Adopting Azure for your Organization
- November 8, 2023
- Posted by: MainInstructor
- Category: C Go Microsoft Azure SQL
Video Title: Adopting Azure for your Organization
Hey everyone in this video I want to take a little bit of a different approach than what I normally do and instead of focusing on one specific technology I want to think about the broader things we have to consider when I as an organization so my company well I want
To go and start adopting Azure so from a big picture perspective what are the things I need to think about to make this a successful adoption and not hey a few months down the line just have a huge amount of challenges that’s now really hard to fix so a little bit of upfront
Planning can really help our much much bigger strategic adoption of the cloud now I’m focusing on Azure but many of the things I’m I’m talking about would apply to any Cloud I was adopting and even to a lot of extents things on premises some things are unique to the cloud but many are
Not so if I’m thinking about well okay I want as a company to start adopting Azure the cloud I need to understand look what as a company is my strategic Direction Where are we trying to get to are we trying to get out of data centers
And just all be in the cloud are we trying to get all in on devops and all of the latest technology Stacks so what are our key drivers so we have to be able to answer the question why the cloud what is driving this and some of
The things it’s interesting to start off a conversation whether it’s for myself or a customer is I always think a little bit about well if you were wandering down the beach and you found a lamp and you rubbed the lamp and a genie po out and said you got three wishes what would
Those three wishes be with regard to your it technology can’t solve any other issues you’ve got but he said hey I’ve given you three wishes in your it Department are there particular pain points you have are there things that you wish you could do as an organization how would you answer that
Question because that might drive a lot of the okay well why are we thinking about the cloud why are we adopting the cloud what are we really trying to do and when we think about what’s driving the cloud there are some common answers to that hey I’m trying to get out of
Capital expenditure capex and I want to get to more Opex operational expenditure those monthly type bills it might be for cost savings purposes it might be for security if you think about the services in the cloud maybe eyes a company trying to embrace more Cloud Technologies maybe we just don’t have
That expertise we don’t have the right infrastructure to do a good job of that and I can get that security better by adopting the cloud providing I do it the right way maybe it’s scalability maybe it’s speed of innovation the cloud constantly has these fantastic services that shift less responsibility from me
To them as a cloud provider they’re constantly innovating at a pace that we typically just could not do ourselves so what is driving this adoption of the cloud and then what I have to think about well if I am adopting the cloud was there a compelling
Event is it I have to be out of the data center is it I’m doing a corporate um migration for something is there a merger what is the time I have to adopt the cloud and then what is the bud budget I have obviously budget is everything
Budget says well how many resources can I bring to assist with this what tooling can I use you always see those the pyramid if you can have it done fast you can have it done uh cheap you can have it done right pick two of those things
And it’s very very true so my budget will drive maybe a lot of what I can do if I have not a lot of time and I don’t have a lot of money well I’m probably going to have to take what I have on Prem for the most part
And just put it in the cloud it as the lift and shift whereas if I have a bigger budget but I’m still under a time constraint well I can bring more resources to bear I’m going to get more options available to me so that’s a big thing we need to
Understand as part of the why are we doing this do we have a dream Target stack a lot of the times we have technology debt we have Legacy systems we might use the adoption of the cloud to try and fix these things do I want to
Get all in on containers do I want to get all in on a p database like SQL Server do I want to shift to something like Cosmos DB just we need to understand what is our ideal end State and realize depending on these budget and these times you may not be able to
Get there but one of the I can certainly do is maybe initially I have to lift and shift and it’s VMS for everything but over time I could then hey I’ll move the database from running in a VM to running as a pad service hey this front end
Service that’s running as a whole bunch of VMS I can migrate that to an app service or at worst a virtual machine scale set so I can get some scalability in there so just because maybe I’m under a huge budget and time constraint initially doesn’t mean I can’t improve
Things over time because hey it’s cheaper to just move a VM to a VM typically in the short term but longer term we now I’m responsible for whole lots of things there’s a more effort involved in maintaining it there’s maybe more tooling and Services I pay for to
Keep it maintained whereas if I move to a pth service sure that effort initially to make the change might cost me more money more time but then once I’ve shifted that responsibility my ongoing total cost of ownership shrinks a lot so there’s always this Balancing Act of okay what
Do I have to pay right now and then what’s that overall longterm cost same for a database hey if I run a database in a VM sure I can probably do that a lot quicker moving it to a p service may take more time and more money initially
Then I shift a lot of the responsibility over so you’re going to have different options depending on your time and your budget you may may not get to your perfect Target stack initially but you can still have it in mind as I start to drive really what am I trying to
Do I’m going to have what a migration approach now there’s lots of tooling and I don’t want to go into tooling specifics to help you discover what you have assess what you have recommend what the end State even help you do the migration but remember this migration
Approach is going to be based a lot on what is my target what is my time and my budget you have the lift and shift to rehost for the most part just taking what I have and moving it now even if you’re doing a rehost in an Ideal World I could at
Minimum change the way I deploy the operating system to use templates and reinstall the app that at least starts to get you some of the way to making it more maintainable there’s refact factoring I start to shift things to P maybe the app maybe the database but I’m trying to shift those responsibilities
