Welcome to my website, in the following pages you will find information about my experience, publications, Apps I developed, and a synopsis of the services I provide in the areas of Mobile App development, Custom Web App development, general software development, design, and architecture. As a software consultant, I worked many roles including Software Developer, Integration Architect, SOA / Enterprise Architect, Technical Lead, and Instructor. I mainly provide services in the GTA (Toronto, ON), though I have provided services in Calgary AB, St Johns NFLD, Chicago IL, New York NY, Houston TX, and Denver CL.
I specialize in the following Technologies :
- Operating Systems: iOS , Android, Windows, Linux, Mac
- Portals, SharePoint 2007,2010, and 2013, ASP.Net MVC, ASP.Net
- Cloud: Azure Websites, Amazon Storage Services
- Databases: MSSQL, Oracle, DB2, MySql
- Big Data: Hadoop, Spark
- Integration Platforms: BizTalk , MS ESB Toolkit, ESBExpress, WCF, Windows Workflows
My Published Books:
- Mastering the BizTalk Technical Interview
- BizTalk The Practical Course
Books I have reviewed:
- MDX Queries for SQL Server 2012 August 2013
- Applied Architecture Patterns on the Microsoft Platform second edition July 2014
Feel free to contact me at Moustafa@MoustafaRefaat.com if you have any questions regarding any of my posts, books, services, or products.
Designing for Secure Deployment of Web Application
I have seen so many cases where an application launch was delayed because there were problems with deploying into the production environment. They generally are all the same story in that it wouldn’t work because the network was set up with some security rules that the application didn’t support or wasn’t designed with that in mind.
A very common network setup for security is creating a perimeter network or DMZ that “outsiders” can access, but the DMZ is separated by a firewall from the secure internal network. Additionally there might be another firewall inside the secure network separating the database servers.
Because the infrastructure is split into multiple zones, you have to have the same splits in your application architecture to make it possible to deploy on the infrastructure. This also has the related issues of communications across the zones, passing identities, etc. So in more details you have to:
Design the architecture to include a cleanly separated business API to ensure there is a distinct business tier.
Split the business tier into two parts, creating an “interface” tier and an “implementation” tier.
The interface tier is responsible for handling boundary activities such as validation and authentication, while the implementation tier holds the main business logic. This boundary verification logic enhances the security before passing the request to the secure network, beyond what could be done using a firewall alone.
The service interface tier gets deployed into the DMZ, and the implementation tier into the secure network.
Just one last note, does not that look like the Façade Pattern? Well close, but not the same. Hope this helps you with your system challenges.