Slide 1

Slide 1 text

Hibri Marzook 1

Slide 2

Slide 2 text

2 Helps teams deliver ideas and technology. Likes the challenge of using Public Cloud and Continuous Delivery to help teams deliver at a sustainable pace. @hibri www.hibri.net

Slide 3

Slide 3 text

How do we know what’s going on our Azure estate? 1 Which team takes care of Azure? 2 How do we have control over Azure usage? 3 How do we make it easy for our engineers to use Azure? 4 We are in a regulated industry. Can we trust it? 5 How do I install Azure? 6 3

Slide 4

Slide 4 text

The NIST Definition of Public Cloud Computing 800-145 01 On-demand self-service 02 Broad network access 03 Resource pooling 04 Rapid elasticity 05 Measured/ Metered service 4

Slide 5

Slide 5 text

Accelerate: State of DevOps 2019 5

Slide 6

Slide 6 text

6

Slide 7

Slide 7 text

https://www.flickr.com/photos/liverpoolhls/ “A Walking Skeleton is a tiny implementation of the system that performs a small end-to-end function. It need not use the final architecture, but it should link together the main architectural components. The architecture and the functionality can then evolve in parallel” Alistair Cockburn 7

Slide 8

Slide 8 text

8

Slide 9

Slide 9 text

9

Slide 10

Slide 10 text

10

Slide 11

Slide 11 text

11 Use the Walking Skeleton to validate that you can use Azure in your organisation

Slide 12

Slide 12 text

12 ● Deal with risk incrementally rather than in one go ● Flag up heavyweight design reviews and manual approvals early

Slide 13

Slide 13 text

13

Slide 14

Slide 14 text

Large Enterprises tend to fear things they can’t control and default to IaaS in the cloud 14

Slide 15

Slide 15 text

15

Slide 16

Slide 16 text

16

Slide 17

Slide 17 text

https://blogs.msdn.microsoft.com/azuresecurity/2016/04/18/what-does-shared-responsibility-in-the-cloud-mean/ 17 Understand the Azure Shared Responsibility Model

Slide 18

Slide 18 text

18

Slide 19

Slide 19 text

An evolutionary architecture supports guided, incremental change across multiple dimensions Ford N, Parsons R, and Kua P (2017) - Building Evolutionary Architectures, O’Reilly Press 19

Slide 20

Slide 20 text

An architectural fitness function provides an objective integrity assessment of some architectural characteristic(s) Ford N, Parsons R, and Kua P (2017) - Building Evolutionary Architectures, O’Reilly Press 20

Slide 21

Slide 21 text

Azure Policy Azure Monitor 21

Slide 22

Slide 22 text

● Allows teams to use Azure resources as long as they don’t break the policy ● Don’t need to rely only on build time controls ● Allows iteration towards a compliant solution, without intervention from a central authority 22

Slide 23

Slide 23 text

● Use Log Analytics to query across all resources ● Identify services that are non-performant ● Query resource attributes to find bad patterns 23

Slide 24

Slide 24 text

https://cloudblogs.microsoft.com/industry-blog/en-gb/technetuk/2019/04/12/what-are-azure-blueprints/ 24

Slide 25

Slide 25 text

25

Slide 26

Slide 26 text

Conway’s Law “Organisations which design systems are constrained to produce designs which are copies of the communication structures of these organisations” Melvin Conway 26

Slide 27

Slide 27 text

27 ● Self organising teams focussing on customer problems, aligned with the company goals and vision ● Enable teams to have autonomy and responsibility ● Help teams reduce their blast radius ● Don’t copy the org chart to Azure

Slide 28

Slide 28 text

28

Slide 29

Slide 29 text

29

Slide 30

Slide 30 text

30

Slide 31

Slide 31 text

● Architectural layers should allow teams who own each layer to iterate independently ● Layers at the bottom provide a service to layers above 31

Slide 32

Slide 32 text

32

Slide 33

Slide 33 text

● Demonstrate security best practices early to win trust ● Use RBAC ● Access with least privilege ● Don’t use God accounts to make things just work 33

Slide 34

Slide 34 text

● Use service principals and managed identities from day one ● Add users to Groups ● Assign Azure AD Groups to roles ● Avoid God accounts for automation 34

Slide 35

Slide 35 text

35

Slide 36

Slide 36 text

36

Slide 37

Slide 37 text

Empathise with product teams and users Build with a product that has real users, and has real business value 37

Slide 38

Slide 38 text

Continuously validate the platform Is it fit for purpose? 38

Slide 39

Slide 39 text

39

Slide 40

Slide 40 text

● Devs who build on the platform ● Devs who build the platform 40

Slide 41

Slide 41 text

Developers will find a workaround to help them deliver Make it easier for devs to do the right thing, safely 41

Slide 42

Slide 42 text

● Don’t lock developers out of the Azure portal ● Provide sandboxes for devs to play around with ● Read only access to production environments ● Access to metrics and alerts ● Allow teams to make their own dashboards 42

Slide 43

Slide 43 text

● Turn on diagnostics early ● Show devs the debugging options in Azure, if not you’ll have to resolve every issue 43

Slide 44

Slide 44 text

44

Slide 45

Slide 45 text

45

Slide 46

Slide 46 text

46

Slide 47

Slide 47 text

47

Slide 48

Slide 48 text

48

Slide 49

Slide 49 text

49

Slide 50

Slide 50 text

50

Slide 51

Slide 51 text

51

Slide 52

Slide 52 text

52

Slide 53

Slide 53 text

53

Slide 54

Slide 54 text

54

Slide 55

Slide 55 text

55

Slide 56

Slide 56 text

56

Slide 57

Slide 57 text

1. Show what’s been built, not diagrams. It’s easier to address concerns with a working system 2. Weekly/fortnightly technology and architectural sessions 57

Slide 58

Slide 58 text

1. Do regular demos, show and tells to other teams/departments 2. Do take time to document 3. Do Azure Certs together 58

Slide 59

Slide 59 text

59

Slide 60

Slide 60 text

60

Slide 61

Slide 61 text

61

Slide 62

Slide 62 text

62

Slide 63

Slide 63 text

63

Slide 64

Slide 64 text

64

Slide 65

Slide 65 text

65 1. Build the Walking Skeleton first 2. Adopt a PaaS first approach 3. Adopt Evolutionary Architecture practices 4. Be aware of Conway’s Law 5. Build in trust 6. Build together 7. Make the developer experience awesome 8. Adopt CI/CD 9. Build in Operability 10. Build an internal Azure community of practice

Slide 66

Slide 66 text

66

Slide 67

Slide 67 text

Atlanta contino.io continohq contino London New York Melbourne Sydney 67