Azure Architect @ Xpirit, Author of 'Azure Infrastructure as Code'
Assen, The Netherlands
Erwin Staal is an Azure Architect and DevOps consultant working for Xpirit in the Netherlands. Helping companies deliver their software to customers using DevOps practices and cloud-native architectures is what he loves to do. He believes in the power of both the monolith and microservices and prefers to run his workload on the Azure Cloud and/or Kubernetes.
Besides the work he does for the customers of Xpirit, he has a passion for sharing knowledge. He is one of the authors of 'Azure Infrastructure as Code' (https://www.manning.com/books/azure-infrastructure-as-code), occasionally writes a blog, and is an international speaker at conferences.
Area of Expertise
DevOps has improved the speed of software development, but organizations still face the challenge of providing an efficient and secure infrastructure for teams while balancing agility, security, and compliance. To address this, Azure Deployment Environments is a new service that provides project-based templates to quickly spin up app infrastructure while maximizing security, compliance, and cost-efficiency. By defining environment types, organizations can make it easy for developers to deploy environments with the right services, resources, and policies applied. Azure Deployment Environments integrates with established CI/CD pipelines, making it easy to see how code changes impact app performance. This session will provide a demo of the features and setup of Azure Deployment Environments.
On Azure, three of the most obvious choices for Infrastructure as Code are Bicep, Terraform, and Pulumi. Bicep is Microsofts own domain-specific language, whereas Terraform is the open-source tool being cloud agnostic. Where Bicep and Terraform both have their own language, Pulumi allows you to write your Infrastructure as Code using your favorite language like C#, Python, or Go. In this session, we will discover where they are similar and where they are not and see their pros and cons. We will look at the ecosystems for these tools to see how well they integrate with other tools like security scanners and CI/CD pipelines. At the end of this talk, you can make a well-founded decision on which tool to use in your next project!
Landscaping is the art and craft of growing plants to create beauty within your garden. Don't worry; you won't get your hands dirty during this talk! However, we will discover how Terraform can help you create a perfectly crafted infrastructure landscape. We will cover the basics of Terraform, look at the language specifics, and cover what Terraform state is and how to store that securely. We will review the typical developer workflow, see the plan and apply commands in action. A pipeline will be put in place to automatically deploy infrastructure changes to your environments and ensure they are repeatable, reliable, and traceable. While most other Infrastructure as Code tools focus on a single cloud vendor, Terraform allows you to configure many more systems. You will see how Terraform can be used beyond cloud providers by, for example, also configuring your DNS provider or on-call system.
When your Azure environment is relatively small, it is straightforward to keep track of what resources you have running in Azure and make sure that your solution is secure, compliant, and cost-effective. When your cloud workload gets bigger, and you have a lot of subscriptions and multiple management groups, that is much harder to do. Luckily, Azure has a built-in feature called Azure Policy that can help you govern your Azure resources. But how do we implement policies, guarantee compliance and security, without decreasing developer agility? This session will teach you how to deploy policies using Infrastructure as Code. You will see how to use the built-in policies and how to create your own. We will look at all the different effects that a policy can have and which should be used when. You will learn how to assign policies on different scopes and finally how to review the compliance status. All with the goal to enforce security, being compliant, monitoring that continuously, and keep costs at bay.
This session will start with a quick overview of multi-tenancy in general. What options do we have and what are the pros and cons to each of them? We will then focus on multi-tenancy on the database level and talk about the core set of considerations you should take into account as you decide on the approach: security, maintainability, and scalability. I will take you through how to set up a database-per-tenant architecture and application using .NET Core and Azure SQL Database. We will discuss how to manage the infrastructure, how to add a new tenant and therefore a new database, connect to a specific database, do cross-database reporting, and more.
Ever used SQL-server in Azure? If you did, you probably added your IP address to the firewall whitelist to be able to access it from your dev machine. You checked the ‘allow azure services checkbox’ which allows a web app, for example, to access your database. I believe in the layered security model, where we add different layers on top of each other to strengthen our security. By enabling that ‘allow...’ checkbox we just peeled off one important layer of security. All a hacker needs to get your data is a service on Azure and a leaked password.
In this session, I will show you how to add additional security layers using virtual networks, Azure Private Endpoints, Service endpoints, VPN connections, and more. I will tell you how to get started and what limitations you can expect for all of these services. You see me build a demo in which we lock down a database and API and let a front-end application securely access that.
With Continuous Delivery and DevOps, we strive to deliver features on-demand, any time we want. This allows us to quickly respond to change in the market and respond to any issues we might face in production. In addition to the changes that this entails in the organization, we will also have to adjust our systems' architecture. We will have to design our systems so that we can easily replace parts without having downtime. In this session, we will discuss several architectural concepts and patterns that enable continuous delivery. We will discuss application design and microservices, branch by abstraction, Canary releases, and Dark Launching. I will show you how real-time telemetry and cloud technologies can help us to gradually roll out our changes to our users in a fast and reliable way.
