DEEN
Blog

Notes from the enterprise workbench

A knowledge base on topics we keep running into on projects — architecture, identity, logging, AI agents, regulatory edge cases. No marketing copy, just the material we ourselves would want at hand on day one of a new engagement.

Architecture

Architecture

Domain-driven design

Why good architecture begins with the language of the business. Bounded contexts, tactical building blocks, event storming — and why low-code platforms need DDD concepts more than is usually assumed.

Architecture

Model-driven software development

How models, generators and platforms break the magical triangle of time, cost and quality. Domain engineering, an investment case that breaks even at the third product — and the direct connection to low-code.

Architecture

Event streaming with Apache Kafka

From distributed commit log to streaming platform: topics, partitions, replication, KRaft, producer and consumer APIs, step-by-step setup, and an honest comparison with RabbitMQ — when does which tool fit.

Architecture

Asynchronous messaging with RabbitMQ

The classical message broker — exchange, binding, routing key, queue, ack. A compact five-page introduction with quorum queues, DLX, priority queues, and a clean delineation from Apache Kafka.

Architecture

Keycloak in production

From the WildFly legacy to the Quarkus distribution: cluster topology with Infinispan, external PostgreSQL, themes for login and email, Spring Boot and front-end integration, identity brokering, FAPI, and zero-downtime upgrades.

Architecture

BundID in citizen-facing applications

The full integration path — BMI identifier, Self-Service Portal, certificates, SP metadata upload, AKDB SAML extensions, Spring Security SAML2 configuration. Including all attribute OIDs, the bPK2 pseudonym model, and FIT-Connect-based postbox delivery.

Security

Security

Securing web applications with OWASP ZAP

The OWASP Top 10, the secure software development life cycle and the role of OWASP ZAP as a practical tool — from requirements analysis to patching in production. How security becomes a property of every iteration.

Security

NIS2 in practice

What software teams must implement — scope, the ten Article 21 measures, the 24/72-hour and one-month reporting workflow, mapping onto ISO 27001 and BSI IT-Grundschutz, personal liability of management.

Security

eIDAS 2.0 and the EUDI Wallet

Regulation (EU) 2024/1183 with the 20 November 2026 deadline: the trust triangle, SD-JWT VC and mDoc, OID4VCI and OID4VP flows, a concrete KYC sequence and recommendations for architects in acceptance-bound sectors.

Observability

Observability

Logging in the enterprise

From scattered log files to searchable truth. Why traditional logging falls short in a microservice world, how a robust stack is built, and what really matters around correlation, GDPR and retention.

Observability

Server monitoring with Gatus

Lightweight active probing as a single binary: a conditions DSL, a built-in status page, a footprint that runs on a Raspberry Pi. Architecture, a data-flow diagram, and a clean delineation from Zabbix and Grafana.

Observability

Server monitoring with Zabbix and Grafana

The heavyweight alternative to lean active probing: agent-based infrastructure telemetry, templates and triggers, step-by-step installation on Ubuntu, scaling through proxies and TimescaleDB, security and retention.

AI Engineering

AI Engineering

Prompt engineering

From trial-and-error to a pattern catalog: the anatomy of a pattern, five categories, sixteen concrete patterns — and why prompts deserve to be treated like code as soon as LLM-backed features go to production.

AI Engineering

Voice agents architecturally

The STT/LLM/TTS pipeline, sub-second latency budget, VAPI as orchestrator, ElevenLabs for the voice, Anthropic Claude and OpenAI Realtime, SIP telephony, OZG back-office integration with FIM keys — fifteen pages of depth around CityAI.