Forem: Mike Pfeiffer

Cloud Career Tips & Strategy for 2021

Mike Pfeiffer — Sat, 23 Jan 2021 11:09:26 +0000

In this episode I’m sharing by best career tips & strategy for 2021. What should you focus on? What do you need to think about to start building a successful career in the cloud? Those are some of the questions we answer in this episode, along with Q&A with a live audience.

In this episode, we talk about…

2021 industry predictions from Forester & Gartner
How to become multi-dimensional as an engineer
Soft skills you need to be building, in addition to hard skills
How to run experiments to gather data
How to get more hands-on experience
Q&A with a live audience

How to Build and Deploy Docker Containers with Azure Pipelines

Mike Pfeiffer — Sat, 18 Jul 2020 23:35:34 +0000

In this YouTube video I show you how to use the Azure Pipelines service to build and deploy containers to App Service. You'll also see how to setup a YAML-based CI/CD pipeline in Azure Pipelines and how to use a Docker file in your build stage to create container images, and then push those images to Azure Container Registry (ACR).

You can get the source code from this step-by-step tutorial from the CloudSkills GitHub organization: ASP.NET Demo App with YAML CI/CD Pipeline Configuration

Full Transcript:

Mike Pfeiffer:
So if you’re just getting into the world of DevOps for the very first time, you’re probably trying to figure out CI/CD pipelines and also perhaps containers, building container images and deploying those. And if you haven’t done that before, it can be kind of confusing. So in this video, I’m going to show you how to build container images and deploy them through Azure pipeline.

Mike Pfeiffer:
Hey, what’s up everybody. It’s Mike Pfeiffer, Microsoft Azure MVP, and host of the cloud skills FM podcasts. This video is basically a step by step training. It’s from our Azure DevOps class over at cloudskills.io, our EZ 400 course. And in this step by step hands on lab, I show you how to set up an Azure DevOps project, how to take a reference application that not only has application code, also has infrastructure code, take that repository, put it in Azure DevOps. And then I walk you through building a CI/CD pipeline that’ll build the container image using the docker file and the repository, and then eventually deploying that the Azure app service. I think you’ll really enjoy this one, especially if you’re new. The things like Azure DevOps and working with containers. So let’s go ahead and get started.

Mike Pfeiffer:
In this first step of the lab, I wanted to show you the sample application we’re going to be using. And I also wanted to remind you about the YAML schema reference in the Azure DevOps documentation. And when you scroll down here, the main thing I wanted to remind you of is the hierarchy of a YAML pipeline. Now, obviously you’re going to have all the code for this, but I realize that looking at an entire YAML pipeline is a little bit intimidating. So just remember what we’re going to do here is we’ll have one YAML documents. We’re going to have stages for the different phases of this pipeline. So we’ll have the first stage for build and tests. So building and testing the application itself. And then we’re going to have a second stage. That stage is going to release the application into a staging environment. And we’re going to keep this simple, we’re not going to do multiple jobs in each stage.

Mike Pfeiffer:
We’re just going to have one job in each stage. And each of those jobs is going to have different steps that have to take place along the way. And this is nothing new from what we’ve seen in the past. I just want to remind you that this hierarchy is very basic, but it’s very easy to get confused by this when you’re looking at a finished YAML document. So let me hop over to visual studio code and show you this application. So we’ve got two things in this repo when you’re going to import this into your project. So there is the application itself. This is a visual studio solution. That’s got three projects in it. We’re going to make use of the actual application itself, the ASP net core web application. And then there’s a unit test project in here. So in this arm templates folder, we have a template here to build a web app in Azure app service.

Mike Pfeiffer:
And then there’s also a template that we’ll deploy a container registry resource. So the cool thing about this implementation is that the pipeline is going to build the infrastructure for us if it doesn’t exist, using the arm templates. And it’s going to do that as part of the build pipeline. So that’s the overall basic project structure for this application. Let’s go to the next video and we’ll start digging into the Azure pipelines YAML document.

Mike Pfeiffer:
Let’s go ahead and break down the pipeline YAML file that we’re going to use to build the CIC pipeline. So along with this sample application, you’ll have an Azure pipelines YAML document. Let me go ahead and move that over to the left here. And this is going to be a very simple implementation, just a couple stages. As we’ve seen in the past, we’re going to have continuous integration set up.

Mike Pfeiffer:
So any changes to the master branch of the repository are going to trigger the pipeline. And so as usual, we’ve got a handful of variables here. I have my build configuration variable and I’ve used the location variable. I’m going to use this in various places throughout both stages to indicate to the tasks where I want to deploy my resources. So there’s a variable for the location for the region we’re going to use. There is a variable for the ACR host name. So the Azure container registry host name, and obviously you’re going to want to use unique values here. So as you basically import this repo, I’ll show you how to do that later, but you’re going to want to change these pieces of information. So these are all DNS names at the end of the day, for the most part. So I’m just going to change these values.

Mike Pfeiffer:
We’ll say this is the fifth version of this that I’m implementing here. And you can use anything you want, as long as it’s compliant for a DNS host name. So your ACR FQDN will be listed here. Just the host name will be set in this variable. The name of your resource group will be included. Whatever you want to name the Docker image that’s going to get stored in the container registry, and then finally the name of the app service web application. So remember that just like any kind of programming environment, we don’t want to hard code any values if we can help it. And especially, we don’t want to repeat ourselves. So you’ll see in this YAML document that we use these values multiple times, but then also not hard coding it in the configuration is a nice practice and it gives us more capabilities going forward to customize things.

Mike Pfeiffer:
So after defining variables, we have our stages declared. And again, we’re just going to have two stages. And you can basically see here that we referenced the first stage, giving it a name called building tests. Notice I’m using comments along the way as well. And the properties for this build and test stage, we’re going to have one job. Job is going to be called build and tests. And then we start basically configuring all the things that we’ve been looking at throughout this program. So in the hosted pool, we’re going to use a virtual machine running Ubuntu 1604, since this is a dotnet core web application, this is cross platform. So we can do the build and test process on Linux. And for this job, we have a collection of steps. Just under the steps indicator here, you can see that we’ve got our first task. So this first task is actually going to deploy our infrastructure for us.

Mike Pfeiffer:
This is the Azure resource group deployment task that we use to launch arm templates. So inside our project, we’re going to be expecting to have a service connection. So this is going to be something I’m going to need to create. You’ll see me do that later. Here, you can see that we’re referencing the resource group name based on the variable. It’s included at the top of the YAML document. Same thing about the location, and then the file that we’re going to use to do the deployment. So the actual arm template itself. So in this building stage, we’re building the container registry resource. That should happen pretty quick. And if it already exists, it will basically be a quick update as well because we’re doing incremental deployment here by default. And notice this input here for this task override parameters. So these are the input parameters that we would actually be using from the command line if we were doing an arm template deployment.

Mike Pfeiffer:
And so what you’ll notice here is instead of using the parameters file that’s basically part of the arm template system, we’re just feeding in the parameter values. And here we’re using variables in Azure pipelines. So we’re able to take the variables that are at the top of this document in reference them inside this override parameters value here. And the one thing I wanted to point out is that sometimes when you’re using variables that have a space like location, how it has west space, us space two in the value, and you’re referencing that somewhere else like right here, we know that from the past, this macro syntax of referencing a variable value can be done by using a dollar sign and open and closing parentheses with the variable name inside it. But if that value is going to end up returning a string that has spaces in it, like in this case West space, US-space two, you want to enclose that in double quotes, just like you see here.

Mike Pfeiffer:
And so that first task is going to take care of deploying the arm template. The second task is just going to do a dotnet restore, just like we’ve seen in the past. So the command to do a dotnet restore, we’re going to then do a dotnet build, and then we’re going to run our unit tests. So again, we’re just using the dotnet core CLI task here to do all these things. After we execute those unit tests, we’ll publish the project files. We’ll go down here, we’ll use the Docker task to build a container image. So this will just be like on your desktop, on your machine and a terminal running Docker build. Notice that we’re going to reference the container registry that we’ve got listed in our variables. And then we’re going to define an image name that we’re going to use for this container image.

Mike Pfeiffer:
So here we’re using our own custom user defined variable called an image name. And then for the tag, we’re using a variable from Azure pipelines, which is build.build ID. So every time a build runs, this build id will be different, and that’ll give us the ability to incrementally version each image for the Docker container. From there, we’ll use the Docker task to go ahead and push that image up into the container registry. So the command for this is called push an image. And again, we’re going to reference the same image name with the same image tag, basically the build ID. And the last two tasks in this build and test stage are to copy the files. So the arm templates into the build artifact staging directory, because we are going to do an arm template deployment in the release stage to deploy the web app infrastructure.

Mike Pfeiffer:
And then finally, once that stuff is copied over to artifact staging directory, we’re just going to publish those build output artifacts in an app called app. So that is the build and tests portion of this YAML pipeline. Let’s go to the next video and we’ll take a look at the staging release. That’s actually going to deploy our application and get everything up and running.

Mike Pfeiffer:
All right. So now that we understand the build and test to stage here in this YAML pipeline, let’s scroll all the way down to the bottom to the second stage. And we’ll just talk here about this release stage. So what we’re going to do here again is we’re just going to specify one job. This is going to be a release job. Again, we’re going to use a Ubuntu server out of the hosted pool. And then in terms of our steps, this is going to be very simple.

Mike Pfeiffer:
So we’ve seen this in the past. Remember, we’re going to not check out the repo in this release process because there’s no need to do that. We’re going to have access to the artifacts from the build stage so we can actually download those build output artifacts so we can reference those here. And then finally, when you get down to the last couple of tasks, number one, we’re going to again, use the Azure resource group deployment task to launch an arm template. And as you can see, we’re setting the resource group name through a variable, the location. And then finally the path to the arm templates itself is listed here. Keep in mind that when you’re working with tasks in a release pipeline like this or a release stage, you can reference the pipeline.workspace here using this system variable that’s available to us to get to your build output artifacts.

Mike Pfeiffer:
So we copied the arm templates in that last couple of tasks in the build and test stage. That’s going to put those eventually in the output artifacts. We can get to them by referencing this variable here. Finally, this task also has some override parameters. So there is no parameters file with that arm template, and then we’re just specifying the inputs here. Finally, the last task in the release stage here is we’re just going to do an Azure RM web app deployment. We’re going to deploy the app service. So we’ve seen this task in a previous lab, but we’re doing something a little bit different this time. We’re deploying a Docker container. So the inputs are just a little bit different. So we’re going to set the service connection. In this case, the app type is going to be a Linux app service environment.

Mike Pfeiffer:
And then when it comes to indicating that web name, this is part of our variable declaration at the top of this document, we’ve got our Docker namespace property, which is going to be set to the ACR host name itself. The Docker repository is the image repository we created when we’re pushing our image up into the ACR environments. And finally, our Docker image tag. Now, the cool thing with this task that you might find useful is there is a web app URI property. So you can create a variable that’s going to be available inside the pipeline after the web app has been built. So this task is going to build a web app. And once it’s complete, we can populate the web app URL variable with the URL to the app service. That way you could have a subsequent task after this, go off and maybe do some testing against that URL, do some UI testing, some performance testing, things like that.

Mike Pfeiffer:
So that’s everything we need to take a look at for this YAML pipeline. Let’s go to the next step in this lab and I’ll show you how to set up the project and get this application set up and going.

Mike Pfeiffer:
So back in the Azure DevOps portal, let’s go in and create a new project here. I’m going to call this Docker app service. So we’ll create this project. And what we’re going to do is import a repository from the cloud skills github organization. So over on github.com/cloudskills, there’s this project here, ASP net core demo, or actually it’s ASP net core Docker demo. And you can see it’s the same files that I was just talking about here. So let’s go ahead and grab the clone URL for this and inside the project, we’ll go to repose, scroll down to imports, and then we’re going to import this repository.

Mike Pfeiffer:
And now that the import is successful, let’s go to project settings on the left hand side, and we’ll scroll down. Let’s go to service connections, and we’ll create a new service connection for this application and this project. So we’re going to pick resource manager here and click next and we’ll do an automatic service principle. I’m just going to scope this at the entire subscription level here. And we’ll call this Azure SC for Azure Service Connection. And with that service connection configure, let’s go back over to the project configuration, we’ll go to repose. Here’s all of our code and everything looks good. And so let’s go ahead and set up the pipeline. We’ll click on setup build, and then we’ll scroll down here and we’ll say we’re going to select an existing Azure YAML file inside this repository. So we’ll pick the Azure pipelines YAML documents, click on continue.

Mike Pfeiffer:
And here you can see that we’ve got all the code that I was pointing out last time. So notice, remember, you’re going to want to replace the values for this. So if you import this, you can go over to repose. You can of course clone and download it on your machine, but you could also just come in here and edit it. And Joe, you just want to make sure that you’re using unique values here. So I’ll change this to CS web app Docker 006. I’ll commit those changes to the master branch. And when we’re looking in repose, I can set up my build selecting existing Azure YAML pipeline.

Mike Pfeiffer:
And then now that that’s been updated, everything looks good there, let’s go ahead and run this pipeline. So down here, you can see that we’ve got built in test and staging. And this is very similar to the lab that we took a look at in the last week of this program. The only difference is this build process is first going to create a brand new resource for us. It’s going to create a container registry instance, which I don’t currently have, and then it’ll build out the infrastructure that I need for app service. So let’s give this thing a second to run and we’ll see what happens.

Mike Pfeiffer:
All right, so it’s been just under 10 minutes, both the build and test stage and the release stage are done. So we’ve got a brand new application and under 10 minutes here from scratch. Going over to the Azure portal, here is the resource group. And here’s my app service plan, my web app itself, app insights resource, the container registry. Let’s go into the web app itself. And then let’s head over to the URL for this application. So we can see a success message. This thing is working great, and this is running inside a container inside app service.

Mike Pfeiffer:
So as the last step to this lab, let’s move to the next video. And then we’ll see how we can update this application. As the last step to testing this out, let’s change the application just to make sure that that kicks off the pipeline and indeed does update our application. So this should not do anything to our existing infrastructure. So we have this infrastructure now, but let’s take a look at updating the app, watching the pipeline execute, and updating this infrastructure with the new container image. So let’s go over to repose here, we’ll go into the application folder.

Mike Pfeiffer:
We’ll go to this first project, ASPnetcore, dotnet core, and then inside pages, we’ll go to the index page and then we’ll edit this. And so on the homepage where it usually says success, we’ll update that to say “Success. You have deployed via Azure DevOps.” And so let’s go ahead and commit that change to the master branch, which will trigger our pipeline. And then we can monitor that by going over to pipelines here on the left and let’s let this run. And once this is complete, I’ll show you what happened in the resource group.

Mike Pfeiffer:
All right, you can see a few minutes later, everything looks good. Build and test and staging deployment is complete. Let’s go over to the Azure portal and in the resource group, let’s first check the web app. So we’ll go to the app service. We’ll go to the URL. All right. And so, as we can see here, the success message is on the page. Everything looks good. Let’s close out of this. And then let’s go back into the resource group. Let’s go to the container registry resource. And then here on the left hand side, if we go to repositories and we look at this repository, we can see that we’ve got two different container image versions. One that’s in there for build 145 and one that’s in there for build 146. That’s the most recent one that we just deployed into app service.

Mike Pfeiffer:
So it brings us to the end of this hands on lab. I hope you enjoyed it. And I will see you in the next one.

Learn Kubernetes in a Month of Lunches

Mike Pfeiffer — Thu, 16 Jul 2020 13:27:54 +0000

In this episode I catch up with Elton Stoneman about his new book: Learn Kubernetes in a Month of Lunches.

Elton Stoneman is a 10-time Microsoft MVP and a Docker Captain. After several years working for Docker, Elton now offers consulting services for organizations at every stage in their container journey. He is a regular speaker and workshop instructor at conferences and the author of Learn Docker in a Month of Lunches.

Elton on Twitter
Elton’s Blog
Docker and Kubernetes for .NET Developers

Use code podcskill19 on Manning.com during checkout for 40% off all products in all formats.

Enter the giveaway to win a copy of Learn Kubernetes in a Month of Lunches.

Full Transcript

Mike Pfeiffer:
Thanks for tuning into another episode of CloudSkills.fm. As usual, really excited to have you guys with us, and I’m excited to have Elton Stoneman back on the podcast. Not really sure when this guy sleeps, but he’s working on another book and he’s back on the show. What’s up, Elton?

Elton Stoneman:
Hey. How are you doing, Mike? Glad to be back. Thanks for having me again.

Mike Pfeiffer:
Yeah, man. It’s awesome. So what’s been going on since you finished the last book Docker In A Month Of Lunches?

Elton Stoneman:
Yeah. Docker In A Month Of Lunches, it’s out right about now, so you can order it on Amazon. It’s shipping in a couple of weeks’ time. Since then, I’ve done a bunch of stuff, because I think the last time we spoke, I was still working for Docker. I’ve left Docker subsequently, yeah.

Mike Pfeiffer:
Oh, I didn’t even know that, man.

Elton Stoneman:
Yeah, yeah.

Mike Pfeiffer:
I had no idea.

Elton Stoneman:
Well, I was going to do this big blog post about how great the time was and what I’m moving on to, but when would I sleep if I did things like that?

Mike Pfeiffer:
That’s right.

Elton Stoneman:
I had a great time with Docker, and the last couple of years, I was working on the partnership team and we were doing a bunch of stuff, which is actually just coming to fruition now. I don’t know if you’ve seen DockerCon was a whole virtual event this year. One of the big announcements was this integration between the Docker command lines and Azure. So you can do your Docker container run or your Docker compose up and you point to an Azure subscription, and when it runs your containers, it runs them as your container [inaudible 00:01:18].

Mike Pfeiffer:
That’s really cool.

Elton Stoneman:
It’s super simple. We were working with Microsoft on that for a little while, while I was still at Docker, and that’s now available in BT. You can try that stuff out and literally today the blog post came out that they’ve done the same with AWS. They have this notion of a contact. I can create a contact, which is either my local machine running Docker, or it might be Azure, or it might be AWS, I switch between contacts, I run Docker run and then there’s my container. It’s either on my laptop or it’s in a managed platform in the cloud with zero overhead. So yeah, [crosstalk 00:01:51]

Mike Pfeiffer:
Interesting. That’s also in Docker desktop then as well?

Elton Stoneman:
Yeah, that’s right. It’s part of the command line. So the command line… [crosstalk 00:01:59] Yeah, yeah, exactly. Yes. It’s BT now, but it’s coming fast. That’s pretty good. So we were working on all that kind of stuff when I moved on and then I wanted to focus on the other stuff I was doing. Like you said, right at the beginning, it’s hard to balance everything. Although I loved the work at Docker, I wanted to do the other stuff as well. The training and the consulting and the getting out there into the field and helping people. I wanted to focus on that. I wanted to start another book, run a few more Pluralsight courses. I wanted to do more workshops. So yeah. I’ve gone independent and I’m doing that stuff myself.

Mike Pfeiffer:
Dude, that’s so awesome, man. Had no idea. Congratulations.

Elton Stoneman:
Thank you. It’s been good. It was the craziest year you could possibly decide on a big career change.

Mike Pfeiffer:
Yeah. I mean, you’ve got a lot of change going on right now, man, with social distancing and career changing and stuff. [crosstalk 00:02:45] That’s an awesome story, dude, because I know that there’s so many people listening that want that too. I know I did and it’s been everything to me because everybody’s got their own journey, but to be able to take your knowledge and then turn around and continue to extend your career and give back is just really cool, man. Congratulations.

Elton Stoneman:
Thanks. It’s kind of like coming full circle because when I first started in IT, which is like 20 years ago, I got into a job where we were working on like IBM mainframe systems. Just like old stuff. I very quickly learned that I needed to [inaudible 00:03:26] new stuff and get out of there. I spend my evenings back then reading other people’s books and finding out how other people were doing new stuff. Hopefully I’m going to be helping other people to do those things. Hopefully not people who are stuck on IBM mainframes.

Mike Pfeiffer:
Right? Yeah, exactly. It just something a little more modern. Right? Well, the world that you’re playing in is definitely getting all the attention. The containers, the orchestration. I know that you’re living in Kubernetes right now. Maybe you could talk about your latest project.

Elton Stoneman:
Absolutely. My new book is the sequel, so the Docker book, which just came out, the new one is Learning Kubernetes in a Month of Lunches. It’s the same format. It’s like 20 chapters. Notionally, you’re meant to read them lunch hour during the working week. Each chapter is super task focused. With the Docker book it was slightly different because I’d been speaking at conferences, going to workshops, going on client site, helping people learn about Docker, and the thing that I really found is that people tended to sort of jump in. You can go on stack overflow and you can get a Docker file and you can get up and running, but if you don’t go back to the basics and learn the principles about how all this stuff works, how images are built, how you push them around, how you can scale things up and down and have health checks and stuff, unless you go into the principles and learn it thoroughly, then you can get bitten at some point down the line. Probably when you go to production.

Elton Stoneman:
With Kubernetes it’s different because the Kubernetes is just so vast you’ve got to learn where to start. You need someone to guide you right from the beginning. What I wanted to do with this was the idea either you’ve got some Docker knowledge or maybe you’re using the containers a little bit, you want to find what all the Kubernetes stuff it’s about, and it just dives straight in. Chapter one is a few pages of background information and at the end of that we get you up and running with your Kubernetes TOSCA. Chapter two, straight away, what is a pod? What is all this stuff? What are all these layers that Kubernetes puts on top of a container? Why does it put them on top of a container and how does that help you?

Elton Stoneman:
It’s been an interesting book to write because there’s so much material I wanted to include. The how you do stuff, but also the why it’s important and where it’s going to get you. I think each chapter is about 30% longer than the Docker chapters. It’s been getting good feedback from the early access program, so hopefully people will find it useful too.

Mike Pfeiffer:
Interesting. So how many early access chapters are you at right now?

Elton Stoneman:
We’ve just published eight. So there’s eight so far. If folks aren’t aware, it’s published through Manning while you’re writing the book. Manning had this early access thing. You can buy a copy now, read all the chapters as I’m writing them and give feedback, which is super useful. It was really helpful with the Docker book. Then when it’s finished, I’m aiming to finish all the chapters in August, so you’ll get the digital copy in August, thereabouts, and then when the print copy comes out, which probably isn’t going to be till January, I wouldn’t think, January 21’, then you’ll get a copy. So yeah, eight chapters in meat right now, but I’m way ahead, so I’m working on chapter 16 today. It’s been quite intense. I’ve cleared everything else out. For July, my goal is to finish the book.

Mike Pfeiffer:
I don’t blame you, man. That’s a lot of work. At least, I don’t know, maybe you’ve gotten to… At least you don’t have to travel, right? To try to do this during this time. What I was going to ask you about the time it took to write a chapter, because I just know how dense the material is.

Elton Stoneman:
Yeah, yeah.

Mike Pfeiffer:
That’s going to be awesome, man. It’s cool that people can contribute because that’s a great way to go into the early access right now. Then look in and actually add suggestions that could go into the book and actually end up helping somebody. That’s an awesome opportunity.

Elton Stoneman:
It’s super. You don’t even have to buy it because all the stuff’s on GitHub. If you go to my GitHub, I’ll send you the links for the GitHub repos, there are PRs on there and issues, people raising the code of oppressions about the steps you take and that sort of stuff, so that’s great. It’s just the whole collaborative thing. The trouble is you sit at your desk and you asked me how long a chapter takes, I’m trying to do two chapters a week. Each chapter takes about three days. That’s like a day of planning the exercises and the path of the chapter, a day to write the first draft and then the day to try all the exercises on a different system, because I’m trying to support multiple Kubernetes implementations and then tidy everything up. That’s the kind of pace I’m working at. It’s nice to step back every now and then, read the feedback, go back and revisit stuff and tighten it up. It’s a super nice way to do it.

Mike Pfeiffer:
It makes sense to write the books that way, to incorporate the feedback, because it’s going to end up as a better quality product.

Elton Stoneman:
Exactly. Yeah.

Mike Pfeiffer:
It’s really interesting. Do you think that the Pluralsight stuff you’ve done in the past, all the course ware development experience you have, helps you be a better book writer?

Elton Stoneman:
Definitely. That Pluralsight stuff is really about the journey, which kind of sounds kind of hokey, but that the idea of… I’ve got a whole bunch of stuff that I want to communicate to you, but actually if I just list all the facets of the API, you’re not going to walk away with any learning from that stuff. Almost all of my Pluralsight courses have been real world experience. This is how you actually do stuff with this technology. I’ve done a few more this year, so I did one on Istio, I’ve done one on Prometheus, and they’re all kind of… That tightening up the storyline has really come into to the book writing because every single paragraph, I think what is the takeaway for this paragraph? I’ve got an exercise that you’ve just done, I’ve got one or two sentences maybe to make sure you’ve got the key takeaways, and then we’re talking about the next thing and we’re introducing the next exercise. So it’s got to be…

Elton Stoneman:
And then we’re talking about the next thing and we’re introducing the next exercise. So it’s got to be tight, but it’s got to be entertaining as well. I’m not saying these are particularly funny books, because the material doesn’t lend itself, but there’s a few odd comments in there that people pick up on and makes them laugh. So yeah, it’s really, definitely has helped with that.

Mike Pfeiffer:
That’s good. Well, that, format’s a good way to learn, because it chunks it out. And I think one of the intimidating parts about Kubernetes, it’s so big, but if you actually just chunk it out over a month, one day at a time, it becomes a little bit easier to ingest all the data, right?

Elton Stoneman:
Yeah. I think that’s absolutely right. And even though it is a vast area, it does lend itself to being broken down like that. You have to put a little bit more thought into how you structure it, because I want to be authentic. I don’t want to start in the chapter right at the beginning and say, now we’re going to run, do this command and then all this stuff will happen. But you’re never going to do that in reality. Well, if you’re never going to do it, there’s not much point showing you about stuff.

Elton Stoneman:
So I think the very first command, I just do it like a queue packet command, which is the command line interface if people aren’t familiar. But from there on in it’s all yaml files, it’s all the language that Kubernetes uses to model your application. Straight into that stuff and trying to try to kind of chunk it up but stay authentic, and then gradually introduce more things layer it on.

Mike Pfeiffer:
Yeah. I like that approach. Keep it practical and real world, that’s important. And so are you targeting any clusters in the cloud, like AWS Azure stuff? Or are you just like having the person build their own cluster, or how are you navigating that?

Elton Stoneman:
So I try at the beginning to say we’re not going to cover building your own cluster. I think, I think I’m planning to do that in chapter 17. So by then we’ve covered a lot of the stuff. Because I think the reality of this is, a lot of people who are going to be interested in Kubernetes, you don’t need to know the architecture of the master and the nodes and the queue.

Elton Stoneman:
I think I’m, well, 16 chapters in about 70,000 words in, I’ve not used the word Kubelet at all because you don’t really need to know that unless you dig deeper. So chapter one, setting up your live environment. I show you how to do that in Docker Desktop, which is just super easy. There’s, there’s a project called Kind Kubernetes in Docker, which is another super-fast way to get up and running with Docker.

Elton Stoneman:
And then I say, “Look, run this demand in AKS. Run this command as your Kubernetes service. And run this demand to be up and running in AWS in their elastic Kubernetes service.” And then in theory, if you want to use Google, or Minikube, or some other alternative, then most of the examples should work.

Elton Stoneman:
But Kubernetes is the collection of parts. And in each distro, really, can bring in different parts to that. So I’m not trying to support everything, but I do run all my examples on Docker Desktop, Kind, and AKS, and just kind of prove that everything works.

Elton Stoneman:
And then we’re not really going to dig into the nitty gritty until the final part of the book, which is called Pure and Applied Kubernetes, when we start looking at how everything is put together. And that’s really, you understand how all this stuff works, you understand how to bring your apps to Kubernetes, how you model them, the features it gives you, and now we’ll take a step back and look at the pieces.

Mike Pfeiffer:
I would bet that there’s tons of infrastructure people listening, and they’re probably people that haven’t done a ton of containers yet. They’re still maybe babysitting servers at their work and are waiting for their organization to catch up with everybody else, or at least modern technology. If I’m a server admin type, not so much a developer, but I can read the writing on the wall that I should probably start paying attention. Should I just like jump into your first book on Docker in a Month of Lunches and then proceed into this one? Or do I need to build some awareness around application architecture and what devs are doing? What do you think about that?

Elton Stoneman:
That’s a good one. That’s a good question. So I mean, I would love people to buy both books. But I think certainly the Docker book is, is aimed at a generic persona. It’s not for devs, there is some source code in there but you don’t need to edit any sort of script, yourself. It’s not just for ops either because some of the… All that stuff is blurry. I mean, we know how the lines are blurring now. And I think ops people who may or may not in the past have owned the build server, but not necessarily know what’s happening inside that. Well, if your build server is your Docker file, then that comes more into your angle.

Elton Stoneman:
On the other side if you’re a dev person, you’ve never really had any involvement with networking or security, well, that becomes a lot more important in the container world. And what’s running in production, you can run on your dev machine. Both angles are kind of combining there. So certainly with the Docker book, I’ve tried to say, if you’ve had some experience in I.T., whether that’s architecture, operations, or dev, then you can, you can pick this stuff up.

Elton Stoneman:
Kubernetes is different because I’m kind of expecting you to have had container experience. So either to have read the Docker book or be comfortable with containers. Whatever angle you come from, really, I don’t talk about the architecture and the infrastructure of the Kubernetes components until way down the line, because I think it’s more important to get experienced with this stuff.

Elton Stoneman:
So yeah, it doesn’t have that kind of prerequisite knowledge of where you are. I think the interesting thing is if you are from more of that infrastructure background, you’re going to want to know how the pieces fit together. But the reality is that the big draw of Kubernetes is that it’s a managed service. It’s a complicated product to manage yourself.

Elton Stoneman:
So ideally you’re going to be spinning up your cluster in Azure, or your multiple clusters in Azure. Or if you’re going to do it on premise, you’re going to pay for a product. You’re going to pay for a managed product to look after all that stuff for you. So the under the cover stuff is just kind of nice to have, to a certain degree.

Elton Stoneman:
So, I think the big jumping in point is understanding what it can do. What kinds of application does it run? It has all these abstractions that it brings to the compute layer, and the networking layer, and the security layer, and understanding how they fit together is more important than understanding, the IP tables rules of where the networking stuff goes.

Mike Pfeiffer:
Yeah. It’s a really interesting time, man, because this stuff’s so new for so many people. So I think that these resources you’re talking about are going to be interesting. I also was interested in what you said earlier. I didn’t realize you had an Istio course out that’s… Service mesh as obviously a big part of this whole conversation, once you get past the entry level conversation. And so, would you consider that piece of content, like maybe the third thing to go off and consume after this?

Elton Stoneman:
I don’t know. I think that there is this kind of journey that people go on. You know, I start with containers, and even if I don’t even have a cluster and I’ve just got a VM with Docker installed and I run my apps in containers, that’s still a big benefit. I’ve got this consistent approach to building and running all my apps. I don’t have high availability. So the next stage is a cluster.

Elton Stoneman:
Well maybe I’m going to use Docker Swarm, which is nice and simple, but it doesn’t really have that managed offering anymore. So then I’m going to look into Kubernetes, there’s a gap there that requires an investment in learning.

Elton Stoneman:
And then when you’ve got the Kubernetes stuff, Kubernetes is so plugable, it’s such an extensible product that all this other stuff fits in really neatly, which is where this service mesh idea comes in, which is that things like Istio and Linker D, they take away the networking layer between your application and make that into a separate entity that you can configure and control independently.

Elton Stoneman:
So your apps think they’re talking to each other, your containers think, your web container thinks is talking to the API container, but actually it’s being routed through this proxy, which has all managed for you by your service mesh. And that can do really cool stuff like network retries, transparent to the application. It can apply mutual TLS to secure the communication between components. It can enforce rules so that only the web app can talk to the API, or whatever. You can do a whole bunch of stuff with that. That course I did back in, back in January, I think it’s quite extensive, because I was working with Istio a lot. It had this buzz a couple of years ago and then gradually as it matured and more and more people were using it, you could see that it was a product that’s really, really solid.

Elton Stoneman:
So there’s a lot of interest in that. And I was using it, talking to clients about what it could do. A lot of the problems that solves, people were trying to do themselves. I’ve got my kind of homegrown TLS certificate provisioning between all my components. I’ve got my homegrown network policy that I apply, which works if the Kubernetes cluster is set up in a certain way. And then Istio came along and said, “Look, we’ll do all this stuff for you.”