There’s re architect I’m actually moving things to Cloud native I’m changing the code of my application I can rebuild hey there’s so much I’m just going to start from really scratch and rebuild my application then it’s just completely replaced maybe there’s a sass solution now that does
The job for me so there’s different levels of this all of them the increas in time cost initially but again typically what that means is the more upfront effort I put in the less effort it is longterm and that’s I think the case for most things the other thing I have to
Understand as an organization and this is really important what are my requirements and when I think about requirements that could be regulatory I’m in maybe a payment card business there PCI maybe I have pii information maybe there’s hipper whatever that is I need to understand those maybe there’s
Data sovereignty where I’m allowed to have data maybe there’s encryption requirements and maybe I have C requirements as well I have standards that I I need to maintain I have to understand those things so before I even think about adopting the cloud I need to understand as an
Organization what my goals what are my reasons what are the constraints the budgets the time I have and that can then drive what is my Approach going to be now you’ve done that you have to pick the cloud you’ve picked aure great choice what are the first things I now
Have to think about and honestly for me the first thing that you need to be doing I I think is Skilling people have to get educated on this Cloud platform if people don’t understand what the options are well they can’t make the right decision what’s the pro what’s the
Con what’s that short-term game what’s the long-term gain how do I work with the solutions what are the responsibilities of the different solutions because sometimes you get this misunderstanding oh it’s p i don’t have to do anything it’s probably not entirely accurate there’s still things I’m responsible for
And if I don’t do them my service might initially look okay but it’s going to start to fall behind maybe a certificate expires I need to understand the services so I really want to make sure I have good Skilling in place for my organization now as part of this
Skilling I wouldn’t only think about educating for the cloud I would try and if I’m not already doing it educate on things like so yes I want to educate on Azure but I would also try and educate on things like devops infrastructure as code I want to
Try and start engraining some of the Core Concepts that going to make this a very effective embracement of the technology I want to make sure they understand well it’s consumption based so scaling and shutting things off like try and use this opportunity to ingrain some really good Concepts around it so
How do we do this we need to make the Skilling available ideally we have plans within our company of hey these are the resources this is what we recommend you might have bonuses if people go and get certifications I’ve seen companies have fun with different business Stacks they
Have competitions on how many people can get the most certifications between those you have to make sure you make time available so not just hey we have these materials but you still got to make sure you deliver all of your regular work we’re giving you no time allocate some
Learning time maybe it’s a learning day maybe it’s learning hours whatever that is to encourage them and realize what is the benefit to the person so hey we’re encouraging you we making the resources available the time available for you to go and get this certification which
Going to add more tools to your tool belt more skills for you that’s just going to make you uh even better in whatever your job currently is make sure they have environments available sandboxes so they can start playing now when they start playing you need to make sure you have really good
Policy and budgets in place because it’s easy to accidentally spend a lot of money so we’ make sure we have the right sandboxes the controls in place but that can help them start to really Embrace this so right at the start getting that Skilling available so they can start to
Understand what’s going to be involved and what the capabilities are going to look like so I I think Skilling is just a huge huge important thing now the next thing I would actually stress as an organization I think about okay the cloud is actually identity we want this Cloud identity provider now
You likely are already doing it now obviously for Azure this is an entra ID tenant but I need this Cloud identity provider an IDP that speaks Cloud that’s what’s going to enable me and again if you’re running something like Microsoft 365 well it it uses that tenant but
There might also be a whole set of third party test solutions they can use the same tenant I don’t want a ton of different identity providers it makes it hard for me to manage the identities of my users it makes it hard to secure it makes it hard for me to understand and
Correlate the signal to see if there’s maybe something bad happening I want a single Cloud identity provider that I can put all the protections around cuz one of the huge things we’ll do here is we have Technologies like conditional access and you don’t need to really fully
Understand what that is but it basically provides a barrier around every authentication every authorization you try to do and that can look at things like Risk he is there risk to the user to the signin there’s a whole bunch of other signals hey is the device healthy is it managed
Is it in a certain location does it have a certain sore tag um huge amounts of different signals to control am I going to allow that and obviously Azure ties into that you might also have your HR System and the HR systems are really interesting because again we want
As much consistent flow as possible so my HR System can not only integrate it can do the provisioning and de provisioning and update of the users I can have Dynamic groups that controls allocating things entitlement management and access packages I mean the list goes on but I want this one
Streamline process there should be one source of Truth and yes it could go by my on-prem ad as well that that can happen but I want this single identity I want to encourage password list uh I want strong authentication I want leas priv priv identity management access reviews
There’s a whole set of things I can do and don’t think of this only for the users when I think of my applications they’re going to have identities and we’ll talk about well how that can work but for my Azure resources the resource itself can have an identity so I don’t
Have to try and store secrets and weird things for cross resource utilization my devices they can have identities I can use that as part of mutual authentication there’s a whole set of important things but when I start using the cloud the identity is that First Security perimeter so I want to get
Really strong good policy around my identity because that’s going to drive everything else if my identity is weak honestly it’s very hard to then do um Quality protection on anything that identity is the first entry point we want to get really good practices and policy like additional access and using
