Azure CosmosDB scaling globally - azure-cosmosdb

I've seen the videos about Azure CosmosDB scaling around the world by clicking on a map, which is neat. But in those demos, they connect directly to the database from a client.
It's my understanding that allowing a client (like wpf desktop program) to directly access a database is a bad idea. It should be behind a web api that we control access to.
So for scaling globally, I don't really need lots of areas where users are, I need the same datacenter that's hosting the api.
Is this correct?

There is an interesting article in the docs refering to Multi-master database architecture that will be useful.
Basically, if you are going to expose a Web API and clients will connect to it instead of the database, you want the Web API as closer to the database as possible (that's when global replication comes into play).
To transparently connect the client to the closest API, you can use Traffic Manager's Geographic routing.

Related

Cloud Endpoints + API Keys - exposing own API to third party

I have an API that is hosted on GCP (no matter if its Compute Eninge, App Engine or any other) and I want to give access to it for selected applications that run outside of my company. I do not need such sophisticated service like Apigee (it is too expensive also), I just want to distinguish applications that call my API and do some individual restrictions for each (like which endpoint they can call).
As I have done some research I think that Cloud Endpoints + API Keys fits my requirements. I could create API Key for each client (API Key is sent in query, so I suppose I can get it in my backend?), but I am a bit confused if it is "the right/recommended" way. As stated here https://cloud.google.com/endpoints/docs/openapi/when-why-api-key#api_keys_provide_project_authorization it should help me to identify project, or rather for my case application, which is communicating with my API, but it feels like its more dedicated for apps that run within my organizations because it can have access to Google services Apis (like I should not give API Key to someone else outside, although I can even restrict IP addresess which can use it).
Would be glad to hear if someone had a smiliar goal and if solved it this way.

Securing a database using web service

I have a SharePoint application that needs to integrate with very sensitive databases. The data required is from multiple databases; almost 40 different databases on different servers.
The suggested design was to have a web service to integrate with, which will then connect to the required database based on the required business logic. However the concern is, if someone somehow got access to the server hosting this web service, all the database connections will be there.
Another suggestion was to have a dedicated web service for each database. This way even if someone got access to this web service, only one database connection will be there.
The question is, is there any known design that can work for this situation to add more security to the database connections?
The answer really depending on your specific requirements. an easy way of doing so is to use "Open Data Protocol" OData. and then secure it with windows directory login, or perhaps ASP.NET login.
take a look at http://www.odata.org/ and http://msdn.microsoft.com/en-us/library/ff478141.aspx

Website with Wcf service

I'm new to web services. i'm developing a project that includes a website for introducing information (backoffice), and that information will be send to mobile devices.
My Question is, is better to create a website that connects to the database to insert and update information and then create a webservice only for the mobile devices to get that information, or create a webservice that does all the work?(website and mobile devices connected to webservices).
Thank you
There are many solutions and which you choose depends on how your application will be used.
In any case it is always good to have reusable code, and having single service tending to both web and mobile applications would be good.
If your application is write intensive, data which is passed between user and the website is critical and data integrity must be preserved, then you should go for a single service which runs in the background, takes care of integrity and provides data retrieval and modification methods to clients (web/mobile/desktop applications).
If your application is read intensive, will be mass deployed, with tens or hundreds of thousands of clients, then you should go for each web application which connects directly to database. In this case you need to sacrifice data consistency, because writes made on one node of the web application will not be instantly visible on others. Using this method, when you need to scale out you can add replicated database nodes, and new web application nodes that connect to them.
If you have a client application running on a mobile device, you want a web service. I recommend a RESTful one using JSON. If you want to access this functionality from a computer browser, you'll want a website - which could be accessed from a browser on a mobile device.
The trade-off is accessibility vs. quality of the client application. A website may work great from a computer browser, but may not be well-suited for mobile access. The website would be a single solution though. If you use a web service, you need a mobile application to consume it (presumably for multiple platforms), plus either a desktop application to consume that web service or a website to run in a browser...
In my opinion. You should go with Services Based Architecture. You can use WCF /Asp.net Webapi on MS Stack. Using Services either SOAP Based or REST gives you more Flexibility and a degree of scalability for the consumers to consume your service.
Hope this helps.

how to sync data between company's internal database and externally hosted application's database

My organisation (a small non-profit) currently has an internal production .NET system with SQL Server database. The customers (all local to our area) submit requests manually that our office staff then input into the system.
We are now gearing up towards online public access, so that the customers will be able to see the status of their existing requests online, and in future also be able to create new requests online. A new asp.net application will be developed for the same.
We are trying to decide whether to host this application on-site on our servers(with direct access to the existing database) or use an external hosting service provider.
Hosting externally would mean keeping a copy of Requests database on the hosting provider's server. What would be the recommended way to then keep the requests data synced real-time between the hosted database and our existing production database?
Trying to sync back and forth between two in-use databases will be a constant headache. The question that I would have to ask you is if you have the means to host the application on-site, why wouldn't you go that route?
If you have a good reason not to host on site but you do have some web infrastructure available to you, you may want to consider creating a web service which provides access to your database via a set of well-defined methods. Or, on the flip side, you could make the database hosted remotely with your website your production database and use a webservice to access it from your office system.
In either case, providing access to a single database will be much easier than trying to keep two different ones constantly and flawlessly in sync.
If a webservice is not practical (or you have concerns about availability) you may want to consider a queuing system for synchronization. Any change to the db (local or hosted) is also added to a messaging queue. Each side monitors the queue for changes that need to be made and then apply the changes. This would account for one of the databases not being available at any given time.
That being said, I agree with #LeviBotelho, syncing two db's is a nightmare and should probably be avoided if you can. If you must, you can also look into SQL Server replication.
Ultimately the data is the same, customer submitted data. Currently it is being entered by them through you, ultimately it will be entered directly by them, I see no need in having two different databases with the same data. The replication errors alone when they will pop-up (and they will), will be a headache for your team for nothing.

Access db via web service

Is it efficient using a web service to access database objects?
I'm developing a win phone app and a web app. Both of them will use the same db. Should I create one web service for two apps?
A shared webservice is definitely the right way to go. That's really the point of a service, to be able to access the same business and data logic from multiple places (assuming both places are doing the same thing of course). It also acts as a natural security buffer between your app and database - so your database only needs to accept connections from the service, as opposed to multiple client applications.
As far as the technology, since both of your clients are Microsoft, you can use WCF as your service as opposed to a traditional SOAP service. Or you can go with something more universally accepted, like WebAPI with JSON. Lots of options there.

Resources