Protect Database with Private Network Access

I am surprised to see this is still happening by infrastructure managers and architects. Giving access of database to anything other than business logic layer is the first mistake that you made, the rest just comes with it.

 𝗔𝗹𝘄𝗮𝘆𝘀 𝘂𝘀𝗲 𝗺𝘂𝗹𝘁𝗶𝗽𝗹𝗲 𝗔𝗭𝘀 — 2 minimum, 3 for anything critical. One data center going down shouldn't take your app with it.  𝗠𝗶𝘅 𝗢𝗻-𝗗𝗲𝗺𝗮𝗻𝗱 + 𝗦𝗽𝗼𝘁 𝗶𝗻𝘀𝘁𝗮𝗻𝗰𝗲𝘀 — base capacity on On-Demand, burst on Spot. Your AWS bill will thank you.  𝗧𝗮𝗿𝗴𝗲𝘁 𝗧𝗿𝗮𝗰𝗸𝗶𝗻𝗴 > 𝗦𝘁𝗲𝗽 𝗦𝗰𝗮𝗹𝗶𝗻𝗴 — think of it like a thermostat. Set CPU at 50% and let AWS handle the rest. Simple. Stable.  𝗪𝗮𝗿𝗺 𝗣𝗼𝗼𝗹𝘀 𝗰𝗵𝗮𝗻𝗴𝗲𝗱 𝗲𝘃𝗲𝗿𝘆𝘁𝗵𝗶𝗻𝗴 𝗳𝗼𝗿 𝘂𝘀 — pre-initialized instances, zero cold start pain. Running vs Stopped vs Hibernated each have trade-offs (see image 👆)  𝗟𝗶𝗳𝗲𝗰𝘆𝗰𝗹𝗲 𝗛𝗼𝗼𝗸𝘀 — don't terminate instances blindly. Drain connections, finish requests, then shut down gracefully. 𝗗𝗼𝗻'𝘁 𝘀𝗰𝗮𝗹𝗲 𝗼𝗻 𝗖𝗣𝗨 𝗮𝗹𝗼𝗻𝗲 — add request latency + error rates to your CloudWatch alarms. CPU lies sometimes. And don't forget to use 𝗝𝗠𝗲𝘁𝗲𝗿 😀

Team had auto-scaling configured. Thresholds reviewed. Load balancer healthy. Full walkthrough done before the campaign. Traffic hit. 4 instances became 14. Response times went from 180ms to 4 seconds. Nobody questioned whether the application was actually the bottleneck. It was the most visible layer, most instrumented. Of course that is where you look first. The application was fine. It was just waiting. 14 connection pools hammering the same Azure SQL database. More compute, more pressure on the thing already struggling. This is what wrong assumptions cost in production. Not the incident. The 40 minutes spent looking in the right place with the wrong map. And this pattern shows up more than people think. The scaling reflex kicks in, the cache silently stops helping, the external rate limit does not care how many instances you are running. All of it traces back to the same thing: diagnosing symptoms instead of causes. This is part of The True Code of Production Systems, a series on decisions that only become visible when something breaks in production. Latest piece is a detailed breakdown of exactly how this plays out and what to look for instead. Link in the comments. #systemdesign #engineeringlessons #thetruecode

NEW BLOG POST! Two policies, three storage states, one rule connecting them. A newcomer's guide to caching, retention, and tiered storage in #MicrosoftFabric Eventhouse. https://lnkd.in/g5-Jc8Gs

vLLM vs Triton Server An interesting discussion pinged through on my Reddit yesterday comparing vLLM and Triton Inference Server and trying to work out which is 'better'. The OP's thoughts were that vLLM is highly optimized specifically for LLMs, with features like KV caching and continuous batching making it particularly strong for transformer-based workloads. Triton, on the other hand, feels more like a general-purpose inference server which is more flexible, supporting multiple frameworks and model types. They also acknowledge that it's not really an apples-to-apples comparison as different use cases and purposes will likely make one 'better' than the other for that task. There has only been a few comments so far and they agreed that the use case is the biggest thing to which is more powerful and that generally speaking, vLLM is more dev-friendly for LLM serving, whereas Triton is more for the enterprise. Thought I would share the thread (link in comments) in case anyone wanted to jump in and get involved in the discussion.

The latest update for #VictoriaMetrics includes "What's New in VictoriaMetrics #Cloud Q1 2026? Logs, MCP Server, Better Alerting, and... a Secret Project". #DevOps #TimeSeries #OpenSource https://lnkd.in/dHMySpGx

Data: The Essential Catalyst to Maximize Hybrid Compute Whether you’re building to burst or extend, your compute strategy is tied to your data. Discover the importance of investing in a data layer that can actively orchestrate placement and management in Dan Reger's new blog. https://okt.to/Pka24b #DataFirst

Servless is a lie. The name “serveless” suggests there is no server behind the task. This is not true. When you see the name serveless, remind that there is a server (a compute machine (node) some times multiple machines (multi node cluster)) to process a task. The name “serveless” is a marketing strategy, and in mather of fact, it is a really good name. But what it really means is that the cluster running the task is managed and hosted by the solutions provider. #dataengineer #databricks

VMware Data Services Manager brings DBaaS to your private cloud. DSM 9.1 adds a number of new technical capabilities, such as support for Microsoft SQL Server!

If you can’t see your AWS data risk end-to-end, you can’t control it. One integration changes everything. BigID unifies your DSPM visibility, exposes sensitive data risk, and drives action where it matters, inside your AWS environment. Get the brief to see how: https://bit.ly/3MobZIw