Risk as part of that when I actually start thinking about Azure so remember Azure is actually made up this my next number so we’ll go back to the other blue I’m probably going to pick well what regions would I use now depending on where my customers
Are or where it’s going to get consumed from that will probably Drive the region so I’m just going to say for example maybe it’s uh West Us 2 East us2 remember I always want at least two because I want them a big distance apart in case there was some problem I’ll look
At they have availability zones for isolation even within the region from Power Cooling Network control plane issues so I think about leveraging those I want a big distance if there was some big natural disaster for example so we we think about what regions am I going to use now some
Companies when they start adopting the cloud will say where do I have data centers today I want to put my regions close to my data centers it’s probably not the right consideration sure during the migration and the coexistence if it’s closer I’m going to get a lower later
But bigger picture most things are fairly latency tolerant if I’m doing a data migration the difference of 20 milliseconds is not going to make a big difference whereas where is it actually being used from because my data Cent may not be in the right place maybe I’m
Adopting the cloud because I need that better scalability I need things more distributed pick regions distribute it where where it’s going to be consumed to give the end consuming user or service whatever it is the best experience so I wouldn’t super focus on where my data centers today I would be far more
Inclined to focus on where is It ultimately going to get used from I can probably handle whatever additional latency for ongoing asynchronous which means the latency doesn’t matter that much anyway replication of data the actual amount bandwidth wouldn’t change based on latency it is really just hey
Those delays in communication so I would pick my regions based on remember are there any maybe regulatory requirements data sovereignty considerations I have and then well where am I actually going to be consuming these services from that will drive where I’m going to use these and then the next thing is
Probably the biggest consideration so great we have all of these different regions we have our identity worked out I want to start using the cloud governance and you’re not wrong I still not talked about an application and we’re not going to actually for quite a long time governance is everything in the
Cloud because we are completely changing the operational model if we think about what we used to have so on premises what would happen is hey I’m a a business app so I’m an app person and I have a request I need a certain set of resources that request would go to
Operations and what operations would do is they would have that’s supposed to be a book I can’t draw they would go and check that request against the policies of the company can I I have an IP public address um is it this type of service whatever that is and assuming that was
Successful they would go and create whatever it is your VM and they would do that provision so this was your governance this operations person in the middle was performing your governance and this was all the policies that you had defined well when I shift to the today model now what’s happening obviously is
The user is provisioning it directly it’s self-service now I can have budgets to everything else but that’s part of the governance I need to control what they can do but there’s a huge scope of what I could do here and I could get myself in a lot of trouble so
What has to happen happen is the operations team they have to take these policies and protect the cloud using it so they’re going to apply policy which will enforce those standards they have to do that first so this has to happen before the users start trying to provision things so this
Is why governance is so important we’re Shifting the model there’s no human in the middle anymore to go and check oh well what is Bob asking for oh that’s a bit dumb no you can’t do that upfront work again seeing that a lot but then long term not having to get
Involved in every single request the users will have a much more efficient process but obviously that means we are having to define a lot of things in our governance now the first thing we’re going to have to Define our standards now standards refers to the naming of resources what tags I want
Which is metadata key value pairs that might identify cost center or is it environment things like that I’m going to have to define a structure so structure includes Concepts maybe there’s pair containers management groups and then I have subscriptions that can then contain resources within subscription I can Define things up into
Resource groups now what you’re going to find is the management groups are really useful for role based access control I can define those policies that must adere to different sections they get inherited down I can also have some cost budget um controls in there but the subscriptions we tend to these days
Democratize them a little bit there’s going to be some core service subscriptions you’ll see there’s probably going to be a subscription for things like my identity if I need domain controllers more that CER Ross type service in the cloud I’m going to have one for my networking hub for my express
Route connections my VW whatever that might be there might be Central management automation monitoring log analytics spaces Etc but then you’ll give subscriptions to the business teams now sometimes applications really tightly connected they might run in the same app but you do different resource groups for the apps to manage their life
Cycle or sometimes apps will just run in their own subscriptions remember subscriptions are boundaries of some networking boundaries have their own um limits for certain types of resource creation so we tend to get a lot more flexible on the subscription creation these days but the important thing is
It’s still those management groups that can assign policy to keep them within the requirements we have have within our company and then we might make certain business owners the owner of a subscription and yeah again that Resource Group is more common these days for that life
Cycle um and then as part of this obviously that structure right I have to Define What policies am I going to have in place what role-based Access Control am I going to use and a big Focus today is the idea of just enough I give the minimum possible permissions I can and
Also so if it’s a privilege just in time you get it for an hour only when you actually need it but these policies is so important this is why we really have to understand well what are those corporate requirements we have and if before a human was really enforcing those I have