Elton Stoneman:
Yes, there’s another level of complexity on top, but you get an awful lot from that. So I did a talk at a couple of conferences now, this must’ve been 2018, about Istio. And the purpose of that talk was to show you what it could do and to tell you that there’s a lot of cost in using this software, because it’s a complicated product. And if you take all the things that Istio can do, like the security, the network routing, the retries.

Elton Stoneman:
Like the security, the network routing, the retries and all that sort of stuff. If you take that and leave Istio to do it, so you don’t put any of that concern in your applications, and then when you go to production and you find that Istio adds too much overhead, because it can do. It uses a lot of CPU cycles because every network hop is potentially going through some sort of compute path.

Elton Stoneman:
If you decide that you don’t want to go with it and you back out of Istio, you’ve got to go and write a whole bunch of code that you depended on Istio for. So I did that talk a lot and I thought the talk was about telling people, “Be wary of Istio.” But almost all the feedback I got was, “That’s great. I’m going to try it.” So I really kind of dug into that a bit more in that [inaudible 00:18:40] course.

Elton Stoneman:
And I talk, I think that’s like the whole final module is about evaluating it and whether, understanding what you’re taking on board.

Mike Pfeiffer:
That makes sense. Yeah. I mean it’s, because you could get yourself into a lot of trouble going down that road, not understanding all the impact and?

Elton Stoneman:
Yeah. And it’s the next stage beyond Kubernetes, which is this really interesting point you made earlier that there’s a lot of people left behind. There’s a lot of people who are doing this modern stuff. I don’t know where the ratios are, but depending on which side you’re at, this stuff is either fantastic or it’s just impossibly complicated.

Elton Stoneman:
I did a little consulting gig for a client, they had a very small dev team. They had a, like an on premise software suite that they wanted to make into a SaaS offering. So we did some initial scope down and it was a Windows app and we looked at running it in Azure, in Kubernetes, and all that sort of stuff. And I was really engaged for, just for a short amount of time, to scope out what it could look like, to do a POC, and then to plan on what the roadmap to production would look like. So they get a bigger team in to take that stuff on.

Elton Stoneman:
And even though it was like a 15 year old windows application and everything just went swimmingly well. We had it running in a container in Docker within a couple of hours. We had it running in Kubernetes a few hours later. And then we built this little shim around it to distribute all the work around. It all went brilliantly well.

Elton Stoneman:
And then the handover from me to the wider team was really, here’s the GitHub repo. There’s a Read Me doc in there which links off to all the Kubernetes YAML files and all the Docker files. And if you know that stuff, then you’re good to go. You can start, you can be up and running in no time at all. Because it’s literally out of the box Kubernetes stuff and Docker stuff.

Elton Stoneman:
And if you don’t know that stuff, you don’t even know where to start. You couldn’t even possibly find out where to begin with this stuff. So depending on where you are, it’s either brilliant, or it’s just, the entry barrier is just too high. So hopefully the resources we’re talking about are going to help people get over that.

Mike Pfeiffer:
Absolutely. I believe they will, but you’re right. That’s an interesting point because it is kind of polarizing. It’s like super advanced and then like, holy crap, we got to figure this thing out. What is, in your experience of teaching and doing all this stuff, speaking at all these events, what do you think is probably one of the toughest concepts in the Kubernetes world for people to grasp? Is there a common thing you see over and over?

Elton Stoneman:
The most common thing that I see is, how much of this do I need to know? If I’m a, depending on whatever background.

Mike Pfeiffer:
[crosstalk 00:21:02].

Mike Pfeiffer:
That’s a deep question.

Elton Stoneman:
Yeah.

Mike Pfeiffer:
Because that’s a, could really change everything, right?

Elton Stoneman:
Yeah, exactly. How much? What’s the bare minimum that I need to learn? So I did a couple of, when all the lock down happened and everyone was doing virtual sessions, I did a couple of Kubernetes 101 sessions. And I cover the basics. I do the first five minutes about Docker and how containers work.

Elton Stoneman:
And then very quickly we’re on, cover the kind of, what I think is the bare minimum, which is pods, which are the things that run your containers, deployments, which is an abstraction on top of that, that lets you have neat rolling upgrades and stuff. Services, which is the network layer abstraction and then config maps and secrets, which are how you configure applications to run in different environments. And that’s the bare minimum.

Elton Stoneman:
And even that, you try and cover that in 90 minutes for a new audience, half of them are going to be scratching their heads, unfortunately. Or you do such a light skim that you don’t really cover it. So the thing is, is that if you don’t cover any, if you miss out some of those pieces, you haven’t done a good enough job because if you don’t talk about configuration, then people don’t understand how you move from one environment to the next.

Elton Stoneman:
And then people start putting their configuration settings into their container images, so I have one image for test and one [inaudible 00:04:18] production and that’s wrong, in various levels that would take too much time to explain. So you say, “This is how it works.” But you’ve got to start with some of those kind of best practices baked in. Yeah, that’s the hardest question. Another question that people, a step before that is, “Do I need to learn this stuff?”

Mike Pfeiffer:
Yeah.

Elton Stoneman:
The persona that you said there. “I’m an ops person. I’m living in the hardware, at the moment, do I need to learn this? Is it going to be?” Because this isn’t simple, this isn’t, I’m just going to read a couple of blog posts and I’m good to go. This is, I need to invest some time, work through a whole bunch of stuff, probably outside of my working hours to get ahead of, to get to the point where I’m comfortable even evaluating it. Is it worth me making that investment?

Elton Stoneman:
But I’ve been having that conversation for five years now and Kubernetes and Docker have just got more and more popular. So I’m obviously biased, but my answer is, yeah, I think it is worth that investment. I think this is the way it’s going to go. Kubernetes brings something that people have wanted ever since AWS landed, which this idea that I want to be able to model my application to run in the cloud. And it to be any cloud. Not to be, I don’t want to have to do a project to move from AWS to as Azure, or vice versa.

Elton Stoneman:
And Kubernetes literally gives you that, you model your applications in these hundreds and hundreds of lines of YAML, but the payback for that complexity is that I get a better deal on Azure, and I literally create a new cluster and deploy the same stuff.

Mike Pfeiffer:
Yeah. I agree with that a hundred percent because there is that aspect of this being so hot right now that it’s popping up on, like US Air Force is putting Kubernetes on jets and stuff. That’s how big it is. It’s everywhere.

Mike Pfeiffer:
And with the whole IOT story, who knows where we’ll see Kubernetes running on these devices at some point? It’s legit, it’s a safe bet. And I’ve done that a lot in my career and I know that you have too, where you’re looking at a technology and you’re like, you bet on it. You put your energy into it and then.

Elton Stoneman:
Yeah.

Mike Pfeiffer:
And I’ve had ones that didn’t really play out and I’ve had other ones that really took off for me. I feel like this one’s obviously a clearer, safe bet. Especially if you look at the job postings that are out there.

Mike Pfeiffer:
But I also respect the fact that there may be an admin sitting somewhere. Maybe it’s a government sector job where they move so slow that you’re still going to be working on Windows servers for the next five years and you know that right now. Then, that, maybe you’re like, okay, do I not learn this because I don’t need to? Because I think there is people that don’t need to know it probably if they’re planning on staying at that job forever.

Mike Pfeiffer:
So it’s a, that consideration and understanding your variables and your circumstances really makes a lot of sense.

Elton Stoneman:
Yeah, definitely. Definitely. Yeah. And I think there’s another side to it as well, which is how interested are you, in interesting new stuff? Because when I first started, when I was at, a trainee programmer, I was working with people who are, I guess the same age I am now. And they really weren’t interested in picking up new stuff.

Elton Stoneman:
I know my area, I do it well. And then I go home to my family. And then that was their job. They just wanted to carry on doing the same thing. I think if you, that’s fine, but sooner or later you’re going to run out of runway. Because the stuff you’re interested in, fewer and fewer people are doing because people have moved on. But if you’re interested in the technology and how this stuff kind of fits together and how the world’s evolving, and I think it’s interesting to learn anyway. Even if you’re not planning on putting it into practice anytime soon, because it is the evolution from metal to VMs to containers.

Elton Stoneman:
That’s just the way it is now. There isn’t going to be going back to VMs. If people are going have a different runtime model, it will still use the same concepts of a container. If someone comes up with a better way of running applications, they’ll probably have to run container images, whatever the underlying platform is. Because everything does that now.

Elton Stoneman:
So if you, in the Kubernetes community there’s a lot of talk about what’s going to be happening in the future. You won’t really care about the cluster. Hopefully. You’ll just throw your application manifest to something and it will run and you won’t care about what’s happening under the covers. And if the application modeling language is flexible enough for that then it just makes life much easier for everybody.

Elton Stoneman:
But until we get there, this stuff is actually, it’s really fun. It’s complicated, but it’s complicated because it’s so powerful and it’s intricate. And if you’re into all that stuff, then it’s good fun to dig into anyway.

Mike Pfeiffer:
I agree. I love what you said too about being, really focusing on the fact of it being interesting to you or not, because there’s a big difference between being pushed to do something and being pulled towards it.

Elton Stoneman:
Yeah.

Mike Pfeiffer:
That’s the huge difference. And the other thing I wanted to ask you too, is if I’m not a hardcore developer, what kind of apps am I going to be deploying when I’m following along with your book? Because I’m already trying to understand Kubernetes.

Mike Pfeiffer:
…ploying when I’m following along with your book because I’m already trying to understand Kubernetes. Do I have to worry about the app stuff?

Elton Stoneman:
No, no. So all the Kubernetes stuff. So Kubernetes just runs container images for your applications. Every single app that is already prepackaged is all up on top. It’s the same with Docker Hub. A couple of a couple of the chapters are about how you package your own applications, but every example is already up on Docker Hub. So you can just pull it and run with it. And same with the Kubernetes, [inaudible 00:27:29] tried to be fairly cosmopolitan. So my background is almost all .NET, a bit of Node.js. But for the examples in the book, the patterns are the same, like how you deploy your app and configure it, but actually the details are quite different for different platforms. So what does a configuration file look like in .NET is different from .NET Core is different from Java is different from Notes.

Elton Stoneman:
So most of the examples, where they’re different for different platforms, I’ve got different examples. So there’s one application that I do. NASA have this API, which gives you a link to, it’s called the Astronomy Picture of the Day API. And I’ve got an application which kind of wraps that up. So there’s an API which just caches the thing from NASA. That’s a Java component. There’s a website that shows you the picture, which is written in Go. And there’s a login component that audits people were using it, which is Node.js. And then there’s a whole bunch of .NET stuff in there as well.

Elton Stoneman:
So you don’t need to care really about that because everything’s packaged for you that you don’t have to build anything. There is a chapter about the developer workflow, but even that’s not just for developers because that tries to cover everything from, I’m a developer running my own Kubernetes cluster on my laptop through to actually where, as a team, as a product team, we’re trying to avoid running containers ourselves. The developers just run the code. And when they push it to get, this whole thing happens in Kubernetes that packages it and deploys it to the test environment. So I do walk through that, but there is no go into this C# file and change this line. There’s none of that.

Mike Pfeiffer:
Yeah. Because I know there’s people out there who are wondering that. Right? So that’s good though because now you can just focus. Yeah.

Elton Stoneman:
Yeah, yeah. Absolutely. The source code is there. So all the app source code is on GitHub, but it’s all prebuilt, so you don’t need to do anything.

Mike Pfeiffer:
Awesome. One of the things you mentioned there that you see popping up a lot now, and especially in the job boards, is Go. You’re looking at DevOps posts. There’s tons of Kubernetes and Docker, and they’re looking for people that know the Go programming language, which is insanely awesome. But I think especially a lot of the people we know in the Microsoft space, the .NET world, that’s probably a huge departure. Right? Have you been messing around with Go and what are your thoughts?

Elton Stoneman:
Yeah, I’ve been messing around for years. It’s become the next language that I want to learn properly, but it’s been the next language I want to learn probably first since I was 15 or something. Yeah. It’s a really nice language. And one of the good things about it is it’s quite simple to read, but if you’re looking at an example, if you’re from a Java background or a .NET background, actually the clarity of the language is such that you can kind of skim through it and work out what it’s doing. Writing it is different obviously, but the big advantage of Go is firstly, this is what all this kind of [inaudible 00:30:17] written in. So Dock is written in Go, Kubernetes is written in Go, most of the examples, but for all the extension points that you can build your own stuff in, they tend to be go first and foremost. But then Go is this very lightweight cross platform language that compiles down to native binaries.

Elton Stoneman:
So on my Windows 10 laptop, I can take my Go application and I can package it up to run a Linux binary built for a Raspberry Pi. And then, if I wanted, I could then wrap that in a Docker image built for Raspberry Pi and distribute it. And that “Hello, World!” Application is probably, it’s not as small as it used to be. Like in the old days, it might be a few megabytes. Now the binary contains the Go framework with it.

Elton Stoneman:
So it’s not like. NET Core or Java where you have to install the runtime. I have to install .NET and then I can run the .NET app. Install Java, and I can run a Java app. Go packages the whole thing into a single binary so you don’t need anything else. So it’s super lightweight. It’s super portable. It’s quite nice to read. Actually, a lot of people who have gone from that, I’m historically an ops person, but I’m having to learn more of the dev side, really take to Go. They really like go. So it’s a simple but expressive language. But I’m far from the expert, which I would like to be one day.

Mike Pfeiffer:
Yeah, same here. I haven’t done a whole lot with it, but I think Terraform is written in Go as well, right? So I think if somebody’s looking for a language maybe to double down on, this could give you some nice… because you could contribute to Kubernetes if you know Go, you could contribute to the Terraform if you’re doing Go. But yeah, that’s awesome, man.

Mike Pfeiffer:
So as we’re kind of wrapping up this episode, where do you think we should send people? We know we got to send them over to the early access program and stuff to check out the current chapters for Kubernetes and [inaudible 00:05:08], but where else should we send people?

Elton Stoneman:
So if you’re new to all this stuff, actually, the latest releases of Docker, Docker Desktop have this. When you install it, it pops up this little welcome message and it walks you through a kind of five stage journey… your first application in a container. So if you’ve never done any of this at all, the new installations of Docker Desktop, and that’s part of the works on Windows 10 or Mac, guide you through some of that stuff.

Elton Stoneman:
I think last time I spoke to you I was just kind of updating my workshop content. I’ve only done it remotely this year, but I do this whole day workshop. It’s aimed at .NET people or . NET administrators or developers. And it takes them on that whole Docker and Kubernetes thing. I’ve evolved all that now. So there’s a ton of stuff there.

Elton Stoneman:
So that’s DAK for .NET, Docker and Kubernetes [inaudible 00:32:59]. All you need for that is Docker Desktop running on Windows 10, and it literally takes you from, I know nothing about this through to, okay, I think I could model my own application and get it running in [inaudible 00:33:11] or whatever. So that’s a pretty good one. And then actually the docs around this, particularly Kubernetes, the Kubernetes website, it’s just got better and better. There are two documentation websites. There’s the kind of hard core API documentation that tells you what all the bits and pieces mean in your [inaudible 00:33:26] files. That’s excellent. And then the Kubernetes website just tells you… there’s some really nice walkthroughs, there’s pointers [inaudible 00:33:35] online playgrounds where you can go in and try stuff out. So yeah, the official stuff is really good, really good resources.

Mike Pfeiffer:
Yeah. I’d have to agree with that, man. The Kubernetes documentation is really good. I forgot about your DAK for .NET. So that’s cool. I’ll put that in the show notes with everything else that you mentioned. But Elton Stoneman, the legend. Thanks so much for coming on the show and congratulations again, man. It’s really awesome what you’re doing. So keep it up.

Elton Stoneman:
Yeah. Thanks. Appreciate it. Thanks for having me again and yeah, hopefully this same time next year, whatever the third book in the trilogy turns out to be.

Starting Your DevOps Career from Scratch

Mike Pfeiffer — Fri, 10 Jul 2020 12:23:13 +0000

In this episode I answer listener questions and provide tips on how you can create a strategy to launch your own DevOps career from scratch. What does it take? What should you focus on? I answer those questions and offer some ideas on getting started.

Related resources:

Full Transcript:

Mike Pfeiffer:
All right, everybody. Welcome back to another episode of Cloud Skills FM. And this is episode number 82. It’s July of 2020. We just got back from a short summer break and I’m excited to be back. This episode is all about starting from scratch. So what do you actually do if you’re trying to get into a cloud or DevOps type of position and you’re completely brand new? And that’s what I’m going to talk about today. I’m fielding questions that have come in from Twitter, email, and from my text messaging community. And we’re just going to dive straight in. So the first question that came in from Twitter is what is a critical skill to have when you’re launching a career in DevOps, existing or new? And I followed up on that to get some clarity, to say, are you starting from scratch in IT or are you coming from a different place in IT, because those variables actually matter.

Mike Pfeiffer:
And so it turns out in this particular case, the person asking the question had some IT experience, but if you’re coming to this completely from scratch, you have to understand that DevOps is an advanced job role. And it really is that combination of two different responsibilities. You’ve got some developer responsibilities and have to understand that world. You’ve got operations responsibilities. So it’s a tough hill to climb. And so if you’re absolutely brand new, you have to keep in mind that it’s not going to happen overnight. You’re not just going to walk in and land your first DevOps job role probably in the first year. You’re going to have to work your way up, which is fine. And you should not let that deter you from going down that path. But let’s assume you have really no experience in the industry, right?

Mike Pfeiffer:
And you’re coming from a different career path or you’re coming out of school, whatever, right? You’re going to need systems administration skills, virtualization, storage, networking, security. And this is huge. In these modern job roles that are focused on cloud engineering, DevOps, you do need to have system administration skills to understand the frameworks and the services, and to work your way through building and supporting all these applications. And I can tell you, after spending the last couple of years helping teams ramp up in this world, this is a big gap, right? So you have to close this gap first. Otherwise, all the other stuff is going to crush you. So what I would say here is a really good way to close this gap is to use vendor neutral certifications like the Server+. CompTIA offers the Server+ certification. They also have A+ and Network+.

Mike Pfeiffer:
I think that Server+ is good because it incorporates all the stuff that I just mentioned, system administration stuff. Virtualization, storage, networking, security, it covers all that stuff. That’s going to give you some good perspective. And it’s again, vendor neutral. It also covers the concepts in Windows and a Linux type of scenario. So that’s a really great place to start to get a solid foundation on systems administration before you go to that next level. So if you’re starting from scratch, get that experience under your belt, that knowledge under your belt, and then you’ll be ready for an entry level cloud engineering position.

Mike Pfeiffer:
Now, one of the natural questions there as well, even though I might have a basic entry level certification, I’m not going to have any experience. How am I going to get that entry level job? And that’s something that I talked about in the past. I’m not going to go into that in a ton of depth in this episode. But if you go back to episode number 40 of Cloud Skills FM, I do a whole episode on what to do when you don’t have experience. And the reality is, there’s a bunch of stuff that you could do to get experience under your belt, opensource projects and on and on and on. So go listen to episode number 40, and that’ll basically get you some experience that you can put on your resume. You’ll have some knowledge and certifications, right? And then you got to go to the next step, if you want to continue walking your way up this ladder. And so what I mean by that is now you’ve got to get into really understanding DevOps, if you’re going down that road.

Mike Pfeiffer:
And it even helps if you’re just going to be doing cloud administration, cloud architecture. It does help to understand the patterns and practices in the DevOps world. It’s bleeding into everything. So you definitely want to spend some time there. So number one, how do web applications actually work? What’s the deal with web servers? How does the HTTP protocol actually work? What client side and server side frameworks are developers using to build applications? This can seem kind of intimidating if you’re not a developer, but you need to understand this, to be able to speak the language and understand what developers are talking about. The most common transport protocol these days is HTTP. We’ve got all these restful APIs and all the applications and services are talking to each other for the most part are communicating over HTTP. And when it comes to building and deploying applications as a DevOps engineer, you need to understand the frameworks that the devs are using, so you can help them build, package, and deploy those artifacts out into the real world.

Mike Pfeiffer:
And then on top of all of that, you still need to know a programming or a scripting language. They’re always going to hit you with that in any kind of job interview, right? Especially in a DevOps position. So pick a programming or a scripting language that you can get started with. Python is insanely hot. PowerShell is a good option if you’re in a Microsoft centric world. And so, you got to spend some time there. And that also bleeds into the world of infrastructure as code and configuration management. And I’ve done several episodes on this podcast about that concept. So if you go back and listen to episodes number 62 that I did with Ned [inaudible 00:04:55]. We talked a lot about infrastructure as code. If you listen to episode number two of this podcast, I talked about infrastructure as code, did it again in episode number 38, where I talked about Azure automation and DevOps and infrastructure as code.

Mike Pfeiffer:
So go listen to those at least. There’s got to be more episodes that I’m not thinking about where we discuss this. And then from there, you’re not done, right? You still need to understand containers and orchestration. You need to understand Docker and Kubernetes, the foundation to that. And then you really got to understand continuous integration and continuous delivery. How are pipelines built so we can automate the build and release of applications. And then finally, once those things are deployed to production, how do you continuously monitor and aggregate all the logs coming from this infrastructure? So it’s an intimidating punch list. And so what I’m trying to drive home here is that this is not a beginner job role. However, it is worth the pursuit because you’ll grow quite a bit and you’ll have a lot of leverage in the job market if you’re working on these things.

Mike Pfeiffer:
Now, the second thing that I want to say here though, is it’s not like you have to be a 400 level expert in every one of these tiers. Just start building awareness around these things. Nobody is going to be 100% in every one of these categories. One of the trends that I am noticing in the field, and I think that it’s going to continue to take some time over the next several years, but organizations are becoming more open to the idea of giving people free time to work on their skills. They’re coming more open to the idea of hiring within. And they’re becoming desperate for talent, right? The whole industry is struggling to find people that are qualified.

Mike Pfeiffer:
So people are going to create programs. They’re going to be more open to entertaining the idea that maybe you’re not strong in every single area, but if you can start to develop kind of the muscle right now, to understand the terminology and not worry so much about not being an expert, in 400 level depth expert in all these categories, but have the ability to understand a little bit of the terminology is a good start.

Mike Pfeiffer:
Now, let’s go ahead and move onto the next question. Some of the stuff that I’ll talk about going forward here, we’ll continue to answer the first question. This next one is an email that came in and there’s a couple of important points here. It’s a little bit long, so I’m not going to read the whole thing, but I’m going to try to focus on some of the key points. So the email starts off to basically say, after the introductions and stuff, it says I’ve looked at and subscribed to most job sites. Every position asks for at least three to five years in a DevOps position. And to find a job as a newbie is impossible. The only way to get a job in infrastructure is to work your way up and that takes time. Another thing that I experienced when applying for these positions is a person gets tested on programming and scripting. Again, with no experience, you are out.

Mike Pfeiffer:
All right, so let’s go ahead and pause there. We got to address this. So first off, you got to think about it from the employer’s perspective. Imagine that you were the manager of the team and you were hiring. Would you want somebody on the team that absolutely had no idea how to do the job that you were hiring for? Like I said, DevOps is not an entry level position, so you can’t have the expectation of they’re just going to bring you in with absolutely zero experience. Let’s keep going. Email continues to say, I’ve been working with Azure for a little bit. Office 365 and Intune is my specialty. And then for the last two years, I’ve had no chance of getting into DevOps, just because of the lack of experience with Terraform, Puppet, Kubernetes, and Docker, et cetera. The only way to do this as if you have no family and no children, and that you could possibly afford six months a year to focus only on the above products without working at the same time.

Mike Pfeiffer:
I’ve done three months in isolation when studying for Azure and still can’t get the Azure engineer position anywhere. And every single time I interview, I’ve been asked the same question about automation tools and what I’ve been using in the past. Obviously, I can’t lie. And if you could possibly give me a scenario on how I can learn when working 50 hours a week, only if Altered Carbon operatives offers me a role in their TV show so I have a duplicate body to do all these things above. All right. So there’s a lot to unpack here. And so the first thing that I would just say after reading your email is, here’s the big question. Do you even want to do this? Is this even interesting to you? Because to me, it kind of sounds like you’re just going for these higher level roles because they pay more.

Mike Pfeiffer:
Maybe you feel like you’re obligated to go into those positions, but the fact is this DevOps job role, it’s so broad right now that if you’re not interested to work on your own time to ramp up, you’re going to be competing with a bunch of other people that are, and you’re never going to win a battle when you’re competing with somebody that loves something when you don’t. And I can say that I’m empathetic of your position. You know, if you don’t want to work on your off time, you shouldn’t. Everybody should live their life the way they want to. But if you want to be a DevOps engineer, if you want to make the highest salary in the industry, you’re going to have to compete for it. And right now, everybody’s trying to do stuff that’s never been done before.

Mike Pfeiffer:
They’re trying to do things that are way more ambitious than they’ve ever done. And right now is not the time to slide in with zero effort. But yeah, really to close the loop on this email, I can see where you’re coming from. But the reality is the people that get these positions, they’re going to have to work way harder than everybody else. That’s just the reality of the situation. I get you’re working 50 hours a week, but it also sounds like you’re watching TV shows. I don’t even know what Altered Carbon is to be honest with you, but anyways, right? That’s the sacrifices you would have to make. Like don’t watch Netflix, go out and do the studying, do some scripting, get your skills ramped up. A cloud and DevOps position is not going to happen if you’re not doing it at work and you’re not studying on your own, that’s just the truth. And whatever you decide, I wish you the best of luck.

Mike Pfeiffer:
Going onto the next message. This was a text message that I got through my new text messaging community. I’m kind of experimenting with this. This is kind of cool. It’s just an easier way for me to respond to you guys. I get so many emails and DMs. So if you want to ask a question through text messaging and you want to get real time updates when I’m live streaming and you want to get weekly inspiration and career tips, sign up for my text messaging community. It’s 1-480-530-8694. Just send me a text that says subscribe, send it to 1-480-530-8694. So here’s the question that came in through text message. Basically says I’ve been in IT since 2013, reading the Phoenix Project and discovering PowerShell in the community and motivating me to take my career seriously.

Mike Pfeiffer:
I went from an IT support engineer role in 2017 to a senior systems engineer role this year. Congratulations. My goal is to land my first DevOps role in the next 24 months. Looking at the job postings here, I’ve noticed that in addition to knowing source control, Azure, AWS, Windows and Linux administration experience are being requested and also database and reporting experience in Microsoft SQL, Power BI, MySQL, Tableau, Postgres SQL. Is that a normal requirement in the USA? I’m not sure whether that’s just a thing here. There’s so much to learn and I’d like to be strategic on the technologies I invest my time in. Where should I start? And how deep should I go to be effective in the learning of database technologies from a DevOps perspective, especially for the deployment of modern web applications. So I like your approach here. You’re taking a strategic approach. You’re being realistic about the timeframe.

Mike Pfeiffer:
I think where you’re at right now, what you’ve done in the past, and the fact that you’ve set a sight for the next 24 months is totally doable. And so, good job on that. And so you are right, understand database technologies is part of this world because we have to persist data somewhere. And a lot of times when we’re doing DevOps, we’re working on web applications and automating the release of those. And of course, we’ve got databases where we’re storing the data. So what I would is don’t worry about becoming a full blown DBA, but get some understanding of relational databases like Microsoft SQL and non-relational like Mongo DB. And what I would recommend is kind of just like a entry level intro to SQL server, intro to Mongo DB 101 type of tutorial. Some of the things that I would specifically focus on is how is data stored in those databases?

Mike Pfeiffer:
So for example, in a relational database world, understanding how tables work in database schema and the importance of that when you’re changing the schema, right? You’re adding a column to a table. In a DevOps situation, there’s all kinds of stuff you’ve got to think about to automate that process. And so you don’t have to get into like the weeds of doing T-SQL commands and know all this crazy reporting and stuff. Not from my perspective at this stage, I would focus more on just the basic general DBA concepts. And when it comes to things like no SQL document databases and stuff like that, that’s very developer centric. I wouldn’t worry too much about that right now where you’re at. Obviously, if you’re doing certifications, you need to have some clarity there. Like Azure certifications, depending on which ones you do might have some requirements for you to understand Cosmos DB, but it’s not going to be at a deep level as a developer, where you’re building these very sophisticated applications. You just need to understand the basic framework. S.

Mike Pfeiffer:
So it would spend a little time there, but I wouldn’t go crazy if you’ve still got to learn a bunch of other stuff like Windows and Linux and all this other stuff in the DevOps world that we’ve been talking about up to this point. So I hope some of these tips have helps. If you want to follow up, feel free to hit me up. You guys can DM me, you can text me, you can shoot me an email. And I’ll do my best to reply directly, or answer your question on a show like this, or on our YouTube channel. Over the next couple of weeks, I’ll be doing interviews with guests. I’m actually later today filming four podcast episodes in a row. I should say recording four episodes back to back. That’ll come over the next several weeks. So I hope you guys are looking forward to that and I will see you guys next week.

Home to Become a Microsoft MVP

Mike Pfeiffer — Thu, 09 Jul 2020 00:22:48 +0000

Live-streamed on July 7th 2018 at 12:00pm Pacific

The Microsoft Most Valuable Professional (MVP) is an award program for technologist who demonstrate outstanding leadership in the technical community.

In this live-stream replay I chat with Tim Warner about who the program is for, and what it takes to become an MVP.

Along the way we do Q&A with a LIVE audience and provide tips on how to navigate your own journey.

Azure Load Balancing Demystified

Mike Pfeiffer — Sat, 04 Jul 2020 11:50:15 +0000

Have you ever been confused by all the load balancing options available in Azure? What’s the difference between regional and global load balancing? Why are there so many load balancing services? And… how do you setup an Azure Load Balancer completely from scratch?

This video was created to answer these questions.

If you’re pursuing Microsoft’s Azure role-based certifications this concept will keep coming up over and over again, so it’s good to understand the foundations.

Full Transcript:

Mike Pfeiffer:
Networking by far is one of the biggest challenges for anybody pursuing Azure certification. Most of the exams include some level of networking. When it comes to doing things like load balancing, that can be really confusing because there’s multiple load balancer types, there is global and regional load balancing. And it’s like, “When do I pick one over the other?” In this video, I’m going to break down the differences, and I’m going to actually show you how to implement the load balancer to load balance couple of Ubuntu VMs across availability zones in Azure.

Mike Pfeiffer:
What’s up everybody. It’s Mike Pfeiffer, Microsoft Azure MVP, and host of the CloudSkills.fm Podcast. This video is actually from a training we did, the AZ-104 certification training we did with Tim Warner and myself a couple of weeks ago. In this video, I spend almost an hour taking you through load balancing in Azure. Like I said, I’m going to break down the differences between regional and global load balancing, all that kind of stuff.

Mike Pfeiffer:
I actually walk you step by step through implementing an Azure Load Balancer to basically load balance a couple of different VMs running in two different availability zones in an Azure region. If you’re studying for Azure certification or you’re just trying to ramp up, either way, I think this content will really help you out. So without any further delay, let’s start the training.

Mike Pfeiffer:
Overview of load balancing options in Azure. Just wanted to point this out real quick. Number one, global versus regional. This is a fundamental thing that you want to know off the top of your head. This isn’t hard. Global load balancing services distribute traffic across regional backends, and regional load balancers, essentially, just working within a single region. Global would be, “Hey, want to route or load balance across West US and East US.” Regional would be, “Hey, I want to load balance across availability zones potentially.” I’ll talk about the services here.

Mike Pfeiffer:
But coming up, we’ve got HTTPS versus non web-based workloads, So there’s application-aware load balancing. So layer seven load balancing as well as layer four. And so, anybody that’s not a networking person, the OSI model, but different layers of the network stack, that’s what we’re referring to talking about layer four, layer seven.

Mike Pfeiffer:
Essentially, layer seven, at the very top of the OSI model is the application layer. That’s the layer where we can see things about the application. So if we wanted a load balance a workload and be able to see the path in the URL that the user is trying to get to, on the layer seven load balance we can see that, and we can do things like path-based routing. On something that’s not HTTPS, optimize a layer four load balancing solution is just really looking at the ports, the protocols, the source, and destination addresses.

