I was recently a guest on the RunAsRadio podcast. This was the second time being on the show. The last time was 4 years ago. You can catch the old episode here: Terraform vs Bicep/ARM with Steve Buchanan.
This new episode is #924 and is titled: “From SysAdmin to Platform Engineer with Steve Buchanan“. On this new episode we talked about Platform Engineering and a bunch of other stuff.
Here is the description from the episode:
“Aren’t we all platform engineers? Steve Buchanan says yes!
But there’s more to it. Steve talks about the mindset of looking beyond individual products that we might have skills with and owning the entire problem of providing platforms for your organization to get work done.
The conversation dives into the many products that can help our applications function better and the challenge of making them secure and fast. Are containers the solution? Possibly!
It’s your platform; focus on the fundamentals and go further!“
I had a great time chatting with Richard and we didn’t even mention AI until 40 minutes in. haha
Today Pierre Roman (@wiredcanuck) Senior Cloud Advocate of Microsoft & myself (@buchatech) streamed “Introduction to Azure Arc enabled Kubernetes” on Learn Live. Here is what we covered in this session:
In this session, showed you how Azure Arc enabled Kubernetes clusters can help customers like Contoso to optimize and simplify their operations. Here are the Learning objectives we covered:
Describe Kubernetes, Azure Arc, and Azure Arc-enabled Kubernetes.
Connect Kubernetes clusters to Azure Arc.
Manage Azure Arc enabled Kubernetes clusters by using GitOps.
Integrate Azure Arc enabled Kubernetes cluster with Azure services like Azure Monitor and Azure Policy.
If you missed it don’t worry. 🙂 You can watch the playback on the Microsoft Developer YouTube channel here:
You can check out more Learn Live episodes on the:
I am excited to announce my 8th book is complete and is available for pre-order. I am even more excited that long-time friend and fellow Microsoft MVP John Joyner joined me on the journey of writing this book. John is one of the few people I have looked up to when coming into the MVP program. He also was like an OG showing me the ropes of being an MVP. This is John’s latest book since his last 8 years ago! Thanks again John for saying yes to being a part of this!
Microsoft Ignite 2016 with Fellow MVP’s Sam Erskine, and John Joyner.
In this book, we also had the honor of having the forward written by Thomas Maurer a former MVP and now Microsoft Azure Evangelist. This book was reviewed by fellow Microsoft MVP Adnan Hendricks and a chapter contributed by a buddy of mine Fred Limmer.
This book covers an exciting technology from Microsoft exploring Azure Arc-Enabled Kubernetes and Servers. This book is for DevOps professionals, system administrators, security professionals, cloud admins, and IT professionals that are responsible for servers or Kubernetes clusters both on-premises and in the cloud. This book covers:
Introduces the basics of hybrid, multi-cloud, and edge computing and how Azure Arc fits into that IT strategy
Teaches the fundamentals of Azure Resource Manager, setting the reader up with the knowledge needed on the technology that underpins Azure Arc
Offers insights into Azure native management tooling for managing on-premises servers and extending to other clouds
Details an end-to-end hybrid server monitoring scenario leveraging Azure Monitor and/or Azure Sentinel that is seamlessly delivered by Azure Arc
Defines a blueprint to achieve regulatory compliance with industry standards using Azure Arc, delivering Azure Policy from Azure Defender for Servers
Explores how Git and GitHub integrate with Azure Arc; delves into how GitOps is used with Azure Arc
Empowers your DevOps teams to perform tasks that typically fall under IT operations
Dives into how to best use Azure CLI with Azure Arc
You can pre-order the book and watch for its official release here:
Today I will be speaking at the Omaha Azure User Group. I will be speaking on Azure Arc enabled Kubernetes and GitOps.
I am really looking forward to this user group meeting! I will be speaking on & showing real-time the power of using Microsoft Azure Arc enabled Kubernetes and GitOps, deploying a Container app to a Google Kubernetes Engine (GKE) cluster on the Google Cloud Platform (GCP). More info on my session:
Session title: Push Code, Not Containers with Azure Arc enabled Kubernetes and GitOps
Session details: Use Azure Arc enabled Kubernetes to manage Kubernetes clusters across Google Cloud Platform and Azure without running a single Kubectl command! In this session, Steve Buchanan will take you into the world of GitOps. He will show you how to deploy applications and configuration to GKE clusters and AKS clusters from a GitHub repository. Explore how we can use this new operating model for Kubernetes and cloud-native apps to declaratively describe and ensure the state of our applications and Kubernetes environments.
I am happy to announce that my latest Pluralsight course has been published. I am extra proud of this one because it is a first on the Pluralsight platform! The course is “SAP on Azure: The Big Picture“. This is the first SAP on Azure course to land on Pluralsight.