To create them all as policy and get it applied to the control plane of my cloud so it’s enforced if it’s through the portal a Powershell a CLI a template doesn’t matter matter it’s always enforced and that’s really critical so we have to understand those really well
Because again in the cloud it’s so easy to create something public facing well we may not want that hey I can go and create things in all these different regions we may not allow that so we want to enforce these I might want certain agents running to capture certain logs I
Can enforce that with policy so this is everything and then of course we always want to give things the minimum possible permissions I’m going to have still secrets so how am I going to manage secrets and keys maybe certificates as well I’ve talked about the idea of managed
Identities and we’re going to try and remove as many Secrets as we possibly can but there’s still going to be there for some things if I’m having encryption requirements where I have to manage the key there’s going to be keys so we want strong governance around the use of of
Key Volts for example and then we’ll use policy to drive maximum lifetimes when they should rotate um alerting on those things we want to get a good policy around that and then I want to think about well what is my infrastructures code what are my devops processes because I may not
Have a strong devops process today I may not use infrastructure as code again today someone says hey I need a VM I need some storage the Ops person goes and creates it with a portal click click click on their sand and on their hyperv or whatever ESX environment they have on
Prem I don’t want to be doing that in the cloud I don’t want to be clicking in the portal or running a script I want to use templates declarative technology that says this is what I want go and make it so I can Source control that I
Can reuse it in different Dev test production I can use it Andross different applications I can get great consistency I can recreate it if I need to very very easily so I want to now shift to this idea of infrastructures code and even then I don’t want to
Really be manually deploying it CU that’s permissions I need that maybe I shouldn’t have I want to get things like devops in there as part of that deployment and I want to get a whole deployment strategy because again today my fabric may not change very often at all in the cloud
And it might be one of the reasons we’re adopting it you get this constant Innovation services are constantly updating well that means there’s a certain amount of change constantly coming in and I need to validate my app is still healthy so one of the things we’re going to think about when we pick
Those regions well when I think about my application maybe there’s multiple regions that I’m picking like region one would be my Dev test I put Dev test and what I want to do here is I want to pick a region that gets updates very very early for example that would probably be I
Think it’s West Central us that’s a big pilot region today well that means as changes come in that gets them first so what I would want in my deployment Strat is my Dev test running in West Central us and then what I need to make sure is
Hey as a gate before my application rolls out or anything else I’m running things like what I have an ongoing test harness running um maybe I’m running as a load testing to generate load with my jmeter scripts I’m running chaos Studio to simulate different types of rack and data center and networking
Failures and only if it passes that gate and I know my app’s good can it then go to the next region and the next region so I want real quality processes I want my test harness running all the time in this pilot region because if changes occurring
Every day I need to know if it impacts my application and we’re going to we’re going to talk about this but I need really good processes in my devop to detect variances from Behavior variances in performance so I can have really strong protections if there are changes that might impact my application
I as an organization what I need to have a very clearly defined set of standards for high availability based on the applications SLA so service level agreements um SLO the objectives that are measurements within that SLA indicators that help me measure that objective what is my recovery Point
Objective how much data can I lose how quickly do I have to be up and running in a Dr my recovery time objective so there going to be all these different things that’s going to drive what ha do I need to use hey I need 49 well I need to use availability
Zones I need a 5 minute RPO with a 1 hour RTO okay well I’m going to need some asynchronous database replication to the other region um and I’ll I’ll spin up the AKs class to in the event of a Dr like I have to work out patterns and understand what
The solution is for different sets of requirements what are my backup requirements because again none of this replaces a backup these are all maybe replication Solutions this is I can go back to a point in time of some kind of logical corruption for example or malicious corruption so I need to have good
Standards around this I need to have a strong finops model so finops has multiple Dimensions to it but yes budgets um showback charge back but fops then shows the value to the business of actually what they’re getting from the use of these resources how is it impacting the actual success of that business
Unit I want cost optimization I might use Azure advisor as a mechanism to get some those recommendations I can if I have a central set of services like my networking well I could divide up that cost to different business units based on maybe their total amount of network
Traffic there’s features to let me do that and both of these things will kind of scale into the idea of well there’s availability and then kind of Autos scaling practices I want to encourage that because again it’s provision I pay for what exists at a moment in time so
I’ll constantly be deleting creating deleting creating those will drive those types of things so I really need to get very crisp on understanding those and as part of all of this and as part of that finops can I use things like a savings plan to pre purchase a
Certain amount of consumption and get a discount if an individual app tries to do that just within its very small scope it’s very limited the amount it can buy but if I bring that to the whole organization centrally this big bucket I can buy a lot more I can save a lot more
Money so there’s a lot of benefit when I think about hey I I’m bringing all of this in to one key point so this is huge the whole governance piece there’s a huge amount to think about it’s a huge amount of work but then that governance provides this protection
Ring around yes the resources it’s going to give me that consistency that I really really need now another thing if I think okay that was governance how do I know if something is healthy so then the next thing we have to think about is what is our monitoring