Mike Pfeiffer:
Okay. Looking at this table here, this is a nice one just to know off the top of your head. Azure Front Door is a global service, and the recommended traffic is web-based traffic. So Azure Front Door is a global… You can think of it as a DNS load balancing services. It’s a little bit more sophisticated than that because it acts like a layer seven load balancer, and you can basically have a single endpoint load balance across two different regions, which is really interesting.

Mike Pfeiffer:
There’s also other backend types that are supported like external end points. So you could load balance between on prem in Azure. Basically, have a single end point for your web-based applications. And so, Front Door is a newer service. Before we had Front Door, all we had for a global load balancer was Traffic Manager. Traffic Manager is simply an Anycast to DNS load balancing solution. And so, there’s no layer seven capabilities with that one.

Mike Pfeiffer:
Front Door, you could do things like SSL termination, cookie based affinity to keep people connected to the same endpoint for the entirety of their session, things like that. Traffic Manager’s just DNS load balancing. And so, you’re completely reliant on the client’s ability to check in with Traffic Manager, query, get the response for the right end point. For both of those, there’s routing policies and all kinds of cool stuff that we could do. But what we need to really zoom in on today, and for this certification, is the regional load balancers.

Mike Pfeiffer:
When you go into the architect level, they’ll hit you up on these other global ones for this tier. The admin level, we need to understand Application Gateway and Azure Load Balancer. Application Gateway is the layer seven regional load balancer. So if I wanted to load balance across availability zones and I’ve got a web workload, and I want to be able to do things like web application filtering, and I want to be able to do cookie-based affinity, so per session persistence. If you want to do any of those nippy things, Application Gateway is going to be the way to go.

Mike Pfeiffer:
Azure Load Balancer is the layer four regional load balancer. The nice thing about this one is there is a free tier. There’s a SKU that’s free, but it doesn’t work across availability zones. If you wanted to load balance across availability zones with either of these regional gateway options or load mounts or options, you’re going to be paying for this infrastructure. So those are the major differences.

Mike Pfeiffer:
And so, when you get into working with Azure Load Balancer and Application Gateway, a lot of the constructs are very similar. There’s a front end configuration, there’s a backend pool. The stuff I’ll show you today is going to be specific to Azure Load Balancer, but there’ll be a lot of parallels. And I’ll also show you the deployment process for Application Gateway. But the demo that I’m going to show you is going to be based on the Azure Load Balancer.

Mike Pfeiffer:
Like I said, an Azure Load Balancer operates on layer four. It does rely on health probes to determine the backend status. And you see that in concept with all of the load balancing solutions. We’ve got to make sure that wherever we’re sending connections, those backend systems are healthy. From there, as long as the backends are healthy, we’ll route traffic to those based on the load balancing rules that we configure. All right. So very simple so far.

Mike Pfeiffer:
Talking about Application Gateway, step further, we already mentioned this. Again, it works the same way. Outside of the fact that this one’s a layer seven load balancing solution, it still needs probes, it still needs the backend pool. And so, once you understand Azure Load Balancer, you’ll understand the high level architecture for the Application Gateway as well. Here’s a visual on a little bit of a difference with Application Gateway. The architecture itself, having the load balancer between the users in the backend pool, same kind of concept, regardless. But notice here we’ve got multiple backend pools with an app gateway.

Mike Pfeiffer:
Nice thing about this is we can do things like path-based routing with a layer seven load balancer like the Application Gateway. This is commonly done, especially in the world of microservices. Notice that we’ve got some paths, the slash image path. So under the contoso.com domain slash images takes the user to a different set of servers. If we go to contoso.com/video, that takes us to a different set altogether. So being able to route different paths to different groups of servers, very commonly done in the world of microservices.

Mike Pfeiffer:
By the way, yesterday, when spun up that AKS cluster, we were using an Azure Load Balancer by default, but you can also use the Application Gateway. So as you’re coming into your Kubernetes implementation, it might be nice to be able to use Application Gateway in that model because the path-based routing can send people to different services. Okay. So let’s move forward here and I’ll show you just a couple other diagrams, some architectural components, and then we’ll start building this stuff out.

Mike Pfeiffer:
When you’re thinking about this, regardless of Application Gateway or Azure Load Balancer, you can deploy these load balancers, either internet facing or internally facing. Tim showed a couple of reference architectures so far where we’ve seen that, a public load balancer for the web tier, and then on the internal networks like load balancers for… Or the internal VNet, I should say, load balancers for things like a database tier and stuff like that. Not a whole lot to that. You’ve got a public interface on the load balancer.

Mike Pfeiffer:
Cool part is you don’t have to put public addresses on all the machines behind it. When you go into the Azure portal, I think we’ve all seen it just drives you down the path of when you build a VM, just putting a public address on every single VM. Obviously, we don’t want to do that in real life. So with something like this, we can have a public load balancer. We can have machines behind it in the backend pool. And those machines can just have private addresses, and we can get to them by going through the public interface on the load balancer.

Mike Pfeiffer:
The internal scheme is just the opposite. This is a good diagram on the bottom right there, showing the web tier, connecting to an internal load balancer, take it to the database tier. If you ever had to get into the situation of doing SQL server always on availability groups in a backend pool like they’re showing here, I wouldn’t recommend it. It’s a lot of work. But if your DBAs need root access to the systems, then you’ve got to do it.

Mike Pfeiffer:
I’m a fan of Azure SQL, to be honest, but when you’re doing SQL clusters like this, and always on availability groups, the best practice is to actually use an Azure Load Balancer. Windows, of course, machines are Azure virtual machines. And so, we’d load balance the availability group, listener IP addresses with an Azure Load Balancer. But you might have other workloads. And since Azure Load Balancer’s layer four, you can load balance any TCP or UDP traffic. And so, it’s not just restricted to web workloads. And so, the scheme when you’re deploying these solutions, when you’re provisioning it, you can say public or internal.

Mike Pfeiffer:
All right. Last thing here and then we’ll jump into the portal. There’s two SKUs, public… Oh, sorry. On the Azure Load Balancer, two SKUs, basic and standard. Basic is the free version and works really well. But if you want to span availability zones for ultimate high availability, the best regional high availability you can get, go with the standard SKU. You get paid for that. But then you can basically target any virtual machine and any availability zone. All right?

Mike Pfeiffer:
Let’s jump into the portal and we’ll build this out from scratch. Let’s jump over here. I’ve cleaned up my environment, so I’m going to step through this manually, one thing at a time. Let’s first build the VNet. So we’ll say virtual network, and then get this new thing. We’ll call this the Webfarm resource group. The reason I’m building this manual is just so you guys could see how all this plays out. So we’ll see Webfarm VNet, and we’ll put this in West US two because I know West US two has multiple availability zones.

Mike Pfeiffer:
Coming to the next screen here, Tim mentioned this. I too like to design VNets using a slash 16 because it gives you the ability to have lots of space for multiple subnets. So it’s a good design pattern. I was just going to go with the default. So the 10.0 network for the entire VNet address space and then just a slash 24 for the default subnet. So we’ll just go with that. That looks good. As we get into this, I think Tim touched on this. We got DDoS protection at the network level.

Mike Pfeiffer:
The basic tier is on by default, so you’re just getting that for free. You can go into the standard version for DDoS protection and that will light up all kinds of cool controls and some different offers like include adaptive tuning, notifications, and stuff like that. But you’re getting it no matter what. And then also Azure Firewall is basically the managed network virtual appliance.

Mike Pfeiffer:
When Tim was showing an architectural diagram of having a VM in a special subnet that was routing all the traffic in the middle of the on-prem world, in the middle of the backend systems in Azure, forcing the traffic upload to that network virtual appliance, you do the same thing with Azure Firewall. So we’ll come back to that. Let’s build the VNet. Then what we’re going to do is we’re going to build a network security group and we’re going to pin that network security group to the VNet subnet, just like Tim was talking about.

Mike Pfeiffer:
So let’s create a network security group and drop this in the Webfarm VNet. We’ll call this the WEB-NSG and put it in West US 2, and which review and create that. I could tell you guys from my own experience on AZ-104 beta, that I got hammered with questions about NSGs. So this is good work for you to do with some double duty here and see it again. Here’s the default rules Tim was talking about.

Mike Pfeiffer:
Eventually, what I’m going to want to be able to do is have my load balancer establish a connection to the backend pool. So we’re going to kick this NSG connected to the subnet that the server’s going to be in. So we’ll go to subnets, we’ll associate this with the Webfarm VNet, the default subnet. And right now all we’ve got is the default rules. So connections, I’d have to think about that. So if I’m looking at the default rules, there’s Allow VNet Inbound and things like that. This is one of those things we’ve got to think about.

Mike Pfeiffer:
So it does say about Allow Azure Load Balancer, any source. Let me zoom out a little bit. Source any or source Azure Load Balancer, destination, any allow. But we’ll have to validate and check that. So let’s see how this goes because as we build an Azure Load balancer and create load balancing rules, that’ll actually open up port 80 on the outside of a load balancer. But what about the inside network? So we’re going to come back to this, okay, because I want you guys to see what happens here.

Mike Pfeiffer:
But right now this NSG is connected to the subnet. So let’s deploy some servers into the subnet, okay? So we’ll go over. And what we’re going to do here is I’m going to use Ubuntu so it’ll spin up quickly. We’ll put this Webfarm resource group. This will be WEB1. Put this in West US two. Then for infrastructure redundancy, again, Tim showed this yesterday, when we’re talking about HA and stuff like that. We’re going pick availability zone, that availability zone model, and we’re going to put Web one and availability zone two. Okay?

Mike Pfeiffer:
Then we’ll just use Ubuntu. I don’t need that much firepower for this guy, so we’ll just do one CPU, two gigs of RAM, and then we’re going to do password based off. All right. So down here, this is the interesting part. Once you start going through the portal, the build begins. It starts steering you down the road of doing things where you might not want it to. In this configuration here, if I’m letting it open ports, if I’m configuring this, this is configuring an NSG on the NIC. I’m not going to do that so I’m going to say none. I’m going to control all of my firewall rules with the NSG.

Mike Pfeiffer:
So we’ll hit next here. Default disk config is good. Notice that on the networking screen, we’re going into the Webfarm VNet. It just pick that up by default. Knows the right subnet. I am not going to put a public IP on here because this is going to sit behind the load balancer. So I’m going to say no public IP, and I’ll show you how we get to this in a little bit, all right? No security group on this NIC. Nothing. Next I’m going in here. I’m not going to turn on boot diagnostics for those. Just turn that off and let’s go ahead and review and create that first VM. So that’s in availability zone one.

Mike Pfeiffer:
Then the second VM, we’ll put in availability zone two. All right. So let’s just, while that one’s running, let’s jump back over, go to Ubuntu, put this guy web two in that resource group. We’ll say West US 2, infrastructure redundancy, availability zone. Put this guy in availability zone 2, same virtual machine image. And of course, as you might suspect, I would want to be thinking about, how do I get my application code on this server? Is it part of the image? Is it part of a bootstrapping script, like a custom script extension? All that kind of stuff.

Mike Pfeiffer:
I’m going to install web server manually, and I’m going to show you how we do that here in a minute. So let’s make sure that you get the same credentials. I’m going to do the same thing as before, no inbound port configuration. We’re going to rely on the NSG on the subnet. On the networking page, we’re going to turn off the public IP address. Then over here we’ll say, “No boot diagnostics,” to match the other one, review and create.

Mike Pfeiffer:
All right. So I’ve got two systems coming up right now. Let’s go and build the load balancer. So if we come over here, load balancer. By the way, in the marketplace, there’s so many images from other vendors, Cisco and f5 and tons of… Kemp load balancers. There’s tons of stuff that runs on VMs, if you guys are interested. So let’s put the load balancer in the Webfarm resource group. I’ll show you the process for Application Gateway here in a bit. We’ll say this is our web load balancer. This is going to be in West US two.

Mike Pfeiffer:
And so, here’s the type. Is it going to be public out on the internet or is it going to be an internal load balancer? Well, in our scenario, this is going to be a couple of web servers we’re hitting from the internet. We’ll make it public. For the SKU, remember, the basic version is free. And if we want zonal redundant configuration, we want standard. And so, notice what it says here when we pick that. When you pick standard, it’s like, “Hey, standard load balancer is secure by default.” This means network security groups are used explicitly to permit and whitelist allowed traffic.

Mike Pfeiffer:
Then this is an important footnote. If you do not have an NSG on a subnet or NIC of your VM resource, traffic is not allowed to reach this. So there’s nothing stopping you from building a VNet and a VM with no NSGs. And if you do that, what they’re saying is it’s not going to work. We already have that, so we’re good. Now, coming down the lists, we need to get the public IP address the name. So this is like our Webfarm public IP address, if I have a naming convention there.

Mike Pfeiffer:
Now here is the interesting piece, what availability zone do you want to put the load balancer? One, two, or three? Well, we want to load balance across one and two. So we’re going to configure this to be zone redundant. You’re probably thinking, “Well, how the heck can this thing be in multiple availability zones if those are actually different data centers?” Well, this thing’s got some magic behind it. It’s got interfaces and these different…

Mike Pfeiffer:
This is a managed service. So Microsoft’s doing some stuff to abstract that for you. So let’s go ahead and create the load balancer and we’ll have a fair amount of work to do still. We need to configure a backend pool. You need to configure probes to make sure that the application’s healthy, which that won’t work initially because the servers don’t have any code on them. So we’ll figure that out as well. All right. The other thing that is confusing about Azure Load Balancer that still comes up on this exam, potentially, and it’s been around forever, is this concept of NAT rules.

Mike Pfeiffer:
Let me just explain this real quick, I’m going to show this to you live. That was not the topic I was looking for. But basically there’s this concept of port forwarding or NAT rules on the Azure Load Balancer. This is not for application traffic. This is more of a tutorial. This is for getting into an individual resource. There was an article I used to find on the first page of Google, but it’s not showing up now, about NAT rules, but I’m going to show you this in practice. Anyways, let me just check this one last thing. Not showing up on here.

Mike Pfeiffer:
Anyways, I’ll show you in the portal. All right. The appointment is complete. Let me head over here. What I was getting at there is load balancing rules like you see here in the settings, and then there’s these inbound NAT rules. The load balancing rules, of course, is for your application traffic. I want to load balance 80 in 443 for my web workload across all my VMs in the backend pool. Cool. The inbound NAT rules are a way for you to basically poke a hole in the load balancer. So you as an administrator can get through the load balancer and target a backend in individual backend instance. So you can RDP or SSH directly through the load balancer to a backend instance.

Mike Pfeiffer:
This pattern has been around since the early days of Azure. And in fact, when Azure virtual machines first GAD backend like 2013, I think it was. The default config was, when you spin up a VM, it was sitting behind a load balancer. We had to set up NAT rules so we could RDP in and do stuff. And so, this construct is still around to this day. But we need to set up a backend pool. You need to set up a health probe. We need to set up load balancing rules. And then finally, I’m going to need to set up a NAT rule setup so I can SSH in and install a web server because I didn’t have any automation preconfigured. Doing all that will teach us the basics to this stuff.

Mike Pfeiffer:
Let’s go to backend pools. Click on add. Also note, based on the conversations yesterday, virtual machine scale set, when you’re scaling out horizontally, a VM scale set will auto attach your instances to your load balancer. So I’m doing it manually here registering these instances with a backend pool, but if you’re doing a scale set, that could be dynamic. The attachments and the disconnection of your VMs on scale out and scale in, doesn’t have to be micromanaged by you. So we’ll call this Webfarm backend. Virtual network is our VNet. And we can just pick our virtual machines from the list.

Mike Pfeiffer:
Web one, notice that we have a IP configuration option. Just like Tim is talking about, we can do multiple NICs or VMs that have multiple NICs. Those NICs also can have multiple IP configurations. So just like on a machine, you can have a primary and a secondary IP. So there’s different configurations you can connect to. These servers are pretty vanilla, right? Easy to set this up. So I just pick the only NIC that’s on there. Then notice this thing does work with scale sets. So let’s go ahead and add that.

Mike Pfeiffer:
One thing I’ll say about Application Gateway as well, and the reason that I didn’t spin that one up as a demo, it does take some time. It’s not as slow as it used to be, but it’s definitely not as quick as provisioning of load balancer. So I’ll show you the build process for Application Gateway, but it does take a little bit of time. So I’m not going to go through building it from scratch.

Mike Pfeiffer:
The other thing to keep in mind is any time you’re configuring the Azure Load Balancer like this, when I add something to a backend pool, I can’t do anything else. Even though this is an asynchronous process, going over to another menu and trying to do something else while this thing is running, generally doesn’t work with this specific device. But this should be done any second. I hope Badger doesn’t make a liar out of me. Seemed like it was running a little bit slower yesterday afternoon. Let’s see what happens here.

Mike Pfeiffer:
In the meantime, while I’m waiting for that to run, just a couple other things. Once we post all the slides and stuff, like I said, I would go through these in the days leading up to your test, days and weeks, and just some footnotes here about your backend pool and the SKUs on this Azure Load Balancer. When you’re on standard, that’s up to a thousand Azure VMs in the same VNet, including availability sets, scale sets, or across AZs. And the basic tier is just a hundred VMs. That’s something to keep in mind.

Mike Pfeiffer:
Let’s see here. Do I have a better picture about NAT rules in here? I don’t. Multiple front ends is also an option, so you could have multiple front end IP configurations. You might have different public IPS on a load balancer. With the Application Gateway, that’s also something that’s commonly configured, multiple host names as well. All right cool. So we’ve got our backend pool finally. Let’s do a refresh right here. That looks scary. We’ve got two machines in the backend pool.

Mike Pfeiffer:
Let’s go to health probes, and then we’ll click on add. We do need to make sure that these backend instances are healthy before we ever send any traffic over there. Taking a look here, we can tell Azure, “Hey, every five seconds, go out and make sure that you can get to port 80 on each server in the backend pool. And if that doesn’t work two times, if there’s two consecutive failures, let’s take that sucker out of service and we’ll check again until it’s healthy before we add it back.”

Mike Pfeiffer:
Now, here’s the big difference on this screen. Notice when it’s on TCP, you’re just doing a port ping. If you pick something like HTTP or HTTPS, you can actually check a path on the web server. And this is pretty useful in the world of software development and building applications where you want a deep health check from a probe, and very common to do… Well, to implement the deep health check pattern. It’s not a Microsoft thing. For example, like this, you could say healthcheck.aspx. So you could have a server side page, maybe this is a .net application. You can have a server side script that the probe pings and the developers can control the response.

Mike Pfeiffer:
So the health probe, that means load balancers, whether it’s Application Gateway or Azure Load Balancer, is expecting an HTTP 200 okay response on the probe. If you’re the developer wanting to be able to control, take the server out of service without having to mess up the Azure configuration or go in and try to rip a server out of the backend pool, in the app config, they can just say whenever we request this page on a certain server, we send a 500 error, and then that will effectively take the system out of the backend pool and you’ll be good to go right until the [inaudible 00:26:58] change that config.

Mike Pfeiffer:
So anyways, I’m just going to do a TCP port ping here for this probe because I don’t have anything installed yet. Let’s let that build and that’s done. All right. So next step, load balancing rules. When people hit the public IP address and the load balancer, what’s going to happen? Let’s click on add, and we’ll call this rule HTTP. We’ll just stick with IP version four here. Notice our front end configuration is already defined because when we created the load balancer, we told it we wanted a public IP. So it set that up for us.

Mike Pfeiffer:
In this configuration, we’re going to listen on port 80 on the outside and target backend port 80 as well. So you could do different port mappings here. That would work just fine. If you did, if you decided to do 443, that’s cool. You just have to have a certificate on the backend servers. There’s no SSL termination on this layer for a load balancer. But anyways, outside and inside it’s going to match. If we’re doing 443 as well, and we did have a certificate, but we also wanted port 80, we would just have to load balancing rules.

Mike Pfeiffer:
All right. And so, coming down here for this rule, for port 80, we’ve got our backend pool configured. It’s using the health probe that we set up. Then down here, session persistence, is an option. This can be tricky because… Actually, I have a slide on this. Yeah, session persistence. With a Azure Load Balancer and this a layer four capability, session persistence isn’t… You’ve got to be very careful with this, because take a look at the diagram down at the bottom. When we’re talking about session persistence in a load balancing world, we’re talking about keeping the user with the same backend server that they start with for the entire lifetime of their session.

Mike Pfeiffer:
So if the client on the left there on the laptop hits the load balancer and connects to VM1, if we wanted them to always be on VM1 for that session, well, then we can try to do session persistence or sticky sessions. But in the layer four world, really the only thing that we can do that based off of is the client’s IP address or the client’s IP address and a combination of the protocol along with that. This isn’t bullet proof because we all know that NAT is a thing. And if there’s a hundred people sitting behind the same internet, or they’re saying…

Mike Pfeiffer:
Go to a corporation. All the people are sitting on the same local network. And when they go to the internet, they’re seen on the outside world as the same client IP address. Well, then you now have giant groups of people being persisted to a backend instance because we can’t uniquely identify them. Session persistence in a layer four world isn’t really 100% practical in every scenario, and you’ve got to watch out for this. A better alternative is just tell the developers to build stateless applications, so where I can, as a user come through the load balancer and just bounce around any backend server and the app just works.

Mike Pfeiffer:
As cloud native computing continues to mature, session or stateless applications are becoming more and more common. So you can push back on that. If you need a better session persistence, Application Gateway can give the user a cookie. If you’re doing web-based application, you can use that layer seven, manage load balancer, and then it’s much easier to deal with because every user can get a unique cookie specific to them. I know that I’m preaching to the choir to a lot of my friends that are in the exchange world that have joined us, that have done lots of load balancing over the years.

Mike Pfeiffer:
So anyways, I’m going to leave session persistence to none. The load balancer does use a routing protocol or a 5-tuple hash kind of algorithm that they’re showing here to decide how to connect the user to these backend instances. So it’s not like round Robin. It’s a combination of the source, IP, source port, destination port, protocol, all that kind of stuff. All right. So the session persistence to none down here. Then you have this option for floating IP, direct server return. And I’m not going to get into the weeds of that, but essentially, you would turn this on when you’re doing always on availability groups and your load balancing SQL server clusters. That’s more of a trivia nuance type of thing.

Mike Pfeiffer:
And so, we’re going to go with the defaults there, the load balancing rule. This would basically make it to where we can get to those servers if the web server’s up and running, but there isn’t one yet. So the big question is, how are we going to get Apache installed in these Linux servers? And so, that’s where NAT rules come into play. Later today we’ll talk about VPN and stuff like that. We could VPN into the VNet and then just SSH over the private network to these guys and install the web service. But if you need to go through the load balancer, and it’s good to understand this pattern, especially if you might get a question on a test, you can create these NAT rules.

Mike Pfeiffer:
I can create one to where I can already… Or sorry, SSH to the public address on the load balancer on one port for web one and an alternate port for the other server. I’ll show you in a second and it’ll make more sense when I draw it out. But thinking about it this way, there’s only going to be one public IP address in this scenario on the outside. And I can’t listen on port 22 on the outside for both of my machines. So I’m going to have one IP, two different ports on the outside that I can ultimately get to on SSH on these backend servers, if this ever updates.

Mike Pfeiffer:
The other thing that can be slow to update, and if you’ve ever messed around, you might have noticed, NSGs. Sometimes you can add an NSG rule to open up some kind of access. It might take a minute before you see it kick in. So be advised that if you’re messing around with NSGs and you created a rule to open up something, if you immediately go and test it, it may not work. You may need to let it burn in for a minute or two. This seems like it should have been gone already. Let me see. Do a hard refresh here. Yeah, there we go.

Mike Pfeiffer:
All right. So let’s create a NAT rule. This is going to be for the first server. So for web one. On the outside, on this public IP address, we’re going to basically set up a custom service. And what I’ll do here is I’ll just use 5,000, which you see in the documentation. On this public address, on port 5,000, we’re going to map those connections to web one on this IP address. Then the default is not going to be what we want. We want to map at that port 22 on the backend. I want to SSH to port 5,000, get the 22 on the web server one behind the load balancer. Hopefully that makes sense. So we’ll do that for this one. That’ll take a second. Then we’ll create one for the second server as well.

Mike Pfeiffer:
Then after we’ve gotten that rule, we should be able to SSH in, install a web server, and then go and take a look and see if it works through the load balancer. So let’s set this one, port 5,001 on this public address. Then we’ll map this over the virtual machine two, to his private IP address. Then the target port on the backend, if you’re playing along at home, which is going to be what? 22. Perfect. Now we’ve got to port forwarding rules, basically. And it’s funny because you would think that none of this stuff would work because the health probe would fail and all that kind of stuff.

Mike Pfeiffer:
That’s true for the application traffic, but NAT rules don’t care. We can just get through the load balancer, because they’re not checking the health. If the servers aren’t up, or we can’t get to the servers, that’s an issue. But these should work. We can go to the public address of this thing. Looking over here, we see the public address. You can even navigate over to the address and you can move this to another resource later if you needed to. Let’s copy the address and then let’s see.

Mike Pfeiffer:
Now this may not work, so we have to test us out. So I’m going to SSH sysadmin@publicipaddress. Now I need to do this on an alternate port. So minus P 5,000. When I hit enter, here’s the thing. It’s splashing cursor. This was good for administrative kind of stuff. We always say it’s DNS when we’re troubleshooting issues. The second thing is usually NSGs in the Azure world. So if this isn’t working, what do you think that tells us about the NSG?

Mike Pfeiffer:
Let’s go look at the NSG. So web NSG is connected to the subnet. There’s no NSGs on the NICs. We know that. But we can definitely see that this isn’t working. So let’s control Seattle this. So in theory, it seems like we need a port 22 rule, if we could ever get this thing to load up. Let’s go to inbound rules and let’s add, let’s say, source, any, destination, any, because any destination inside the subnet destination port range, 22 TCP. Let’s go and add that port rule.

Mike Pfeiffer:
Like I said a minute ago, sometimes when you’re adding those, it can take a minute. It can take a second. Even though it says green here, created security rule, sometimes you’ll find you go off, you test it, and it still isn’t working. You give it another minute or two, then it starts working. So that’s something to watch out for. Let’s take a look here. Let’s clear the screen. Let’s try it again. All right. Now we’re getting prompted. That’s a good sign. Type yes. Password. All right.

Mike Pfeiffer:
And so, now we’re on web one. So we’ll do a sudo SU, the sudo up. We’ll do an apt, get install, apache 2, minus Y, don’t ask me for confirmation. Just like when you install IS on a Windows box, it does that, default splash page. That’s what we’re doing here. So while that’s cooking, let’s open up a new tab here and we’ll do SSH sysadmin@publicIPaddress on port 5,001. That’s going to go to web two. So type yes. All right, cool.

Mike Pfeiffer:
Also, on the note of Linux, I don’t know if you guys have heard about that, but somebody put out a statistic a couple months ago from Microsoft where they’re like, “Yeah, over 60% of our VMs are a Linux at this point.” And by the way, MVP summit last year, I was sitting in a SQL session right next to the Tim Warner and the SQL team was talking about how they’re not doing anything on Windows server anymore. All their innovations from here on out are going to be on SQL. So I thought that was kind of interesting. Apt, get install, apache2 minus Y.

Mike Pfeiffer:
Yeah. And so, if you’re thinking now would be a good time to start learning some Linux, You’re definitely right. All right. On the first server, Apache is installed. So let’s do this. Let’s do a nano on var, www/html/index.html. What I’m going to do here is I’m going to put the name of the server. I’m going to violate the rules of web development and put the header tag at the very top of the page, because I want to be able to see what server I’m hitting when I’m going through the load balancer. We’ll save that, and then we’ll do the same thing over. This dude, he’s almost done.

Mike Pfeiffer:
All right. Clear the screen. We’ll do a nano, var, www/html… Oops, html/index. Same thing again. This is web two. I think I did the right one last time. Control X. Yes. All right. Let’s just double check that. That’s not the right one. Sorry. I got lost. I’ve got too many tabs open here. Let me do another nano. Okay. I said web one there. All right. So everything’s cool. I’ve got a web server running on each server now. And then we’ve got the public IP address on the clipboard. So if we do http, public IP address, head over there, and it’s not working. So what does that tell us? Something’s blocking the traffic coming inbound, not on the load balancer itself, but into the subnet.

Mike Pfeiffer:
So let’s cancel this. Let’s go back over. Let’s add an NSG rule. Source, any, destination, any. Anything in the subnet in this case, based on the way this is scoped. I’m going to say port 80. And again, adding that and being patient enough to know, all right, that may take a minute to burn in. So let’s let that run. But in the real world, these VMs, I would either have a combination of a custom image and a bootstrapping script, or just a bootstrapping script. We can do the cloud init bootstrapping script that Tim showed yesterday.

Mike Pfeiffer:
You could do the custom script extension. These VMs could be in a auto scaling group that can be targeted by some other kind of CI/CD system. But in other scaling, typically, there’s quite a bit of automation built in. There’s a lot of times a custom image involved and stuff like that. And it’s actually becoming what I’ve noticed is people are doing less and less virtual machine groups, auto scaling groups, virtual machine scale sets, and they’re getting into more managed services.

Mike Pfeiffer:
But anyways, that didn’t keep my IP address. So let’s try it again. All right. There we go. Give it a try, you guys. Let me throw this in the chat. When you hit that URL, I could copy it here. You guys should all get a variety of different… Some people should get web one, some people should get web two. And on hitting refresh over and over and over and I’m just getting web one, because it’s not necessarily round robin, it’s that 5-tuple hash on the Azure Load Balancer.

Mike Pfeiffer:
All right. That’s the big idea. I’m seeing, okay, some other people are getting web two, so we know this thing’s load balancing, and that’s good. So let’s say that I, for me, it’s just I’m stuck on web one. Now I want to see it fail over. So put your architect and administrator hat on for a second. Think about all the things that you’ve learned over the last two and a half days or whatever. How can I break web one to make it fail over here to web two? So if I hit refresh, I’m going to see web two.

Mike Pfeiffer:
There’s a few things we could do. You know at this point, well, you could go to the NIC and put an NSG on the NIC and not open [inaudible 00:42:25]. That would break it. You could shut the machine off. You could terminate it. You could go into the machine and shut down the web service and kill the Apache web server. The more ways you can think of to break stuff, the more you’ll be able to troubleshoot later because you’ll be able to reverse engineer that. So I’m always thinking about, how could I break this sucker?

Mike Pfeiffer:
All right. But anyways, if I want to make sure it’s going to say web two, I can kill web one by just going over to the web one SSH session here, which is this guy, right? Yeah. On port 5,000. And we could do a service, apache 2 stop. So service is dead. Come over here, drum roll, hit refresh. Web two. Kind of an anticlimactic demo, but there you go. So let’s take a look at this. If we go back over to the portal, create a resource, and then we go to… Let’s just look for Application Gateway. You could probably find it on networking over there.

Mike Pfeiffer:
A couple of things to point out about this. Now that you’ve seen the Azure Load Balancer, the high level of mechanics, for the most part, you understand. When you’re doing Application Gateway, it’s very, very similar. You come in, you deploy it, you give it a name, you pick a region, all that fun stuff. There is these different tiers. So there’s standard, standard V2, WAF, WAF V2. So web application filtering is insanely interesting when you’re doing web-based applications, things like SQL injection and cross-site scripting and all those weird malicious patterns.

Mike Pfeiffer:
If you do the WAF version, you get that capability. Couple of different performance tiers or pricing tiers here to think about. There’s also the concept of auto scaling in these scale units, basically Application Gateway, and even Azure Load Balancer, behind the scenes, obviously this is managed service, but it’s built using virtual machine infrastructure and Microsoft’s custom networking stuff.

Mike Pfeiffer:
Anyways, when you’re doing this guy, you’re really going really big on probably your deployment. This is a fairly, we would assume, heavy web workload, production grade kind of load balancer for something that might be servicing thousands of users. So there is this concept of scale units and having machines under the hood power, the Application Gateway.

Mike Pfeiffer:
I know we’ve got a few AWS people in the house that have been asking questions. So Azure Load Balancer and Application Gateway are very similar to the elastic load balancing service. And if you ever had to work with the elastic load balancer and prewarm the load balancer back in the day, you had to open a ticket and get them to do that for you. And that was a manual thing.

Mike Pfeiffer:
So now with these systems, and now in Azure, specifically, when you’re working with the Application Gateway, you can configure this. You can set up the zone redundancy. You can have this concept of scale units, and you can power an Application Gateway for very large, very busy web app. All right. But I’m not going to go through the rest of configuring this because I only have five minutes. But like I said, you should get a high level architectural idea based on what I did with the Azure Load Balancer.

