2
Helps teams deliver ideas and technology.
Likes the challenge of using Public Cloud and
Continuous Delivery to help teams deliver at a sustainable
pace.
@hibri
www.hibri.net
Slide 3
Slide 3 text
How do we know what’s going on our Azure estate?
1
Which team takes care of Azure?
2
How do we have control over Azure usage?
3
How do we make it easy for our engineers to use Azure?
4
We are in a regulated industry. Can we trust it?
5
How do I install Azure?
6
3
Slide 4
Slide 4 text
The NIST Definition of Public Cloud Computing 800-145
01
On-demand
self-service
02
Broad
network
access
03
Resource
pooling
04
Rapid
elasticity
05
Measured/
Metered
service
4
Slide 5
Slide 5 text
Accelerate: State of DevOps 2019 5
Slide 6
Slide 6 text
6
Slide 7
Slide 7 text
https://www.flickr.com/photos/liverpoolhls/
“A Walking Skeleton is a tiny implementation of
the system that performs a small end-to-end
function. It need not use the final architecture,
but it should link together the main architectural
components. The architecture and the
functionality can then evolve in parallel”
Alistair Cockburn
7
Slide 8
Slide 8 text
8
Slide 9
Slide 9 text
9
Slide 10
Slide 10 text
10
Slide 11
Slide 11 text
11
Use the Walking Skeleton to
validate that you can use
Azure in your organisation
Slide 12
Slide 12 text
12
● Deal with risk incrementally rather than in
one go
● Flag up heavyweight design reviews and
manual approvals early
Slide 13
Slide 13 text
13
Slide 14
Slide 14 text
Large Enterprises tend to fear
things they can’t control and
default to IaaS in the cloud
14
Slide 15
Slide 15 text
15
Slide 16
Slide 16 text
16
Slide 17
Slide 17 text
https://blogs.msdn.microsoft.com/azuresecurity/2016/04/18/what-does-shared-responsibility-in-the-cloud-mean/
17
Understand the Azure
Shared Responsibility
Model
Slide 18
Slide 18 text
18
Slide 19
Slide 19 text
An evolutionary
architecture supports
guided, incremental
change across
multiple dimensions
Ford N, Parsons R, and Kua P (2017) - Building Evolutionary Architectures, O’Reilly Press
19
Slide 20
Slide 20 text
An architectural fitness function provides an objective
integrity assessment of some architectural
characteristic(s)
Ford N, Parsons R, and Kua P (2017) - Building Evolutionary Architectures, O’Reilly Press
20
Slide 21
Slide 21 text
Azure Policy Azure Monitor
21
Slide 22
Slide 22 text
● Allows teams to use Azure resources
as long as they don’t break the policy
● Don’t need to rely only on build time
controls
● Allows iteration towards a compliant
solution, without intervention from a
central authority
22
Slide 23
Slide 23 text
● Use Log Analytics to query across all
resources
● Identify services that are
non-performant
● Query resource attributes to find bad
patterns
23
Conway’s Law
“Organisations which design
systems are constrained to
produce designs which are
copies of the communication
structures of these
organisations”
Melvin Conway
26
Slide 27
Slide 27 text
27
● Self organising teams focussing
on customer problems, aligned
with the company goals and
vision
● Enable teams to have autonomy
and responsibility
● Help teams reduce their blast
radius
● Don’t copy the org chart to Azure
Slide 28
Slide 28 text
28
Slide 29
Slide 29 text
29
Slide 30
Slide 30 text
30
Slide 31
Slide 31 text
● Architectural layers should allow teams who own each layer to iterate
independently
● Layers at the bottom provide a service to layers above
31
Slide 32
Slide 32 text
32
Slide 33
Slide 33 text
● Demonstrate security best practices
early to win trust
● Use RBAC
● Access with least privilege
● Don’t use God accounts to make
things just work
33
Slide 34
Slide 34 text
● Use service principals and managed identities from day
one
● Add users to Groups
● Assign Azure AD Groups to roles
● Avoid God accounts for automation
34
Slide 35
Slide 35 text
35
Slide 36
Slide 36 text
36
Slide 37
Slide 37 text
Empathise with product teams and
users
Build with a product that has real users,
and has real business value
37
Slide 38
Slide 38 text
Continuously validate the platform
Is it fit for purpose?
38
Slide 39
Slide 39 text
39
Slide 40
Slide 40 text
● Devs who build on the platform
● Devs who build the platform
40
Slide 41
Slide 41 text
Developers will find a workaround to help them deliver
Make it easier for devs to do the right thing, safely
41
Slide 42
Slide 42 text
● Don’t lock developers out of the Azure portal
● Provide sandboxes for devs to play around with
● Read only access to production environments
● Access to metrics and alerts
● Allow teams to make their own dashboards
42
Slide 43
Slide 43 text
● Turn on diagnostics early
● Show devs the
debugging options in
Azure, if not you’ll have
to resolve every issue
43
Slide 44
Slide 44 text
44
Slide 45
Slide 45 text
45
Slide 46
Slide 46 text
46
Slide 47
Slide 47 text
47
Slide 48
Slide 48 text
48
Slide 49
Slide 49 text
49
Slide 50
Slide 50 text
50
Slide 51
Slide 51 text
51
Slide 52
Slide 52 text
52
Slide 53
Slide 53 text
53
Slide 54
Slide 54 text
54
Slide 55
Slide 55 text
55
Slide 56
Slide 56 text
56
Slide 57
Slide 57 text
1. Show what’s been built, not diagrams.
It’s easier to address concerns with
a working system
2. Weekly/fortnightly technology and
architectural sessions
57
Slide 58
Slide 58 text
1. Do regular demos, show and tells
to other teams/departments
2. Do take time to document
3. Do Azure Certs together
58
Slide 59
Slide 59 text
59
Slide 60
Slide 60 text
60
Slide 61
Slide 61 text
61
Slide 62
Slide 62 text
62
Slide 63
Slide 63 text
63
Slide 64
Slide 64 text
64
Slide 65
Slide 65 text
65
1. Build the Walking Skeleton first
2. Adopt a PaaS first approach
3. Adopt Evolutionary Architecture
practices
4. Be aware of Conway’s Law
5. Build in trust
6. Build together
7. Make the developer experience
awesome
8. Adopt CI/CD
9. Build in Operability
10. Build an internal Azure community
of practice
Slide 66
Slide 66 text
66
Slide 67
Slide 67 text
Atlanta
contino.io continohq contino
London New York Melbourne Sydney
67