Strategy and I think sometimes people can get quite lazy it’s like well monitoring okay um I’ll just look at the resources I create It’s never enough the re the individual resources may all be just fine but there’s some interaction between them that’s now not functioning correctly so I have have to monitor the
Application as well and by monitoring the application we’re talking about hey I actually need um transactions they’re probably synthetic transactions firing against the app and making sure we get the correct response that tells us the app is healthy and as part of that therefore it’s really important we have a strong
Baseline that is the normal performance the expected responses the behavior so that when I’m doing that monitoring I can detect a variance which would tell me there’s something wrong if we think back to this idea of hey we’re deploying the things out we’re doing load testing we’re doing Chaos Studio that’s completely useless
If we’re not monitoring the environment to detect there is some variation that it’s not performing well if I just run load testing in chaos Studio but I’m not monitoring it I don’t know I mean it’s pointless I have to run these things and monitor how the app and the resources
Are performing to know if there’s a problem and so it’s super super critical to have quality monitoring in place with a baseline so I know if things are not performing as I intend them to and then what we have to have is this monitoring it’s got to feed different
Things now we have the idea of dashboards I might have an operation center with nice little big screens with charart s and lights whatever that is but then I can also think alerting hey I’m outside of 10% of what my Baseline is there’s machine learning capabilities where it
Will detect what is the norm I can have automation okay run this logic app run this web hook what on this function whatever I need email someone do a push notification to an app whatever I need need I do useful things I want the Telemetry the tooling we putting in
Place to tell the operations before the end user notices ultimately the end user is the ultimate monitoring hey it’s broken I hate you well we I’ll get to that the monitoring if we do it the right way will give us that insight to make sure we are successful in these
Things so it’s really important to spend the time time to work out what are the right signals we need what are the right logging we need where do we feed those into what are the responses we require who should get notified of these things and also when we think about monitoring
That would then drive maybe hey I need to implement Dr I need to have those good processes in place to trigger that so cannot say enough how important monitoring is and and doing it the right way you’re going to need to establish your Basics around what is your networking that’s connectivity to on
Prem with maybe express route connections or sight site vpns am I using virtual W am I using private links or service endpoints to talk to services from my application what of my network security group rules there’s a whole set of things that I need to Define in here
For the connectivity is it Hub and spoke like you have to have a very clear idea of what I want for all of the connectivity between the different locations between the apps what I’m allowing again if you think zero trust we always think that whole micro segmentation I don’t want everything to
Having contact with anything what is the minimum connectivity that I can get away with for it to be functional that that’s a key point we verify explicitly which we’re do with our ID the manage identity every connection we’re trying to do every authorization we’re verifying it I
Don’t just want just big open networking what are the the minimum possible I can have for it to be functional that’s what I want in place and again there’s technologies that can even there’s adaptive hardening it can look at well what is the actual Network traffic being
Used hey we should tighten this up we should add these rules to restrict because we don’t need these other things we can lock it down even further we had the idea of the governance but another really important thing I think often gets neglected is the actual operations of it
So then I think my next do a different color again that one uh is operations I need to Define what are those expectations again sometimes people think oh I go to the cloud I don’t have to do anything it’s not true depending on the service there’s certain
Things I might have to do AKs for example I need to update the kubernetes version periodically I have to have the nodes themselves the components on there have to get updated now you could say well I can just turn on auto update yes but you need to be careful
With this think back to our idea of my different environments nothing should ever hit production until it’s hit Dev test first so if I just went ahead and turned on auto update for everything well what if potentially it meant that my production got it first have I done the right
Testing to know it’s the right solution so it’s really important you take time to understand what are the update mechanisms are there maintenance windows I could set so I can make sure these are staggered maybe the service automatically staggers them and I have put my Dev test in the pilot region so
It we’ll get it first anyway but don’t just think oh it’s probably fine I’ve turn an automatic update understand what are the operational responsibilities I have for the services service Health alerts notifying you of things you have to do make sure the right people are getting those and are owned the actual
Action to do someone’s owning it and is actually performing that so we need to make sure those app owners understand hey there are things you’re responsible for oh and of course on all of this and and it’s just every single think you can possibly think of is security like you cannot say how
Important the security is this is Paramount it needs to be baked into every single thing you do now obviously there’s from a networking perspective am I using um firewalls am I using web application firewalls on my app gateways and my Azure front doors am I using those Defender solutions for key volt
For storage which understand the signals specific to that am I collecting signals into maybe Sentinel so that’s my C and my source solution and I’ve have I got distribut all of service turned on on my network I have to give this a lot of consideration my devops hey we try and
Shift left in our security so we’re checking for those vulnerabilities as soon as we commit something what is it using uh can I use the code ql to convert the code to data so I can scan for vulnerabilities in my code right this has to be in every single thing we
Do it’s not just some hey end thing we’ll do and it should be fine uh I have to think security ingrained in every single aspect now one of the things you’ve probably seen here is there’s so many considerations I do not want every app team trying to do this it it’s not
