Azure Architect @ Xpirit, Author of 'Azure Infrastructure as Code'
Erwin Staal is an Azure Architect and DevOps consultant working for Xpirit in the Netherlands. Helping companies deliver their software to customers using DevOps practices and cloud-native architectures is what he loves to do. He believes in the power of both the monolith and microservices and prefers to run his workload on the Azure Cloud and/or Kubernetes.
Besides the work he does for the customers of Xpirit, he has a passion for sharing knowledge. He is one of the authors of 'Azure Infrastructure as Code' (https://www.manning.com/books/azure-infrastructure-as-code), occasionally writes a blog, and is an international speaker at conferences.
Area of Expertise
When your Azure environment is relatively small, it is straightforward to keep track of what resources you have running in Azure and make sure that your solution is secure, compliant, and cost-effective. When your cloud workload gets bigger, and you have a lot of subscriptions and multiple management groups, that is much harder to do. Luckily, Azure has a built-in feature called Azure Policy that can help you govern your Azure resources. But how do we implement policies, guarantee compliance and security, without decreasing developer agility? This session will teach you how to deploy policies using Infrastructure as Code. You will see how to use the built-in policies and how to create your own. We will look at all the different effects that a policy can have and which should be used when. You will learn how to assign policies on different scopes and finally how to review the compliance status. All with the goal to enforce security, be compliant, monitor that continuously, and keep costs at bay.
This session will start with a quick overview of multi-tenancy in general. What options do we have and what are the pros and cons to each of them? We will then focus on multi-tenancy on the database level and talk about the core set of considerations you should take into account as you decide on the approach: security, maintainability, and scalability. I will take you through how to set up a database-per-tenant architecture and application using .NET Core and Azure SQL Database. We will discuss how to manage the infrastructure, how to add a new tenant and therefore a new database, connect to a specific database, do cross-database reporting, and more.
There are multiple options in Azure to create your resources like VMs, databases or Web Apps. The Azure Resource Manager is one of them and ideal for infrastructure as code scenarios. In this session we will spend a few minutes on the basics of ARM and then quickly go into more depth on the advanced ARM-template topics! First, we will talk about how to organize your templates. As with normal code, we will try to create nicely structured and reusable templates. Linked templates can help tremendously with that so we will dive in those as well. We will look at quite some interesting template functions because they will make our templates more powerful and reusable. KeyVault comes in to play to show you how we can store our secrets or certificates there and have them available during deployment of our infrastructure. Last but not least I will show you how to use the array and object parameters to handle input in more complex scenarios and deploy your templates using Azure DevOps.
Ever used SQL-server in Azure? If you did, you probably added your IP address to the firewall whitelist to be able to access it from your dev machine. You checked the ‘allow azure services checkbox’ which allows a web app for example to access your database. I believe in the layered security model where we add different layers on top of each other to strengthen our security. By enabling that ‘allow...’ checkbox we just peeled off one important layer of security. All a hacker now needs to get your data is a service on Azure and a leaked password.
Over the last year, there were quite a few features released in Azure that help us prevent this. In this session, I will show you how you can add additional security layers using virtual networks, Azure Private Link, Service endpoints, VPN connections, and more. For all of these services, I will tell you how to get started and what limitations you can expect. You see me build a demo in which we completely lock down a database and API and let a front-end application access that securely.
Over the last twenty years, there have been major changes in both the technologies we use and how we build software to improve the quality, accuracy, and speed of delivering software. This session will be a mix of theory and concrete examples to get you started on your Continuous Delivery and DevOps journey today! I will share with you what practices and tools I have implemented and used with various customers. You will hear what I learned from working for both enterprises and small companies in the cloud and on-premises. We will cover code reviews, continuous integration, infrastructure as code, database deployments, separating release from deployment using feature toggles, and much more to help you continuously deliver your applications, brown- or greenfield, to end-users.
Event-driven, serverless architectures are a hot topic in today’s cloud-native application development. To take full advantage of the serverless benefits of event-driven, your application needs to scale and react to those events instantly. It needs to be able to scale from zero to potentially thousands of instances. KEDA is an open-sourced component that provides event-driven autoscaling for your Kubernetes workloads.
KEDA works with any container, but to enable additional serverless capabilities within Kubernetes you can pair KEDA with the Azure Functions runtime. Don't get fooled by 'Azure' in the name. Azure Functions provides a programming model that can run anywhere: in a container running on-premises, fully managed in Azure, or in any Kubernetes cluster and they can be written in many languages.
It allows application developers not to worry anymore about writing the code to connect, trigger, and pull from an event source like RabbitMQ, Kafka, or Azure Event Hubs. That’s all handled for you.
In this demo-filled session, we will start with a quick introduction to both Kubernetes and Azure Functions. You will then see how you can deploy a function and scale that to thousands of instances based on events.
With Continuous Delivery and DevOps, we strive to deliver features on-demand, any time we want. This allows us to quickly respond to change in the market and respond to any issues we might face in production. In addition to the changes that this entails in the organization, we will also have to adjust our systems' architecture. We will have to design our systems so that we can easily replace parts without having downtime. In this session, we will discuss several architectural concepts and patterns that enable continuous delivery. We will discuss application design and microservices, branch by abstraction, Canary releases, and Dark Launching. I will show you how real-time telemetry and cloud technologies can help us to gradually roll out our changes to our users in a fast and reliable way.
Serverless is a relatively new offering that is hard to miss nowadays and you’ve probably already heard a lot about it. OpenFaaS is a framework for building Serverless applications. It makes it really simple to turn anything into a serverless function that runs on Linux or Windows through Docker Swarm or Kubernetes. By using one of these orchestrators you can now run serverless functions on your own private cloud or in any public cloud such as Azure by using AKS. And since it’s based on Docker containers it doesn’t matter if you want to use Go, Java, Python, C#, Django, ASP.NET Core, or anything else. In this session I’ll introduce you to serverless and OpenFaas. We will see how simple it is to get OpenFaas up and running and deploy your first function. We will dive into a few ways to trigger your functions, look at authentication and secrets and see how we can monitor them using Open-source tooling.
Azure Architect @ Xpirit, Author of 'Azure Infrastructure as Code'