Principal Cloud & DevOps Architect at Devoteam M Cloud
Raised and trained as an IT Engineer, transitioned to a solution architect role (focusing on Azure infrastructure, automation, and identity). Passionate about DevOps, "security built-in, not bolted on" and "everything as code" principles. You can find my professional bio at https://no.linkedin.com/in/pazdedav and my AboutMe page at https://about.me/davidpazdera
Area of Expertise
In this blog post, I will be looking at new management and automation capabilities in Azure, which will completely replace Azure Automation and all its limitations.
Starting from patch management, through configuration and inventory management, all the way to IT process automation.
Plus, these new capabilities can be applied both to Azure-hosted as well as hybrid workloads.
Cloud adoption strategy for many organizations include a plan to become less dependent on Windows Server Active Directory (like in ‘we want to get rid of it’). This is easier said than done, because this dependency is surfaced on several levels: from AD being an identity provider for users, computers, and applications to using mature features like Group Policies for configuration management at scale.
When doing a large-scale datacenter migration to Azure, rehosting a Windows Server with an enterprise application that uses Integrated Windows Authentication doesn’t give much room to switch to a setup without AD. But how about ‘net new’ workloads running on Azure VMs? Is a traditional domain join the only way to manage their (security) configuration? Or do we have more options, ideally by applying configuration to Azure as well as non-Azure VMs?
Azure Machine Configuration (formerly called Azure Policy Guest Configuration) provides native capability to audit or configure operating system settings as code, both for machines running in Azure and hybrid Arc-enabled machines.
In this blog post, we will dive into the architecture, explain the mechanics, policy authoring experience, and emphasise some good practices when using Machine Configuration in production.
Who doesn't like Christmas cookies. We will, however, be baking something else...
There are many scenarios, where your organisation can be required to use custom VM images in Azure with apps and settings baked into it, rather than relying on "vanilla" marketplace images and coupling it with last mile configuration scripts.
We will build on top of some great content provided by other community members and Microsoft and create an automated Image Factory (like Santa's workshop) for adding enterprise applications for Azure Virtual Desktop scenario. The factory can be used for other use cases too, of course.
Main ingredients for our recipe: GitHub Actions, Bicep, PowerShell, Azure Developer CLI, Azure Image Builder... and a secret "sauce", of course :)
The code and the description will be gift-wrapped for you, so you can adopt it very quickly.
Let’s admit it: testing is hard, regardless of what types of tests you want to write and perform. At the same time, we understand the importance of this discipline and what role it plays in continuous delivery. You might be wondering if the benefits of adopting TDD outweigh the costs, how hard it can be to get started, and if you could reuse the skills, you already have.
In this session, we will explore how cloud engineers and IT Pros (like yourself) can apply TDD practices when developing infrastructure code and enhance their delivery pipeline with automated validation and testing across stages and environments.
The focus will be on a practical demonstration, so you can apply what you will learn in your own projects and deliveries "next day". The demos will highlight Azure, Bicep, PowerShell, Pester, GitHub Actions, but the knowledge can be used with a different stack as well.
Target audience: IT Engineers, DevOps Engineers
Testing is hard. Testing your Bicep code, doubly so. Until now. At least that's what BenchPress, a new Azure testing framework promises.
Let's explore together this interesting open-source project to understand: how it works; what value it brings; how it can be integrated in our CI/CD pipeline; and how it can complement existing validation options like linting, pre-flight and what-if deployment for Bicep templates and modules.
My goal is to describe an end-to-end scenario with tasks that can be easily followed and even adjusted by the audience.
In this session, we will dive into AVD Accelerator, an open-source automation solution from Microsoft that allows to accelerate AVD deployments and management through code / IaC.
The solution is modular, it uses CARML library of Bicep modules, and supports pipeline-based deployment. It exposes a large number of parameters that allows for customization and control over key properties of AVD and underlying resources.
The session will focus on practical use and demonstrating a working CI/CD pipeline (GitHub) as well as lessons learned from implementation projects.
In the world of distributed systems running in the cloud, we strive to deliver continuous value through DevOps practices and techniques. I bet you designed your application and underlying infrastructure with Well-Architected Framework in mind but how can you validate it is resilient and scalable as you expect or hope for it to be?
Let’s bring some chaos to (Azure) order! In this session, we will explore Chaos engineering, both conceptually and practically. We will expand on standard practices of validating and testing infrastructure code (Bicep) with fault injection using Chaos Studio that would be triggered from a GitHub workflow and executed automatically in a staging environment.
We will turn "what can go wrong in my production" thoughts into experiments declared as code and executed on demand, so you can find hidden flaws, learn, and improve.