Mike Pfeiffer:
Cool thing with this is once I build it, I can upload a certificate to this thing to do SSL termination and path-based routing, have multiple backends, all that kind of fun stuff. All right, you guys, that’s it. Hope you enjoyed this video. Like I said, this is content from our AZ-104 workshop that we just did a couple of weeks ago. You could watch the replay by going to our website, cloudskills.io/az104. And if you liked this video, please do me a favor, hit the like button, subscribe to our channel here, and I’ll see you in the next YouTube video.

Deploying to Azure App Service with GitHub Actions

Mike Pfeiffer — Thu, 02 Jul 2020 16:37:38 +0000

Get started with GitHub Actions in this step-by-step tutorial on deploying to Azure App Service. This video will show you how to hit the ground running with GitHub Actions.

Looking for more resources? Here are a few key resources that will help you get started with GitHub Actions:

Full Transcript:

Mike Pfeiffer:
All right. So let's review the infrastructure we're going to deploy to. When we're using workflows and GitHub Actions, we could deploy infrastructure, but we're not going to do that in this video. We're just going to focus on the basics. We're going to deploy to some existing infrastructure in this resource group right here and I'll explain this for you. This is just a simple web application. So with an app service, you can see we've got an app service plan and an application insights resource. So everything we need to run a basic .NET Core web application, let me show you how I built this. I went over to app services and just went up to add. And on the screen, what I did is I just filled out all the information, I created a resource group, I gave my web app a name, I select code for the publication option.

Mike Pfeiffer:
And then for the runtime stack, I did .NET Core 3.1. That defaulted to the Windows operating system and then I just changed the region to a region that's close to me, I did West US 2. The region is important, but the other important thing here is the SKU size. So we're doing an S1 SKU size. So basically, the entry level production grade service plan option. So that's the important thing; it's the operating system, the runtime stack, and I just run off and create a dime. And so with that, let's head over to GitHub. I'm going to get out of this because I've already got an app service that we're going to use. We'll go over to GitHub repositories. On signed in to GitHub, I'm going to create a brand new repository here, and I'm just going to call this appservicedemo.

Mike Pfeiffer:
I'll scroll down and we'll keep this as a public repository. And then what we'll do is we'll initialize this repository with a README so we can eventually document everything. We'll add a gitignore based on the Visual Studio gitignore file. And then I'll add a license, just say, hey, this is an Apache License open source project. So let's go ahead and create this repository and what this repository now builds, we're ready to start setting things up. So first thing I'm going to do is I'm going to go over to settings on the top. We're going to set up a secret. So over here on the left hand side, go to secrets for this GitHub repository, and we're going to build a new secret. I'm going to call this AZURE_CREDENTIALS. You can see I've already done this in the past for some other repository, so it's caching that.

Mike Pfeiffer:
And we need to put the value for a service principle into this box. So we'll use service principle delegation to make sure that GitHub Actions can authenticate to our Azure subscription and do a deployment. And the way that we're going to do that here is just jumped into the command line interface. So I'll open up the cloud show here. Let me go ahead and maximize this. It's coming up as PowerShell because I was using that before. Let me switch it over to Bash because I'm going to use the AZ CLI. And the first thing I'm going to do is an AZ group list because I want to delegate control to a specific resource group. In this case, the resource group called webapps-dev-rg. So I'm going to scroll up here, I'm going to get this unique ID for this resource group.

Mike Pfeiffer:
So this will include the subscription ID, the actual name of the resource group, and this will be the scope for the service principle that we build and set up. So let's do this. We'll go ahead and run az ad creates or az ad sp creates-for-rbac. So we're going to create a service principle and set up the RBAC role assignment at the same time. I'm going to say -n here. So what's the name of the service principle? So we'll just say AppsSvcDemo, and then we're going to go --roll to indicate the role based access control role. In this case, I'm just going to say contributor. So the contributor role, and then the important part here is the scopes. And so in this case, I'm just going to do one scope, it's just going to be the resource group that we were looking at a second ago. So I'm going to paste in the resource ID for this particular resource group.

Mike Pfeiffer:
And then finally, this is important. Last thing on the list here, one last parameter, we're going to say sdk-auth. And so far, this looks good. Let me go and hit enter. Let's make sure this actually works. So it's creating the service principle, creating the role assignment and here's our output. So this is the important part. This JSON output is what we're going to use for our secret in the GitHub repository. So I'm just going to copy this, we're going to head over to secrets and in this field here, we'll go ahead and click on add, and there we go. So keep in mind that you're not going to be able to retrieve that data. So we've created the secret with this information, right? And it's not going to be viewable in this window here. Also, notice that the secrets are going to be encrypted and they're only exposed to selected actions.

Mike Pfeiffer:
So it's not like we're going to expose this information, this sensitive data to a bunch of people. But now that we understand the infrastructure, we've got our GitHub repo set up, let's move to the next step and we'll actually start setting up an ASP.NET Web Application project. All right. So back in the code tab here in this repository, what we're going to do is we're going to clone this locally and then we're going to add an ASP.NET project, push it back up to GitHub. So I'm going to go to a clone or a download section and just grab the clone URL. I'm going to jump over to my terminal and in an empty folder here, I'm going to do a git clone on that clone URL. I'm going to switch into that directory. So cd appservicedemo, and then I'm going to run code space period. So I've got Visual Studio Code installed.

Mike Pfeiffer:
I'm going to open this folder as a workspace in Visual Studio Code. So now that I'm in Visual Studio Code, what we'll do is open up a terminal here and inside this empty folder, what we're going to do is dotnet new webapp. So this will create a basic ASP.NET Core Web Application using one of the default templates that's available. This is going to be an ASP.NET Core razor pages web application. Don't worry if you're not a programmer, that's not really important. We're not going to do any big changes to this application. Let me close out of this and what we're going to do here, now that we've got some application code, I'm going to add a new file to this project. So I'm going to click on new file here and we're going to create this file in a hidden folder called GitHub/workflows/main.yml, main.yml.

Mike Pfeiffer:
And that takes us into the editor here. So let's go ahead and collapse this so we can kind of see what's going on. So let's go ahead and define this workflow file. What I'm going to do here is I'm going to start off writing some yml. I'm going to say name, what's the name of this workflow? We're going to call this Deploy ASP.NET CORE. And then the next thing we're going to do is we're going to use the on command here to basically create a trigger. So we're going to say on push, anytime we push two branches called master. In this case, just the master branch. Anytime we do a push to the master branch, we're going to kick off this workflow. So that looks good. I'm not going to do anything more sophisticated than that. And then we're going to set up some environment variables in this workflow.

Mike Pfeiffer:
So underneath env, I'm going to say, AZURE_WEBAPP_NAME, and I'm going to set this to csweb06192020, And that was the actual web app name in the portal. So this is my existing infrastructure. From there, I'm going to create another variable called AZURE_WEBAPP_PATH, and basically, I'm just going to set this to the current folder. And we're going to use this variable when we're doing things like building the project, producing the published files that we're going to deploy, all that stuff. And then I'm going to specify the dotnet version that we're going to use. So I'm going to create a variable called DOTNET_VERSION. I'm going to set this to 2.2.101. And let me show you why I'm doing that. Let me bring up my terminal again, let's clean this up a little bit so we can see what's going on.

Mike Pfeiffer:
I'm going to do a dotnet --version. You can see that this is currently set to 2.2.101. Now, remember when I built the app service, I was showing you that I use the .NET Core 3.1 runtime. .NET Core is backwards compatible. I'm still using an old version of .NET Core on this machine. I need to update that, but I wanted to be explicit and kind of let you know what's going on here exactly with this. So that's why I'm using a specific version. If you're using .NET 3.1, that's perfectly fine. And so let's kind of continue here. And what we're going to do now is we're going to define our jobs. This workflow is just going to have one job. So underneath jobs, I'm just going to say, build-and-deploy. We could call the job whatever we want here and once we define the build and deploy job, we'll hit return and what we're going to say is runs-on.

Mike Pfeiffer:
What does this actually run on? What does this job run on? So we're going to use ubuntu-latest. So if you're familiar with Azure Pipelines, you know that there's the concept of hosted agents, self hosted agents, and in GitHub Actions and GitHub workflows, we have the same things. We have runners. So we're going to use an Ubuntu system to run this workflow and it's going to run all the steps inside this job. So we're going to say steps:, and then hit return. And then down here, this is where we'll indicate our steps. These steps are going to be GitHub Actions, and here's kind of the way this works. So steps, this is going to be like a list of steps, right? So when we're doing steps, we want to indicate these with a dash.

Mike Pfeiffer:
So we'll say, this first step uses, and here, we're actually going to define the name of the action that we want to use. So what we're going to say is actions/checkouts, and this is a specific GitHub Action that'll allow us to check out the code from the GitHub repo. So think about it this way, we commit code to the master branch, that kicks off the workflow because we've got a trigger for that, and then once we start running our job, we'll get access to an Ubuntu machine and the first thing we're going to do is check the code out from the repository. So we can then go build the application, deploy it to Azure. Now, just to show you, let me copy this. Let me go back to my browser. And if you just search for these actions, there's tons of them out there, of course. But if you search for these, you'll find them on GitHub.

Mike Pfeiffer:
And so this particular one is well documented and all of them should be well-documented. When you come down here, when you're looking at one, they'll talk about how it works, what the usage is, what the syntax is, what the supported inputs are, all that kind of stuff. So let me close out of this and go back over to Visual Studio Code, and that's step one. So that's the first thing we need to do. We don't need to fill out anything else for that particular action. The next one, we're going to basically specify a name here. So when we're looking at the logs during kind of a real time execution of a workflow, or later on after the fact, we can identify what it is in that sequence of steps that's actually happening. So I'm going to say, this one is a step forward logging into Azure. So Login via Azure CLI.

Mike Pfeiffer:
And so this step is something that uses an action called azure/login, and then what I'm going to do here is say @v1. As time goes on, there's going to be different versions of these actions and sometimes, it makes sense to be explicit on the actual version of the action itself, as well as the .NET Core runtime, all that kind of stuff, right? Does that make sense? You want to make sure that it's consistent and it's repeatable, and that's why I'm using the version one here. New versions might come along with different capabilities, but this will ensure we don't have any breaking changes. Now, when we use this action, we're going to use this action with certain credentials. So I'm going to say, with, hit return, and we're going to say creds. Creds are going to be equal to the credentials we've got stored in the secrets in the repository.

Mike Pfeiffer:
So the value I'm going to use here, and I would use this syntax when referencing my variables as well, so a dollar sign, a couple of open and closed curly braces, and inside here, I'll be able to access my secrets or work with my secrets. So I can say, secrets.AZURE_CREDENTIALS. And then that action will be able to use those stored credentials based on the service principle, recreate it and all that stuff. So it looks good. We'll hit return and then what we're going to do is add another step. So this one will be called SETUP .NET CORE. So this will make sure we've got the right .NET Core SDK runtime available on our runner to do the build and all that stuff. So we need to configure this one. So in addition to the name, we actually have to set what it uses, right?

Mike Pfeiffer:
So this step uses an action. So it's actions/setup-dotnet, and just like before, I'm going to pin this to version one. And then finally, what is this going to actually use? What we're going to do this with, we're going to say, dotnet-version. We're going to set that to what I did before, which is in my variables, right? So if we want to reference our variables in this workflow, same syntaxes before. But I'm going to say, env., and then it's going to be, DOTNET_VERSION. That was one of the variables, right? That I put up here. So we're just referencing it right there. So that's going to get the .NET Core SDK ready for us so we can build our application. And then our next step is actually going to be to do that. So we're going to say, name: dotnet build and publish, and with this action, what we're going to do here is we're going to run a command.

Mike Pfeiffer:
So what I'm going to do here is say, run, I'm going to do a pipe character, hit return, this is going to be an inline script. So we're going to say, let's run a dotnet build. We'll make this a release configuration. So we'll say configuration release, and then we'll do, dotnet publish, and then we'll say, -c, this is going to be a release and we're going to say, -o for the output location. So again, referencing variables here inside this workflow, we'll say, env.AZURE_WEBAPP_PATH. Now, I'm going to do something a little bit different here because I want to reference an actual sub folder of that path. So what I'm going to do here is just make a slight change. Inside single quotes, what I'll do is place that and then say, /myapp. So in a sub folder, what we'll do there is we'll publish the zip file that will be our deployment source for our application.

Mike Pfeiffer:
And then all we need to do beyond that is simply deploy this .NET application. So this step is going to be specific doing a deployment in Azure. We're going to say, deploy to App Service. This task, or this step uses the azure/webapps-deploy action. We're going to use the version two version of this action. And we're going to use this action with two things; an app named, and then we'll reference our variable, our actual application name that's in this workflow document. We'll say env.AZURE_WEBAPP_NAME. And then from here, we'll say package, and then that's going to be our path. So I'm going to actually just steal it from right here. So grab that, plug that in right here, click on save and so far, so good. So now that we've built this workflow configuration, let's go to the next step, which will be committing our code, pushing it to GitHub.

Mike Pfeiffer:
All right, so we're ready to publish this thing. Let's go ahead and bring up the terminal. We're going to just clear the screen here and we're going to do a git ad. I'm just going to go ahead and stage all these changes. We're going to do a git commits -m. We'll just say, this is the initial commit, and then we'll clear this and then we'll do a git push. This will send the code back up to the repository in GitHub and that'll kick off our workflow, right? Because we just committed a change to the master branch. So let's go back over to the browser. Let's do a refresh on this page. Remember, this is the kind of old version. Now, we see all of our code that's been pushed up into GitHub in this repository, and here's the key to understanding Actions and working with this. If we come over here to Actions, we can see that we've got this initial commit, but we're seeing that there is a failure, right?

Mike Pfeiffer:
So let's dig into this, take a look down here, and it says the workflow is not valid. And so line 18 is this guy right here, that's the action for checking out the code. And you know what? I've got a typo here and it's a good thing we run into this because we always run into these little issues, right? So let's do this. Let's close out of the terminal. Let me scroll up here. What I should have done for this checkout action is done @master because I want to check out the master branch. So let me save that. Let's reopen the terminal and we'll just do what we did before. We'll go ahead and stage that change, we'll do a git commits -m, updates yml file, and then a git push. In the real world, I would probably do a better commit message than that, but you get the idea. So we just updated that so let's go back over. Let's go back to actions to do a refresh.

Mike Pfeiffer:
We can see this one's queued. Let's drill into this one. And then here we can see everything that's going on, right? So we got a job in progress. We don't have any artifacts just yet, but let's go over to build and deploy this job and then we can monitor what's going on. So we can see that the setup is done, we're checking on our code, and now we're trying to log in to Azure with the CLI and it looks like that worked just fine. And now it's setting up .NET Core and it's going to run through the whole publication process. So let's give this thing just a second to go. All right. Couple of minutes later, almost everything worked except the deployment to App Service, so that's kind of important, right? So if we drill into that, we can see that it's complaining because that resource doesn't exist. Actually, you must have fat fingered that. It looks like the year was wrong.

Mike Pfeiffer:
If I go back over here just to confirm it, let me close out of the shell. Here's the actual name of the webapp that I should be trying to deploy to. So one last time, let's go back over and let's update this document. I'll take the webapp name, save it, and then of course I could have done this just straight in GitHub, but you get the idea, right? So we'll go ahead and say, git add, git commit -m, fixed apps service name, and then git push. So that'll kick off our workflow and then we'll go back and check one last time. Let's go to GitHub, let's go to actions. We can see this one is now running. So let's keep an eye on this and see what happens next. All right. Couple of minutes later, it looks good. No errors. If we jump over to the Azure portal, here's the URL for the app, right?

Mike Pfeiffer:
So let's head over there, and there we go. There is the default kind of template for ASP.NET Core Web Application. Everything worked just fine. So now you see kind of the process of just doing a basic setup, right? Deploying a simple application. And in future videos, I'll take you through this in more depth. But I will leave this repository here, if you want to come in here and grab the workflow file. And keep an eye on this channel, I'll be posting a lot more stuff about Azure DevOps, GitHub Actions and a whole lot more.

** This article was originally published on CloudSkills.io **
https://cloudskills.io/blog/github-actions-azure

AZ-104 Microsoft Azure Administrator Certification

Mike Pfeiffer — Fri, 17 Apr 2020 14:32:52 +0000

In this episode I catch up with fellow MS MVP Tim Warner to discuss the AZ-104 Microsoft Azure Administrator Certification exam and what you should to prepare.

Resources from this episode:

AZ-104 Beta Exam
AZ-104 Skills Measured
Tim's YouTube series on Azure Fundamentals
Thomas Maurer's AZ-104 Study Guide
Join us for the Azure Administrator (AZ-104) Exam Prep Workshop

Don't forget to subscribe to our mailing list at cloudskills.io/subscribe for weekly updates, exclusive training, and advice on how to amplify your career.

Want audio only? Listen to this episode here:
https://cloudskills.fm/072

Full Transcript:

Mike Pfeiffer:
We've got tons of people already online with us, Tim, and it's good to see you man. How's everything going with you?

Tim Warner:
Likewise. It's been busy. I'm grateful that, given that everything's going on with this pandemic, I'm grateful to have some semblance of normalcy. The work that I think both of us do is pretty immune to outside circumstances. Would you agree?

Mike Pfeiffer:
Totally, man. It's crazy, right? It seems like it's just gotten a little bit busier for me, which is [inaudible 00:00:29]. But yeah, good to see everybody here. About 60 people online with us right now, which is awesome. Everybody, feel free to add your questions into the comments. Tim and I will take those as we go through, but our game plan for today ... Make sure you stay til the end as well. I've got a cool announcement for you, but our game plan for today is to break down the AZ-104 certification and talk about what the differences are between 104, and the previous version and also help you come up with a strategy of how to take the test. I know, Tim, you've got a game plan to take 104 Beta tomorrow or this week or something?

Tim Warner:
Yeah, tomorrow bright and early. 6:30 AM, I'm going to sit for the AZ-104 Beta, so I'll have lots to share outside the scope of the NDA as of tomorrow morning.

Mike Pfeiffer:
Right. Yeah. You just took 400 on Friday, right?

Tim Warner:
I sure did.

Mike Pfeiffer:
Busy guy.

Tim Warner:
I haven't taken a remote online exam for a long time, and the last time I did I had a terrible experience, so I was really grateful to see how they've streamlined the process. I was thinking this morning, because I do hear from students occasionally who say that they were doing a live online examine, and it blew up. I'm trying to think. I wonder, I'd love to ask them, did you take the time to do the system test? Did you make sure that you killed all background processes on your system? I think if you cover the bases and have reasonable bandwidth, you should be okay.

Mike Pfeiffer:
Yeah, it's interesting. That makes a lot of sense. I've been lucky with the remote proctor stuff. I haven't had any major issues. The only issue I had was I didn't go to the bathroom first and you're not supposed to leave the webcam view, right? So make sure you do that. The other thing that's changed because of COVID-19 and all that is Microsoft's not doing any free credits, so if you go to do a class, there's no Azure passes. If you go do a trial right now, I'm pretty sure that you have to activate your credit card and start paying, because just the demand for resources is through the roof because everybody's online. I'm wondering how did that impact the test, the 400 just this past week, because did you have hands-on labs?

Tim Warner:
Wow. You just lit a light bulb in my head. No, I did not have any performance-based labs on AZ-400, and I never thought that maybe Microsoft has turned off the labs to reserve that capacity for paying customers. Wow. I thought that they were just doing ... Actually, I wasn't 100% sure that they did decide to turn off the performance-based labs. It'll be interesting to see tomorrow when I sit for the administrator if they're going to be on or off. But I didn't have any for 400, and I never thought of that, Mike. Good point.

Mike Pfeiffer:
I'm thinking that's probably what it's got to be, right? Because that's just spinning up a non-paying customers environment to let people do labs. I've never really been worried about the labs personally, because to me I think the challenge wasn't the technical depth. In my opinion, it was do I have time to read all these questions and type everything out, but if you're worried about the labs, this might be an opportune time to like get your tests done, right?

Tim Warner:
Exactly. Exactly. For something like AZ-103 or AZ-104, it seems to me that the performance-based labs are pretty much the centerpiece, because that certification is mostly concerned with hands-on practical deployment configuration, that kind of stuff. If you can sneak by without having to do those labs, which can be tedious. I found that even though I have a really fast internet connection at home and my computers, there's nothing short with that in terms of RAM or processing power, I still had a somewhat laggy experience just loading up ordinary multiple choice and interactive items. We're not sure exactly where that overhead was coming from, but I thought to myself, "Boy, I hope I don't get a performance-based lab, because it's probably going to take forever and a day just to spin up."

Mike Pfeiffer:
Yeah, really. That's a good point. I think it's no big secret in the community of people that are really active and talking about certs that administrator certification is not an easy walk in the park. One test, and "Oh, yeah, it's just admin focus," but the truth is it ain't easy. There's a lot of networking and stuff, so I'm hoping to talk about that a lot today. I think, to me, AZ-103/104 parallels, AZ-300 and what that's going to be 303 in the future. There's a lot of parallels there, in my opinion, of a lot of administrative work, but it's a tall glass of water so to speak, the AZ-104. Maybe not as much as the 103. Do you have a gauge yet from what you've looked at? Do you feel like 104 is going to be a little bit less technical or less of a scope?

Tim Warner:
I don't think it'll be less technical, but I do believe it's going to be tighter in scope. If you talk to Microsoft Worldwide Learning, I think they'll tell you frankly that they kind of rushed out the initial administrator, developer and architecture exams, and it kind of shows. Number one, like you said, Mike, there's huge overlap between the AZ-103 and then the two architecture exams, AZ-300 and 301, way too much overlap. They're going through a yearly review cycle with the certs, so what's going on right now with AZ-103 and 104 is that the learning team completely reshaped or sculpted the objective domain. I think they've done a good job of paring out some stuff that really is more of an architecture thing, things that deal with planning and decision making. They've taken out some things that might tread a little bit too heavily in developer territory, logic apps and function apps and that kind of stuff. I think it'll be a nice exam.

Tim Warner:
All the changes I've seen thus far to all these exams, in my opinion, are net positive. The AZ-900 is another good example. I think that the objective domain is much more sanely logically and realistically laid out than it was originally.

Mike Pfeiffer:
Cool. Yeah, that's good feedback. That's a good perspective. One of the guys in the chat, she said Oracle made their certification exams free during this period, and he's like, "What do you guys think about that?" Well, that's interesting. I don't know if that's going to happen for us in the Microsoft world, but there's a lot of free training right now. Pluralsight for the month of April is completely free. We were giving away courses last week that are still open, so any of the cloud skills courses like the Docker course, the Azure PowerShell fundamentals, or the basic ones. There's some free training out there, but I don't know. Have you heard anything about Microsoft doing any credits for exams or anything like that?

Tim Warner:
I haven't heard it, and I seriously doubt it would happen because it's just business. Microsoft Learning has to keep the lights on, so when you think about it, it probably costs a fair amount of money in between what they need to pay their partners like Pearson VUE, who puts on the exams, MeasureUp, who's their official practice test provider, the infrastructure, like we were talking about for those performance-based labs, so I doubt they're going to do a freebie just in the interest of financial preservation. My guess about Oracle doing free tests is that it's just, again, them trying to keep the lights on. The base, the certification numbers for Oracle are so far below Microsoft, I can see where Oracle might feel that they want to take a more drastic measure to attract more candidates.

Mike Pfeiffer:
Yeah. One of the comments in the chat was thanking us for different things that we put out, like Tim's YouTube series on AZ-900 that's been super helpful. There's been a couple of references in that. One from Ray. Thanks, Ray. I agree. Tim stuff's always awesome. The 900 is just tons of great content in there, and, yeah, it's awesome to see people that went to the Docker stuff that we put out. Thanks to Hector and everybody else, because there's been questions like, "Where's the free courses?" and other people are placing them in the comments, so I appreciate you guys big time. You guys are on my Christmas list now for doing that. Tim, what's your strategy? Obviously, you spend all your time in Azure, but if you weren't coming from such an experienced background, tomorrow going in for the test, what would be your strategy or somebody else listening that maybe he's not such an expert as you are.

Tim Warner:
Yeah. Thanks for bringing that up, because I wanted to be sure to address at least a couple learners who reached out to me directly or indirectly recently saying, "I'm losing motivation because the more I get into this, like the administrators' skillset for instance, the more overwhelming it is because of how vast the skill set is." I think that if you're feeling that way, it's great that you're recognizing it, number one. That may be a perfect opportunity for you to step back and look at the AZ-900, the Azure Fundamentals. The fundamentals exam, it's meant to be easier so to speak, but the real value proposition of Azure Fundamentals is that you're going to come out of that with a nice ground level wide scope familiarity with Azure. You really will, from SLAs and TCO calculator and a lot of the public sites to a good survey of the most popular Azure resources. Take that for what it's worth, and once you have that badge, that's something that you can share and put on your CV, just like you could with administrator anyway.

Mike Pfeiffer:
One of the things that I'm starting to get into, and I'm seeing this with people in our community and just other people that are randomly getting into this is I'm starting to really think hard about and even talk about path of least resistance, right? What is the minimum you've got to do to actually get a certification, because there's so many. Chances are if you're going to do more than one, you're likely going to hit the content again and go deeper anyways, so I'm starting to think more of ... Not brain dump, because that's stupid, but what's the minimum I can get away with for studying and go and take the tests? I'm a big believer of, I've always talked about hands-on practice, but also practice exams to me are becoming more interesting, because it's like you can find the holes in your knowledge.

Mike Pfeiffer:
If I just took 900, to your point, Tim, there's so much base level content that I probably already know that I may not need to go study that again. Maybe I'll just find the gaps in my knowledge. To me it's like use a practice exam to find the holes, close that gap, and then just go take the test and let the chips fall where they may. Is that too [crosstalk 00:11:33], or ...

Tim Warner:
No, I don't think so. I think that another perfectly good application of the AZ-900 Azure Fundamentals exam would be as a diagnostic. Number one, Microsoft priced at a lot lower. If you've looked at the registration price and USD, it's $99 compared to $165 USD for the associate and experts, and it's a shorter exam too. It's only 60 minutes instead of two and a half or three hours. But from the perspective ...

Tim Warner:
Two and a half or three hours. But from the perspective of figuring out where you want to go and Azure, it's a good opportunity for you to survey each of the major divisions, compute, serverless, containers, development data platform, AI, IOT. And hoping you might come out of there inspired to go along a particular path. And nowadays the Azure and cloud platform portfolio is broad enough to where there's a badge for just about any of these job roles and you could just go from there.

Mike Pfeiffer:
Nice. Yeah, I love that guidance. It's a great point. Steve in the chat said, and this is such an awesome question, this is such a needed question. What is the difference between AZ-103 and 104? And I think maybe even, what's the difference between ... What was it before? Like why did we have 103 versus 100 or 101. Like what was the complete history and why are we switching from 103 to 104? We should probably call that out, I guess. Right. So originally didn't administrators was supposed to be two tests, right?

Tim Warner:
Mm-hmm (affirmative) Oh yeah, I forgot about that.

Mike Pfeiffer:
It's supposed to be 100 to 101 or something. And then it went to like ... I don't know. But anyways, we got the 103 because they combined multiple and now we had one, 103 and now it's getting the next version is 104.

Tim Warner:
It's disappointing. I mean before all of these role-based certifications came about, all of the exam IDs were 70 dash something and there was really no relation at all what came after the 70 dash and what the product was, whether it was Windows Server or .Net development or SharePoint. Initially these AZ exams were meant to have a really nice structure and they flowed really well. The 900 series is for the fundamentals and that's still the case. AZ-900 is Azure fundamentals. I think MB-900 Microsoft 365 fundamentals. So you can roll with that. And then the 100 series administrators, 200 series developers, 300 series architects, and then it starts to get a little wonkier from there.

Tim Warner:
So it started off with good intentions, but started going off the rails quickly. Like Mike said, originally you had to take two exams to earn the Azure administrator credential. I think it was AZ-100 and 101. And they collapsed that with really no advanced notice. They just kind of did it. They said, "Okay, surprise. Now instead of having to do two exams to earn your Azure administrator badge, you can take AZ-103 and you're done." Of course, there are plenty of people who said, "Hey, I've already invested the money and taking one of the two exams. What are you going to do?" So Microsoft Learning was handing out quite a few vouchers to kind of make up for people who have taken the two exams. It's like, hey, this isn't really fair. So Microsoft Learning tried to square up that way.

Tim Warner:
Lastly, Worldwide Learning revisits each exam content every two months to make sure that as new products come into general availability, if they're in scope for the exam, they'll be added. If product names change, which they do all the time, those updates can happen. But every year Worldwide Learning revisits the whole certification and that's currently what they've just finished doing for administrator. And their rule of thumb, at least what they tell me is that if the content of the exam, the objective domain or OD as it's called, if it changes more than 30% then they have to give it a new number.

Tim Warner:
So that's why they actually created AZ-104, instead of just saying we've updated the content of AZ-103 and in this case it's probably makes sense because they'd made pretty big changes to the organization. I don't know if there's a 30% difference in content, honestly. I think it's mainly the structure. If you go out right now and search for exam AZ-103 and look at the PDF that shows all the skills. The first half of that skills measured doc just shows AZ-103 but then at the tail end of it, there's a comparison table that shows AZ-103 in one column and 104 in the other. So you can eyeball them side by side.

Mike Pfeiffer:
Yeah. And that's a really good point. Gregor Sude who's in the chat helping out manage the comments, posted a link to that exact document you're talking about Tim. And so-

Tim Warner:
Thanks Azure Greg.

Mike Pfeiffer:
Yeah, Azure, Greg in the house.

Tim Warner:
Yeah.

Mike Pfeiffer:
So for the person to ask that question to Tim's point, you've got to scroll all the way to the end. Because there was a followup question and you addressed it Tim. He's like, well what is the actual content differences? And that document will show you like it'll scratch out the old stuff for 103 and it will show you side by side. Like what's on 104 and so with that there was also a couple other great questions that popped up, which was somebody said, well if I'm taking 104 as a prerequisite for AZ-400 which is the dev ops test. Can I just go straight to AZ-400 and take it now?

Mike Pfeiffer:
And so the answer to that, actually no, we have somebody in our community that's done that. So you can take a test that has a prerequisite and if you pass it, it's cool. But you still have to take the prerequisite exam before you get the certification. So you can take AZ-400 right now and if you pass it, that's awesome. But you're not getting the cert until you pass one of the pre-recs which would be the administrator certification or the developer cert. And you just got to pass 103 or 104 right Tim? It's not like if I only passed 103, now I'm screwed. Like you got the certification right. So it's just passing whatever version to get the cert and then you're good for whatever it is. Is that the two years?

Tim Warner:
Yeah, these exams have a two year lifetime. Please note though that after two years elapses, if you don't take action to renew that badge, it doesn't disappear forever. It'll be on your Microsoft transcript forever. I still have certs going back to 97 and I would bet $50 to a stale jelly donut, Mike does as well. They're just in a different section of the transcript.

Mike Pfeiffer:
Yeah. Cool. So somebody asked if I was a veteran, I'm not. But for all the vets out there, thanks for your service.

Tim Warner:
Indeed.

Mike Pfeiffer:
I've been asked that, because the shaved head a lot and maybe because I got the flag on my sleeve here, but that's just part of the T-shirt. Rogue Fitness T-shirt. But yeah, not me. I was a computer geek and didn't go down that road. I appreciate the question. Awesome. So I guess what else, Tim, what do you think in terms of some of the other ideas? We talked about hands on. I'm another believer of like once you find the holes in your knowledge in the exams, go lab it up with practical projects, there's so many things you could do, but administrators heavy on networking, right? So I think networking could be a thing that hamstrings a lot of folks.

Tim Warner:
Mm-hmm (affirmative) Yeah. My understanding is that the Azure support desk receives the most of their questions about networking. I think the second most popular subject is storage, but networking is a tough lift because it's an entire career onto itself, isn't it? I'm fortunate that I've always been a networking geek, so I'm able to deliver a good value there as an instructor and as an IT professional. But that's not the case for everybody for sure. So yeah, I'm a big proponent of the three legged stool. If you want to look at that as a metaphor with the theory which can come from training sessions or books or websites or the docs. Hands on practice, which we can discuss. There's ways to do that with minimal or no investment and third practice exams. So that you have an idea of how Microsoft will evaluate your knowledge.

