Loek Duys

Information & Communications Technology

Azure Azure Service Fabric Application Security Cloud Architecture Open Source Software Community Engagement Containers Continous Delivery Developers Cloud & Infrastructure Intelligent Applications DevOps & Automation microservices Microsoft

Amsterdam, North Holland, Netherlands

Loek Duys

Cloud Architect

I am a Cloud Architect at Xpirit and a Microsoft Azure MVP, helping companies modernize their IT all the way; Cloud strategy, DevOps practices, and Continuous Delivery. I spend most of my days helping teams by providing hands-on assistance, solving problems and delivering technical training.
A couple of times per year, I like to speak at international conferences or to provide workshops.
By being a consultant, international speaker, trainer, active contributor to open-source projects, and forum participant, I love to share knowledge with the community.

Some of my recent public speaking & workshop engagements:
- NDC Oslo
- DevConf Krakow
- ESPC Prague
- Container Days Hamburg
- DevDays Europe Vilnius
- DevOps Pro Moscow

Want to know more? Send me a message on Twitter: @LDuys

Current sessions

Doing Kubernetes DevOps style

This training introduces you to Docker and container technology for DevOps teams. We will show you how to apply DevOps practices to cloud-based container solutions, complete with hands-on exercises using Kubernetes. The training uses Microsoft tooling and technology, but the skills you will learn can be applied in any technology stack.

This workshop contains hands-on labs to help you gain practical experience with the following topics:
- Getting started with containers and Docker
- Working with Kubernetes
- Azure DevOps pipelines
- Canary releases and A/B testing using Istio service mesh

Objectives:
- Get hands-on experience supporting DevOps practices with available tools.
- Understand the implications for DevOps teams to build, deploy and run container based solutions in a cloud environment.
- Practice finding and fixing bugs without downtime

Target audience:
This training is intended for developers and architects that want to learn about DevOps practices and tooling for a cloud-based Kubernetes solution.

This workshop is divided in two parts with separate labs and allows you to start at any point given your experience. The first part introduces you to container technology and tooling with .NET Core. The second part covers container clusters and meshes using Kubernetes and Istio. Throughout the workshop you will gradually improve your DevOps skills for container based solutions.

All courseware is on Github, so you can both prepare for the workshop ahead of time and finish the workshop from home if you are unable to finish the labs during the workshop.


Building a modern customer identity platform

Fictional company X has been running a successful SaaS health care platform 'X Cares' for years. This platform allows their customers (patients and pharmacists), to manage medications. Business is booming, and the ambition is to add more services to their offering and grow the customer base. To do that, they need a new way to allow everyone seamless access to the system.

Patients request the ability to use existing accounts to access the platform. Pharmacists want to use existing health care identities. X-employees wish to use their corporate accounts to log in as administrators. Finally, everyone wants single sign-on access. The problem is that currently, user accounts are stored inside the 'X Cares'.

So, how can X change their platform to meet these new demands? By moving customer accounts into a dedicated Identity Provider. This way, accounts can be used by multiple services. Adding connections with External Identity Providers allows the use of existing external accounts. By leveraging Azure Active Directory and AAD B2C, they can create an 'Authentication Hub' to help solve these challenges.

In this talk, I will explain the Authentication Hub concept. I will talk about building a customized sign-in experience, transparent account migration, federations with other Identity Providers, and how to create a CI/CD pipeline to bring all of it into production.

Target audience: Software Developers, Software Architects, IT administrators


Running a DevOps style production Docker cluster using the Microsoft platform

Getting your .NET Core application to run in a Docker cluster is only the beginning of a journey. It takes more to build and run your application in Azure using DevOps practices. In this session I will show you how we created a mission critical .NET Core application in a Kubernetes cluster in Azure using Visual Studio 2019 and the Azure DevOps platform. You will learn how to design your .NET application architecture to run on Azure, which software patterns to implement for environment flexibility, how to build Continuous Integration and Deployment pipelines for zero-downtime, provision your Infrastructure declaratively using ARM templates and what to do to integrate metrics and instrumentation in your application for real-time monitoring. I will share our lessons learned, so you can get a jump-start running your own application in a similar way.


Running a real world, mission-critical system on Azure

Deploying a single container to the Azure cloud is easy; running a mission-critical system is not. To run your ever-changing software reliably, you’ll need to think ahead about a range of things. For example, controlled deployment and testing of not only software but infrastructure as well. How can you use redundancy and cut dependencies to make both infrastructure and software resilient to failure? What do you do to monitor system health? And how do you protect your application's secrets?

In this talk 'from-the-trenches', I'll show you what you need to know, using Azure Kubernetes Service, Azure SQL, Application Insights, and more. I'll explain how we chose to do it, what went wrong and how we fixed it.

Target audience: Cloud software developers, architects


Secure Software on Azure Kubernetes Service

By applying some essential security measures, you can make your Azure Kubernetes Service solution a much harder target for hackers. But how do you do that, while still deploying to production multiple times a day?
You can do this by embedding application security into your development process. For example, you model threats your application may face and add countermeasures up front. And inside the delivery pipeline, you monitor your repository for vulnerabilities. But there's more! In this talk, I'll show you what you need to know.