In this session, we will be playing with GitHub, Azure Developer CLI (azd), Azure of course, and VS Code Dev Containers.
The goal will be to create a template GitHub repo with a custom template for 'azd' that will contain infra code, application code, ci/cd pipeline and instrumentation for enabling monitoring.
Anyone will then be able to fork this repo, update the application code to fit their needs while using Dev Containers (or even GitHub Codespaces) and use 'azd up' to provision all cloud resources, deploy the application, enable GitHub Actions workflow and turn both application and infrastructure monitoring using Azure Monitor.
In this session, we will deep dive into important concepts and practices on making an environment "production ready" in Azure. Everything from infra provisioning, deployment, and security-hardening, to monitoring, reporting, operations, and process automation with integrations to various tools (both Azure-provided and Third Party).
We will begin by introducing a semi-complex "sample application" and demonstrate each concept/practice in a practical way, "enriching the app" step by step, so at the end, we will have our application ready for production.
Let's agree that authoring Azure Resource Manager templates is a tough job. Bicep project aims to fix that.
In this practical and demo-packed session, we will be exploring Bicep's capabilities (from features that are already available in v0.1/0.2 to the roadmap and plans), and automating the key steps - build, test, deployments - using Azure DevOps and GitHub.
This session aims to demonstrate several advanced (or newly introduced) capabilities of Azure Resource Manager, including template specs, deployment scopes, policy as code (with GitHub integration) and Project Bicep (new DSL language).
The format of the session is a story from a fictious company, where two main protagonists will be working together and showcasing those advanced capabilities by addressing their (real life) challenges and using them as part of their workflow.
The session will essentially be one long demo with no PowerPoint slides.
In this session we will explore how organizations can establish a working cloud operating model in Azure that will help them keep control but also enable agility for their teams, so together they can deliver value to the business. The session is targeting DevOps and PlatformOps teams. Certain level of knowledge of Azure is expected (like Resource Manager, RBAC, Policies, Azure Monitor). We will explore some new capabilities like Azure Blueprints and Resource Graph and how can you leverage them and other essential services like Security Center, Service Health, and Log Analytics to build the model, gain insights into your day-to-day operations, collect telemetry you need, automate some key processes using serverless components and integrate your favorite tools (like Slack, GitHub, etc.). By the end of this demo-packed session we should have a working model the participants can fork from GitHub, customize to fit their needs, and apply in their environment.
For organizations that want to simplify the management and governance of complex and distributed environments across on-premises, edge and multi-cloud, Azure Arc enables deployment of Azure services anywhere and extends Azure management to any infrastructure.
In this session we will focus on Arc-enabled servers scenario. We will begin with a deep dive into the architecture of Azure Arc to understand how it works under the hood.
The main part of the session will be a series of demos that will show how to onboard your servers to Arc at scale and leverage Resource Manager policies to automatically enable capabilities like operational and security monitoring, patching, backup, guest configuration, and inventory management.
We will also explore the Jumpstart ArcBox, an easy to deploy sandbox for trying out different Arc scenarios (including Kubernetes and data services) that is suitable for prototyping and proof-of-concepts. It will allow session participants to start quickly and get all the tools and components they need.
Target audience: IT Engineers, Administrators, Ops teams
In left corner, we have the champion… Azure Automation. In right corner, we have the challenger… Azure Functions. Will this new “kid in the block” win hearts of IT Pros and cloud engineers or will they prefer to stick with its battle-tested rival? In this demo-packed session you will find out!
In this combat, a new version of Azure Functions supporting PowerShell will challenge Azure Automation, a seasoned and widely adopted service for cloud infrastructure and IT process automation. Which of these two will win more rounds (where we will look at them from various perspectives)? Will this new “kid in the block” win hearts of IT Pros and cloud engineers or will they prefer to stick with its battle-tested rival?
The session is targeting IT professionals, cloud engineers, and DevOps teams. We will compare the two services from various aspects like:
* CVS integration,
* remote debugging,
* configuration management,
* code authoring and version management,
* integration with other Azure services, your corporate * network, or even external (SaaS) services,
* pricing models,
* support for infrastructure-as-code,
* life-cycle management,
* and secrets management.
The comparison will be done using scenarios, where we will look at different architecture options and practical implementation.
The final part of the talk will demonstrate a complex scenario, where we will design, code, deploy, and manage a solution for automating an IT process using Azure Functions.
Session was originally submitted at: https://www.papercall.io/talks/152649/children/152650?xauth=4080e75b213195be5658550037d39fa5
Azure Spring Clean 2024 Upcoming
Azure Back to School 2023
Azure user group Norway User group
Mortal Combat: Azure Automation vs. Functions session
Principal Cloud & DevOps Architect at Devoteam M Cloud