Tim Warner:
Now, I don't have any relationship with Whizlabs, but I've been kind of evangelizing them quite a bit lately. They were very helpful in my preparation for AZ-400 and I've heard that their practice tests are just as good for AZ103 slash 104. So I wanted to throw that out there a bit too.

Mike Pfeiffer:
Whizlabs does have some pretty good practice exams. I'm not affiliated with them either, but I have been kind of ever since I realized that they do have a good framework in place. I've been kind of recommending them a little bit and they're cheap. So it's not like you're going to break the bank. I think 25, 30 bucks or something like that. And then they even have a free one. So you can go watch like the or take the 15 questions. And I think what it does for you, the thing that I like is it gets you focused on the stuff you should be thinking about because it's so easy to go into the docs and just be like, deer in headlights. What do I go read now?

Tim Warner:
Mm-hmm (affirmative) mm-hmm (affirmative)

Mike Pfeiffer:
So the questions like help you start thinking and then the labs [crosstalk 00:21:05] building stuff, that's another way. Like in my head when I'm answering a question on a test, I'm literally like drawing on the hands on experience that I've had in the past. And that's huge.

Tim Warner:
Yes.

Mike Pfeiffer:
Yeah, and then just looking at the questions here. Kind of back and forth.

Tim Warner:
I'm at the Whizlabs.com website right now and it looks like they're still running a site-wide 50% off promotion Whiz site 50 yeah, so I got my AZ-400 practice exams for 50% off. So it was like 10, 12 bucks in my currency.

Mike Pfeiffer:
I know.

Tim Warner:
Nice stuff. And another thing that I like about Whizlabs is in their explanations, they present little snippets directly from the docs to back up whatever the correct and incorrect answers are. And I think what Mike said, bears amplification. If you're feeling overwhelmed with this content, I'd suggest that you pay extra attention to a practice exam. So it can show you the parts of the technology that you're much more likely to be asked about.

Mike Pfeiffer:
Yep. One of the things that's a really good exercise for everybody listening, that might be a challenge on the networking stuff. It would be if you go into the reference architecture center, one of the architectures they show in the networking section is the hub and spoke V-Net architecture, which is very common with enterprises and you if you can go in and build your own version of that and peer at the V-Nets and kind of build up a lab around that and that'll teach you a lot. But you also need to understand some of the basics around just general networking. Understanding IP version four and the difference is between TCP and UDP. Some of that basic stuff. You can get that off YouTube, right? Or studying Network+ type stuff. So I don't think a certification is necessarily warranted, but some kind of deep dive like hands on lab experience to help you get past the hump.

Tim Warner:
Mm-hmm (affirmative)

Mike Pfeiffer:
A couple of other themes that's been popping up in the comments is re-certification. Like how do you continue on? Do you have to start over? And so I think role-based certs are still kind of evolving, Tim, but it sounds like if we take a test that is beyond where we're currently at within the window, we can upgrade that way. Does that sound right?

Tim Warner:
That is true. I don't know how far along in the two years I am with my administrator, I actually earned mine when I had to do the two exams. So I'm probably coming close to the two year mark with it. When you pass a more recent version of the exam, that absolutely does refresh that two years. Unfortunately, the story for this is a little messed up. Worldwide Learning still has not definitively announced to us what the research requirements are. I did talk to the leader of the of Microsoft certification and he said, "We're well aware of this ...

Tim Warner:
... Of certification and he said, "We're well aware of this and we want all the cert holders and cert candidates to understand we're not going to let you flap off in the breeze." In other words, if, worst case scenario, you do reach your two years and Microsoft hasn't published the recert requirements, they're going to give you an extension or something. They're going to take care of it. They're not going to just let you hang out in the breeze. And I heard a rumor on good authority, that we may have an option to do like Microsoft Learn courses as a way to renew our certifications as well. Microsoft Worldwide Learning is strongly considering not having you have to buck up to actually buy another exam to recert. And I liked that for many reasons to study, because it's like a continuing education unit or CEU approach. I hope that they do that.

Mike Pfeiffer:
I really do too, because this is a lot of work. Somebody else made a comment about that in the comments. It's becoming a job, almost, to keep up with some of these. And I would like to see that too. More of a continuing education type of approach. The good news that it sounds like Microsoft's listening and-

Tim Warner:
Yeah.

Mike Pfeiffer:
That's a good thing. One of the other ... Oh, go ahead. You have something?

Tim Warner:
No, I was just going to amplify. I can confirm they are listening. It's just that they are too silent, in my humble opinion, at the moment.

Mike Pfeiffer:
Yeah. And it seems like learning is in a transition too. Right? And so I think we'll see that change. Hopefully it'll be more thought about how do we continue to keep this going versus starting over and doing new certs? I think with what's happened, they'll be more careful about that.

Mike Pfeiffer:
A couple of the other questions that have come up, [Sayeed 00:25:45] was wondering, now that MCSA and MCSE are going away and retiring, which certs should you take to become Azure MCSE certified, but that's not really the way they're doing it, right? So we're going into a role based scenario, and so the MSCE as we know it, if you had it, great, it'll be on your transcripts, but not anymore. There's not going to be an MCSE, right? For Azure? It's just going to be a role based certs, admin, developer, architect, things like that, right Tim?

Tim Warner:
Yeah, the big dustup, the reason why hundreds and hundreds of people, including myself, signed that petition to Microsoft is that their decision to just abruptly stop all of the product based certifications and just say, "We're just doing role-based and they're all cloud platform," that caused a lot of problems for many good reasons. And I don't have the URL, maybe as you're ... Greg, if you can dig it up. There's one announcement on the Microsoft certification blog, the latest announcement they made, where they've extended the lifetime of the MCSA and MCSE until, I think, January of 2021. So it's nice that there's some extra time for who are still pursuing those certs.

Tim Warner:
Now, again, like Mike said, the program is definitely in flux. Worldwide Learning was pretty committed to keeping the product based certs dead and buried, but I think that enough pushback is coming to where we may see that change, honestly. Because, there's practical questions. Not every business is fully or even partially on the cloud, but yet they may need to qualify on data center products, system center, exchange servers, SharePoint, Windows server. There's still a need. And I don't think just trying to bury them quickly is the right approach, so we'll see what happens.

Mike Pfeiffer:
That's pretty interesting to hear. It'll be interesting to see how they handle that. I know that when I did my very first MCSE starting way back in the beginning, '99 or whatever, for me anyways, my first test that I took was an elective. It was TCP IP. Nothing else. It wasn't anything really much about Windows and NT 4.0. It was just about how to understand IP subnetting and all this kind of stuff. And I am curious about, if they do eliminate the MCSE track and all the system stuff that's equivalent to working on Windows operating system and stuff, where will people get systems skills if they didn't have them before? So it's kind of hard to wedge all that in with Azure Administrator certification. It's just like we're assuming, yeah you start a new network and now you're doing it in Azure. So maybe your point, that would be a good thing to have some of that OS and networking stuff, and more of a systems path for you. I don't know.

Tim Warner:
Yeah sometimes it seems to me that Microsoft makes certain decisions to literally make room for partners and vendors, independent software vendors, because, my gosh, there's so many businesses that make all of their coin being a Microsoft partner. And I wondered, in the back of my mind if, if not consciously, unconsciously, Microsoft Worldwide Learning is opening up the ground for other companies to develop certifications on, say, the Windows Server platform. I know we at Pluralsight, that subject came up. This could be an opportunity for Pluralsight, and any business, to develop a certification on this skillset. If Microsoft's going to walk away from it, it's fair game.

Mike Pfeiffer:
True. It's a big opportunity for some other [inaudible 00:29:34] company to come in and close the gap there. Because there's going to be that. I mean right now what's happening is most of us are existing IT industry practitioners moving into cloud, but eventually it's just going to be kids coming out of school that need to do that, and they're not going to have an IT background, really. So at some point, somebody is going to have to address that.

Mike Pfeiffer:
All right. Let's see. So there was a couple of other questions that I want to address. Number one, there was one about how do you approach this stuff if you're a developer, or even somebody that's not an ops person. Because the administrator exam is going to really expect that you've got some systems background, and what's funny is ... I heard this from somebody else I know at Microsoft who was in the sales organization, so they're not a field engineer or anything. They are just a salesperson, basically. And there was a mandate, internally apparently, that, I don't know if it was all sales people or just a certain division, they had to get Azure Administrator certified. And so you've got people that aren't even operations or even really IT people, going and taking the AZ-103, which, I've talked to IT people and they're like, "Man, that was harder than I was expecting." so if you're not an operations person, even if you're a developer, it could be super challenging. So I think when they were asking the question, "Where do I start?" What you were saying earlier, Tim, is the 900 might be warm up, right?

Tim Warner:
Yeah. That is indeed a heavy lift and it cuts both ways. Imagine, as a developer, I would ask the person, "Imagine if you didn't know anything about C sharp development, but your boss says that you have to pass this AZ-203 Azure Development exam. You're going to be burning the midnight oil just getting up to speed with basic object oriented programming before you get even into Azure. So I would say, talking to a developer who's facing the administrator exam, "I hope you're motivated." Because you have to know a pretty darn good degree of depth with ethernet, TCP IPN, or networking, compute the configuration of all these products ... It's deep. Just like an operations person's going to have a lift preparing to take the 203 Development exam. They are different job roles.

Mike Pfeiffer:
Right. Yeah. Same thing with the 400. It can be a stretch for people too, the dev ops test, where it's expecting you know the language for development but also operations. And so pretty much anybody going into that one is challenged by some unfamiliarity and some of them unfamiliar territory.

Tim Warner:
True. But you have the prerequisites. I think Microsoft Worldwide Learning was smart by doing that prerequisites, because you've got to conquer both of those hills, administrator and developer, to qualify for the dev ops engineer. Now is that fair, strictly speaking? Think of the people who work as full time dev ops engineers. Are they strong equally between operations and development? I don't know. I'll leave that open.

Mike Pfeiffer:
I think usually they have their own strengths and weaknesses, just like anybody else.

Tim Warner:
Mm-hmm (affirmative). There you go.

Mike Pfeiffer:
Yeah, and so you'll know, okay, you're a little bit stronger over here. Yeah. It's an interesting time. The dev ops conversation, man, that's a big hill to climb. It's a lot. And I think the good news is there's room, right? There's room for new people to come in, come from different backgrounds. It's definitely not ... It's still evolving, right? It's still emerging. It's still becoming a new way of doing things, and so there's tons of opportunity. A lot of people can get into that conversation, I think. It's just getting past the stuff that you don't already know, being open to change, embracing some newer ways of doing things.

Tim Warner:
And Mike, you know this more than anybody, the Microsoft tech community is by and large a welcoming group who's more than willing to share and help.

Mike Pfeiffer:
That's right.

Tim Warner:
So you've got a ton of support, and whatever you're facing learning, it's a great thing.

Mike Pfeiffer:
Yep. Over 120 people on our live stream right now ...

Tim Warner:
Wow.

Mike Pfeiffer:
I wanted to shout out to all the contributors in the comments, MVPs and otherwise, just people throwing answers to questions that we didn't get to yet, and just throwing links in there. Thanks everybody for bringing a value to this live stream. It's really cool.

Mike Pfeiffer:
So thinking about this in a little bit more in depth, one of the other questions was is Microsoft going to give us any credits for all these books that we bought now the exams are changing. They have ended the deadlines, to Tim's point. And just to plug our own book, Tim, I'll go ahead and take the opportunity to shamelessly plug the EZ-300 book that we did, even though that's a different certification path. If you're going for administrator, there's been a couple of questions about it. It's very similar in terms of what Tim was talking about, with going from 103 to 104. A lot of the same considerations and the content and the way that they're making the changes. So it's not a huge departure. Plus the existing exams, 103, EZ-300, EZ-301, all those ones are stretched out in terms of the deadlines. I think all the way until September or something. You can go to the exam page and understand what exactly is the date, but still a lot of runway. So I guess what I'm saying is if you just bought a book, especially if you bought ours, don't worry, it's still valid. Also, don't worry, we're writing an update to the other one. I don't know what Microsoft's going to do. They probably won't be able to extend any credits for new books, but we do giveaways and stuff like that, but there's plenty of time to knock down the existing tests.

Tim Warner:
Yeah.

Mike Pfeiffer:
So question, Tim, so should I wait to do 104 or should I just do 103 now, if I've been already studying.

Tim Warner:
First let me address the Microsoft Press thing. I mean, I can't speak for them. I doubt they would do a credit, but you never know. But what I will do is as soon as we get off this live stream, I'll contact my editor at Microsoft Press and ask the question, "How about people who have bought the exam ref let, say, for AZ-900, the first edition, or the AZ-300 first edition, can you do anything?" And I'll report back on my Twitter feed, TechTrainerTim, when my editor gets back to me.

Tim Warner:
Now about the question, should you go for the new version or the old version? First thing I want to remind you all, or tell you if you don't know, is that regardless of which of these Azure administrator versions you take, it's the same badge. If you take the AZ-1-

Tim Warner:
... take, it's the same badge. If you take the AZ-104, which I don't even... Yeah, the beta must've started because I'm taking it tomorrow, it better be going on. If you take the beta and pass the 104 or if you've taken the 103, it's the same exact badge. There's nothing to gain necessarily, other than renewing your two years, like, as I said earlier, my administrator badge is pretty darn old at this point and I hope if I pass the exam tomorrow that'll refresh it. I've been advising people unless you have a compelling reason to go for the next version, stay the course with the current version, if for no other reason that there's already an enormous body of support and study materials for the current exam. Everybody in the learning industry is scrambling now about this AZ-104. I'm tech editing the next edition of the AZ-900, Mike and I and our coauthors are working on the AZ-303 et cetera. It takes a long time to ramp up all of that training, so why not take advantage of everything that's current now and pass the current exam? That's my guidance.

Mike Pfeiffer:
I agree. I think that putting it off is like a secret way of like make an excuse to not do it now. Like that's my own internal dialogue would just be like, "Dude, you're letting yourself off the hook. Just get it done. You're pushing it out, you're procrastinating." So that's how I would do it to myself, I would just go and rip the bandaid off because I've already been studying and just go for it. Andrew had a really great comment that I wanted to touch on here and it's a great question because if no one has done a remote proctored exam before, it's kind of an unfamiliar process and it can be kind of stressful because you try to understand what the requirements are. So I'll share my quick experience and I know you've got a lot to say about this Tim, but I mean really what he's asking here is, does Microsoft need to see the whole room you're in or just part of it? Do you just have to have one webcam?

Mike Pfeiffer:
So yeah, just one webcam. But for me, I actually have a basement in this house, which is pretty rare for Phoenix and I go down to the basement where nobody is in there because one of the big ones that I didn't realize the first time I took it is you're not supposed to talk to anybody. So if somebody from my family comes home and I got like people coming in and out of here all the time. I got like 18 year old daughter, like people are coming in and out, it's like grand central station. Not so much right now, but a lot of times somebody will walk by and say, "Hey, what's up?" And you can't talk, you can't get out of the view of the webcam and you're not supposed to say anything. And so that would be my guidance is get in a clean spot where there's nothing on the walls, nothing on the desk. What about you Tim? What about your experience with doing remote proctor? That pretty much it?

Tim Warner:
Yeah. The last time I did it was a number of years ago and it was terrible situation. It was all via webcam and you had to take the webcam, I had one that I could remove from my computer and point, they wanted a 360 panorama of the room. And if you have multiple monitors, you're going to need to unplug them all and face them down. I mean, it was really disruptive. The situation now is so much more streamlined, it really is. The biggest suggestion I have for you, top line, is do a Google search for Microsoft online exams and you can take a system test and it's the same procedure that you're going to take on exam day. So you'll want to do it from the same room and same computer that you plan to take the exam on.

Tim Warner:
And in a nutshell, what the system test is, is you're going to need your cell phone, you're going to get an access code and they'll send you an SMS message on your phone and then on your phone it'll pop up a little app where you can upload photographs. You'll need to take front and back photos of your ID, you'll need to take a selfie of yourself and you'll need to take four shots of your room, one facing your computer, one back wall and then left and right, that's it. And I took mine in my home office and I did take some precautions, I cleared off my desk, I made sure that there were no tech books or anything visible, that kind of stuff. For instance, behind me you can probably see my bookshelf, I think that would have been fine, I'm not in the room where I took the exam the other day. But I had no problems with that.

Tim Warner:
In fact, I wound up never even talking to the proctor. At one point he put up a chat message just to ask a general logistical question, but it wasn't this long drawn out thing, I mean the exam just literally popped open and started. The other suggestion, as I said at the beginning of this live stream, you'll want to do some work on your system, make sure that as many background processes as you can close out of, even stuff like anti-malware scanners and stuff, just to be safe, turn all those off. The desktop engine that the exam uses is sensing the presence of I don't know how many different processes and it might flag you saying, "Oh, we can't proceed because of such and so process that's running." That actually happened to me on my system.

Mike Pfeiffer:
Oh I haven't gotten that yet. That's awesome.

Tim Warner:
Yeah. There's quite a bit of security built into the desktop application.

Mike Pfeiffer:
Yeah, we want that too, right? We don't want people ripping off and cheating the exam. We want these things to be highly regarded and hard to pass. We don't want just any Joe Schmoe and taking the test and passing, cheating. You know, I had that same thing Tim, I did the remote stuff early in the beginning, where it was literally like you interface with the proctors from the beginning all the way until now, which is take the pictures with your phone and all that kind of stuff. The only other thing where I ran into a snag the last couple of times where I've done remote was number one, when I get halfway through the test and I get tired and I like put my hand on my face like this or like [crosstalk 00:42:15] I had the proctor come on in that because there's like facial recognition software and if it's an obstruction they get notified. And so the guy came on the webcam or the call like halfway through the test like, "Hey, get your hand off your face." I'm like, "Whoa, that was freaky."

Tim Warner:
Yeah, that's right. I mean they're pretty strict about that. That was my biggest worry, frankly. I talked to my wife and nine year old daughter, "Please do not come in." My daughter's like, "I want to kiss you good night." It's like, "I'll come up afterwards, please. If you open that door, the test is gone." And keep your face in the frame, as Mike said, keep your hands away from your face, which is good guidance with COVID-19 anyway, but that's another story.

Mike Pfeiffer:
That's true. [crosstalk 00:43:01]

Tim Warner:
You don't get a bathroom break

Mike Pfeiffer:
... face before until COVID-19.

Tim Warner:
Yep.

Mike Pfeiffer:
I've also had somebody yell at me about or like, "Pull up your sleeves,." And make sure there's nothing written on your sleeves. And they're like, "What's this? What is all this?" I'm like, "Guys, it's just a tattoo. Chill out."

Tim Warner:
Can't get rid of that, at least not easily.

Mike Pfeiffer:
All right, cool. So as we're kind of wrapping this episode up for this live stream, I wanted to let you guys know Tim and I are getting ready to work on something pretty awesome. So with the 104 and kind of with everything else going on right now, at the end of this month, which pull out on my calendar, April, let's see, 27th, 28th and 29th. Right Tim?

Tim Warner:
Correct.

Mike Pfeiffer:
On April 27th, 28th, 29th Tim and I are delivering an AZ-104 workshop. So three days live online, completely virtual course. Just me and Tim bringing the goods, the cloud skills community will be there in the comments helping, answering questions and we're opening registration for this tomorrow. This is going to be a high access event for lots of people because it's going to basically almost cost nothing, there will be a small fee for this event but not like going to a regular three day class, a fraction of that.

Mike Pfeiffer:
Also got some other live events coming that will be completely free that will be interesting for everybody. So tomorrow morning I will email out to all of our email subscribers the registration link for the AZ-104 workshop that Tim and I are doing April 27th, 28th, and 29th and that'll be a something that goes from 9:00 AM central to around 4:00 PM central-ish. It'll be recorded, people that are part of the workshop will be able to watch the videos if they want to, if they can't make it live. So if you're not on our mailing list, let me put the link in the chat or in the comments. So you just want to be on the cloud skills weekly newsletter, so if you get the emails every Friday for our newsletter, you'll get the email tomorrow morning when we open up enrollment for the workshop.

Mike Pfeiffer:
But if you're not on the mailing list, let me just drop a link in the comments, just cloudskills.io/subscribe. And then again I'll send out an email tomorrow morning. This is probably going to be an event where we've got... We did this about a year ago where we did a PowerShell workshop and Tim and I and Jeff Hicks and stuff like that, we had like almost 300 people on a Zoom call and it worked flawlessly for like two days. And we're doing this this time again for three days, AZ-104, Jeff Hicks, not going to be there for this one. But we're not going to be focused so much on PowerShell, it's just strictly Azure administrator certification prep and it's an accelerated prep workshop meaning we're going to cover the stuff you need to know or focus on in those three days. So that is the game plan. So if you guys want to join us it's going to be insanely awesome, I can promise you that and you should check it out. But thoughts as we kind of head out of this episode, Tim, on top of anything else that we've talked about or we couldn't cover?

Tim Warner:
Yeah, I have a logistical question. Are you going to post a recording to this live stream and, if so, when and where?

Mike Pfeiffer:
Actually we can post this on YouTube tonight. So I'll have Matt on my team quickly turn this one around and get it posted on the YouTube channel. So just youtube.com/cloudskills. So we'll make sure that's up there sometime before the end of today here.

Tim Warner:
Outstanding.

Mike Pfeiffer:
Cool. Well I think that's it. Everybody appreciate your guys' questions and everybody in chat, you guys definitely brought a lot of value answering questions and bringing questions to ask and answering questions. Thanks so much everybody. Lots of cool stuff going on despite the craziness. So we hope that you guys are doing good out there isolated and we're really hoping that this event at the end of the month will be a cool way for us to all to get together, share some knowledge, have some fun. Again, it's going to be very easy for anybody to join, so keep an eye out for our emails tomorrow and, once again as usual, the legend Tim Warner, thanks for the advice man man, I appreciate it.

Tim Warner:
Thanks a lot Mike and thank you everybody for being here today.

Mike Pfeiffer:
Thanks all. Replay will be on YouTube later today. Take care. Have a great week.

Tim Warner:
Mm-hmm (affirmative).

Check out the full YouTube video here:

https://www.youtube.com/watch?v=PvZZMWmn2FE

The Truth about Cloud Certifications

Mike Pfeiffer — Thu, 27 Feb 2020 11:27:44 +0000

In this episode I chat with Ned Bellavance and Ethan Banks about the foggy path to cloud certification. What if you chose poorly? How do you prepare? And how do you deal with failure? We answer these questions in this episode and share our own experiences with cloud certification.

AWS Certifications

https://aws.amazon.com/certification/

Microsoft Certifications

https://www.microsoft.com/en-us/learning/certification-overview.aspx

Google Cloud Certifications

https://cloud.google.com/certification/

Certified Kubernetes Administrator – CNFC

https://www.cncf.io/certification/cka/

Full Transcript:

Mike Pfeiffer:
Hey, what’s up everybody? It’s Mike Pfeiffer and you’re listening to the CloudSkills.fm podcast.

Mike Pfeiffer:
Hey, thanks for tuning into another episode of CloudSkills.fm. This week I’m sharing an episode from another podcast where I was a guest last month. It’s the Day Two Cloud podcast with Ned Bellavance and Ethan Banks. This is way too good of an episode for me not to share here on CloudSkills.fm because we talk about cloud certification. We actually had a really honest conversation about the truth about cloud certifications. There’s a lot of ambiguity out there. There’s a lot of misconceptions, and so we kind of went back and forth talking about some real world considerations. So we get into talking about the value of certifications, what’s the reasons behind getting them, what are the recommendations for people just getting started? And we share some of our own background in our own journey to certification.

Mike Pfeiffer:
So I hope you really enjoy this episode and definitely check out Ned’s podcast. Awesome content on the Packet Pushers network. Thanks, again, for tuning in and let’s go ahead and cut it over to the interview.

Ned Bellavance:
Learning cloud technologies is a daunting task. The field of play is wide and varied. A typical place to start is with certifications, giving you some practical knowledge and a badge for your resume, but again, where to start? AWS, Azure, and Google Cloud all have certifications. Too many certifications, in fact. Microsoft and AWS have a combined 22 different certifications along multiple paths. What if you choose poorly? How do you prepare, and how do you deal with failure? Our guest, Mike Pfeiffer, is here to help us find guidance in the foggy world of cloud certifications.

Ned Bellavance:
Welcome to Day Two Cloud, part of the Packet Pushers family of podcasts. On Day Two Cloud we have a frank discussion of what happens when cloud stops being [inaudible 00:01:53] and starts getting real. I’m your co-host, Ned Bellavance, Ned1313 on Twitter. Also joining me is Ethan Banks, short URL, bit.lygrumpybanks and @ECBanks on Twitter. Hey, Ethan.

Ethan Banks:
When I saw that in the notes, I actually hit that to see if you’d made that go to something, and that’s a dead link, buddy. You disappointed me.

Ned Bellavance:
Oh, it’s coming. It just takes a little while. It’ll be up by the time the show is live.

Ethan Banks:
Oh, great.

Ned Bellavance:
Also joining us today, as I said in the intro, is Mike Pfeiffer. He’s a Microsoft MVP, Pluralsight author, and a fellow podcaster. Welcome to the show, Mike.

Mike Pfeiffer:
Hey, fellows. Thanks a lot for having me here. Super excited to be here. Love this show and the network. Really excited. Thank you, guys.

Ned Bellavance:
Absolutely. So why don’t we start with the baseline here? I think we can all agree certifications are, they’re worthwhile. They’re worth getting. I know some people have opinions on that, but for the purposes of this show, we’ll just assume that they’re worthwhile. But the reasons that they’re worthwhile are probably different depending on your situation. I was working for a VAR for a while, and we had to get certifications to keep our partnerships with various vendors in good standing. So it wasn’t always something I cared about, but it was something that the company needed. But that was just my experience. Mike, what value do you get out of certification?

Mike Pfeiffer:
Yeah, that’s a good insight because that’s one of the main reasons why I started doing certifications in the very beginning. The interesting thing for me is, being in the field over the last 12 to 18 months, seeing customers for the first time, at least the customers I work with the, for the first time asking, “Are the folks going to be certified? Is the people on your team are going to be Azure certified AWS certified?” And that’s been fascinating to me because to your point, for a long time most people, well not most people, but a lot of people weren’t really focused on it if it wasn’t providing value to the company so they could be a partner and things like that.

Mike Pfeiffer:
So I think that value… I mean, people are looking, they understand the complexity of cloud, and they now understand that it’s important to help people to know what they’re doing. And so I think they’re kind of looking to that, and obviously that’s not always an indicator, but it helps. And so I think kind of the state of technology today in the job market, what customers are looking for, I do think certifications are important for people. I think it’s a way for a lot of people to break in and make impact.

Ned Bellavance:
Right. Do you think part of the reason that cloud certifications, in particular, are important is because the field is so relatively new? You can’t say, for instance, “I need someone with 10 years of experience in Google Cloud,” because no one has 10 years of experience. So maybe certifications are sort of a place holder for figuring out if they have the necessary skills?

Mike Pfeiffer:
Yeah, absolutely. I mean, when it comes down to it, you got to have some kind of… Well, it’s nice to have validation that the person has at least done the basics, right? I’ve worked with lots of customers where I’ve come in and maybe there was another consulting company in there or there’s kind of a project going on in parallel with another group inside the company where they’re using another set of consultants and just hearing the conversations at lunch and kind of offline, outside the meetings of, “Man, these guys don’t really seem like they know what they’re doing” and talking about the other teams coming in and helping. I think there’s a lot of that going on because, like you said, it’s early. In the consulting world you just kind of get thrown to the fire. It’s not like, “Hey, we’re going to send you to training” and all that kind of stuff. It’s just like, “Hey, we sold this project and you’re our go-to person. Now go out there and figure it out.” Since it’s so easy to go fast now and there’s so many new things, it’s easy to be exposed when you don’t know what you’re doing right.

Ethan Banks:
Is the right answer, Mike, then… Like if I go in that situation where I’m getting thrown to the wolves, should I have AWS and Azure search? Is that the right place to start? Or are there some other certs that are maybe not vendor specific, but would give me good background so that when I’m dumped into those situations as an engineer I’ve got a good knowledge and can make good progress?

Mike Pfeiffer:
Yeah, that’s a good question, and I think it depends on the person’s circumstances because where you work now, where you want to work later. Do you want to work where you’re at now for a decade, or are you kind of looking as this place you’re at now as a jumpstart to the next place, and those circumstances and what the customer or the place you’re working at now uses, what they want to use or where you’re thinking of going next. And on top of that, where do you live? Are you working in the office in the city that you live in, or are you working remotely? All of those conditions dictate, to me, what technology should focus on. So if I work at a place and I’m planning on being there for the next five or 10 years, and it’s a Microsoft shop, they’ve had active directory for the last 20 years, all of the apps are tightly coupled with that, and everybody on the team has skills with .net and PowerShell and all these things, then it starts to make a logical kind of choice that Azure is looking like an easier run because there’s a lot of integration with the existing technologies. The terminology is kind of in the same ballpark.

Mike Pfeiffer:
And so I don’t ever tell somebody, “Hey, you should go to AWS,” or “You should go and do Azure,” because all of those variables are important inputs. So I think that’s what I would lead with is kind of figure out what direction am I going down. The vendor-specific stuff helps when you’re working on those projects and the customer is doing… They want to do AWS, obviously. But there is vendor neutral stuff out there. There’s vendor neutral architecture certifications, and CompTIA has always been vendor neutral. They have a cloud certification, things like that. So there’s value in the non-proprietary stuff, but obviously when you get into a project and it’s technology-specific, you’re doing AWS, then it makes sense to have AWS certifications.

Ethan Banks:
Knowing the specific knobs and levers is helpful in those cases. So let me throw one real specific one out because it’s fresh on my mind and on probably Ned’s mind since we were both just at KubeCon. That’s the Kubernetes certification. There’s the certified Kubernetes administrator and then the developer-related cert. Most of the folks here would be more on the administrator side than the dev side. Do you think, from a cloud perspective, does going after a Kubernetes certification make any sort of sense?

Mike Pfeiffer:
I think Kubernetes certification, if you’re bidding on Kubernetes big time, you’ve decided I’m going to be somebody that is seen as an expert in Kubernetes, then Kubernetes certification is for you. I think if Kubernetes is part of the potential conversation of whatever the company is going to do, everybody that’s working in cloud should have some awareness and understand the basics. But it doesn’t make sense for everybody to go off and do the Kubernetes certification because it will take you into the darkest corners of technology.

Ethan Banks:
And that’s what I’ve been wondering about. Does it make sense to go down the Kubernetes road? Because is every shop going to actually need to know the inner workings of Kubernetes? Or we’re just going to be consuming it as a service and these kind of things.

Mike Pfeiffer:
Yeah. So to me it’s going to be a service. It’s so complicated right now, and the hard part is the departure from the traditional way of doing things. That’s hard for people to kind of grasp. Because, to me, as doing infrastructure the last 20 years, it’s not that difficult. But I started in the era of just doing everything completely… building machines from scratch, doing networking from scratch. A lot of people don’t have that perspective, and it’s harder then to make the shift and understand kind of what’s going under the hood.

Mike Pfeiffer:
And it reminds me a lot of what happened with Exchange server. I spent a lot of time in my career doing Microsoft Exchange. That product insanely difficult to architect, to support and manage. And I went off and did a certification that was $20,000 called the Microsoft Certified Master about 10 years ago because I was pushing the chips into the table on that, right? And so I bet big on my career on that. It got to the point, though, where you needed people like that to support it. And it’s just not practical for people’s IT teams, usually, to go that deep in something.

Ned Bellavance:
I feel you there with the Exchange. I got real deep into Exchange for a few years, and I never went the Certified Master route, which I believe that’s now retired, isn’t it?

Mike Pfeiffer:
Yeah. There’s a funny story about that actually. So that actually got cut by somebody in Microsoft Learning because it wasn’t… I mean, it makes sense from a dollars and cents perspective because it was 20 grand, and you had to go to Microsoft for three weeks. So you had to take almost a month off of work, you had to get your employer to shell out 20k. And so they had a hard time. And not only that, is the pass rate was like 20%. So I was happy to just pass. But people weren’t successful. It was too much friction. They just couldn’t make it go, and so they cut it. That was kind of a challenge for a lot of us that had done it because we got to the point where people are putting out RFPs and stuff saying, “Hey, we want you to be Master certified to land this project and stuff.” So people were literally building their businesses around it, and then it kind of cut.

