Patterns for succeeding with Azure in the Enterprise

80574e8bd66d0806b027fa03dc16dbe0?s=47 Hibri Marzook
September 24, 2019

Patterns for succeeding with Azure in the Enterprise

Patterns for a successful and sustainable Azure adoption in the Enterprise.

80574e8bd66d0806b027fa03dc16dbe0?s=128

Hibri Marzook

September 24, 2019
Tweet

Transcript

  1. Hibri Marzook 1

  2. 2 Helps teams deliver ideas and technology. Likes the challenge

    of using Public Cloud and Continuous Delivery to help teams deliver at a sustainable pace. @hibri www.hibri.net
  3. How do we know what’s going on our Azure estate?

    1 Which team takes care of Azure? 2 How do we have control over Azure usage? 3 How do we make it easy for our engineers to use Azure? 4 We are in a regulated industry. Can we trust it? 5 How do I install Azure? 6 3
  4. The NIST Definition of Public Cloud Computing 800-145 01 On-demand

    self-service 02 Broad network access 03 Resource pooling 04 Rapid elasticity 05 Measured/ Metered service 4
  5. Accelerate: State of DevOps 2019 5

  6. 6

  7. https://www.flickr.com/photos/liverpoolhls/ “A Walking Skeleton is a tiny implementation of the

    system that performs a small end-to-end function. It need not use the final architecture, but it should link together the main architectural components. The architecture and the functionality can then evolve in parallel” Alistair Cockburn 7
  8. 8

  9. 9

  10. 10

  11. 11 Use the Walking Skeleton to validate that you can

    use Azure in your organisation
  12. 12 • Deal with risk incrementally rather than in one

    go • Flag up heavyweight design reviews and manual approvals early
  13. 13

  14. Large Enterprises tend to fear things they can’t control and

    default to IaaS in the cloud 14
  15. 15

  16. 16

  17. https://blogs.msdn.microsoft.com/azuresecurity/2016/04/18/what-does-shared-responsibility-in-the-cloud-mean/ 17 Understand the Azure Shared Responsibility Model

  18. 18

  19. An evolutionary architecture supports guided, incremental change across multiple dimensions

    Ford N, Parsons R, and Kua P (2017) - Building Evolutionary Architectures, O’Reilly Press 19
  20. An architectural fitness function provides an objective integrity assessment of

    some architectural characteristic(s) Ford N, Parsons R, and Kua P (2017) - Building Evolutionary Architectures, O’Reilly Press 20
  21. Azure Policy Azure Monitor 21

  22. • Allows teams to use Azure resources as long as

    they don’t break the policy • Don’t need to rely only on build time controls • Allows iteration towards a compliant solution, without intervention from a central authority 22
  23. • Use Log Analytics to query across all resources •

    Identify services that are non-performant • Query resource attributes to find bad patterns 23
  24. https://cloudblogs.microsoft.com/industry-blog/en-gb/technetuk/2019/04/12/what-are-azure-blueprints/ 24

  25. 25

  26. Conway’s Law “Organisations which design systems are constrained to produce

    designs which are copies of the communication structures of these organisations” Melvin Conway 26
  27. 27 • Self organising teams focussing on customer problems, aligned

    with the company goals and vision • Enable teams to have autonomy and responsibility • Help teams reduce their blast radius • Don’t copy the org chart to Azure
  28. 28

  29. 29

  30. 30

  31. • Architectural layers should allow teams who own each layer

    to iterate independently • Layers at the bottom provide a service to layers above 31
  32. 32

  33. • Demonstrate security best practices early to win trust •

    Use RBAC • Access with least privilege • Don’t use God accounts to make things just work 33
  34. • Use service principals and managed identities from day one

    • Add users to Groups • Assign Azure AD Groups to roles • Avoid God accounts for automation 34
  35. 35

  36. 36

  37. Empathise with product teams and users Build with a product

    that has real users, and has real business value 37
  38. Continuously validate the platform Is it fit for purpose? 38

  39. 39

  40. • Devs who build on the platform • Devs who

    build the platform 40
  41. Developers will find a workaround to help them deliver Make

    it easier for devs to do the right thing, safely 41
  42. • Don’t lock developers out of the Azure portal •

    Provide sandboxes for devs to play around with • Read only access to production environments • Access to metrics and alerts • Allow teams to make their own dashboards 42
  43. • Turn on diagnostics early • Show devs the debugging

    options in Azure, if not you’ll have to resolve every issue 43
  44. 44

  45. 45

  46. 46

  47. 47

  48. 48

  49. 49

  50. 50

  51. 51

  52. 52

  53. 53

  54. 54

  55. 55

  56. 56

  57. 1. Show what’s been built, not diagrams. It’s easier to

    address concerns with a working system 2. Weekly/fortnightly technology and architectural sessions 57
  58. 1. Do regular demos, show and tells to other teams/departments

    2. Do take time to document 3. Do Azure Certs together 58
  59. 59

  60. 60

  61. 61

  62. 62

  63. 63

  64. 64

  65. 65 1. Build the Walking Skeleton first 2. Adopt a

    PaaS first approach 3. Adopt Evolutionary Architecture practices 4. Be aware of Conway’s Law 5. Build in trust 6. Build together 7. Make the developer experience awesome 8. Adopt CI/CD 9. Build in Operability 10. Build an internal Azure community of practice
  66. 66

  67. Atlanta contino.io continohq contino London New York Melbourne Sydney 67