Scalable you’re wasting so much time so what we really have to think about here is what you want is a central architecture team now if it’s Unique to the cloud you might call it a public Cloud team uh you might call it Enterprise architecture team whatever it is for every single
Thing that I have done here so far this team is concerned with all of them the whole point that I want here is each business unit each app team makes no sense than trying to evaluate and Define all of these things this team is going to define the standards this team
Ideally is going to create create reusable patterns and really what I mean by that is okay I need to create a a web facing Service as a stateful database they’ll create uh the template and the interactions maybe it’s using a private endpoint of okay well we’re going to use
An app Gateway with web application firewall talking to an AKs cluster that’s using an aure SQL database that uses this replication to the paired region etc etc it’s using a key Vault for this secret using this type of identity they’re going to define those patterns again based on the best
Practices based on the right things we want to do and the goal is the app teams can then use them and we always want this to be a carrot so when as soon as we start doing central architecture teams you can sometimes get this vision of oh it’s
More red tape it’s saying else I have to jump through that’s not not the goal of this the goal of this is espe we’re adopting the cloud it’s new technologies we want to hey business units we don’t want you wasting your time each of you recreating and researching the same
Thing we want you to be a to focus on your business application that drives value that differentiates you from other companies that gives us that advantage in the the marketplace we’re creating these patterns for you you can just come take these off the shelf and you’re
Going to get up and running way way faster we’re going to make it easy easier for you to start adopting the cloud and making that shift you can focus on what you care about so it’s a carrot not a stick and what this is going to do is it’s going to avoid wasted
Time because I’m not having everyone doing the same thing it’s going to encourage the good processes because we’re going to make these available as uh repositories in a git repo that they can clone it’s going to have devops baked into that we’re going to drive the good process it’s good infrastructure as
Code to create the resource then a good process to actually go and create it we’re going to get consistency then because people are using the same patterns which means we’re going to get quality and if you put those things together that means easier support it means less security vulnerabilities it means less
Exposure and so now when we put all of these things in place what we’ll actually end up with is yes we have the app team we are eventually going to get to the app and the point here is all of these things will get consumed by the application
Teams all of this process we’ve talked about is going to be defined by the central architecture team working then with other teams in the organization but it’s going to create these great reusable patterns and processes that are then consumed by each individual application team and the
Other great thing you can do here is if we are new well maybe we need help so maybe it’s consult maybe it’s a review of our architecture but we want to make a service available so these people can talk to these Central architecture teams maybe it’s an office hours maybe for
Each app you have a certain set of processes and reviews you go through maybe it’s chat forms a teams Channel whatever it might be but I’m going to provide help and guidance every step of the way to make this consumption of the cloud so much simpler and that that’s
Really really important point it’s all about this is attractive to you because it’s going to make your life better and less waste it’s not a a stick it’s not a hoop to jump through it’s not red tape it’s going to help you get up and running so much faster and
Now now after we’ve done all of this now you can actually start thinking about the applications only once all of that is in place would I now start thinking about the app now obviously for the app you have to understand it and I always like to start off draw
Me a picture draw me a picture of all of the components how they interact with each other what are its dependencies how is it consumed by clients um I want to them to fully understand the app because if you don’t fully understand the app how can I start to think about moving the
Application what is it update sign Michel does it update once a year um is it weekly what is the process of this update what is the load what is the seasonality does it get Peaks um is it an annual load it’s a big sales site maybe it’s a weekly maybe
It’s a daily I need to understand the load and also as part of that what is maybe the growth where is it going like what is this actually having right now what are my requirements for this app like we talked about requirements for the organization but does this have
Particular requirements around PCI or it’s got pii data or hipper data sovereignty data retention does it hold sensitive data I need to know those things about the application what is its business criticality and then for each app well what is it does it have an SLA is there some
Financially or credit or something backed agreement that it has with clients if it has that it’s probably going to have service Dev objectives which are the measure ways to actually promises that make up that SLA even if there isn’t an SLA I might have slos internally within the company well how
Do I measure those what are my SLI those indicators that say well am I being successful in that objective how much data can I lose how long do I have to fail over these are the things I have to know when I start trying to design the application because we can
Always say I want 5 NES and I want 10 seconds RPO and an RTO of 1 minute okay here’s the resources you’re going to need and your bill Ah that’s way too much okay what’s your real RPO what’s your real RTO well actually in an unplanned huge disaster we could lose 5
Minutes okay that completely changes it we don’t really need 5 9 49 that completely changes it so you can always press on the requirements you’re given like okay realize many things are possible but there’s going to be a cost attached to that and there’s always these competing goals of resiliency and
Cost optimization because normally resiliency is more resource cost optimization is shrinking the resource so we want a shared message it’s so important as a company I’ve seen organizations that have these completely separate tracks of resiliency and cost optimization and they’re opposite messages you need to as an organization