Mike Pfeiffer:
So that’s another thing is be careful how far down the rabbit hole you’re going to go with certifications. I mean, looking at something like CCIE where it’s a massive commitment, that makes sense. It’s established. It’s respected. And if you’re going to be an expert in networking, yeah, totally. And I think the Kubernetes one is kind of similar since it’s performance-based, right? You know if the person passed, they know their way around, but the question is, is it going to play out to where that matters? Right? Is it going to hit the scale where everybody needs to know that? And I think it’s too early to really answer that.

Ned Bellavance:
Right. To complete your analogy, in the world of exchange, then exchange online happened. And a ton of organizations said, “Why are we paying a really heavily-trained exchange engineer to maintain our environment when we could simply just rent it from Microsoft for a nominal fee?” And now we don’t have to worry about properly maintaining exchange," which I mean, it is a beast, especially as it progressed into 2013 and 2016. So if Kubernetes is a similar difficult, complicated beast, then it may turn out that the value of being extremely certified and heavily trained in the actual nuts and bolts of Kubernetes is not going to be profitable for a large swath of people.

Mike Pfeiffer:
Right. Yeah, absolutely. 100%. I mean, the vast majority of people don’t need to go that deep, in my opinion. More abstractions are going to come. Things are going to get easier. The whole infrastructure concerns thing is going to start to be minimized as the platforms continue to innovate. And so yeah, that’s a really good thing to think about. If you want to be in the depths of it, 100%, go for it and stuff like that.

Mike Pfeiffer:
But when I was talking to my customers in 2011… I actually was one of the few exchange people that I knew that was kind of excited about Office 365 because I love new stuff, learning, and I was trying to get everybody excited about it. And the customers I was working with are like, “Eh, there’s no way we’ll ever go to Exchange online. We need to control this thing,” and all that, right? And so here we are, 2019, and every single one of those customers is now in Exchange online. So I think history repeats itself, and I think for guys like us who have been around a long time have seen it. And I think we’ll see that happen again with this. It’s very complicated for most people. I think AKS, EKS, and GKE, and whatever new services come out will be kind of the de facto standard.

Ned Bellavance:
Right. Now, another big trend I’ve noticed in the realm of certifications is the idea of this role-based cert. I know AWS is in the process of overhauling their certifications. Azure did a full overhaul, renamed all of their certs and created these paths. So what are the different types of certifications that are out there? Is there something that’s equivalent to, I know you mentioned the CCIE or something from Microsoft-land, MCSC, in the world of Azure and AWS?

Mike Pfeiffer:
There’s not yet. And so Microsoft is actually working on adding some performance-based testing into their Azure exams and some of the other stuff. So it’s actually there right now, meaning you’re really doing stuff in the portal for a portion of the architect exam, like EZ 300 when I took that, with just one exam to get architect-certified. There was probably half the tests of doing interactive stuff. So there are expert level certifications, like Azure architecture is expert level, DevOps certification in Azure, that’s an expert level certification. However, it’s not as challenging as something like the CCIE, or probably even CKA, Certified Kubernetes Administrator, or CKAD, which is Kubernetes Application Developer certification. So definitely not that complicated in terms of the whole thing is performance-based-

Mike Pfeiffer:
In terms of all of… The whole thing is performance-based. It’s hands-on. However, something interesting, when I first joined AWS, this was back in 2013, and then we were still talking about building the certifications. And I think right after I joined, the first AWS certification came out. But in that timeframe, they were talking about doing a master-level cert. It would be completely performance-based and then it kind of fell off the roadmap and I haven’t seen anything about it since. So, we can get [crosstalk 00:16:32].

Ethan Banks:
It’s got to be tough for them because they are iterating so quickly and there’s so many new services that they keep adding and the certification programs tend to lag behind what’s actually out there. And so that the training folks and the cert folks and the exam writers have to be iterating as quickly as new products are coming out, which makes it all this moving target that’s hard to build a stable certification around.

Mike Pfeiffer:
It’s totally true. And it’s also impacting the field training stuff. I’m actually an MCT, Microsoft Certified Trainer, so I get to see the courseware and from time to time. I do deliver official Microsoft training classes. And when you get the coursework from them now, it’s totally different than it used to be because, to your point, the learning team cannot keep up with engineering. And so, inside Microsoft, this might not be super obvious but such a big company that different teams feel like different companies when you’re inside. I worked there for a little while and I felt like I didn’t even work there because I was in field services. I was always on-site with customers. So, I just felt like I worked at a consulting company. If I needed to talk to somebody in the program group, program management or something, it was just like there was as much friction talking to them if I was not an internal employee.

Mike Pfeiffer:
And so, my point is that I don’t think right now, the learning people at Microsoft are tied into the engineering team, They’re definitely not able to keep up with the pace of what the engineering folks are doing. But Microsoft’s closing the gap on that. They just hired a bunch of trainers. I know that they’re doing a lot of stuff on Microsoft Learn, and AWS does have their own learning group as well. But I don’t know how much cohesion there is between the learning teams and the engineering teams. And I imagine the product groups are going to need to have education people involved so they can start to figure this out. Because if you can’t teach people how to use your platform, it’s going to be hard to make money, right? So.

Ned Bellavance:
Yeah. And that platform is very broad, as we sort of indicated, that the rate of iteration of new services or new features, but really, just like net new services on the cloud just keeps happening. I think that’s part of the reason that these specialty certifications are coming around. So, AWS now has a data scientist cert and I think Microsoft has something similar for Azure. Is that something like an IT ops would ever pursue or should they just sort of focus in on core infrastructure or dev ops, or something that’s more specific to their role within a company?

Mike Pfeiffer:
Yeah, I think it depends on where you want to go with your career. I think for most people, it makes sense to focus on something because you’ve got a certain amount of energy, you’ve got a certain amount of time, and if you’re trying to do too much, it’s just going to be exhausting and confusing. So for me personally, like I’m not paying attention to any of the data science stuff because I’m not a data scientist, so. And I’ll probably get sucked into something at some point. And then at that point, I’ll know enough about the basics of the platform to then dive into that.

Mike Pfeiffer:
One of the things I tell people all the time is, learn the core services because every other service is predicated on that. So, let me explain, like computes, networking, storage, and security. If you understand those services in any cloud, all of the managed services are built on those things. So, it’s not as hard to kind of make a lateral move. Sure, if I had to go do the data science stuff, I would have to ramp up on that piece of it, but I would have a better understanding of what’s going on because I already understand the Azure platform or already understand the AWS platform. And so, I think focusing on your main thing, understanding the fundamentals, and then just going into the next dark corner when you’re, only if you have to, makes a lot of sense. Conserve your energy. Focus on what matters.

Ethan Banks:
I’ve listened to a lot of folks that are taking on cloud projects, perhaps in a consulting role or perhaps they’re just being asked to be the technical lead as their company rolls out something to the cloud. And it seems like when you get into that space, particularly if you’re trying to add automation and tooling to the mix and Git and other things that, as an infrastructure engineer maybe you weren’t all that comfortable with, it does seem to be overwhelming and you’ve got to kind of pick your battles and take things on one at a time.

Ethan Banks:
So, let me give you for instance. For me personally, Mike, I’ve been looking, as I look at all these different services, Kubernetes and AWS and Azure, and then begin digging in and looking, it quickly becomes overwhelmed with the amount of things that you could know and dive in and go pretty deep on because it’s just that much to know. And I’m starting to feel like, hey, I’m a guy with a really strong networking background. That’s what I’ve spent most of my time doing over the last 20 years. That feels like a niche that there’d be plenty to know, if I just dove into just that, the networking aspects of cloud, interconnectivity with hybrid cloud and multi-cloud, Direct Connect, VPNs, managing security within VPCs. There’s a ton there that would be valuable. Is that maybe going too deep, do you think?

Mike Pfeiffer:
Not at all. I think that’s super practical, especially in networking, but this would work at any kind of pillar, but the amount of confusion in the cloud networking is enormous, man. Every customer I work with, even the network experts are like, “What the hell is this thing?” Because it’s totally virtualized. It’s violating almost every rule of networking they’ve learned in the physical world. So, everyone’s confused. And I think… And I’ve yet to see really, anybody in the broader community online that is the cloud networking person. So, those opportunities are there. Take the skills that you have now and then bring them into the cloud with you, because there’s a lot that you already know, in IT, that you can use now in the cloud. You just have to figure out what are they calling it in the cloud, like what is the terminology?

Mike Pfeiffer:
And then I think the other thing is, don’t focus on what you don’t know. Focus on solving problems because there’s an enormous amount of things that you’re not going to know. I’m never going to be able to wrap my arms around everything in Azure or AWS. It’s just not going to happen, and you just got to get comfortable with that. And so, but yeah, I think you could totally take what you’re good at now and bring it with you into the cloud and then carve out a niche for yourself in that. But don’t worry about tying it to your identity, you got to be like that forever. Realize that that’s your in. Once you’re in, then you can move around, pivot if you want to.

Ethan Banks:
Now, the additional skills that I’ve wanted to add beyond, let’s say cloud networking, if we want to define it that way, has been all the automation tooling, because that also plays well with things that I’ve had to work with over the years. Just like most IT engineers, we’ve all done some scripting. Maybe we’ve had some programming classes in the background. And then you look at automation and applying development techniques to infrastructure, infrastructure’s code and those ideas and it’s like, “Oh, this all makes sense. I like this and it’s going to save me time too.”

Mike Pfeiffer:
Yeah. And to me, that’s the most interesting part about all this, being able to automate everything and then it’s all truly virtual when you’re fully not hybrid cloud, you’re all cloud. But even, there’s awesome stuff coming up for the hybrid kind of story. But yeah, I mean, it’s insanely cool, and anybody should be starting to think about that, the process of applying software practices to all the infrastructure, whether it’s the network, the storage, the stuff you’re doing in data science. All this stuff eventually is going to flow through that model of, “Hey, we’re going to version this as code. That way, we have a whole audit history of who changed it, when it was changed, what it was changed from, what was it before,” and a bunch of checks and balances along the way. So, everybody should start getting comfortable with that pattern.

Ned Bellavance:
Yeah. So, one of the interesting things that I’ve come across is, I’ve been working on a documentation project. And you would think writing documentation, “Oh, you just write a document and publish it” or something. But no, the process by which what I’m writing gets published to the website actually involves understanding Git, understanding source control, and running a local version of Hugo to generate the site locally to check my changes. So, it’s actually, I need to understand all these other things that don’t seem like they have anything to do with writing, but they kind of do now.

Mike Pfeiffer:
Yep. And here’s the best part about that. The best part about that is now, you can start having those conversations with other people. Because in the past, and it’s still like this for lots and lots of companies, but when you talk about dev ops and stuff, they always talk about the core conflict is, you’ve got common goal and then you’ve got all these teams with opposing kind of ways of doing things. The infrastructure people are trying to maintain stability. I mean, the developers are trying to change stuff all the time. And so, it’s hard to understand, if you’re an infrastructure person, what the heck are these guys doing? But once you start to understand their world, and you start doing things for your documentation projects, you start running it through version control, those little things, those little kind of side projects start to get you into kind of understanding other people’s mindset. And so, it just opens up more options to collaborate and communicate.

Ned Bellavance:
Right. So, let’s talk about the operational reality of certification, which is, let’s say I’ve actually got it down to, here’s an exam that I want to take. I’m ready to take it. What sort of preparation do you recommend? I’ve seen some people, they’ll schedule the exam first and then start studying. And having that looming deadline is their motivation to stay on track, which could be a good idea or it could be the pathway to a nervous breakdown. So, what sort of preparation do you recommend when it comes to the exam?

Mike Pfeiffer:
Yeah, so that’s… The funny thing with certs, man, is I used to struggle with anxiety of, “Ooh, what if I fail and everyone finds out?” Because I did the A Plus in the late '90s when I was working as a help desk person. And I was like, “Man, I don’t want everybody to know I failed the test.” But, so to kick things off, I would say number one, this is going to be a hard thing for most people to get to. But where I’m at now, kind of mentally is, I like to go fast and I like to do as little as possible. It sounds terrible, but I don’t want to stress myself out about it because here’s the thing. When they’re reading my eulogy in 60 years from now or whatever, they’re not going to be like, “Oh, yeah, beloved father and husband, except he failed a test that one time.”

Mike Pfeiffer:
So, I think, number one, people are putting way too much pressure on themselves. And so, I like the pattern of, all right, let’s book the test and do it sooner than comfortable. And it’s pretty much like, get a 70%, essentially, on most of these tests. So, for me, it’s like, what’s the minimum amount that I have to do to pass the test? And then get away, separate yourself from your ego and be like, “I don’t have to get 100%.” And even if I don’t pass, now I know where I’m weak. So, yeah, set a date and chip away at it. Take the test and let the chips fall where they may. And just adjust your approach if it doesn’t pan out the way that you wanted it to. That’s my opinion. That might not work for every company because the boss is paying the thing and you don’t have a free retake. And in fact, those dynamics are there and I respect that. But I think that a lot of people are kind of overthinking it.

Ethan Banks:
I’m laughing a little bit because some certain Cisco exams that I’ve taken over the years, it doesn’t matter when you get to the end and failed it and now you know what you are not good at and you can go study, and come back around and take it the next time. That test won’t look much like what it was the first time. So, good luck trying to figure it out. Looking at you, Cisco, sorry.

Mike Pfeiffer:
Yeah, that’s a good point too. But I think for me, man, it’s just like, to your point earlier, man, there’s so many certifications and if I worried so much about acing it, I would never get there. And so, kind of setting yourself up for like, “I have to do this because I already preregistered so let’s just set the date. I promise myself I’m not going to change or to reschedule, just work towards the best I can.” And when that day comes, honor what’s on the calendar. Just go do the test and then maybe adjust your approach. Maybe you need to study extra after that or kind of change the way you’re doing stuff. But that’s my hot take on it. That’s my opinion.

Ned Bellavance:
Right. So, there is nothing quite as disheartening when you have been studying for weeks or in some cases, months, and then you fail the exam, especially if you were close to passing. If the pass was 700 and you got 695 or something. You’re like, “Ah.” So, have you failed an exam? And what did you do after that to stay motivated, keep your confidence level up, and go back in there and pass?

Mike Pfeiffer:
Yeah, I’m actually a really good test taker. I realized that when I started my certification journey way back in the '90s. And so, I don’t fail very often. I’ve taken so many Microsoft ones. I’ve never failed a Microsoft one, which kind of, I probably will, now that I’ve said it, which I can deal with that. But I’ve done probably over 30 exams, and went to the Masters stuff with them, but I did fail some Citrix certifications, probably back like 2004, 2005 when I was trying to get Citrix, with Citrix MetaFrame.

Ethan Banks:
Yeah, that’s one of the few I failed as well. That’s weird because I went and took the class and I was like, “Oh, this doesn’t seem that hard.” I was using it in real life and had a pretty sizable deployment. Felt really confident and didn’t study as hard as I should have. Because when I went into that exam, I failed it and I was like, “Really? Wow. I failed that, huh.” That sticks to my mind.

Mike Pfeiffer:
I had the same exact experience. It’s really funny. And I think… That’s another thing, when people are beating themselves up about failing an exam, part of it is, what was in the head of the person writing the question, is also a factor. And so, that Citrix one that was very ambiguous, poorly written and so, that also happens. I’ve seen really badly written questions, and sometimes, I’m just like, I don’t even know the answer because, where it’s so ambiguous, it could go 10 different ways. That does happen. And at that point, you just kind of got to pick something.

Mike Pfeiffer:
But picking yourself back up after a failure, I think it’s just really about perspective, and understanding the… It’s just anything, it’s… You’re trying to ride a bike, you’re going to fall off a bunch of times and then eventually, you get the hang of it. And I think we’re just, people are overthinking it when they get too down in the dumps about it. Yeah, I understand. It’s kind of deflating, but what can you do? You can’t just sit there and dwell on it. That’s not going to do anything. So, just start over, let’s get back on the bike or whatever and try it again. That’s my outlook on it, so.

Ned Bellavance:
Right.

Mike Pfeiffer:
I don’t have any great advice there. It’s just like-

Ned Bellavance:
Just do it.

Mike Pfeiffer:
Rub some dirt on it and go.

Ethan Banks:
All right, Mike, let me throw a big controversial question at you, that is brain dump. So, I know a lot of folks that have worked for partners and they have a huge amount of pressure to get the exam passed. We need this cert.

Ethan Banks:
Amount of pressure to get the exam passed. We need this cert because of partner discounts or because of a project that they’re bidding for, whatever it might be. And brain dumps are the shortcut that folks will use. They’ll buy the dump of questions, memorize the answers, go in, and at least for a few minutes, know enough about the answers to get the exam passed. And of course that’s for obvious reasons, very contentious. Do you have an opinion on brain dumps? Is there ever a use case for them? Should all people that use brain does be sentenced to death? I think I read that that was your opinion. Maybe that’s wrong. I don’t know.

Mike Pfeiffer:
That’s definitely not my opinion. I definitely would never do that. But here’s what I will say is I do hire contractors all the time to come work with me on projects and I don’t want to work with you if you don’t know what you’re doing. So that’s kind of step one and think about it from the other person’s perspective, if they’re hiring you or their team around you, or your manager, you’re not doing anybody any favors, including yourself, if you cheat the tests and it’s actually getting harder. You’re not going to pass any Kubernetes certifications by brain dumps because you have to know what you’re doing. It’s all hands on and it’s eventually going to get more like that. Microsoft’s exams have gotten more challenging to cheat because the format changes throughout the tests. So if you go in and take a 50, 60 question test, you might have 20% of that multiple choice, 30% is hands on, different portions of it are drag and drop and all these different things. And so it’s getting harder to cheat.

Mike Pfeiffer:
But no one wins, at all. Even if it was practical, which I haven’t seen a lot of brain dumps out there lately, but even if it did work, maybe if you do it because you have to get green light for this thing or whatever. I don’t know, I’m just the kind of person, I feel like what you put out is coming back and so if you’re cutting corners there, you’re going to get somebody cutting corners on you later. So to me it just doesn’t make any sense.

Ethan Banks:
Yeah. I think the aspect of that practical exam now that more and more of the exams are moving towards hands on and then they have been for years, slowly but surely the simulations have gotten better. And what you mentioned the CCIE, that lab exam is that you can’t fake that. Although there’s been some talk of the notebooks with the exact labs are getting leaked online and so on. I guess maybe that has happened in a few places, but.

Mike Pfeiffer:
The other thing that I wanted to say that’s important is people have an amazing ability to smell bullshit. If you’re in a conversation or an interview, most people are going to know if you don’t know what you’re talking about.

Ethan Banks:
No, you’re not wrong about that either. I’ve been in a position to interview people many times. If they give me their resume and say they know MPLS and networking technology, great, let’s find out how deep you are on that topic. And I’ll just keep asking questions until they run out of gas and I can tell within a couple of questions and their responses whether they faked it or not. Why did you put that on your resume? You actually have no idea about this topic, do you? Is what I’m thinking to myself and I almost feel bad for the person. It’s like, come on, you made it through the screening, but you’re not getting through a technical interview process. Who are you kidding here?

Ethan Banks:
The brain dumping stuff, it really does lend to that and it’s too bad, but I’m hoping the practical side of things just takes over everywhere and makes it go away because if it doesn’t, it’s going to continue to be, it’s certainly in the Cisco world there’s been this arms race where the people writing exams are trying to stay ahead of the brain dumpers and so they keep writing these more obtuse and esoteric and weird questions or rewording existing things and it ends up being the person taking the test who hasn’t used a brain dump, they’ve just honestly, they’ve studied hard and they’re trying to pass the exam are done a disservice because they end up trying to take an exam that’s confusing and badly worded, as you were mentioning earlier Mike, some exams you just like that where it’s not really a good test of your knowledge, it’s just the exam writer trying to stay ahead of people who are cheating and it does no one any service.

Mike Pfeiffer:
Yeah, I agree. And the thing for me too is, kind of being at this age now, I turn 44 next month. And so after being in the IT industry a couple of decades, it’s just really obvious to me now after seeing so much in myself and other people is that most people are short term focused, looking for a quick win, quick payoff, shortcut. And that might work in a short term, doing a brain dump, but it will not play out longterm. Just doing the wrong thing doesn’t play out over a long period of time, and I can tell you that from my own personal experience, so anyone listening that was even considering it or if you did it in the past, like knock it off and let’s go do it the right way, because in 10 years, like that’s not going to serve you or anyone else, might help you a little bit now, not going to play out good in the long run.

Ned Bellavance:
So if brain dumps are off the table and they probably should be, what sort of preparation do you think should be on the table beyond just reading the documentation? When you’re preparing, do you hit a lot of labs? Do you go on forums and talk to other people? What’s sort of your process there?

Mike Pfeiffer:
I’m a big hands on guy. I love to do it myself, hands on, and that way I understand it. So I’m a visual learner, I’m very much into going through and building stuff. So I like the lab stuff often. And what I’ve realized talking to people about that is a lot of times people are confused by that concepts. And I guess it kind of makes sense if you’re new to a technology. So if you’re brand new to stuff and you’re like, I don’t even know what to build, going into the reference architecture centers or reference architecture portion of the documentation from these big vendors where they show you here, here’s how you build a highly available WordPress deployment. It’s using web servers, a database networking and security and all these things, or a SharePoint farm or whatever it is. And then you reverse engineer that.

Mike Pfeiffer:
I don’t think everybody appreciates the amount of knowledge you’re going to get just from building something that even if it might look obvious, so I’m huge on hands-on first and then looking at the objectives, or maybe looking at the objectives to start and then what can I build that would map to this stuff? And when you’re thinking through a question in a test, having done all that, you can reflect on what you know in your head from experience, not just, “Oh, I was trying to memorize facts.”

Ethan Banks:
There are things you think that are obvious in a lab scenario too. I would probably obviously do this. And then you actually get into it and find out it wasn’t obvious, the thing you needed to do was for whatever reason, weird or obscure or a strange command or had this dependency. It says to type this command in, but it’s not available to me. It says to go to this screen but I can’t get there. Yeah, because you didn’t do these three other steps that you need to do ahead of time before that set of configuration was even available to you. It’s stuff like that you only get once you’ve spent time working on it.

Mike Pfeiffer:
So true man. And that’s where the magic happens, that’s when the lights start coming on because just memorizing data is totally worthless. You got to apply what you’ve learned otherwise you’re not going to understand it the right way. So that to me the biggest way to go about it. Know what’s on the tests and then make it happen the best you can on everything you can do, right because you don’t have access to everything all the time. The advanced networking scenarios where you’re doing high speed connection back on prim, obviously you can’t test that, but by and large you can test most things. And so that’s how I like to go about it, hands on practice, man.

Ned Bellavance:
Right? Yeah, it is nice that with all the cloud certs, at least they have usually a free tier where you can experiment even if you don’t have the cash and that you can build a lab and tear it down relatively easily.

Mike Pfeiffer:
And a lot of the training providers are now starting to do platforms where you could practice on as well, so.

Ned Bellavance:
Right. Yeah. Microsoft Learning has a bunch of sandbox stuff that you can do that’s all 100% free and I think Google has something like that as well. Some of their training is also somewhat free. Another thing that’s cropped up in the last few years is remote testing. So taking the exam from a remote location, usually your house or your office. I know that’s a huge boon for people who don’t live near a testing center. I think Ethan told me he had to drive a couple of hours to take some old Novell tests.

Ethan Banks:
Yeah, I did definitely have some driving to do back in the day. Yep.

Ned Bellavance:
So if someone has that option, do you think remote testing is always the clear choice or does it still make sense to go to a testing center?

Mike Pfeiffer:
I actually like it a lot. I’ve been doing it the past probably two years and it’s nice and convenient. I work from home most of time and so I’m already in my pajamas most of the time anyways. So for me if I have the option to take it, I do. There’s a couple of things in there and Tim Warner also talks about this, who’s also a fellow MVP. He went to the test center where he lives and they had old school CRT monitors and he couldn’t even do a lot of the hands on stuff because the screen wasn’t big enough for the UI. Having your own hardware, if you have the option to do it from home, is a nice thing. But it’s an interesting experience because you do have to do some prep work, you have to clean off your desk.

Mike Pfeiffer:
There can’t be anything on the walls and they’ll actually check that. So in the early days, it’s gotten easier now with Microsoft, but in the very early days you would schedule your test and you would get on a Zoom call, kind of like a web conference with a proctor, and then you would have to show your room with a webcam. And so you’d have to show the desk, that there’s no items on the desk. You’d have to show the walls. So you’d have to spin the camera around 360 in the room. And then you’d also have to spin the camera around 360 to show ceiling and the floor. And then you have to like pull up your sleeves and all this kind of stuff. And I have this huge sleeve on my left arm. And so the guy’s like, “What’s written on your arm? You writing the answers on your arm?” And I’m like, “What are you talking about dude?”

Mike Pfeiffer:
In the early days, it was kind of like getting treated like a criminal almost. And you’re like, “Man, I feel like I did something wrong.” But now it’s just you schedule your tests, you go in, it’s all virtual, you take photos, you upload it, and then they say, “Okay, you’re clear to go.” And then the last thing I’ll say is make sure you hit the bathroom first because you have to stay inside the view of the webcam for the course of the exam. And if you kind of get out of view of the webcam, they’ll cancel your test and say that’s disqualification. Another thing is you can’t like put your hands on your face. So one of the tests I did the last couple of months, I was probably two thirds of the way in, it’s been 90 minutes.

Mike Pfeiffer:
And so I just have my elbow on the table, I’ve got my head kind of resting on my hand type of thing. And somebody came online, and they’re like, “Hey, get your hand off your face.” One of the proctors. I’m like, “Oh, okay.” And so they are watching you, man.

Ethan Banks:
What’s the logic behind that? The hand on the face thing?

Mike Pfeiffer:
Maybe they think that you’re like talking or I don’t know, but it’s interesting. It’s convenient, however, those are the kinds of nuances that I’ve noticed about it. But I like it. I’m going to do it as often as I have the option to do it.

Ned Bellavance:
That has been my experience as well. I’ve done a few and I just do it at my dining room table because that’s easy to clear everything off. I don’t have any of my office clutter.

Mike Pfeiffer:
I do the same time thing.

Ned Bellavance:
Nearby. And it’s a little funky at first but then you know, I don’t have to drive anywhere so I’m happy.

Mike Pfeiffer:
I know man. That’s why I like it, saves me a lot of time.

Ned Bellavance:
So as we start to wrap things up, we like to do a few key takeaways or called actions for people who are listening and thinking back on cloud certifications and kind of our conversation. Are there a few key points that you’d like to highlight from the conversation?

Mike Pfeiffer:
Yeah, I think so. I think there’s a lot of people out there that are still sitting on the sidelines, which is natural because it’s still kind of early for cloud. And I would say, get in the game, like do one of the fundamental certifications like Azure Fundamentals or AWS has the Cloud Practitioner. It’s like the entry-level certifications. I think Google has one as well. And that’s really for anybody in the IT organization, whether you’re a developer operations engineer, project manager, whatever. And so it just gives you an understanding of what’s the main services, what’s the whole point, why are we doing this, all that kind of stuff. It’ll get you into the conversation and give you some awareness. I think that no matter where, if you plan on staying in IT, there’s no reason not to do that. It’s just going to help you going forward. So that’d be like number one takeaway, is just get in the game, and start small, you don’t have to go and knock out the expert level architect thing right out of the gates if you don’t want to.

Mike Pfeiffer:
So that’d be my first one. And the second one would be don’t stress out about what your score will be or if you’re going to pass unless, if you work with somebody that’s really militant about it, then maybe consider switching that up. But that would be kind of the second one. Don’t overthink it. People fail all the time and then third is hands on practice to me is, that’s the hack. Everybody’s looking for a trick or hack or whatever. To me it’s get your hands dirty, let’s go, build something. Because that’s ultimately what this is all about. That would be kind of shooting from the hip, I would say.

Ned Bellavance:
Awesome. Those are really good takeaways. If people want to know more about you, where do you blog? Are you on Twitter, et cetera.

Mike Pfeiffer:
Yeah, you can find me on Twitter. My last name’s insanely hard to spell. Thinking back now, I’m like, “Man, I wish I would have had the same like handle on every platform and it was just like something easy”, but I wasn’t thinking things through very good back then. So if you just go to my website, you go to askmike.io, you’ll get redirected to my main website where my blog is, all my social media handles are on there. And then you can also check out my podcasts by just going to cloudskills.fm and my company, cloudskills.io. We’re actually opening up a new immersive DevOps training program starting up in January, 2020. We’ve done a couple of these in the past, they have been super impactful. So if you’re looking for different types of certification training, check out our community, cloudskills.io.

Ned Bellavance:
Awesome. Well, Mike Pfeiffer, thank you so much for being a guest on Day Two Cloud.

Mike Pfeiffer:
Thanks Ned, and thanks Ethan, really had a good time being here. Appreciate you guys.

This podcast is sponsored by the Azure DevOps Training and Certification Bootcamp at CloudSkills.io

Azure Hybrid Cloud with Thomas Maurer

Mike Pfeiffer — Wed, 19 Feb 2020 23:23:35 +0000

In this episode I catch up with Thomas Maurer to discuss Azure hybrid cloud scenarios and we answer a bunch of questions from a live audience.

Thomas Maurer is a Senior Cloud Advocate at Microsoft and is part of the Azure engineering team (Cloud + AI) and engage with the community and customers around the world. He's located in Switzerland, focusing on Microsoft technologies, especially cloud and datacenter solutions based on Microsoft Azure, Azure Stack and Windows Server.

Full Transcript:

Mike Pfeiffer:
Hey everyone. Thanks for tuning in to CloudSkills FM. In this week’s episode, I’m sharing a live stream that we did just a couple of weeks ago where I interviewed Thomas Maurer from Microsoft and you’ve probably seen Thomas around. He shares lots of content. He’s a former Microsoft MVP and we had a great time answering questions on the live stream. There was lots of great content.

We talked a lot about hybrid computing, working with Azure and talking about Azure Arc, Azure Stack, a bunch of different stuff. So it’s kind of a mixed bag, lots of different content and I think that you guys will really enjoy this episode.

So with that, let’s go ahead and cut it over to the live stream interview with Thomas...

So Thomas, I know that you’re just constantly busy and stuff, so I appreciate you taking the time I’m putting you on the spot a little bit, but dude, you’re pumping out awesome content all the time. What’s new with you lately? What have you been working on?

Thomas Maurer:
Oh, thank you Mike. First of all, it’s a real pleasure to be here live with you. I remember our great talks we had at Microsoft Ignites so I’m super pumped to be here again.

Mike Pfeiffer:
Me too. It’s awesome.

Thomas Maurer:
So yeah, currently there are a couple of things we’re working on. Obviously we can imagine that we still are like this post-Ignite stuff. So technology-wise we are still doing a lot in the hybrid space with the new Azure Stack portfolio and Azure Arc. And we really keeps up right now is the Microsoft Ignite tour where we basically take some of the content we did at Microsoft Ignite in Orlando and basically go to 30 cities worldwide. Right. So last week I was in China as well as now in London. Next week I will be in Italy. So that keeps me up right now it’s Microsoft Ignite tour.

Mike Pfeiffer:
Busy guy, man. Busy guy. Awesome. So you’re always blogging about awesome stuff as well. I just shared one of your posts the other day, but you’ve been pumping out cool stuff like Azure Arc certification recommendations. What was the latest one? It was something on cloud shell, wasn’t it or something like that?

Thomas Maurer:
It could be. Yeah. Yeah. We shared something on cloud shell. I think that one was on mastering Azure cloud shell if you refer to that one. I think that was really about getting people an overview about cloud shell and what you actually can do with it. I mean, as you know, right, most of people probably just use a quickly to an SSH connection or something like that, but there’s much, much more you can do.