SAP is the #1 business software in the world. SAP is used by so many companies around the world. SAP projects are some of the largest projects in IT. SAP has a huge push for customers to move to its latest version SAP’s ERP solution S/4HANA by 2025. Even though you can buy extended support for current versions there is still a preference for customers to move to the new version. With this push to move most businesses and CIO’s view this as a chance to also move to hosting SAP in the cloud.
There is a shortage of IT professionals that know SAP and know cloud such as Azure. Having SAP skills can be a game changer for anyone’s IT career. Combine SAP and Azure skills and watch your career accelerate even further.
Both Azure and SAP skills can be hard to gain without someone taking a chance placing you on one of these projects. It is not easy to break into the world of SAP and part of that reason is a lack of starter courses.
I have held various roles on several SAP on Azure projects gaining key skills in this area. My goal with this course was to bring forward a starting point for those looking to get some training and break into this area.
This course will teach you a fundamental understanding of SAP, the various cloud hosting options, and core knowledge for hosting SAP on Azure.
This course is packed with 1 hour and 29 minutes of info for those wanting to get started with running SAP on Azure.
If one of these sound familiar:
-You have skills with Azure and want to learn more about SAP
-You have skills with SAP and want to learn more about Azure
In this course, SAP on Azure: The Big Picture, you’ll learn to what it takes to host SAP on Azure. First, you’ll explore the different SAP cloud hosting options.
Next, you’ll discover why Azure is a good fit for SAP and gain an understanding of the Microsoft and SAP partnership.
Finally, you’ll learn how to learn about the different SAP components, get SAP on Azure architectural guidance, and learn the about the differences between SAP on Azure migrations compared to greenfield deployments.
When you’re finished with this course, you’ll have core skills and knowledge of hosting SAP on Azure needed to be an asset on SAP on Azure projects.
I hope you find value in this new SAP on Azure course. This new course brings me to a total of 6 courses now published on the Pluralsight platform. Be sure to follow my profile on Pluralsight so you will be notified as I release new courses! I will be releasing more courses soon!
I recently presented at the Inside Azure management event. This event was packed full of Microsoft MVP’s and community experts from around the world. The focus on the event was around Azure Management based topics with some Kubernetes, AI, and DevOps topics sprinkled in.
My session was “Azure Policy Insights & Multi-Tag demo via Azure Policy” Here is what it covered: “Azure Policy is a great tool when it comes to auditing and ensuring your cloud governance is met. In this session 9 time Microsoft Azure MVP Steve Buchanan is going to take you on a full-speed ride on the ins and outs of Azure Policy and land you with a recipe for handling a multi-tagging strategy with Azure Policy. Some of the key topics you will learn from this session include:
Overview of Azure Policy
Azure Policy Configuration best practices to meet compliance (NIST, PCI, ISO, HIPPA)
Securing Azure services: AKS / Networking / SQL / App Service
Azure Policy vs RBAC
Overview of Azure Policy Guest Configuration
Tagging and more“
The event has passed and if you didn’t make it no worries! All of the sessions have been recorded and uploaded to the Inside Azure management YouTube channel to be watched at your leisure. Here is the link to the YouTube channel where you can watch all the sessions:
The event coordinators have also set up some Youtube playlists to make it easier to find videos on the topics that pertain to you. They broke these out in the following categories: Azure Management, Artificial Intelligence in Azure, Cloud Governance, Cybersecurity, and DevOps.
Towards the end of 2019, I had the opportunity to be the sole Tech Reviewer on an Azure Azure Strategy and Implementation Guide. This is the third edition of this guide so it has really current Azure information. It was authored by former MVP and now Microsoft trainer Peter De Tender (@pdtit) and others.
This guide gives a step by step introduction to using Azure
for your cloud infrastructure. The guide also covers an overview of Azure
benefits and best practices for planning your migration, assistance with cloud
architecture and design choices, and insight on how to manage and optimize your
new cloud environment.
The best part is that this guide is free! Get your copy
here:
At Experts Live Europe 2019 I presented a session titled “Master Azure with VS Code”. This was a fun session with an engaging audience that took to twitter after the session. There was some chatter asking this session was recorded. It was not. I did note that I planned to write a blog post on this topic.
Here is that blog post and it is the first one of 2020 for me! In this post, we are going to dive into how VS code is helpful when working with Azure and many extensions I find useful when working with Azure. This post is not set to be an end-all to using VS Code with Azure but from my experience. Use this post as a starting point or a reference for expanding your use of VS Code with Azure. Also, check out the many other community experts and Microsoft MVPs for their additional knowledge plus tips and tricks on this topic.
VS Code Overview
First off if you are not using VS Code stop reading this right now, go download it and install it then come back to finish reading. 🙂 VS Code is a must-have in your toolbox and it is free! For those that are new to VS Code, it is an open-source – code editor developed by Microsoft that runs on Windows, Linux, and macOS. Here is a shortlist of the many benefits of VS Code:
Has support for hundreds of languages.
Has Integrated Terminal.
