Notes on cloud architecture, security, data & AI — from our practice in Berlin.
Filter by topic
A production-grade, open-source reference architecture for Azure Databricks covering networking, security, MLOps, agentic AI, and CI/CD — built on the Azure Well-Architected Framework.
Learn how to design production-grade RAG pipelines with optimal chunking, embedding models, and vector databases on Azure.
A practical comparison of Terraform, Bicep, and Pulumi for enterprise IaC — when to use which and how to decide.
How to implement Clean Architecture in .NET enterprise apps — domain layers, use cases, dependency inversion, and CQRS with MediatR.
Three production-ready agentic AI patterns — durable orchestrator, multi-agent Planner-Executor-Critic, and monitoring responder — running on Azure Functions with Databricks integration.
How we designed a fully private Azure Databricks platform with hub-spoke networking, forced-tunnel firewall, private endpoints, and managed identities — no public IPs, no stored secrets.
How an Azure Well-Architected Review identifies hidden risks across reliability, security, cost, operations, and performance.
How to map ISO 27001 Annex A controls to Azure-native services — from Azure Policy to Defender for Cloud to audit-ready compliance dashboards.
A step-by-step guide to building production MLOps on Azure — pipelines, model registry, retraining, feature stores, and A/B deployment.
Eight battle-tested API design principles for enterprise systems — REST vs gRPC, versioning, pagination, error handling, and more.
How to build a digital transformation roadmap with maturity assessment, quick wins, stakeholder alignment, and KPIs that matter.
A practical 12-step checklist for building enterprise-grade Azure landing zones using the Cloud Adoption Framework.
A practical 6-month plan to implement Zero Trust architecture in the enterprise, based on NIST 800-207 and real-world deployment patterns.
A practical guide to enterprise LLM deployment covering Azure OpenAI, prompt injection defense, token costs, and responsible AI governance.
Proven microservices patterns in .NET 9 — service boundaries, API gateways, async messaging, and resilience for enterprise teams.
How to merge Entra ID tenants without disrupting users — cross-tenant sync, conditional access, MFA, and timeline planning.
A 15-point security hardening checklist for Microsoft Entra ID covering conditional access, PIM, MFA, break-glass accounts, and token protection.
Battle-tested Terraform practices for Azure at scale — state management, modules, policy-as-code, CI/CD, and drift detection.
A practical guide to event-driven architecture on Azure — Event Grid, Service Bus, Event Hubs, CQRS, and saga patterns explained.
Ten proven cloud cost optimization strategies that save enterprises 30% or more — from reserved instances to FinOps practices.
Learn the five most expensive cloud migration mistakes enterprises make and how to build a strategy that avoids them.
A practical technical guide to NIS2 compliance — mapping directive requirements to concrete IT controls, timelines, and action items.
Compare Microsoft Fabric, Databricks, and Synapse for your data lakehouse — with cost, governance, and architecture trade-offs.
How to build an internal developer platform with golden paths, self-service infra, and developer experience metrics that drive adoption.
Step-by-step guide to Microsoft 365 tenant consolidation covering mail routing, SharePoint, Teams, and license optimization.
Four proven hybrid cloud architecture patterns for enterprises using Azure Arc, ExpressRoute, and hybrid identity.
A technical breakdown of EU AI Act requirements — risk classification, documentation, and conformity steps for engineering teams.
Step-by-step guide to implementing GitOps with Flux v2 on Azure Kubernetes Service — Helm, Kustomize, SOPS, and multi-cluster.
A practical 90-day playbook for post-merger IT integration covering Day-1 readiness, identity, network, apps, and communication.
Cloud, security, data, and AI notes from our Berlin practice — plus how we work with clients.
How to architect a modern SOC with Microsoft Sentinel — data connectors, KQL analytics rules, SOAR automation, cost control, and alert fatigue reduction.
How to embed SAST, DAST, SCA, and container scanning into CI/CD without killing developer velocity.
A proven 4-phase approach to legacy application modernization — assessment, strangler fig, containerization, and data migration.
Ten battle-tested Kubernetes best practices for production workloads covering RBAC, networking, observability, and GitOps.