Mike Pfeiffer:
Yeah. So I finally got a view of the questions. This has happened to me before where we spin up a live stream and then the questions don’t show up. So I’m finally seeing everybody that’s out there, so appreciate you guys being here. Ryan Colley, thanks for showing up. Good to see you. Adeal, what’s up man? Good to see you. Antwan. Glad you’re here. Pete Goodwin. Good to see you, my friend. He’s like, “Hey, I need a pair of those headphones that Thomas has”. But yeah. So awesome. So, what do you think is the most important topic right now? Because you’re going on tour talking about lots of stuff about Azure. What are customers talking about, asking you about and what do you think will be good for the folks in the comments here on LinkedIn.

Thomas Maurer:
Yep. So there’s obviously a ton of things going on depending on which space you’re in, right. We launched a synapse and Azure Arc. And much, much more. But what I realize right now is not just talking about a specific technology. It’s really about, I realized that a lot of companies are now starting to move and a lot of people who actually worked before in that company, they did network administration, storage administration, virtualization, you name it, right? And they are super interested in what is the next step going to be for me? What am I actually going to do? And I see a lot of people thinking, okay, if I’m not a developer, the cloud is not really for me. Right. There’s nothing to do maybe or something like that. And then you start showing them governance and ultimation and all that. And then they realize, oops, there’s much, much more to do than I thought it would be. Right.

Mike Pfeiffer:
Governance stuff man gets people. Right?

Thomas Maurer:
Yep. Yep.

Mike Pfeiffer:
Tough to get that right. And it’s kind of like people start with that and then kind of mess it up sometimes because they’re not thinking about it. Sorry to cut you off there, but I wanted to jump in because that one is massive.

Thomas Maurer:
Yeah. No. No. No. Absolutely fine. I completely agree. I couldn’t agree more. There’s also one of the sessions we are doing at the Ignite tour, one is about governance, there are more, but one specific one is about governance and we have so many questions and so many people who want to know more about it because a lot of people don’t even realize it. As you said, they probably start and they don’t even think about this stuff, right. And then they end up if that cloud sprawl and they have servers or just resources everywhere and the cost explodes as well as they have security concerns and so on. And then you need to go and clean that up. So I’d highly recommend that customers have to look at this first and then then basically start to leverage to cloud as well.

Mike Pfeiffer:
And a lot of times they get in there and nothing’s tagged. There’s no naming convention thought about. So a lot of the stuff you guys have in the cloud adoption framework, if you follow that from the beginning will help you with that. But most people just like to dive in right to the deep end of the pool. But you’ve got to kind of pull back on that a little bit and do it right.

Thomas Maurer:
Yeah. Which I think is understandable, right? I mean you see probably a lot, but like if I got started, my first day, I was well not thinking at all about all those things, right? They’re like, “Oh, I’m happy to do that networking works.” “I’m happy that all my my resources are there”. And then I was also figuring out, okay, which resources do I actually use? Right. And then you’re in that state, so I really enjoy how we actually get a little bit more mature tools to do that. Especially for example, I like our cost management involved in the last couple of iterations. So you do a lot I guess with policies and stuff like that?

Mike Pfeiffer:
Yeah. So we’ve been getting more into it lately and especially doing lots with arm templates lately. I know that everybody, well not everybody, but there’s a lot of people that have been complaining about the expressiveness of the JSON arm templates and I was talking about this with somebody this morning that when you start building custom policies and Azure policy and you’re going to do blueprints and you’re going to do arm templates, right now JSON’s part of the process, right? So you start small and kind of navigate it that way. It’s easier to start to absorb the material. But yeah man. And the other thing is you’re getting some serious love from the community right now about those surface headphones.

Mike Pfeiffer:
But yeah, that’s something that we’ve been working on a little bit. I’ve got some plans hopefully in our community to start building some content around just resources people can use, much like you guys put out in the reference architecture center. And things where I said, Hey, here’s some guidance, but here’s an arm template and some automation that goes with it. So I think continuing to piggyback on what you guys are doing to give customers assets that are usable to get them going is important. That’s an easy community work. Well, not easy, but it’s a community effort that anybody could get into. And you know that as a former MVP, before you worked at Microsoft, you were a big MVP, constantly pumping out content. Right? So the big opportunity for anybody to share what they’re learning in this cloud journey, right?

Thomas Maurer:
Oh absolutely. I think that what you just said is pure gold. Especially when you can take learnings from real companies and real world scenarios and you can basically put them together and share that back with the community. This will not just help another customer or another person. But it would also help yourself, right? First of all, you get recognition for it, not just from Microsoft but also in the community. And I think people don’t forget who creates that stuff. And I think that’s where there are a lot of people who learn that they are great experts out there, but a lot of them don’t share the knowledge really. So they don’t get really the benefit of all of that.

Thomas Maurer:
And it’s funny you bring that up because we had huge discussions before I turned Microsoft in other companies where if we share all that knowledge then people could just copy us. Right? But I always tell people, look, at the point you share that knowledge and to give it out to the community and someone else picks it up. You’re already on the next level, right? You’re already going for the next thing. So there’s no way this harms usually.

Mike Pfeiffer:
I couldn’t echo that anymore. Underline that. So true. And what you guys are doing with your open source commitment speaks to that. From the organization perspective, you guys are really giving a lot and it’s showing up. You could just see it in the community. If people are responding to that, there’s been massive amount of open source effort from your teams. In fact, I’ve mentioned this in a couple of episodes, but I was talking to somebody about two months ago and he was blown away by the interaction that he was able to achieve through GitHub issues with folks on your engineering teams

Thomas Maurer:
Yeah. And again you read my mind on certain things because it’s so funny, we had a team call I think yesterday, I’m sorry. I’m really bad with the time zones right now. But our team came together, we are now in Donovan Brown’s organization and so we had this call and I just watched a recording this morning and that came up and we came up with that skid up thing, the scenario where a customer can go out to get up and open an issue and then have direct conversation with the engineer actually works on that. This is something really important for us, right? This really speeds up the whole process. And also for customer it’s like, “Hey, they are actually listening”. It makes it more visible. Right. In terms of the old way, which is absolutely okay, when you share feedback with us or share feedback on user voice and all that, we are listening to all of that, but however it can take a while until you see the results of sharing that feedback. When you’re on Getup and sharing that, you basically have very fast responses. Right.

Mike Pfeiffer:
Right. Yeah. It’s amazing. And there’s been a couple of times where I’ve just filed issues for documentation and stuff and sometimes it’s quicker than others. But the biggest point that you mentioned is Microsoft’s listening to customers at a deeper level than before. I mean it’s not like they never used to, but it’s deeper than it used to be. In the comments on the live stream, I appreciate everybody being here. Raja, what’s up? Jeff Brown’s in the house. Good to see you, Stephen. Thanks for showing up. But there was a question. I want to get back to it. I got to scroll up a little bit. Somebody was, Oh yeah, it was BJ, what’s up BJ, can you talk a bit more about blueprints? So we might be jumping ahead of ourselves, assuming everybody knows what that is. What is it, Thomas?

Thomas Maurer:
So imagine that we have, well first of all we probably need to outline a little bit. So in the Azure world we have a layout of subscriptions where we actually can deploy things and you have basically that boundary which closes things off. And so you build a structure in your company or your organization where we have probably different subscriptions for teams or departments or different environments like development and production and so on. Depending on how you design that. And you want to make sure that, for example, if you want to give that to someone, like let’s say, okay, this department, they can create their own subscription, but you want to keep them basically under control, you want to make sure that every subscription they create looks exactly the same.

Thomas Maurer:
So for example, you can already deploy resources using arm templates, you mentioned before Azure resource provided templates to deploy resources. You can use Azure policy to do certain settings and I think that’s one of the most powerful parts is where you can then with policies you can for example, restrict which locations you could use to deploy resources like which Azure regions or you could limit the sizes of virtual machines, which can be very handy, especially when we launched the MB two series, which are basically over 400 course up to 12 terabytes of memory and train your credit cards in three.

Mike Pfeiffer:
Everybody’s got to spin up one of those machines and RDP into it and get a screencap of the task manager showing all the CPU cores of the memory.

Thomas Maurer:
Exactly. Yeah. It’s going to be an expensive time to basically do that. But so you want to limit that so they have policies as well so you can put it all and then also obviously R back, role based access control where you can say, okay, we want to have already certain groups with certain permissions and limit that for different users. So with a blueprint you can put that all together and then assign it and then say, okay, create a new subscription, it’s going to look exactly like this, like I want it to be. That’s at least what we think it’s for, but I’m sure they’re are customers using it for different scenarios as well.

Mike Pfeiffer:
Yeah. So is it still in preview?

Thomas Maurer:
I think so. If it hasn’t changed, I’m really bad to be honest when it comes to roadmap stuff. I always check the websites, but last time I looked it’s still in preview. We are definitely also adding, I saw some new features, which I’m also not 100% sure where it is exactly right now, but to add custom script so it can also, instead of just having an arm template, you can also run custom scripts and I think this is something we want to add in the future or is already there now. It’s kind of depends again between private, previews and [inaudible 00:15:04] right?

Mike Pfeiffer:
Yeah. So I’d love deployment automation and infrastructure as code and I can’t wait to see just the maturity of all of that stuff over time because you know, it’s just going to keep getting better and better. To me, policy as it matures, is just going to become essentially group policy for Azure in a lot of ways, right? The whole concept of taking a policy and pinning it to a resource group is very similar obviously to taking a group policy and setting it on an OU and it’s kind of the road that we’re on right? Getting to that, it’s cool. Kareem was in the chats. Did you want to follow up on that one?

Thomas Maurer:
Yeah. So I want to ask you, you obviously are going to implement stuff like this. Do you see people often also use like the guest configuration policies?

Mike Pfeiffer:
Not yet. But I was talking to Michael about that. We livestreamed with Michael a couple months ago now and he was the one that got guests configuration really on my radar.

Thomas Maurer:
Yeah.

Mike Pfeiffer:
So I haven’t cracked that open yet. It sounds like that’s still unfolding, but-

Mike Pfeiffer:
[inaudible 00:16:01] it sounds like that’s still unfolding, but I think it’s awesome. Because I think a lot of people start to get confused about policy. Where does it impact. The Azure platform as well, but to your point guest policies there that do the settings on the inside of the BM, right? Isn’t that what it’s all about?

Thomas Maurer:
Yes, absolutely. So you can basically go out and through configurations of your servers. Now we do a lot of all the things, but we can also set specific things. So again, when you said group policies, think about it as group policies for your servers on steroids. That’s what it could be. I mean, we are still very early on in that space, but that’s what we are actually looking at. And it’s not just for Windows servers, it’s obviously also going to work on Linux servers. For me, that was really when I had this eye opening when they announced Azure Arc for servers. When we saw that we can now not just use these guest configuration policies for virtual machines running in Azure, but also if they run somewhere else, if they run on prem or at the other Cloud provider, you can use exactly the same tools and basically manage them all from Azure. That’s when people are looking at it. This is one of the game changer Azure Arc really provides, right?

Mike Pfeiffer:
Yeah. It’s going to be fun to watch Azure Arc unfold as well. And there’s a lot of people asking in the chat… I keep saying chat, it’s the comments in LinkedIn. But one of the things that also came up, people asking about new services. Azure Lighthouse, somebody asks, “Can you talk about that?” It’s probably not a well known service because it’s so new, right?

Thomas Maurer:
Yeah. Azure Lighthouse… And again, as I had worked in the past for a managed service provider, and I saw that these capabilities are coming, this was also like, okay, we need this. So Azure Lighthouse, we have a lot of managed service providers or service providers which manage, for example, multiple customer environments, multiple tenants and a lot more environments, right? And for them it was very hard to basically go from this environment then to the next one to the next one. And Azure Lighthouse basically gives you a tool or a framework where we can manage multiple customers’ environments. And this comes especially handy for managed service providers, but also you can imagine if you’re a large corporation which probably migrates different mergers with other companies. This can also be helpful there to manage your different Azure environments.

Mike Pfeiffer:
Cool.

Thomas Maurer:
We could go way deeper than this, and we talk for hours just in Lighthouse. But essentially it really gives you a tool or a framework where you can manage multiple Azure customer environments, right?

Mike Pfeiffer:
Yeah. Very cool. I understand that you’re on your way to Seattle. You’re traveling like crazy as usual. What are you going to be talking to people about on this next big tour that you’re doing?

Thomas Maurer:
Yeah. My sessions are mostly… Usually we have these learning paths. So we have two learning paths, which our specific small team with Rick Kloss and the other part of the team does. This is about… One is called Modern Cloud Operations and the other one is called Modernize Server Infrastructure. Well, all of the sessions are really focused on operations people or Cloud operations people. So we have two sessions in the Modernizing Cloud Operations. One of them is about Azure. IS virtual machine operations, so we’re going to show us some cold tricks and troubleshooting tricks with that and how you actually can manage your Azure BMs.

Thomas Maurer:
And at one point it gets that interesting that I would say if you use all those tools, those management tools like update management, change tracking and all that stuff, at one point you have automated your infrastructure service platform so much that it actually almost becomes a past service. One session is really about that. And the other one is about governance. So this is one really focused on about why do I set this up? What are the problem? What other challenges customers are having? And then explaining tagging policies, blueprints, and all of that.

Thomas Maurer:
And then we have the server learning path, the one [inaudible 00:20:43] server infrastructure learning path. That one has a session about how you get rid of your 2008 and 2008 or two Windows servers which are now out of support. Then we have one section which I created is the hybrid management one where we talk about how you can actually leverage Azure hybrid services like for example, site recovery or update management. And obviously Azure Arc for your on prem or systems or servers. And the last one really is about Azure migration. So how do you use Azure Migrate to migrate your servers to Azure?

Mike Pfeiffer:
Azure Migrate’s a really insanely good service, so mature for just having a cloud native migration service. Because some of the other Cloud native migration services, the ones that come with, I think aren’t as deep. It’s really good. I got some really good comments in here in LinkedIn that I want to hit on. Ryan Colt said, “What Fin Ops case studies or scenarios can you give examples on? So where resource tags and cost management has been used to control spend.” In your work in the governance world and helping people track and manage costs and tagging and stuff, what do you think that we could point Ryan to in terms of maybe a case study or an architecture that you guys have built? Anything like that out there?

Thomas Maurer:
Definitely as you mentioned before, the Cloud adoption framework. It’s definitely a good place to start to read about this because that covers actually a lot, if not everything, about it. It’s pretty broad and explains a lot of different scenarios. So that’s definitely something where I would point you to. And if you go there he’ll find a lot about these topics.

Thomas Maurer:
Something else is also, which was pretty handy is when you do dive into Microsoft Learn, which I don’t know how many actually learning paths we currently published on these topics. I’m sure we have some on for example cost management and things like that. So Microsoft Learn is a free platform. For those don’t know out there, it’s a free peer learning platform from Microsoft where we publish learning paths and modules. You don’t even need an Azure account to use them.

Thomas Maurer:
The great thing about it is usually you have some text explaining something, you have probably some assessment with questions, you have some videos. So the usual stuff, right? But you also get a sent box environment. So you get a free send box for an hour where you can actually try out the commands and build stuff in Azure for free basically. And then after an hour we just decommission it again so you don’t need any credit card or anything to create an account. And then there are some great courses on Pluralsight. I like that one. Then there’s great people, for example Mike who also I think you have some great video content out there that… Sorry?

Mike Pfeiffer:
I’m slightly biased. You should go watch all of my Pluralsight courses.

Thomas Maurer:
No, but seriously. I mean to be honest, I watched them too. It’s not that we everything about every platform. We also need to learn at some point in time and so I go out and we also watch what our MVPs are doing, and what great content they create.

Mike Pfeiffer:
Yeah. I was talking to another fellow MVP this morning and we had that conversation of… It kind of looks like when you’re doing stuff that you do, Thomas, even when you’re in a VP, but now still, or stuff that I’m doing to build content. It looks like we got all the answers to it at the top of our head. We’re all learning stuff, too, right?

Mike Pfeiffer:
I would love to hit on some of these comments that are coming in. So Peter had a great one. He said, “Hey Thomas, what use case for Azure are you seeing today or coming in the near future that has you the most excited because it’s something you didn’t think was coming? Or it could be because it was something you didn’t think was coming for Azure within the last year or two.”

Thomas Maurer:
It’s hard to say. Especially when you… All the services basically, which are announced… I mean there was some wishes I have for services in the future, but then they announced something which was like, okay, I didn’t expect that, but that’s great. It’s definitely hard. What I would highlight really… One I already talked about, Azure Arc, and getting that hybrid management experience and much, much more. You also have data services which you then can deploy on basically any infrastructure so you cannot go out and deploy Azure SQL on prem or at the other Cloud provider and get basically the same benefits, and also manage them directly from Azure. Obviously we covered that, and that was for me, the more I think about it, it’s going to be a really big thing.

Thomas Maurer:
The other thing is, which I’m not, to be honest, not too involved in that, but it’s for example Synapse. Azure Synapse is going to be in the data world. That’s going to be super interesting if you have these massive amount of datas where you need to go through. And then everything, where we say basically we use the AI parts which are coming out. Or even the small AI parts, it’s not even… We highly advertised them sometimes, but I mean in some cases we just have been there as well. There’s now AI and machine learning built in almost everything, at least a little bit, right? And so that I’m super excited, those small improvements. It’s a very good question, to be honest. It’s hard to answer.

Mike Pfeiffer:
It’s like pick your favorite movie, right? There’s so many, it’s hard to just sit there and pick one. All right, let’s move on to the next one. Louisa said, “Hi, sweet boys. Send me a smile.” That was a while back, but hopefully she caught a couple of smiles along the way. Richard says, “Could guess configuration…” And going back to policy, “Can guess configuration over time replace something like DSC, or any other configuration management tool for that matter?”

Mike Pfeiffer:
I don’t know all the details, but I understand that potentially the PowerShell team is working on PowerShell core support for DSE and a big update for that. But what do you think? Do you see guests config becoming the ultimate trump card for config management or is it complimenting these other services?

Thomas Maurer:
It’s still hard to say, definitely a hard to say. But to be honest, I would like to be at the ultimate service. However, if that’s going to turn out that way, I really don’t know. In fact, you mentioned again when we talked about deploying things with arm templates, right? If you could also bring that with policies, if you can do all the guest congregation as well in the same way, that’s going to be really, really powerful at one point and you don’t need to have multiple tools and everything. The Azure resource manager platform does basically all those things for you.

Thomas Maurer:
I guess this could be a very interesting part to see what’s going on in the future. However, what do we exactly target? I don’t know where we actually completely going, what the messaging would be. There were so many good tools out there. Also for party tools, which can really do a lot today. So by just saying, okay, we’re going to remove all of these and we’re just going to use that, it’s going to be hard, right?

Thomas Maurer:
But again, especially those people who really think in a Cloud native way where they go and say, okay look, we are going to take Azure and we’re going to take everything from Azure as much as we can. And then if Azure doesn’t offer something, then we will maybe use something else. So for those people, especially for those Cloud native people, I think Azure policy and guest configuration policy can become very, very interesting.

Mike Pfeiffer:
Yeah. [Walid 00:00:29:05], they’d had a really good comment as well, kind of goes back to what you were talking about a little bit in terms of data. Now that customers are getting more mature or gets further along in their Cloud journey you’re seeing people migrate data in larger batches, right? Way more than they were in before. Because before they were just evaluating. So Walid was saying, “I would like to know from a newcomer’s perspective what concerns for data governance and confidentiality should we be thinking about? What strategies can we consider when moving to the Cloud to protect that?”

Thomas Maurer:
Oh, that’s a very, very good question. I mean that’s what we see a lot of insurance companies or even banks are doing, right? They exactly are dealing with this. And I’m sure there are other industries as well, other companies as well. We offer a couple of different things where you can basically encrypt data in a certain way, right? And we even have things like confidential computing in the pipeline, which is basically not just gives you encryption at rest but also encryption while your service is running.

Thomas Maurer:
For example, think about if you’re familiar with hyper V. We have this feature called shielded virtual machines, which basically encrypts the virtual machine and the memory of the virtual machine. So not even an admin can access the content of that virtual machine. In that case we just do the same thing for databases and stuff like that. Another strategy is also to just send data without any information in terms of names or whatever. So for example, hide your customer names or we link that with a unique identifier. You send the data up, you run your machine learning or whatever, you get it back. And for us it’s just numbers, right? And then you get it back, and then you match it again with your patient name or whatever on prem in your environment. So you basically don’t give us anything.

Thomas Maurer:
I also would recommend that people go out and go to the trust center. If you haven’t heard about the trust center from Microsoft, this is where we basically explain all the privacy stuff and also how we basically manage our environments. I think you can also get the audit information from our Cloud services. You can go in and basically see, okay look, we had these different audits and that were the results. If you’re an Azure or a Microsoft customer, we give you these to download so you can actually see what we actually do and you can see the results of those audits. So really the trust center is definitely a place to go to also get more information, how we basically deal with that.

Mike Pfeiffer:
Nice. All right. So everybody out there that’s listening, feel free to add more questions into the comments. I’ve got one for you, Thomas. Peter touched on this just a little bit, but I’m wondering what you’re excited about. When you’re building stuff and you’re blogging a lot, what’s your next big project where you’re going to go create some content? And what do you got on?

Thomas Maurer:
That’s a good thing. I don’t want to highlight-

Thomas Maurer:
That’s a good thing. I don’t want to give away too much already because I’m working on that. I’m really looking at, there’s two ways or things I’m looking at. One way is really like the new stuff which comes out. When we announce something new, I want to be one of the first persons to try it out and then basically share my opinion but my results and my experience with it and help people get from basically zero to like, okay, I can deploy it, and in a very fast way. Because sometimes we have this in between things where we have the announcement blocks, where we basically say, “Hey look, this is what it is for,” and explain it very on a high level. Then we have the documentation which is a lot of text and a lot of material. I just want to be somewhere in between, to basically read something, to explain, “Hey, look, you can do it step by step really, really quickly to get it running.”

Thomas Maurer:
Another thing is where I look at, like for content is when I speak to customers or read comments or when someone reaches out to me and has a question. So for example, in this life video for example, the questions you gave me, those are already gold in a way that I then see. Okay what are people actually looking for or what are good topics to talk about? So I definitely will go out and I will definitely do something on guest configuration policy to have a look at that, especially maybe together with Azure Arc.

Thomas Maurer:
But this is what I learn, especially when I go to events. One part, obviously we present, we deliver our content, but we are also super happy to speak to our customers and our communities, especially also try to sync with the MEPs and other parts as well in every city I am because they have so much great value of their experience and we can then take that knowledge and not just, I mean creating content is one thing, but then also bring that back to the different feature teams in the Azure engineering group, where we can tell them, “Look, we have a customer. He actually had a great idea. He wants to use the service for this, but it’s not really designed for it. If we just changed that a little bit, it has some potential,” and so we can go out and tell them, “Look, how are people in the real world using our services?”

Thomas Maurer:
Those are kind of like the ways I’m going with content. So [inaudible 00:34:27] again where we knew stuff but also helping people. I think that’s also the content that most people are looking for, obviously. I think that’s where it’s going. I obviously stay in the operation space. I really think about the [IT Pro 00:00:34:44] itself, but it maybe transforms a little bit, as you see if you watch Mike’s channel as well. There’s so many different things we are doing. I don’t think you can have a clear line anymore between different shop rules. It’s changing so much and everyone needs to do a little bit or understand a lot of different technologies.

Mike Pfeiffer:
I agree 100% with that. I think it’s a blurry line these days because even if you are ops focused for a long time, you are getting sucked into these developer patterns and practices. Now that you can virtualize every single thing, now you can represent everything as code. Kareem had a really good comment and question. It was basically, is the Azure CLI or PowerShell or Azure CLI, are those things going to replace ARM templates or are those things are replacement for ARM templates, or they compliment that? How should people be looking at those things?

Thomas Maurer:
I would definitely say they’re complementary. Those are different ones to deploy. We want to give customers different options to deploy their services. Obviously there are certain ways which are, like if you’re more mature, you’ll probably prefer it. If you also look at, for example, Azure DevOps, where you can deploy things in an automated fashion, in a continuous CI/DC pipeline and so on.

Thomas Maurer:
But also if ARM templates, which just basically infrastructure’s code, this is not going to be say, okay look, we’re only doing this and we don’t care about the CLI. The CLI and to PowerShell module and the portal and all of that, those are all different tools which you can use and they all have the reason to be there. There’s not just one way of doing it. I don’t think there is. We have customers that just prefer to write everything down in CLI and we have customers, we see them writing those awesome PowerShell scripts. Then we see customers combining all of that and again, with the CLI, you can basically deploy ARM templates. You can also deploy through the portal or through PowerShell. It really depends on what your needs are and what you want to achieve.

Mike Pfeiffer:
I think that that is an important message that you just shared there and the constant theme coming up from this discussion so far is that you guys are listening to your customers very intently. Then the other thing is every tool has a purpose. This is a big one because I had a customer a couple of months ago now, but I went onsite to work with this customer and they had inside the company, another team who’s working with a different consultant to do a different project. But that consultant had gone to lunch with the guy that I was working with on a different team and told them, “Hey, don’t use the CLI because, or don’t use PowerShell because everything is going CLI.”

Mike Pfeiffer:
When my customer told me this, he was frustrated because he’d just spent the last five years learning PowerShell. He’s like, “Man, I’ve learned all this PowerShell, now I can’t use it.” I’m like, “No, hang on a second. That’s not true.” Any time somebody is telling you something like that, where one versus the other is better, that’s not the truth. It’s just a choice. What’s your background? If your background has been PowerShell for five years, then that’s a logical choice for you to go off and do, right?

Thomas Maurer:
Yeah, absolutely. No, that’s very important. By the way, that comes up a lot. So a lot of people, like I talk a lot about also Cloud Shell and things like that. People then always show you have a Bash or a CLI and a PowerShell experience, so what’s going on there?

Thomas Maurer:
Again, it really depends on your scenario. So for me as well, I’m using both. In some cases I like the Azure CLI for doing like a one liner or something like that because it’s really powerful doing that. But then I’m a PowerShell guy. So PowerShell for me and the objects I can use in PowerShell, this is really, really powerful if I start to write a script. I really love doing that and it really helps me to get more efficient. Again, this may be different for other people. But I then like the Azure PowerShell much, much more if I write the script with some loops in there and things like that.

Thomas Maurer:
Then I also get a lot of questions. It’s absolutely fair point is sometimes we only have a CLI available or sometimes the service only has PowerShell commandlets and does not have a CLI. The reason for that is basically just, especially when they are on preview, we start with something and we’re looking out at what is the audience? Probably the audience which is going to use to service first. If you look at, for example, containers, we started there I think with the CLI experience.

Thomas Maurer:
Again, could be an older service but we were looking at, okay look, the people who are using containers today, they’re probably using the Docker CLI and so on. They are familiar with the CLI approach. So we start with the CLI, but we also add the PowerShell commands to it. It sometimes it takes a while and it sometimes takes a little bit longer than we expect. But I also want to quickly say it’s also true for the PowerShell part. Some services are, if you come more from the Windows world, you probably have PowerShell first. Then add the other part. I think it’s really good to clarify this, that there is not one better than the other. It really is a different, depends on what you prefer and what your scenario is and what you like to do.

Mike Pfeiffer:
Yeah, and that’s the whole reason why you guys build different versions of things. There you go. Mohammad said, and he has a good point here, this is interesting comments, “I would like to see AI based tooling for writing infrastructure’s code.” So he’s looking for abstractions above even what’s there now. He’s wondering, because he’s like, infrastructure’s code is still plumbing for a lot of devs and so he’s like, do you see more business logic, higher level abstractions for these types of scenarios coming down the road?

Thomas Maurer:
Let’s put it that way and say, we got that feedback and we know that this is something where AI and machine learning could potentially help. Let’s it that way.

Mike Pfeiffer:
Nice. All right, we’ll have to let that play out, right? So we won’t hammer that one anymore, but cool, man.

Thomas Maurer:
Well, one thing I can share. One thing I can actually share is, and not a lot of people, I was not familiar until a couple of months or weeks ago, the actual CLI has a find command. So if you’re looking for something to do in the actual CLI, you can just type AC find, and then for example, let’s say SSH or backup or whatever. This will then give you some examples.

Thomas Maurer:
Now these examples, some of them are hard coded, some of them we give, okay, look, this is a good example. We’ve put it into the CLI as an example. Some of them, and we mark that, are auto-generated. So we basically use a type of machine leaning here, if you will, which maybe we should not call it that way, but where we go through docs and then we look at the different documentation, at the commands. Then we realize, okay look, this looked like it has to do with SSH or backup. Then we take that command as an example and we build it into the CLI. So we don’t have people writing actually these examples in the CLI, we just take them from the docs pages. So that’s actually something we can try out, where we already built some intelligence, if you will, into our tools. But I think there’s much, much more I think what we can do.

Mike Pfeiffer:
Got it. Then the last one that we’ll take, because I know that it’s late for you and I’ve got a call at the top of the hour, but this is a good one. [VJ 00:42:43] was saying, “How do you guys choose between where to put Azure regions? Azure Germany is coming up, Azure China, blah, blah blah. But how do you guys kind of gauge that as you add services in the future, add regions but even add services to those regions?” He’s just trying to understand the logic of that and if there’s any way that they can participate or chime in with their feedback about it.

Thomas Maurer:
Yeah, so it’s about what services are going to be available in which Azure regions. Usually what happens is we have obviously some of our main or hero regions where we basically have almost all the services available. Then we obviously have a lot of other, smaller regions or regions which do not have all the services available.

Thomas Maurer:
The question really is about how do we decide which region gets which service. Again, as most other things, it’s just about customer demand and business cases. It’s as soon as you have a lot of demand in some region for a specific service, the chances are high that we’re working on as well. I mean sometimes we just can’t deploy it fast enough. Would we like to offer every server in every region? My guess is absolutely. The other thing is you just need so much time to deploy these and keep these running and all of that. That’s where we really look out in like where we have a demand. I mean for example, Azure Switzerland, one of the regions which were announced in summer and they were accessible in summer for Swiss customers if that was [inaudible 00:44:27] ticket. I think since yesterday they are available to the general public. You should now see them in the Azure portal as well.

Thomas Maurer:
They, for example, they do also have, not all of the services, but what they have is they have SAP on Azure. Because we had customers specifically asking for this. So it really depends on the customer demands. So definitely if you want the service somewhere, try to speak to your local Microsoft subsidiarity to make sure that your request is heard because they then can go out and basically come back and say, “Hey, we have customers who actually wants to deploy this.”

Mike Pfeiffer:
Got it. All right Thomas, it’s always a great time chatting with you, my friend. I wish we could keep going for hours, but it’s already late where you’re at and I’ve got to boogie. So anything that we should tell people to keep an eye on as we close this one out? You’ve mentioned a lot of resources, I’ll put that in the notes later, but anything on the way out here you want to point people to?

Thomas Maurer:
Yeah, so definitely check out Microsoft Learn if you haven’t done that. Check out the cloud adoption framework if you’re working with Azure, and read what’s there. Check out my blog and obviously check out Mike’s blog and your podcast as well as your [inaudible 00:45:48] courses. I think I always get something good out of that. I think that’s what I want to highlight really, and check out our team’s blog. That’s very important, itopstalk.com, which is like our IT or Azure ops team’s blog where we blog about IT operations topics. This can be Azure governance, ultimation, infrastructure. It can also be Windows server or Linux, DevOps, PowerShell, all of that. It’s a real mix of ops content there.

Mike Pfeiffer:
Well, there it is everybody. Thomas Maurer, the legend from Microsoft. We’ll see you next time. Thanks a lot, Thomas, appreciate you.

Thomas Maurer:
Thank you, Mike.

This podcast is sponsored by the Azure DevOps Training and Certification Bootcamp at CloudSkills.io

Dive into Kubernetes with Nigel Poulton

Mike Pfeiffer — Sat, 08 Feb 2020 14:43:13 +0000

In this episode I catch up with world renowned Docker and Kubernetes author Nigel Poulton. We had a great conversation about how to navigate the world of cloud native computing in 2020 and beyond.

Nigel Poulton is a techoholic who spends his life creating books and training videos on the latest and greatest cloud technologies. He’s the author of best-selling books on Docker and Kubernetes, as well as the most popular online training videos on the same topics.

He’s a Docker Captain. Prior to this, Nigel has held various infrastructure roles for large enterprises (mainly banks). When he’s not playing with technology, he’s dreaming about it. When he’s not dreaming about it, he’s reading and watching sci-fi. He wishes he lived in the future so he could explore spacetime, the universe, and tons of other mind-blowing stuff. He likes cars, football (soccer), and food. He has a fabulous wife and three fabulous children.

