Well it is Summer some place, but this learning curve has been going on since the summer in England where I really wanted to take some of the pre events season down time and learn something new, this has spanned a wide range of new and upcoming technologies of which some I have not even written about yet but I have been looking at I promise.
A big focus on
- Containers & Kubernetes
- Public Cloud Hyperscalers (Microsoft Azure, AWS and Google Cloud Platform)
- Infrastructure as Code & Automation
My aim for the public cloud and in particular Microsoft Azure was to get a better understanding on why? Why would some of our existing customers want or should they move to Microsoft Azure and what options do they have in doing so?
The level of education I am aiming for is around foundation learning curve that allows me to better understand in all three of the fore mentioned public cloud hyperscalers
The idea is not to sit all the certifications and become a master in any or all that would be insane, but an understanding is required to be able to have those conversations in the field with our customers and prospects.
My Azure learning started with the Ignite sessions all available online. I have to say Microsoft really do nail the production quality and the time to get this stuff online straight after they have happened. It was the first ignite on tour or at least the one in London that got me interested and although I could not attend the live show, I was able to grab the agenda.
This first write up will touch on the “Getting Started” and will focus on the session that was delivered by Frank Boucher called “Options for Building and Running Your App in the Cloud” The session touches on the options available and security as the first steps of understanding and leveraging the public cloud for what it was built for.
Franks first comment and I think this is a solid way of thinking about cloud technologies. There are no bad choices… there is no bad first step. But I will add to this the purpose and the requirement of that data and use case has to be clear. If the data is important make sure it is protected against failure.
There are always plenty of options, just get started and you can always or should always be able to move to other options or find better ways to improve your application or the purpose you are trying to achieve.
Visual Studio IDE
Modular, QA / Test very versatile and regardless of your programming language there are options. Multi-platform and also in the cloud version. Visual Studio Online
- Multi-Platform (Windows & Mac)
- Customisable workloads
- Tons of Extensions
- Live Share – Real time collaborative development!
Visual Studio Code
Lighter version of the previously mentioned IDE version. Less features but still powerful,
- GIT commands built in
- extensible and customisable
- Full support for all platforms (Linux, Mac and Windows)
Terminal & CLI
- Cloud Shell
- Azure CLI
- Azure PowerShell
Azure Resource Manager Template, this is where we meet infrastructure as code functionality where we concentrate on version control, a fast way to deploy resources in a declarative model without having to manually deploy our infrastructure.
- Architecture / Infrastructure as code
- Version Control
- Fastest Way to deploy
ARM templates might be a completely new way of looking for many infrastructure administrators, but I have to say the Microsoft Documentation in this area is amazing.
Now we know some of the tools available and there are others but I wanted to focus on the Microsoft options, I personally believe that at this point there is a strong focus on using especially when it comes to Infrastructure as code, You may want to be agnostic to where you run your deployment, for this something like Terraform from HashiCorp is a great option to achieve this across multiple platforms.
Let’s take a website as the example of what we want to consider deploying. There are many options available.
Azure Blob Static Websites
- Very low cost – Cheapest option
- Static – however although this can be HTML it can also be more complexed options using Angular and React
PaaS (Web Apps)
PaaS removed the requirement to manage the architecture at a deep level, Scaling, Backup, Disaster Recovery and other platform tasks that are now managed by the service.
- Client Side & Server Side
- PaaS Features
- Windows & Linux
- Many Languages Supported (.NET, Java, PHP, Ruby, Python… etc.)
A couple of container options when it comes to Azure
- ACI – Azure Container Instance
- AKS – Azure Kubernetes Services
There are many different use cases between the two offerings above but also some overlap. I am not going to get into the AKS or Kubernetes in general benefits and functionality but if you are looking to simply run a very small or very simple application or service then ACI is going to be a great choice there. If you require scale and deeper choices and orchestration for your containers, then AKS will be the likely choice.
What if you already have the web server already configured and working in a different location, maybe on premises for example running in VMware as a virtual machine. You don’t have time to change this, but you want to get to Azure and that’s also possible.
Veeam has the ability in the free version to Directly restore image-based backups to Azure.
Shared Image Gallery
There is also a gallery that contains different images available, different Operating Systems and versions for both Windows & Linux. Some of these images also contain application deployments also.
- Web Servers
- Development Tools
Basic Security Features
Security has to be at this stage of the project, it should not be an afterthought. Because you may start and you are the only developer / operations engineer but then you scale out and out and out. Meaning sharing security keys and passwords over messenger apps becomes a complete vulnerability in your process.
Azure Key Vault
Azure Key Vault is a cloud service for safeguarding encryption keys and application secrets for your cloud applications.
The AKV keeps or focuses on clear separation of security duties, meaning that the role attributed to security can be in charge and manage the important security aspects.
- Encryption Keys
Whilst App owners can consume and use the certificates in their applications. As well as your deployment being secured and segregated.
- Manage all of your secrets in one place
- Seamlessly move between Development, QA, and Production environments
- Update credentials in one spot and update everyone’s credentials
- Version, enable, and disable credentials as needed
- Add a credential and it’s instantly available to all Developers in a controlled manner
Managed Service Identity (MSI)
Ok, so Azure Key Vault sounds great but how do we get into it to control the security aspects that have just been mentioned. How do we authenticate into AKV?
So we need credentials to get credentials…
Your deployment is registered with Azure this can be that VM, Function or anything we mentioned in that above Deployment Options. A local endpoint is exposed but this is only accessible within your local host that allows for access to valid credentials within the key vault.
Loads more reading material at aka.ms/docAAD on Azure Active Directory.