Doing Docker DevOps Style

This training introduces you to Docker and container technology for DevOps teams. We will show you how to apply DevOps practices to cloud-based container solutions, complete with hands-on exercises using Kubernetes. The training uses Microsoft tooling and technology, but the skills you will learn can be applied in any technology stack. After the workshop you will be able to do Docker DevOps style.

Pick on or more of your favorite topics below and get some hands-on experience:
- Getting started with Containers and Docker
- Working with Kubernetes
- Azure DevOps pipelines
- Introduction to Istio (Service Mesh)
- Testing in production

Objectives:
- Get hands-on experience supporting DevOps practices with available tools.
- Understand the implications for DevOps teams to build, deploy and run container based solutions in a cloud environment.
- Practice finding and fixing bugs without downtime

Target audience:
This training is intended for developers and architects that want to learn about DevOps practices and tooling for a cloud-based Kubernetes solution.

All courseware is on Github, so you can both prepare for, and finish the workshop from home if you like.


Securing the Software Supply Chain, the practical approach; What could possibly go wrong?

With the move to a DevOps world, the way we develop, test, patch, and release our software has significantly changed. It has become a lot more complex!
When developing an application, you will likely include many third-party libraries, define configuration secrets, rely on public docker images and use CI/CD pipelines. All of these, are part of your 'software supply chain'. However, this supply chain can be used as an attack vector.

During the entire application-lifecycle, your team needs to ensure not to introduce any vulnerabilities. What would happen if your application used a compromised third party library? What if configuration secrets are accidentally committed to the repository? It's also not uncommon that a docker image contains malicious functionality. And what about the used CI/CD pipeline scripts itself? Unchecked automated deployments can be dangerous. If one of the elements of the software supply chain gets compromised, your application and its data will be compromised.

In this session ‘from the trenches’, we will show a real-world microservices platform and demonstrate different ways to compromise its supply chain. By showing you the perspectives from both the attacker (compromising the supply chain) and the defender (protecting the platform), you will get a good understanding of some of the threats and mitigations.


Workshop: Doing Docker DevOps Style - Part 2/2

This training introduces you to Docker and container technology for DevOps teams. We will show you how to apply DevOps practices to cloud-based container solutions, complete with hands-on exercises. The training uses Microsoft tooling and technology, but the skills you will learn can be applied in any technology stack. After the workshop you will be able to do Docker DevOps style.

Agenda:
Big picture: DevOps with cloud-based container clusters
Accelerating your inner development loop
From development to production in record-time with confidence
Monitoring and feedback while running in production
Automated provisioning of infrastructure

Objectives:
Understand the implications for DevOps teams to build, deploy and run container based solutions in a cloud environment.
Automate everything from infrastructure to deployment
Achieve full traceability from source code to production incidents
Practice finding and fixing a bug without downtime
Get hands-on experience supporting DevOps practices with available tools
Target audience

Audience:
This training is intended for developers and architects that want to learn about the new DevOps practices and tooling for a cloud-based Microsoft solution.

Get a running start with the labs!
This workshop is specific towards Windows as the operating system for your machine. (The labs can also be done on Linux, although this can be a bit more challenging.)

You will need to have a development IDE installed. The preferred IDE is Visual Studio 2017. Alternatively, you can use Visual Studio Code, but keep in mind that the labs are tailored to Visual Studio 2017.
You are also going to need Docker Desktop and git.
For some labs, you'll need an Azure subscription. If you do not have one, you can create a free trial account at Microsoft Azure. It will require a credit card, but it will not be charged.


Deploying workloads to Kubernetes without biting your nails!

If your application has high uptime requirements, releasing new software versions into production can be very stressful. Running on Kubernetes already helps you with rolling upgrades. But, what happens if your upgraded Pod doesn't work as expected? And how do you test in production?
Fortunately, by using a Service Mesh, you can deploy and test your workloads with confidence. For instance, it enables you to manage the flow of network traffic precisely. But there is much more you can do! In this talk, I will show you a couple of ways you can build resilience into your application, and release new versions with complete control, without biting your nails. Come and find out!

Intended audience: software architects and developers


Flight 1 to The Cloud is now ready for boarding

Your company decides to move to the Cloud. Great! Company management defines a one-year transition phase and instructs the IT department to get it done.

The DevOps teams are very excited, and quickly start using the Azure Portal to deploy their infrastructure and apps into the Cloud.

Questions about best practices soon arise; how can teams get insights into their costs? How can we connect to services still running on-premises? Can we make sure our infrastructure stays secure? And how can we share resources among multiple teams? With all of the above, can DevOps teams remain autonomous?

Adding a Cloud Competence Center can help. A team that helps other teams accelerate their journey into the Cloud by providing guidance, policies and hands-on assistance.

In this talk, I will share my experiences from building a Cloud Competence Center with a large airliner. You will leave with some practical tips and tricks under your seat-belt!


Past and future events

VISUG

30 Sep 2020 - 30 Dec 2021

ContainerDays 2019

23 Jun - 25 Jun 2019
Hamburg, Germany

NDC Oslo 2019

16 Jun - 20 Jun 2019
Oslo, Norway

Intelligent Cloud Conference 2018

28 May - 29 May 2018
Copenhagen, Capital Region, Denmark