Azure Architect @ Xpirit, Author of 'Azure Infrastructure as Code'
Erwin Staal is an Azure Architect and DevOps consultant working for Xpirit in the Netherlands. Helping companies deliver their software to customers using DevOps practices and cloud-native architectures is what he loves to do. He believes in the power of both the monolith and microservices and prefers to run his workload on the Azure Cloud and/or Kubernetes.
Besides the work he does for the customers of Xpirit, he has a passion for sharing knowledge. He is one of the authors of 'Azure Infrastructure as Code' (https://www.manning.com/books/azure-infrastructure-as-code), occasionally writes a blog, and is an international speaker at conferences.
Area of Expertise
On Azure, three of the most obvious choices for Infrastructure as Code are Bicep, Terraform, and Pulumi. Bicep is Microsofts own domain-specific language, whereas Terraform is the open-source tool being cloud agnostic. Where Bicep and Terraform both have their own language, Pulumi allows you to write your Infrastructure as Code using your favorite language like C#, Python, or Go. In this session, we will discover where they are similar and where they are not and see their pros and cons. We will look at the ecosystems for these tools to see how well they integrate with other tools like security scanners and CI/CD pipelines. At the end of this talk, you can make a well-founded decision on which tool to use in your next project!
Landscaping is the art and craft of growing plants to create beauty within your garden. Don't worry; you won't get your hands dirty during this talk! However, we will discover how Terraform can help you create a perfectly crafted infrastructure landscape. We will cover the basics of Terraform, look at the language specifics, and cover what Terraform state is and how to store that securely. We will review the typical developer workflow, see the plan and apply commands in action. A pipeline will be put in place to automatically deploy infrastructure changes to your environments and ensure they are repeatable, reliable, and traceable. While most other Infrastructure as Code tools focus on a single cloud vendor, Terraform allows you to configure many more systems. You will see how Terraform can be used beyond cloud providers by, for example, also configuring your DNS provider or on-call system.
When your Azure environment is relatively small, it is straightforward to keep track of what resources you have running in Azure and make sure that your solution is secure, compliant, and cost-effective. When your cloud workload gets bigger, and you have a lot of subscriptions and multiple management groups, that is much harder to do. Luckily, Azure has a built-in feature called Azure Policy that can help you govern your Azure resources. But how do we implement policies, guarantee compliance and security, without decreasing developer agility? This session will teach you how to deploy policies using Infrastructure as Code. You will see how to use the built-in policies and how to create your own. We will look at all the different effects that a policy can have and which should be used when. You will learn how to assign policies on different scopes and finally how to review the compliance status. All with the goal to enforce security, being compliant, monitoring that continuously, and keep costs at bay.
This session will start with a quick overview of multi-tenancy in general. What options do we have and what are the pros and cons to each of them? We will then focus on multi-tenancy on the database level and talk about the core set of considerations you should take into account as you decide on the approach: security, maintainability, and scalability. I will take you through how to set up a database-per-tenant architecture and application using .NET Core and Azure SQL Database. We will discuss how to manage the infrastructure, how to add a new tenant and therefore a new database, connect to a specific database, do cross-database reporting, and more.
Ever used SQL-server in Azure? If you did, you probably added your IP address to the firewall whitelist to be able to access it from your dev machine. You checked the ‘allow azure services checkbox’ which allows a web app for example to access your database. I believe in the layered security model where we add different layers on top of each other to strengthen our security. By enabling that ‘allow...’ checkbox we just peeled off one important layer of security. All a hacker now needs to get your data is a service on Azure and a leaked password.
Over the last year, there were quite a few features released in Azure that help us prevent this. In this session, I will show you how you can add additional security layers using virtual networks, Azure Private Link, Service endpoints, VPN connections, and more. For all of these services, I will tell you how to get started and what limitations you can expect. You see me build a demo in which we completely lock down a database and API and let a front-end application access that securely.
With Continuous Delivery and DevOps, we strive to deliver features on-demand, any time we want. This allows us to quickly respond to change in the market and respond to any issues we might face in production. In addition to the changes that this entails in the organization, we will also have to adjust our systems' architecture. We will have to design our systems so that we can easily replace parts without having downtime. In this session, we will discuss several architectural concepts and patterns that enable continuous delivery. We will discuss application design and microservices, branch by abstraction, Canary releases, and Dark Launching. I will show you how real-time telemetry and cloud technologies can help us to gradually roll out our changes to our users in a fast and reliable way.
Over the last twenty years, there have been major changes in both the technologies we use and how we build software to improve the quality, accuracy, and speed of delivering software. This session will be a mix of theory and concrete examples to get you started on your Continuous Delivery and DevOps journey today! I will share with you what practices and tools I have implemented and used with various customers. You will hear what I learned from working for both enterprises and small companies in the cloud and on-premises. We will cover code reviews, continuous integration, infrastructure as code, database deployments, separating release from deployment using feature toggles, and much more to help you continuously deliver your applications, brown- or greenfield, to end-users.
Event-driven, serverless architectures are a hot topic in today’s cloud-native application development. To take full advantage of the serverless benefits of event-driven, your application needs to scale and react to those events instantly. It needs to be able to scale from zero to potentially thousands of instances. KEDA is an open-sourced component that provides event-driven autoscaling for your Kubernetes workloads.
In this demo-filled session, we will start with a quick introduction to Kubernetes to ensure everyone is on board and see where KEDA fits in. KEDA can run on any Kubernetes cluster as shown in various demos: using KEDA on Kubernetes in Azure, on your local development machine, and on the new Azure Container Apps that have KEDA built-in. We will use various types of applications ranging from simple console apps, and web apps to Azure Functions to show that KEDA can scale any container. You will then see how you can deploy these applications and scale that to thousands of instances based on events.
NDC Oslo 2023 Upcoming
Azure Architect @ Xpirit, Author of 'Azure Infrastructure as Code'