Sunday, 27 February 2022

Delphi TLS 1.2 to SQL Server connectivity issue

Thanks to Akshay for  figuring the issue out & working on this with me.

Problem:  C# is connecting to SQL Server using TLS1.2 & TLS 1.0.  But  Delphi application only connects using TLS1.0.

Initial Hypothesis:  

Ensure the client machine can connect using a C# test rig, or check the traffic works from any app using Wireshark.

SQL Server is accepting TLS 1.2 connections using C# but not Delphi.  SQL is good, and the client machine allows outbound TLS 1.2 data.  Issue must be with Delphi.  Delphi is using SDAC 6 to connect to the database.  Issue must be with Delphi connectivity.  Delphi SDAC uses the "SQL native client" for TLS1.2 but TLS 1.0 works without the Native SQL client.  SDAC tries to use the "Native SQL Client", if it is not there it use OLEDB.  The OLEDB version used by SDAC6 does not support TLS1.2 only TLS1.0.  Wireshark showed the Delphi application trying to connect but can't get a TLS1.2 connection.  Installing the "Native SQL Client", the TLS traffic starts connecting on TLS1.2 using SDAC6.

Resolution: Upgrade Delphi/SDAC9 (or later) or install the "SQL Native Client" on all client laptops/machines.

Sunday, 6 February 2022

Micro-Frontend Architecture Pattern

Micro-Frontends (MFE) are the technical representation of a business subdomain, they allow independent standalone implementations for a domain area. 

Microsoft Defender for Cloud for B2B SaaS solution based on Azure PaaS

Microsoft Defender for Cloud were previously called Azure Security Center and Azure Defender.  Its function is hardening via suggestions and actively monitoring (and stopping) usage.  Azure SQL has it's own defender, and Microsoft Defender uses the same SQL tooling as part of it.  It's a great tool, while it can be expensive, even turn on in production for set periods and then deactivate.

Two tiers of Microsoft Defender for the Cloud:

  • Free - Continuous assessment & Hardening suggestions
  • Paid - Same as free but also can apply suggestions and active threat prevention.

Enable it for specific services, at the service level it is all or nothing, so if you have 40 app service instances, it's monitor all or nothing $$$

Microsoft Defender for Cloud - an introduction | Microsoft Docs