Awesome Azure Authentication Adventures Workshop

So, you know how to build an app, but all this authentication stuff in Azure is a bit of a black box for you? This is the workshop for you then! Over two full days, you will dive into all things identity-related in Azure, how to set it up, maintain it and how to use it in your apps! This is a practical workshop, taking you through the basics of identity, showing you how to configure Entra ID and how to use it in your applications.

You will not only learn how to use Entra ID to protect your apps, but also to protect the environment they run in and how to use Entra ID to enforce policies for resource access.

Some of what you will learn:
• The basics of OAUTH/OpenID.
• Identity concepts in Entra ID.
• How to integrate your applications with Entra ID and use single-sign-on (SSO).
• How to secure your APIs using Entra ID.
• Several ways of granularly granting permissions to various resources, both by role, application or user.
• What is the difference between an app registration and a service principal?
• Getting rid of passwords and using managed identities.
• Using identity to access Azure resources
• Role-based access control
• Granting access to external collaborators.
• Implementing just-in-time, auditable permissions for protected resources.

There will be hands-on labs you can do on-site and take home with you to reinforce the concepts and techniques you learn.

Who is this for?
Developers who want to get a better understanding of how Entra ID works and how to use it to secure their applications and environments.

While the concepts can be used with any language, the workshop examples and labs will be in C# on the .NET platform.

No prior knowledge about Azure Active Directory or identity assumed. Basic programming skills and familiarity with C# are necessary to follow code examples and do the hands-on labs.

To do the labs you will need to bring a computer with the latest .NET SDK and the editor of your choice (for instance Visual Studio, JetBrains Rider or VS Code).

This is a two-day, interactive workshop with hands-on labs. Can also be adapted to a one-day workshop, usually with less hands-on labs

Practical advice for building glorious monoliths

Monoliths often get a bad rap. However, when designed with care and strategy, a monolithic architecture can not only be efficient but also 'glorious.' This session aims to dismantle the myths surrounding monolithic applications and provide advice for building a robust, maintainable and scalable monolith.

We will look at various aspects of monolithic architecture, such as defining contexts, organizing the code, structuring your application for developer ergonomics, synchronous and asynchronous communication between contexts, minimizing boilerplate code, effective data separation, testing and implementing useful architectural patterns.

Through practical examples in code and advice you will get an overview of key principles for creating a high-quality modular monolithic application that is a joy to work with.

Are you a developer or an architect who want to see how you can build monoliths, learn why you absolutely should, and still enjoy your work? Then this session is for you.

Let's build that glorious monolith - The Art of Monolithic Application Design

Monoliths often get a bad rap. However, when designed with care and strategy, a monolithic architecture can not only be efficient but also 'glorious.' This workshop aims to dismantle the myths surrounding monolithic applications and provide practical insights into building a robust, maintainable and scalable monolith. Through both theoretical knowledge and hands-on practice, participants will learn key principles of creating a high-quality monolithic application that is a joy to work with.

## What you will learn and do

During the workshop, we will look at various aspects of monolithic architecture, such as defining contexts, organizing the code, structuring your application for developer ergonomics, synchronous and asynchronous communication between contexts, minimizing boilerplate code, effective data separation, testing and implementing useful architectural patterns.

Participants will have the opportunity to apply these concepts in real-time, as we collectively build a monolithic application from scratch. The session will also cover strategies for maintaining a monolith's integrity over time and, if necessary, transitioning parts of the monolith into separate services.

## Who is this workshop for?

This hand-on workshop is designed for developers and architects who want to explore the full potential of monolithic architecture. Whether you are building a new application or looking to improve an existing one, "Let's Build That Glorious Monolith" teaches you a monolithic design that will let you enjoy a calm and pleasant life.

## Practical requirements

The workshop will be using C# and .NET for the hands-on coding, but the principles are applicable in many languages and frameworks. Some familiarity with C# and .NET is helpful for following along with the examples and labs.

Participants are expected to bring their own laptop with the latest version of .NET and a suitable editor. Some of the labs require having Docker installed and working.

This is a two-day, interactive workshop with hands-on labs. Can also be adapted to a one-day workshop, usually with less hands-on labs

Ditch your Backlog and Shape Up your product development

In this talk, we look at the Shape Up methodology, a project management approach, or more correctly, a risk management technique, developed by Basecamp. We'll be focusing on its application in a real-world startup environment, drawing from two years of experience in implementing Shape Up. You'll get an overview of how this method contrasts with traditional project management techniques, particularly in terms of team organization and project execution. We will talk about our transition away from the traditional backlog system to embracing six-week work cycles and a project 'betting table', which has brought notable changes in our approach to task prioritization and execution.

Our journey with Shape Up has given us several advantages, especially in moving away from exhaustive and often overwhelming backlogs. Another key aspect of our experience has been the shift from using time estimates over to implementing time budgets.

While the approach has helped with our focus and with managing the uncertainties inherent in product development, it has not been without trade-offs. The talk will provide attendees with real-life examples and actionable insights, aiming to show how the Shape Up methodology can be effectively adapted in various organizational contexts and what challenges you can face. Whether you are part of a startup or a larger company, the session will offer valuable perspectives on balancing structure with flexibility in project management.

Building that glorious monolith. And carving it too.

To microservice or not to microservice, is that really the question? I'd argue that the best way to start a project is by building a monolith. It will give you better results, faster, than running down the microservice path right off the bat. But we've all heard the horror stories from the big ball of mud monolith that slows all development to a crawl. It doesn't have to be that way. There are some well-established patterns and practices that help us build glorious monoliths, where the code is not a big ball of mud or stale and sticky spagetti.

