multi-region database cluster aware of the location characteristics of the data they store allows conforming to regulatory compliance requirements such as GDPR by keeping the appropriate subset of data local to different regions, and is arguably the most intuitive way to eliminate the high latency that would otherwise get incurred when performing operations on faraway, remote regions.

Posted on

How-To: YugabyteDB 2.5 Security Features

The YugabyteDB 2.5 release adds many critical enterprise-grade security features. This blog post outlines these newly added features.

Authentication

Adding scram-sha-256 Authentication

The first notable addition is the addition of a much improved, password-based authentication mechanism called Salted Challenge Response Authentication Mechanism (or simply SCRAM) as described in RFC5802. This scram-sha-256 authentication mechanism, identical to the most secure PostgreSQL authentication schema, is a challenge-response scheme that prevents password sniffing on untrusted connections and supports storing passwords on the server in a cryptographically hashed form that is thought to be secure. To enable this feature, simply pass the following flag when starting the yb-tserver.

Posted on

SQL Puzzle: Partial vs Expression Indexes

Here is an intriguing SQL puzzle we came across in the context of a real-world use case. This post shows the power of advanced RDBMS features such as partial indexes and expression indexes.

Let us assume we have a table in PostgreSQL named users, where each row in the table represents a user. The table is defined as follows.

Posted on

Getting Started With Distributed SQL on Azure Kubernetes Service

Microsoft’s Azure Kubernetes Service (AKS) offers a highly available, secure, and fully managed Kubernetes service for developers looking to host their applications on containers in the cloud. AKS features elastic provisioning, an integrated developer experience for rapid application development, enterprise security features, and the most available regions of any cloud provider.

YugabyteDB is a natural fit for AKS because it was designed to support cloud native environments since its initial design.

Posted on

4 Data Sharding Strategies for Distributed SQL Analyzed

A distributed SQL database needs to automatically partition the data in a table and distribute it across nodes. This is known as data sharding, and it can be achieved through different strategies, each with its own tradeoffs. In this post, we will examine various data sharding strategies for a distributed SQL database, analyze the tradeoffs, explain the rationale for which of these strategies YugabyteDB supports, and what we picked as the default sharding strategy.

What is YugabyteDB? It is an open source, high-performance distributed SQL database built on a scalable and fault-tolerant design inspired by Google Spanner. Yugabyte’s SQL API (YSQL) is PostgreSQL wire compatible.

Posted on

Getting Started With PostgreSQL’s Row Level Security in YugabyteDB

Get Started With PostgreSQL’s Row Level Security in YugabyteDB

In this blog post, we are going to introduce you to how PostgreSQL’s row level security feature works in the latest YugabyteDB 2.0.6 release. YugabyteDB supports RLS and a host of other security and encryption features “out-of-the-box,” as part of the open source distribution.

What Is Row Level Security?

Originally introduced in PostgreSQL 9.5, Row Level Security, or "RLS," allows a DBA to set policies that restrict users from viewing or manipulating specific rows of data in a table. Depending on your use case, this can be especially useful in blocking access to especially sensitive records, like customer or financial data. This might be prompted by legal, liability or compliance concerns. As you might expect, RLS is a feature that you’ll also find in other enterprise RDBMSs like SQL Server and Oracle.