Also powerful developer tool with functionality, like IntelliSense code completion and debugging.
Includes syntax highlighting, bracket-matching, auto-indentation, box-selection, snippets, and more.
Integrates with build and scripting tools to perform common tasks making everyday workflows faster.
Has support for Git to work with source control.
Large Extension Marketplace of third-party extensions.
Note that yes, VS
Code is for the “IT Pro”. Not just developers.
Azure Extensions in VS Code
VS Code has a ton of
extensions in general. There are a number of Azure specific extensions and you
can work with Azure directly from VS Code.
If you go to the VS Code Marketplace here: https://marketplace.visualstudio.com/vscode and search on Azure you will see results for many published by Microsoft and many community based extensions for Azure. As of the time of writing this blog post, there are 93. Here is a screenshot showing some of the results:
You can also go
directly to the Azure Tools extension from Microsoft here:
In the rest of this post, I am going to share some key extensions I use with Azure. I will post the marketplace links at the end of each extension I talk about and if it is maintained by community or Microsoft.
Deploy to Azure using VS Code
It is important to
note that not all of the Azure extensions available in VS Code can be used to
deploy to Azure. Some can but most can’t here is a list of the services that
you can deploy to from extensions in VS Code.
Azure Service
Description
Azure Functions
Build and manage Azure Functions serverless apps directly in VS Code with the Azure Functions extension.
App Service
Manage
Azure resources directly in VS Code with the Azure App Service extension.
Docker
Deploy your website using a Docker container.
Azure CLI
Create,
deploy, and update a website using a terminal and the Azure CLI.
Static website
Create,
deploy, and update a static website on Azure Storage.
NOTE: This list is current at the time of
writing this blog post. This will change over time.
Azure Cloud Shell in VS Code
Cloud Shell is something you should be using with Azure to make your life easier. It is an interactive command-line shell. You are authenticated to your Azure account when you launch it, It typically runs in the browser and is used for managing Azure resources. When you launch it you can choose the shell experience that best for you, either Bash or PowerShell. With VS Code you can launch Cloud Shell directly in VS Code!
Cloud Shell is a part of the Azure
Account extension. Here are some key points on using Cloud Shell with VS
Code:
Free (storage consumed has costs.)
Launch Azure Cloud Shell directly in VS
Code.
Launch Bash, PowerShell, or Upload.
Works in the Integrated Terminal.
Azure and open-source Tooling in Cloud Shell:
Azure Tools: blobxfer Azure CLI and Azure classic CLI Azure Functions CLI AzCopy Service Fabric CLI Batch Shipyard Â
You get the following PowerShell modules in Cloud Shell: Azure Modules (Az.Accounts, Az.Compute, Az.Network, Az.Resources, Az.Storage) Azure AD Management (Preview) Exchange Online (In development) MicrosoftPowerBIMgmt SqlServer
In my day to day I do cloud foundations work helping companies with their Azure governance and management. On projects we will develop a tagging strategy. A tagging strategy is only good if it is actually used. One way to ensure that tags are used is by using Azure Policy to require tags on resource groups or resources.
In the past I have used the deny effect in an Azure Policy to require tags upon resource creation. I basically use the template as previously blogged about here: https://www.buchatech.com/2019/03/requiring-many-tags-on-resource-groups-via-azure-policy. This policy works but can be a problem because the error that is given when denied during deployment is not clear about what tags are required. Also, folks think it is a pain and slows down the provisioning process.
I set out to require tags using a different method. The idea was to use the effect append vs deny so that resources without the proper tags would be flagged as non-compliant and the policy would add the required tags with generic values. Someone from the cloud team could then go put in the proper values for the tags bringing the resources into compliance. Th end result was that the effect append does work remediating with a single tag but falls down when trying to remediate using multiple tags.
I discovered that this behavior was intended and that the append effect only supports one remediation action (i.e. one tag). On 9-20-19 Microsoft updated the modify effect so that Modify can handle multiple ‘operations’ – where each operation specifies what needs to be remediated.
Now let’s walk through using the modify effect in an Azure Policy to add multiple tags on a resource group.
You will need to start off by coding your Azure Policy definition template. There are three important parts you need to ensure you have in template. You need to have modify effect for the proper effect, roleDefinitionIds as this is the role that will be used by the managed identity set as contributor, and operations to tell Azure policy what to do when remediation out of compliance resources.
Add
the ARM template as a new policy definition in the Azure portal.
See
the following screenshot to complete your Azure policy definition.
Click for larger image
You
will then see your new Azure policy definition.
Next, you need to assign the Azure policy definition. To do this click on Assignments.
See
the following screenshot to complete your Azure policy assignment.
Click for larger image
Note
that this policy assignment will create a managed identity so that the policy
has the ability to edit tags on existing resources.
The
assignment will now be created but the evaluation has not happened so the
compliance state will be set to not started as shown in the following
screenshot.