Have a consistent track of messaging that explains the balance and the important and the mechanisms where you can achieve both but trying to be as optimal as possible what is my direction like strategic direction for this app Remember maybe originally we just need to lift and shift it but this is a
Really critical app to the business we’re going to grow this thing so hey I I want to understand its direction are there particular pain points hey that that lamp with the genie pain points I can’t spell Point um pain points are there challenges we have with it today that I would love to
Change we have to know all of these things we have to know all of this to then enable us to architect a solution then when we architect the solution we sure then those reusable patterns I can use them sure but we have to know all of these things first
Now I realize I’ve covered just a ridiculously huge amount of stuff like so many different things You Are Not Alone um in starting out so if we think about help when I’m thinking about this initial adoption I think of there’s three key Microsoft resources to help
You with this the first one is the cloud adoption framework it’s a whole set of guidance and Pro processes specifically around even different scenarios different Industries I might be in for how I can think about getting all of this in place so I’m starting off on the right foot then
There’s the well architected framework this is more detailed guidance that gives me guidance for my particular pillars of my application so what are the right best practices around that and then there’s also Landing zones so I talked about different subscriptions for maybe identity and networking and monitoring and then how I
Break up subscriptions my applications and management groups these give me templates and guidance I can use to construct that but these provide all that I’ve got links in the description of the video where you can go and see all of these in place and that’s how I think about wanting to
Adopting the cloud and I totally get there’s just so much stuff on this this picture and it’s a huge amount of upfront work but the point is if you put in The Upfront work the overall adoption will be so much smoother your long-term amount of work will be substantially less because
You’ve put in this effort you’ve defined these right things you’ve got people understanding the capabilities and the options and the responsibilities and the right way of doing things you’ve gone through and you’ve got your identity very very strong which is that initial entry point to everything that’s now
Been used for all of the different Services you might leverage that’s got those strong protections on it even for applications you’ve picture regions based on where I’m consuming my services from I’ve put in these very strong governance to enforce my policies to enforce the best practices to have good deployment strategies for my
Applications to define the right resiliency mechanisms the right cost optimization mechanisms and putting all the right monitoring in place for the resources for the app so that I know if there is a problem but I also know what is a healthy state so I can then detect
Variances from that when I’m doing those great deployment strategies we’ve got the right networking structures in place to enable the connectivity in a secure only what we explicitly need to function we’re putting in obviously our operational capabilities we’ve got very strong security through everything we’re doing and then we think about having
This core architecture team that are going to do all of these things they’re going to Define all of these things now they’re going to consult with other teams but I don’t want every business unit doing exactly the same thing over and over again so the key Point here is
That they will Define all of these things they will create patterns that then the app teams can consume then the app team can really just focus on what matters to them the business value of the application and consult and utilize and overall you would just have a very very strong um overal
Solution um I hope that was useful until next video take care
Video Keywords: Microsoft Azure, azure,azure cloud,microsoft azure,microsoft,cloud,adoption,governance
-
Sale!
Wireless WIFI Repeater Extender Amplifier Booster 300Mbps
$29.99$14.99 Add to cartWireless WIFI Repeater Extender Amplifier Booster 300Mbps
Categories: Electronics, Wi-Fi Router, Wireless Wi-Fi Extender Tags: 300Mbps, 802.11N, Amplifier, Booster, Extender, mobile wi-fi booster, Remote, WIFI, Wireless, Wireless WIFI, Wireless WIFI Repeater, Wireless WIFI Repeater Extender, Wireless WIFI Repeater Extender Amplifier, Wireless WIFI Repeater Extender Amplifier Booster, Wireless WIFI Repeater Extender Amplifier Booster 300Mbps$29.99$14.99 -
Sale!
Full RGB Light Design Gaming Headset Headphones with Mic
$24.99$14.99 Add to cartFull RGB Light Design Gaming Headset Headphones with Mic
Categories: Electronics, Gaming, Gaming Headsets Tags: Design, Full, Full RGB Light Design Gaming Headset, Full RGB Light Design Gaming Headset Headphones, Full RGB Light Design Gaming Headset Headphones with Mic, Gamer, Gaming, Gaming Headset Headphones, gaming headset wireless, Headphone, Headphones, Headset, Light, Mic, Package, RGB$24.99$14.99 -
Sale!
Wireless BlueTooth Multi-Device Keyboard Mouse Combo
$39.99$19.99 Add to cartWireless BlueTooth Multi-Device Keyboard Mouse Combo
Categories: Electronics, Gaming, Gaming Keyboards, Keyboard Mouse Combos Tags: Combo, Keyboard, keyboard mouse combos, Mouse, MultiDevice, Set, WireKeyboard Mouse Combo, Wireless, Wireless BlueTooth Keyboard Mouse Combo, Wireless BlueTooth Keyboard Mouse Combos, Wireless BlueTooth Multi-Device Keyboard Mouse Combo, Wireless BlueTooth Multi-Device Keyboard Mouse Combos$39.99$19.99 -
Sale!
High Back Leather Executive Adjustable Swivel Gaming Chair with Headrest and Lumbar
$199.99$139.99 Add to cartHigh Back Leather Executive Adjustable Swivel Gaming Chair with Headrest and Lumbar
Categories: Gaming, Gaming Chairs Tags: Adjustable, Chair, computer chairs, Desk, Executive, Gaming, Girl, Headrest, High, High Back Leather Executive Adjustable Swivel Gaming Chair, High Back Leather Executive Adjustable Swivel Gaming Chair with Headrest, High Back Leather Executive Adjustable Swivel Gaming Chair with Headrest and Lumbar, High Back Leather Executive Adjustable Swivel Gaming Chairs, Leather, Lumbar, Office, Racing, Swivel$199.99$139.99 -
Sale!
Professional LED Light Wired Gaming Headphones with Noise Cancelling Microphone
$29.99$19.99 Select optionsProfessional LED Light Wired Gaming Headphones with Noise Cancelling Microphone
SKU: N/A Categories: Electronics, Gaming, Gaming Headsets Tags: Cancelling, Gaming, Gaming Headphones with Noise Cancelling Microphone, gaming headset, Headphones, Headset, LED, Light, Mic, Microphone, Noise, Professional, Professional LED Light Wired Gaming Headphones, Professional LED Light Wired Gaming Headphones with Noise Cancelling Microphone, Wired, Wired Gaming Headphones, Wired Gaming Headphones with Noise Cancelling Microphone$29.99$19.99 -
Sale!