I'll talk about how we've used techniques like Domain Driven Design, eventing, and API design for keeping our monolith ordered and easy to navigate. Keeping the complexity manageable and our development speed fast.

And we'll show you how to carve out the pieces you need, when you need it, to another service - with a minimum of work.

Awesome Azure Authentication Adventures

You have some web applications and some services deploying to Azure, and you want all the communication to be authenticated and secure. Both from your users and between the different services and from the service to the databases. And without passing usernames and passwords in connection strings and application settings.

Turns out, Azure Active Directory is great at this, but it's not always easy to get it right. We'll go through user authentication, forwarding credentials, asking for consent, securing your APIs, service to service communication, managed identities and database authentication. All of it! How does it work and how can you get secure right away.

Keep your nose out of it. Denying yourself access to production

In today's world of personal data, privacy concerns, malware and just plain bad luck, having access to a production system and production data is simply a Bad Idea. And not just for yourself, but every one. The developers, the database admin, the operations team - none of them should have access to production.

So how can we do that, and at the same time maintain our high rate of releases, our agility and our sanity?

Glenn will go though some principles to follow and also show you in practice how you can create your environment, lock it down and update it, all without human intervention. He will also show you how you can monitor the environment for unauthorized changes. How you can have "emergency hatches" for when you really need access, but in a controlled fashion. Examples will be for Microsoft Azure, but the principles are universal.

In short, if you want to keep your production environment and production data at an arms length, but still so what you need when you need it, this is your session.

That just happened! A look at event-based serverless computing

Distributed applications are now the norm. Distributed across services, servers, across data centers, and across clouds. On different platforms and by different teams.

How do we connect all of these? It turns out that events are a good tool for this. Instead of tight coupling directly between your services, opt for a loose and flexible event based architecture. We'll also connect this further up the stack to functions and lambdas and see how "serverless" computing can be a powerful companion to events, enabling us to create powerful applications very quickly and with a minimum of ceremony. If you want to rapidly build a robust and scalable event-based backend, this session is for you. Glenn will teach you the concepts you need and show you how to put them into practice.

Living on the Edge - putting a bit of the cloud in very small boxes

Internet of Things - this overloaded term that can mean almost anything and nothing at the same time. But still, we're no longer confined to just PCs and servers anymore. There's lots and lots of new devices and opportunities. And your code and run on all of these things.

Azure IoT Edge is a service that enables you to easily deploy your own code to thousands of devices, move intelligence from the cloud and down to the device, including machine learning and analytics. All of this on devices smaller than a Raspberry PI. Having this power at the edge, locally, enables many common IoT scenarios.

We'll look at not only what you can do, but how you can do it. Coming home, you'll have a clear understanding of how IoT Edge can help you and where you can get started.

Why should you care about edge computing?

Recent technologies are enabling a host of new scenarios for doing data collection and analytics much closer to the source, at the "edge" so to speak.

How can using Artificial Intelligence in a cheap device the size of a matchbox change the way you do things? What kind of scenarios does this open up for business owners, enabling new opportunities for you and your company? What are the actual benefits for connecting the cloud and the edge in this way?

I'll give you some examples and demonstrate how Edge Computing can enable new scenarios and new business.

Developing privacy

In this day and age, privacy is important to our customers, and it should be important to you as well! In some cases, you're legally obligated to ensure your user's privacy and to protect their information, but it's increasingly becoming The Right Thing To Do (tm) as well. So how do we do it? Which traps lie in these waters? How do we, as developers, build solutions that protect our users from the start and all the way into the core of our applications. We'll go through patterns and techniques you can directly apply in your work, we'll talk about questions you should be asking your business and help you make privacy a feature of your system and not an afterthought. Without making your life needlessly difficult.

Why your company needs an internal API and what you should do about it

A problem for many companies is that their information and processes is locked down in various software systems. Integrations are hard, often duplicated and multiplied by the number of systems. Changing core systems directly is slow, costly and hard. The complexity increases exponentially and slows the rate of innovation.

Creating a company service platform on top of these core systems can allow for a simpler and faster way of innovating and experimenting. How do we ascend to this Nirvana? By good old-fashioned development. By doing the hard work only once and building services that exposes more and more parts of the internal systems and processes. I’ll show you the why and the how, enabling you to create a robust, scalable and secure service platform for your business.

Where do you want to go tomorrow?

Are you in the place you want to be? Are you moving into unknown territory or thinking about stepping up, but you don't really know how?

We'll talk about the different roles a developer can, and probably will, have in a lifetime, how to handle them, how to prevent some of them and how to get to the ones you want faster. In short, how to manage your career like a proper project and not just wing it all the time.

I'll claim to have picked up some insight in a few different roles, warn you against some of my stupid mistakes and share some experiences I've seen others have. All in all you should get some inspiration and tools to help you decide where to go and how to get there.

Code is for humans, not for machines

The elegance and efficiency of your application lie not just in its execution, but in its readability and maintainability. Let's explore the dual nature of coding - creating code that is understandable for humans and structuring data that is efficiently interpretable by machines.

Throughout this talk, let's explore together some key principles of writing flowing and understandable code, going beyond just dogmatically following some clean code principles of variable naming and linter rules. Let's navigate through the intricacies of code writing, from the overarching architecture down to the minute details. We'll examine effective strategies for expressing complex ideas in code, allowing your to communicate intent and meaning to your fellow developer. Let's learn to think of coding as both a technical and a communicative skill.