Over the last twenty years, there have been major changes in both the technologies we use and how we build software to improve the quality, accuracy, and speed of delivering software. This session will be a mix of theory and concrete examples to get you started on your Continuous Delivery and DevOps journey today! I will share with you what practices and tools I have implemented and used with various customers. You will hear what I learned from working for both enterprises and small companies in the cloud and on-premises. We will cover code reviews, continuous integration, infrastructure as code, database deployments, separating release from deployment using feature toggles, and much more to help you continuously deliver your applications, brown- or greenfield, to end-users.
Event-driven, serverless architectures are a hot topic in today’s cloud-native application development. To take full advantage of the serverless benefits of event-driven, your application needs to scale and react to those events instantly. It needs to be able to scale from zero to potentially thousands of instances. KEDA is an open-sourced component that provides event-driven autoscaling for your Kubernetes workloads.
In this demo-filled session, we will start with a quick introduction to Kubernetes to ensure everyone is on board and see where KEDA fits in. KEDA can run on any Kubernetes cluster as shown in various demos: using KEDA on Kubernetes in Azure, on your local development machine, and on the new Azure Container Apps that have KEDA built-in. We will use various types of applications ranging from simple console apps, and web apps to Azure Functions to show that KEDA can scale any container. You will then see how you can deploy these applications and scale that to thousands of instances based on events.
What is the main purpose of DevOps teams? Delivering value for the business! That means these DevOps teams should not worry about the most basic infrastructure they need to run their workloads in Azure. In this comprehensive technical deep dive, we explore the core elements of designing a robust foundation on Azure. We'll start by demystifying Azure Landing Zones, emphasizing their role as the foundation for secure and compliant cloud adoption. Attendees will learn to tailor these environments to suit their organization's needs.
We delve into the Hub and Spoke architecture, showcasing its capacity to build scalable, resilient, and manageable Azure networks. Azure Virtual WAN will be at the heart of this Hub and Spoke architecture, and thus, we will reveal its role in connecting spokes with on-premises networks, branch offices, and Azure regions. Attendees will discover how Azure Virtual WAN streamlines connectivity, simplifies management, and bolsters network security.
By the end of this session, attendees will be equipped with the knowledge and insights needed to craft efficient network architectures and leverage Landing Zones to build a solid foundation in Azure.
In today's data-driven world, organizations face the challenge of harnessing vast amounts of data to gain insights and make informed decisions. Azure offers a robust suite of tools and services to build a modern data platform that can address these challenges effectively.
This talk will delve into practical strategies and the architectural principles for governing and managing data in a decentralized data environment. The goal is to balance decentralization, data quality, and self-service while imposing necessary constraints.
Throughout this session, we will tackle essential questions and considerations. We will explore how to enhance the quality of shared data by implementing constraints that remain adaptable to the needs of various data teams. Additionally, we will delve into effective approaches for handling data ownership, access controls, and security across diverse data domains. Recommendations for managing metadata will also be addressed, alongside strategies to tailor the level of flexibility and ownership for data teams based on their experience and readiness.
To illustrate these concepts, we will draw upon a real-world data platform example at Enza Zaden ( https://www.enzazaden.com/). Through this case study, we will highlight successful strategies and best practices for navigating the inherent complexity of a decentralized data platform architecture. This presentation aims to equip you with practical insights and actionable steps, enabling you to create a robust data platform.
As organizations migrate their infrastructure to the cloud, understanding the fundamentals of networking in Azure is crucial for architects, developers, and IT professionals. The ones who grasp the fundamentals of networking in Azure are better equipped to create high-performing, secure, and scalable applications while reducing operational risks and costs. This knowledge is invaluable in the cloud-centric era, where networking is vital to the success of applications and services.
This session comprehensively explores Azure's essential networking concepts and tools, catering to beginners and those looking to deepen their knowledge.
Participants will embark on a journey that starts with an introduction to Azure's global network infrastructure, regions, and availability zones, ensuring a foundational understanding of high availability and redundancy. The session covers key components, such as Virtual Networks, Private Endpoints, and routing. Participants will also gain insights into load balancing techniques, hybrid networking solutions using Azure Virtual WAN, and securing networks using the Azure Firewall. Since there is truth in the infamous meme “It’s always DNS.”, we need to talk about DNS management. This talk will empower participants to design, deploy, and manage robust Azure network architectures effectively.
DotNetFriday User group
Azure Architect @ Xpirit, Author of 'Azure Infrastructure as Code'
Assen, The Netherlands