Gaming Desk with LED Lights USB Power Outlets and Charging Ports
$349.99$249.99 Select optionsGaming Desk with LED Lights USB Power Outlets and Charging Ports
SKU: N/A Categories: Computer Desk, Gaming, Gaming Desk Tags: and Charging Ports, Charging, Desk, Desks, Gaming, gaming desk with led lights, Gaming Desks with LED Lights, Home, LED, Lights, Monitor, Office, Outlets, Port, Power, Room, Stand, USB, USB Power Outlets, White, Workstation$349.99$249.99 -
Sale!
Wired Mixed Backlit Anti-Ghosting Gaming Keyboard
$99.99$79.99 Add to cartWired Mixed Backlit Anti-Ghosting Gaming Keyboard
Categories: Electronics, Gaming, Gaming Keyboards Tags: Antighosting, Backlit, Blue, brown, Gaming, Gaming Keyboard, gaming keyboards, gaming keyboards and mouse, Keyboard, Laptop, Switch, Wired, Wired Mixed Backlit Anti-Ghosting Gaming Keyboard, Wired Mixed Backlit Anti-Ghosting Gaming Keyboards, Wired Mixed Backlit Gaming Keyboard$99.99$79.99 -
Sale!
Wireless Bluetooth 5.3 ANC Noise Cancellation Hi-Res Over the Ear Headphones Headset
$119.99$59.99 Add to cartWireless Bluetooth 5.3 ANC Noise Cancellation Hi-Res Over the Ear Headphones Headset
Categories: Electronics, Gaming, Gaming Headsets Tags: 5.3 ANC Noise Cancellation Hi-Res Over the Ear Headphones Headset, ANC, Audio, Bluetooth, Cancellation, Ear, Earphone, gaming headset, Headphones, Headset, Hi-Res Over the Ear Headphones Headset, HiRes, Noise, Wireless, Wireless Bluetooth 5.3 ANC Noise Cancellation Hi-Res Headphones, Wireless Bluetooth 5.3 ANC Noise Cancellation Hi-Res Over the Ear Headphones Headset, Wireless Bluetooth 5.3 ANC Noise Cancellation Hi-Res Over the Ear Headphones Headsets$119.99$59.99 -
Sale!
Wired Sports Gaming Headset Earbuds with Microphone
$19.99$9.99 Select optionsWired Sports Gaming Headset Earbuds with Microphone
SKU: N/A Categories: Gaming, Gaming Headsets Tags: Accessories, Earbud, Earphone, Earphones, Gaming, gaming headset with microphone, Headphones, Headset, IOS, Microphone, Sports, Wired, Wired Sports Gaming Headset Earbuds, Wired Sports Gaming Headset Earbuds with Microphone, Wired Sports Headset Earbuds$19.99$9.99 -
Sale!
150W Universal Multi USB Fast Charger 16 Port MAX Charging Station
$49.99$29.99 Add to cart150W Universal Multi USB Fast Charger 16 Port MAX Charging Station
Categories: Charging Stations, Electronics Tags: 150W, 150W Charging Station, 150W Universal Multi USB Charging Station, 150W Universal Multi USB Fast Charger 16 Port MAX Charging Station, 150W Universal Multi USB Fast Charger 16 Port MAX Charging Stations, 150W Universal Multi USB MAX Charging Station, 16 Port MAX Charging Station, 3.5A, Charger, Charging, Fast, laptop charging stations, Max, Multi, Port, Stand, Station, Universal, USB$49.99$29.99
Hey everyone, let's export thinking about adopting Azure! Please make sure to read the description for the chapters and key information about this video and others.
⚠ P L E A S E N O T E ⚠
🔎 If you are looking for content on a particular topic search the channel. If I have something it will be there!
🕰 I don't discuss future content nor take requests for future content so please don't ask 😇
🤔 Due to the channel growth and number of people wanting help I no longer can answer or even read questions and they will just stay in the moderation queue never to be seen so please post questions to other sites like Reddit, Microsoft Community Hub etc.
👂 Translate the captions to your native language via the auto-translate feature in settings! https://youtu.be/v5b53-PgEmI for a demo of using this feature.
Thanks for watching!
🤙
John, thanks for your sharing!
I'm new to all things Cloud but not to business (polite way to say seasoned!). I am working hard to become skilled and certified to support our cloud consultant with his new consultancy practice. AZ900 under the belt. I just can't thank you enough for offering your exceptional videos to us for free; I can't imagine the amount of time and effort you clearly put into making them top notch. I am humbled by your generosity, and I'm sure I speak for countless others as I say thank you!!
Unable to find the Whiteboard for this session.
Amazing episode as usual!!!
attention: Whiteboard link doesn't work
Such a fantastic instructor…Thank you for your videos. Please keep teaching!!
Great video!
Noone asked for this kind of video but a lot of us needed it!
Great job John, as always 🙂
Good intro to CAF and WAF, without using many acronyms :). Thanks!