Nigel on Twitter
Nigel's Docker and Kubernetes courses
Nigel's books
Magic Sandbox Hands-on Kubernetes Learning

Full Transcript:

Mike Pfeiffer:
All right, everyone. Welcome back to another episode of CloudSkills FM. Really appreciate you guys tuning in as usual. And we got a special episode this week. We’ve got Nigel Poulton on the show, basically needs no introduction, but if you haven’t heard of him, he is basically the King of Docker containers and Kubernetes. Nigel, what’s up man?

Nigel Poulton:
Oh my God. Honestly, Mike, it’s an absolute pleasure to be on the show. I’m quite sure that I do need an introduction now. I think you played me up a little bit there.

Mike Pfeiffer:
Well, I’m just saying from my perspective and a lot of other people that I know, you’ve got a ton of respect in the industry, man, so not trying to put you on the spot. You’ve been doing a lot of this work for a long time, especially when these technologies were really new to a lot of people, and they even still is, man. So I really respect your work. And so if there is somebody that doesn’t know who you are, maybe you could just talk about that and maybe how you got to where you’re at today.

Nigel Poulton:
Sure, yeah. Okay, so my name’s Nigel. The accent can be confusing at times. Some people think it’s Australian, it’s actually British. And actually, yeah, the name Nigel, I think very British as well and over here in the UK. So I know Nigel isn’t a popular name across the globe, of course, but it’s not even popular in the UK. Within the UK, it’s very much a geeks name. So you get in with the IT crowd and people, and you might find the occasional Nigel, you get outside of the IT crowd and there just aren’t any Nigels out there. So that’s something interesting. But yeah, so do you know what? So I don’t know how long ago it was now that I first came across a Vmawre. I think it was VMware 2.2. And I didn’t really start getting into it until it was like 2.5 personally.

Nigel Poulton:
But I remember back in those days, it’s… I’m no good with dates, but it must be 20 years ago now. And I remember that moment of first coming across VMware and grokking or really getting an aha moment. And I just remember thinking, “Man, this makes so much sense and it’s going to be something pretty spectacular.” And obviously it was, and it helped propel my career forward and a lot of other people’s careers forward. Then if you fast forward that clock forward, ooh, 10, 15 years or something, I had a very, very similar experience with Docker. And it was starting to gain a little bit of traction. I got into Docker around about Docker 0.9. And I remember when I first got my hands on it and really understood what it was doing.

Nigel Poulton:
Again, I had one of those… I could almost call them VMware moments when I was like, “You know what? This is going to be something special.” I was working in storage and a bit of networking in Lennox at the time and took a huge risk and said, “You know what? I want to try and be at the bleeding edge of something,” because I wasn’t really on the bleeding edge of VMware. I was quite early, but not one of the really early adopters. Now, I remember back then thinking, “Gosh, if I was to see something like this coming again, I would love to get in there really early.” So when I saw Docker and had that moment, I thought, “You know what? Look, you only live once, right? Mike? I am all in on this Docker stuff.” And I’ve been super fortunate since then, like I say, “I’m rubbish with dates. I don’t know what it is seven, eight, nine years ago, something like that, about that.” I have not looked back. I’ve been super fortunate, yeah,

Mike Pfeiffer:
That’s an awesome story, man, because I think that there’s a lot of us in the industry and you can relate. I know that when I started with VMware it was a game changer for me. And I don’t know if people realize how old the VMware really is. It goes back to late '90s. So I went through that, had that same similar experience, but I did not double down at Docker at the time that you did. But I think what’s interesting is when you did and you started really getting known for teaching Docker, it was just like your courses were pretty amazing for people because it was a different way of delivering content. And I’m wondering, were you teaching before that? How did you get into it so proficiently, right out of the gate because you were good on timing with Docker, but then also the content was really good?

Nigel Poulton:
Yeah, so if you don’t mind, if I dial the clock back a little bit, and so when I started my IT career in the late '90s, I did a bit of NetWare, but quickly started getting into Windows NT 4. And at the time, I studied for my MCSE in Windows NT 4, took that and passed it. And then I also recertified for Windows 2000. And at that time, books we’re a huge, huge influence in my career. I still have a copy of Mark Minasi’s Mastering Windows 2000-

Mike Pfeiffer:
Oh, I had that book.

Nigel Poulton:
[crosstalk 00:04:39] 1,500 page tome that I took on my honeymoon with me. I read it on the [crosstalk 00:04:46] he had no seriously. But to be honest, those books at that time were really important to my career. And I always thought to myself at some point I would like to give back to the community, and I’d like to write a book. Now, don’t get me wrong. There’s more to writing a book than giving back to the community. There’s no money involved in an IT book. Well, you certainly not going to retire, but I will hold my hand up and say, “Look, it is good for your career as well.” And an opportunity came along quite few years later for me to write a book on data storage, networking for Wiley [inaudible 00:05:15].

Nigel Poulton:
So I wrote that book for those guys, and it took me about a year to write. I was doing a 9:00-5:00 in London at the same time as well. So it was a really tough year of my life. About halfway through the year, a train signal, who were… This is back in the day when video training was really new. You would buy a course like one of David Davis’ courses or whatever, and they would ship you out a bunch of DVDs, stick in your laptop and watch. So that’s how long ago it was. But they came along and said, “Look, we’d love you to do a video course on storage networking.” So I did that. They were acquired by Pluralsight, flew me over to the States to one of their events and said, “Look, we really like your teaching style.”

Nigel Poulton:
I’m going to be honest. A lot of people like my style and stuff. But I think at the beginning, just like the accent because it was a little bit different, but they were like, “You know what? We would like you to make more videos for us in any area that you would feel comfortable teaching.” Well, I felt a little bit like a mistake at the time. I told my wife that because I was getting paid quite good money to work in London, and London was a long way away from where we live. And she was like, “Wait a minute, you could maybe make videos from home and you wouldn’t have to go to London all the time. I think you need to try that.” So she strong-armed me into making that decision.

Nigel Poulton:
Made a bunch of courses for Pluralsight. And then when Docker came along, I honed my skills I think a little bit in creating videos because creating videos is a very different experience to writing a book. Writing a book it’s really hard to get nuances across and to express humor and things like that. It can be taken the wrong way if you read it, a different way. Whereas with a video, you can express who you are, and you can a joke, you can have a laugh, you can make the learning experience. I felt a lot more interesting and entertaining, and I fell in love with that style of teaching.

Nigel Poulton:
And back in the early days, I remember being in my office once recording a video. And of course, I’m stood in front of a laptop like I am now with a headset on, and I’m talking to this laptop, and I’m throwing my arms around with passion and an excitement as I’m explaining something to do with containers, and I’m hopping from one foot to the other like I’m presenting in front of an audience. And then I catch my wife in the corner of my eye and she’s having a bit of a giggle and I’m like, “Ah, yeah.”

Nigel Poulton:
Anyway, look, I don’t want to bore people. But yeah, so I took that plunge to start full-time, being a video instructor. And I know I haven’t looked back since then. The early days were really hard because I quit quite a well-paying job, then I started recording videos. And it’s like a Netflix model almost, where the more content you have in any one online video library, the more income you’re going to generate. And when you don’t have a lot of content in there, I taken a risk of quitting my job. And I wouldn’t necessarily recommend that to people these days, certainly not to start out with at least anyway. And because we had some quite hairy financial moments early on, and we’re all good now, don’t get me wrong. And it is a lot of fun and it’s a great way to connect with people.

Nigel Poulton:
Now, I can share my passion. I do love technology. Like I say, look, I was really into learning from day one in tech. Those books were that important to me. People… Yeah, they still read books and stuff now, but a lot of people consume through videos. And it just gives that opportunity to give something back. And then I bump into people at conferences and stuff and they’re like, “Hey, do you mind that I took your video courses. Do you mind if I say hi?” And I’m like, “Heck, yeah. How cool is that?”

Mike Pfeiffer:
Right, that is really cool, man. It’s a pretty fascinating thing. I talked to people a lot, especially when I’m talking to people that are ramping up for new stuff, our customers, our students and stuff like that. I always tell people that teaching is one of the best ways to learn. And I would imagine that you’ve gone to that, where it’s like getting that perspective of looking at it from the teacher’s point of view and then trying to convey those things, completely changed the way that you look at this stuff, right?

Nigel Poulton:
Yeah, so I’ve probably got two things to say on that. When books were important in my career, that book from Mark Minasi, Mastering Windows 2000, I absolutely loved every page of that book, with the exception of the certificate authority and certificate services chapters. I found those quite dry, and I still find that PKI technology today quite dry. But Mark’s book was immense. But I bought other books at the time, and generally I would buy them. And this is early on in my life, setting up my own life and stuff, and you pay good money for a good textbook. And I would buy a book because I needed to learn something. And so often I would buy that book and read it, or read a particular chapter and I needed to understand something about. And I’d get to the end of the chapter, and I’m like, “Man, I still don’t understand that you’ve not done a good enough job in teaching the concept.” And that would frustrate me so much, Mike. Honestly, I’m getting passionate thinking about it now.

Nigel Poulton:
So I know when I came into writing books and to doing the video courses and stuff, I was hell-bent on making sure that I would teach something in the clearest way that I possibly could because I didn’t want anybody having the experience that I’d had with books and being like, “Ah, yeah, thanks a lot, Nigel. I’ve just wasted an hour of my life listening to you teach something on video and I still don’t get it.” I’m sure that maybe does occasionally happen. But I work so flipping hard to make sure that doesn’t happen because I’ve lived through it, where you spend your money and you spend your time, and you’re like, “Shit, what a waste.” So, yeah, I’m super passionate about being as clear as possible as well.

Mike Pfeiffer:
It shows, man, it shows on your content and shows in the scores on your author profile. And I agree with you 100%. I was just talking about this with some folks a couple of weeks or earlier this week that respecting somebody’s time when you’re teaching is incredibly valuable. And there’s just a lot of that not happening out there. And so I really love that you brought that up, man. I’d love to switch gears a little bit though and find out what you’re working on today because I know that talking about books, you’ve got books out, and so I’d love to hear about that. And then what are you doing right now with Kubernetes and everything that’s going on?

Nigel Poulton:
Yeah, so for quarter one and quarter two this year, the three main things that I’ve got on so, I have a book called The Kubernetes Book. I’m not the most creative when it comes to naming, The Kubernetes Book will do. So in the past, that book got two updates a year. So a technology like Kubernetes and anything in the container space seems to be iterating really fast. Listen, I mean writing books is hard work, don’t get me wrong. And I would love to be able to write a book and have it on sale on Amazon and be relevant for five years and I don’t have to touch it. That would be fabulous. But the reality is the speed at which some of these technologies are iterating these days. Any written book that’s like I would say for sure 18 months old is becoming dangerous to the reader almost because things have moved on so much.

Nigel Poulton:
So in the past, I’d always updated The Kubernetes Book twice a year. I’ve committed this year I’m going to update it four times a year. Now, those updates will come in the form of some new content to existing chapters and potentially additional chapters. But a lot of it as well is making sure that all of the examples and things work on the latest versions of Kubernetes. So for quarter one this year, we will be publishing a Ma… Sorry, a March, a February 2020 edition of The Kubernetes Book. So that is pretty much into proofreading at the moment. I am working on a new Kubernetes course for Pluralsight. So that will cover persistent storage, the persistent volume subsystem, and it will cover multi-container pod use cases, which I think will then fit into a wider learning path. My understanding is along the path of the Certified Kubernetes Application Developer, the CKAD exam.

Mike Pfeiffer:
Got you.

Nigel Poulton:
And so I’m working on a new video that will be… My commitment is to have that to Pluralsight by the end of March, and then I think they probably have a few weeks before it gets published.

Mike Pfeiffer:
I was going to ask you about that. I was just curious if the course was going to land in a learning paths for certification. So that’s cool.

Nigel Poulton:
I believe so, yeah. That was the plan when we originally talked about it. And so that’s on storage in multi-container pods. And then in the background to that, I… So I’m a partner at a company called Magic Sandbox, so msb.com, which is… I would recommend people go check it out if you’re interested in learning Kubernetes, msb.com. There’s some free content on there, whether is behind a paywall. But the idea is that within your Chrome browser, you get a multi-node Kubernetes cluster, a bunch of curated learning content that I’ve created, and a live dashboard that shows your environment in real time.

Nigel Poulton:
So you have access to your cluster, you can deploy scale, rolling update, roll back your applications, all that kind of jazz helm, all that’s in their pipelines and see it all live in your browser, but have me handholding you through it. And that’s an ongoing thing with me. And the reason I got into that, and I don’t know what your experience is, Mike, but people would come to me after they’d read the books or watched the video courses and be like, “Look, I really enjoyed them. Thanks very much. What do I do now? What’s my next step?”

Nigel Poulton:
And it was always get your hands on… Look, don’t get me wrong, with cloud and Kubernetes. It’s never been hard to get your hands on. Not like if you wanted to learn Cisco networking or EMC storage back in the day and you’d have to buy loads of 10 from eBay and plug it into your garage and it’d be a nightmare to learn. Spinning up containers in the cloud and stuff is relatively easy. But MSB or Magic Sandbox gives you less than one click. It’s already pre-built for you, a multi-node cluster that looks and feels and smells without sounding cheesy here. But folks it doesn’t smells like a production cluster, so you can do proper scheduling and stuff on it.

Nigel Poulton:
What I mean by that is it’s not like a Docker desktop or a mini cube on your laptop, where you you’ve effectively got one VM and all of your master in node components are running on one. And it’s okay, but it’s not really what the real world looks like. So MSB is more like… I think is, at the moment, the best way to take your Kubernetes journey to the next level by getting hands on experience. Now, I’m not saying it’s the only platform out there that does it, there are and will be others. But that’s just what I’m continually helping improve in the background. So that will be going on all four quarters of this year and into next year as we improve that platform.

Nigel Poulton:
But that’s me at the moment, working on the books, four updates a year, more video courses across different platforms. I would like, I think by the end of the year, to have something, CKAD Certified Kubernetes Application Developer. I’d be interested in your take actually on it, Mike, because I’m not a huge fun personally of certifications, but I know that they do have a-

Nigel Poulton:
Of certifications, but I know that they do have a value and are becoming more and more valuable in the workplace to HR departments and things like that. So that’s kind of on the radar for a little bit further out into this year.

Mike Pfeiffer:
That’s great because I actually, I’m a fan of certifications because it really amplified my career and I think the benefit is that it puts you into a situation where you’re looking at stuff in a different way. You’re looking at stuff that you probably wouldn’t have looked at before. What I love about CKA, CKAD is that you actually have to do it, improve, you know what you’re talking about. To me that is the pinnacle of certification where it’s like if you’re applying and we can actually validate that you know what you’re doing, that’s important because I think we both went through this, we started our IT careers in the late '90s. You were mentioning the NT4 certs and stuff and we both saw that and kind of go downhill right, when the answers got leaked on the internet and then certification lost.

Nigel Poulton:
Multiple choice, yeah.

Mike Pfeiffer:
Right? Yeah man. It’s just like it took a hit, right? Things like CCIE have always been really prestigious because you have to know what you’re doing. To me, I love the idea of Kubernetes certification. Then I also, just to circle back to what you were talking about, for anybody listening that hasn’t looked at MSB, you know, insanely cool, not only the content but the interface is beautiful man. So I think that that would be a cool way to get your hands dirty. I think ultimately it’s about that, right? You can’t really be effective with this stuff if you’re not applying what you’re learning.

Nigel Poulton:
No. That that’s right. I mean, I find it myself as well that when you read something or even if you watch it, I don’t know what numbers are, I’m sure people have done research on it and stuff, but I forget so much so quickly. Whereas if I’ve actually got my hands on it and implemented it then it tends to stick a little bit better. I know everybody learns in different ways, right? I always said that with the video courses people will be like, “Hey, so you Kubernetes book versus this particular Kubernetes course. Is the content the same or?” And I’ll be like, “Well look Kubernetes is Kubernetes at the end of the day, right?” If I’m talking about deployments or stateful sets or something like that, it’s going to be similar between the different mediums because it is what it is at the end of the day. I would say generally to people, I would recommend both reading and watching, but if they had a preference, do you prefer to watch stuff or do you prefer to read then just pick one of the two but always get your hands on afterwards or while you’re doing it because that is the thing that makes it stick.

Mike Pfeiffer:
100%, and that’s what’s cool about your books and your courses because it does take people down that road of labbing it up, which is super important. On that point I would love to… Well let’s switch gears from the training step for a minute. I want to come back to that, but I’d love to get your opinion on just the state of Kubernetes right now. There’s been a lot of people that, you know, it’s interesting, right? Because there’s a lot of hype, but the reality is this is insanely awesome if you’re doing it the right way, but there’s been people recently that have been pushing back I guess you could say about people going too fast with that, getting in over their heads. Enterprises that don’t really have experience with containers and then not spending enough time ramping up and just diving into it. Are you seeing that out there and what are your thoughts on that?

Nigel Poulton:
Yeah I’m seeing that. I think it’s good for people to push back. It’s so easy. And I’m guilty of this myself right, in my books and my videos and stuff as well. I’m a technologist at heart and I love things like virtual machines and containers and Kubernetes and things like that just for the sake of the technology. because I love learning stuff and I love to be able to break things and build things and I think it’s fun, but I understand that that’s not the way that businesses work. At the end of the day, you should be deploying these things if there are benefits that are going to come to your business and if you’ve weighed up the pros and cons and it looks like it’s going to be a good thing for you to do. Have you got the right skills? Have you got the right appetite within your organization?

Nigel Poulton:
Have you got the right projects that you can start kicking the tires with? All of these things are super important. I wouldn’t ever recommend that anybody deploys containers for the sake of containers or Kubernetes for the sake of Kubernetes so you can show off or put it on your resume for your next job or anything like that. That just seems a bit irresponsible. I like this whole idea of pushing back because I know as much as I love the technologies, I know that all of the vendors and people behind it, they’ve invested in it. It’s a good on-ramp to a lot of cloud platforms. It’s a good on-ramp to a cloud platform that you then start paying for services from as well. Everybody has an agenda to get you onto it. I do think the general trend, and I’ll say this when I speak quite a lot, right, I assume that it’s generally speaking is correct, okay?

Nigel Poulton:
If you were to look at your career or even your business or your organization from before virtual machines and if you were taking the decision not to go down the virtual machine route, where would you as an individual in your career be and also where would your organization be? I think you would be in a worse place than you actually are now because you jumped on the virtual machine or the VMware bandwagon. I hope that makes sense. I think as an individual you’re open to more job opportunities and things now if you understand virtual machines and all the tooling around it. As an organization for sure you cut down lead times on delivery of real metal servers and you know your application density per serve and stuff like that was is just fabulous with virtual machines compared to if you hadn’t done it.

Nigel Poulton:
I would encourage people to yes, take a measured approach to deploying Kubernetes and containers and stuff or to start if you haven’t started looking into it and start to doing it, definitely do that because the change between bare metal and virtual machines is relatively small. I think between the change between virtual machines and containers just because of the way that they get the most use out of containers. Now I know I’m going to be using buzzwords here, right, but you want to refactor or redo your applications in a more cloud native and microservices way. You could take your legacy applications from a bare metal server, right? And lift and just dump them onto a virtual machine. It would still work and you would get a lot of benefits of like density and improve lead times and all that kind of stuff, right?

Nigel Poulton:
Whereas to get the benefit of containers, you really want to take those old replications and just for wont of a better term, and I’m being a bit high level here but rewrite them so that you get the maximum out of containers and Kubernetes so it’s a bigger step, right? If you don’t choose to go that route, you will be further behind than if you hadn’t chosen to go the VMware route, if you know what I mean, because I think you’ve got to change your applications and your infrastructure and your way of thinking and the market really for everything just looks like it’s going in that direction and it’s unstoppable and will eventually get most people there. If you as an organization or an individual haven’t done that, just think you’re going to be super far behind and that’s not… Listen, that’s not me saying, therefore you should go out and buy all of my materials, right?

Nigel Poulton:
I just, I genuinely do feel that, that it’s going in this direction and if you want to be, and I make the mistake sometimes Mike right, of thinking that most people in technology love technology and are super excited every day when they get up to go to work and stuff. And I know that that’s not always the case, right? I do think we have a lot of people that, and I would hope we have a lot of people that enjoy the work that they do and if you want to be on the interesting projects and getting the good jobs and things in the future, you just want to be going there. That’s what it feels like to me.

Mike Pfeiffer:
I agree, man. I think you touched on a lot of important points there. Number one is you can’t put your head in the sand because innovation is going to happen and if you don’t pay attention, you’re getting left behind. The other thing you mentioned was, or kind of alluded to, was the fact that some people do it out of obligation or they feel pressured or they feel like that’s what all the cool people are doing. That’s obviously the wrong reason. I’ve run into that man. The biggest problem that I’ve seen with it isn’t that, oh, it’s a new thing and now we’ve got to learn this because that’s just the game that we’re in. We’re in the change business.

Nigel Poulton:
It is, yeah.

Mike Pfeiffer:
The problem I see is managers or leadership want to buy transformation, right? They’re just like, “Oh yeah, just invoice me and then give it to the team,” and they’re kind of punting their responsibility to the paint division to get the people there to take the time and earn it because completely modifying all the way you run your apps is not something you can do overnight. I think the unrealistic expectations and a lot of the failures that I’ve seen of any of just cloud projects in general, not just Kubernetes and containers, but it’s just been that rushing into it. I think patience and also knowing your strengths as a team. Like you mentioned, what are the skills on the team, but really having a point and a purpose like why are we even doing this? Is this solving a problem? And so to what you said I think is an important underline for everyone listening that we can’t just ignore this stuff. It’s not going anywhere.

Mike Pfeiffer:
There’s so many services that are now predicated on these technologies. We have to understand it, but we also have to know that it’s not happening overnight for some people. Some people will just go right in and they’ll be great, right?

Nigel Poulton:
Yeah. If I could make a comparison to when we first started deploying VMware properly at an organization I worked for a lot of years, right? A lot of years ago. We sort of prototyped VMware in a lab and then we started talking to the wider organization about how cool it was and you know, what it could do and how it could save money and stuff like that. We literally came up against a brick wall. I remember at the company he was effectively the data center manager back in the day when like being a data center manager meant that you kind of were in charge of applications and stuff as well, at least at this organization.

Nigel Poulton:
We came up against the data center manager and the help desk manager who were pretty much, yeah guys it looks cool but under no circumstances will you get anywhere near anything production with that VMware stuff. We were forced to then pick and choose the right project so they would be bite size. I look cheesy, right? But the low hanging fruit, if you will. Obviously nothing that was business critical line of business or anything like that. And we took like, we were almost forced into taking small steps and I think most people probably had a similar experience, right? As you gain experience and as you gain skills and all of that kind of jazz and then you gain respect within the wider organization management structure, things like that, then we were able to grow it within the organization. We need to do the same thing now with containers and Kubernetes but the pressure is almost reversed. Whereas like you’re saying, senior management people are coming in and saying, “Get it done,” which is the opposite of what they were saying with virtual machines when we were trying to sell it from the bottom up. It’s like kind of coming from the top down. Get it done. We have to be the responsible ones this time that says, “Well, actually yes, but we will do it in a methodical and a professional way.”

Mike Pfeiffer:
100%, dude. That’s so true. That is spot on and I went to that. In 2007 I worked at a place where it was all physical, right?

Nigel Poulton:
Mm-hmm (affirmative).

Mike Pfeiffer:
And there was a fight to get BM’s. It took 10 years. I just, a couple years ago, I migrated their last physical server to this virtual environment. It was like at the beginning it looked like this is never going to work. No one’s ever going to get, you know, and we’re never going to convince anybody. And then it took 10 years, but eventually now the whole place is virtual. And you’re right man. It’s history repeating itself.

Nigel Poulton:
Yeah, absolutely.

Mike Pfeiffer:
Let’s switch back a little bit. I have a couple other things I want to touch on there but you mentioned you’re going on these other platforms. Everybody knows you from Pluralsight. I think a lot of people have seen your books on Amazon. You’re also on A Cloud Guru. What are you doing over there? because I haven’t been watching that platform and I know that they just merged with another big vendor and things are getting kind of really interesting over there. I’d like to hear some stuff about that.

Nigel Poulton:
Yeah. Well so just sort of from my high level perspective, right? Pluralsight is a fabulous platform, right? I was originally with Train Signal. Train Signal got acquired by Pluralsight. The people at Pluralsight have been fantastic with me. I think there’s a great culture within the organization. You know, generally speaking, the people that I deal with, they’re passionate about it. To me, I know it’s growing as an organization, right? But it still has that sort of almost family startup feel about it that it had back in the early days. However, I just personally, and I think my wife was influential in this as well, we can’t have all of our eggs in one basket.

Nigel Poulton:
You shouldn’t do that in technology and production and stuff should you? You don’t want to stick everything in the same data center on the same set of floor tiles under the same whatever you know, HVAC unit.

Mike Pfeiffer:
That’s a great analogy man. It really is.

Nigel Poulton:
Well always right? We just thought we need to spread our risk a little bit. Like I say, look, I’m working on a new Pluralsight course and another one of my goals this year is to refresh and update a bunch of the Pluralsight courses I’ve got out there already, but we need to also have content out there on other platforms as well. Honestly just, it seems like everybody that I work with in these companies are super passionate about it. I’m yet to come across somebody who’s just a numbers business person. I know that they do exist in these organizations, right?

Nigel Poulton:
I feel like video training is still, what do you compare it to? Printed books, right? It’s obviously still super new compared to those and all of these platforms have been built by people who were passionate about it and did it because they wanted to change the world and they wanted to do something and that kind of culture to some extent. I don’t want to take it too far but still pervades within all of these organizations. I’ve had great experiences with them all. I mean, some platforms are bigger than other platforms, so get you access to more people and some offer better royalty packages and things like that. That’s different between them all. If I could say one thing that frustrates me though, Mike, is that I just wish that I could have all of my content under one roof without there being the risk that if they were to change things or anything was to happen that then I don’t know how I feed the family.

Nigel Poulton:
Do you know what I mean? A little bit like, we’ve got Netflix, there’s Hulu, there’s Amazon Prime, there’s over in the UK, we’ve got Sky, there’s all these different platforms and you want to go and consume your content and you’re like, you have to have five subscriptions almost.

Mike Pfeiffer:
Right.

Nigel Poulton:
I will talk to people at conferences and they’re like, “Oh, are you going to do a Kubernetes deep dive course?” Well actually I have done one on A Cloud Guru and they’re like, “Oh, but I’ve got a Pluralsight subscription.” or maybe it’s the other way around, you know? That hurts me as just as an individual and as a trainer because I know again, like we talked about, when you’re training somebody, you have to value their time, right, and make the best use of that time that they are effectively giving to you. People’s money is also quite valuable to them, of course, and for them to then have like potentially multiple subscriptions. Look, I know we live, I do feel like we live in a golden age of learning and access to all these learning materials is way better than it has ever been before. It does just hurt me a little bit when I have to say, “Oh, sorry, this particular course that will be great for you isn’t on a platform that you’ve got a subscription for and there’s not really anything I can do about that.” That’s the drawback for me, if you will.

Mike Pfeiffer:
Yeah, I get it, man. It makes sense. I’m the same way. I’m publishing content on Pluralsight, but I’m also in other places and you know, they understand because they’re in that business and it’s cool. The reason why I work with somebody is the reason, kind of like what you said is to reach more people and also try to do more because you’re just putting, putting your eggs in one basket like you mentioned that’s a limiting thing. But-

Mike Pfeiffer:
One basket, like you mentioned, that’s a limiting thing, but… Oh go ahead.

Nigel Poulton:
No, I was just going to say, because a lot of them will deal only in exclusive content, and I would almost say to them all I would take a lower royalty if I could have it on other platforms, and I know that they might think, “Oh well yeah, you just want to broaden your reach and get more money overall,” or something, and maybe that would happen, maybe it wouldn’t, I don’t know. But I do know that it would just make it easier for other people. Unfortunately I don’t have influence with these organizations. And look, they know their business models and stuff way better than I do, I just know containers and Kubernetes. What do I know about business and [crosstalk 00:00:42]-

Mike Pfeiffer:
Focus on that and let the other guys figure it out. You mentioned a good point though, it’s not going to be sustainable when you have to get a subscription for every service. So at some point we’ll have to figure something out. But I think it’s awesome what you’ve been doing, and I think that there’s a lot of people listening that probably have watched your stuff and like, “Oh man, this is impossible to do.” But you sharing your story helps because there’s probably a lot of people out there that have a thought in their head like, “Man, maybe I could do this someday. I know a lot of stuff. Maybe I could shoot a course.” What would you say to the people that are thinking that out there?

Nigel Poulton:
So have you seen Inception?

Mike Pfeiffer:
Yes.

Nigel Poulton:
There’s this line, I believe, it’s in Inception, where… I’m going to butcher it here. But they talk about the power of an idea, and once you have that idea, I at least feel like I don’t want to get to the end of my life and I’ve had an idea or a desire to do something and have not tried. So I would encourage people, if an idea keeps coming back to you that you want to create something, look, it could be a piece of software. But if it’s a video course or if it’s a book or if you want to build yourself a blog or a website or whatever is cool these days, a YouTube channel, I don’t know. Anytime you get an idea like this that really keeps coming back to you, I would encourage you to do something about it because we just… I’ve talked about living in a golden age.

Nigel Poulton:
We just live in an age, well for most of us in the Western world and all of that, I understand that of course it is more difficult for people in other parts of the world and I’m not ignorant to that. But I think generally speaking, for the majority of people listening, the opportunities for you to be able to follow through on your passions and your dreams has never been better than it is now, and there’s no better feeling than, I don’t know, doing something that you’re passionate about. I will say to people, “Look, if I could start my life again and do my career over again, I would like to be a football or a soccer player.” Of course, I was never good enough. That’s never going to happen. So if I couldn’t make it as a soccer player, I would do what I’m doing now again, 100% of the time absolutely, I love what I do.

Nigel Poulton:
And by loving something that you do, I’m teaching everybody how to suck eggs here, but by loving something that you do, you just have a much better chance of being good at it. If I had chosen to do, I don’t know, law or something like that, I’m pretty sure I could be okay at law, but I’m not passionate about it so I would not be as good at law as I am at doing video training courses, and that’s not me saying I’m any good at video training courses. I’m just saying that if I did law, I wouldn’t enjoy myself as much, I wouldn’t be getting out of bed everyday thinking, “Oh yeah, I’m working on this today. I’m excited to do it, work until late in the night because I love it.” So yeah, if you think you’d be passionate about doing any of those things, honestly go ahead and do it.

Nigel Poulton:
But, again, like deploying Kubernetes or anything like that within an organization, you need to be careful about how you do it and plan it, so don’t jack in the day job or anything like that and think you’re going to make a lot of money on YouTube, but put in the effort and put in the hours and just love it, get out there and crush it. Seriously.

Mike Pfeiffer:
I love it man. I agree 100% and if you get that calling, you get that bug in your head or whatever man, you got to listen to that. I really agree with that and it’s a good way to… I think there’s a lot of people that are passionate about the tech, but they’re in this corporate grind position and they’re like… And this is a cool way for people to scratch that itch. But I would like to switch back to the more technical stuff real quick. What do you think about… There’s the CKA and the CKD track of you going down and really mastering the internals of Kubernetes. What do you think about people focusing on Kubernetes as a service in their chosen platforms?

Mike Pfeiffer:
Maybe higher level, like they’re focusing on Azure Kubernetes service, or EKS over at Amazon or GKE over at Google. Do you think there’s a play there for people that don’t want to necessarily become a deep dive internals Kubernetes person, but they want some more efficiency at the managed service layer?

Nigel Poulton:
Yeah, I do. It’s an interesting thing. I think I’ve got two opinions on that. I see a lot of people that have a business need or somebody in the business at least telling them to start deploying stuff to Kubernetes, and I feel like the managed Kubernetes platforms… Interrupt me here Mike, if you think I’m not addressing your question or if I’ve totally missed what you’re talking about here. But if you were to start consuming from Google or from Amazon or Azure or DigitalOcean or somebody like that, so really easy on-ramp to Kubernetes, they provide a quote unquote production grade experience for you. And look, production grade means different things to different people, so read the small print there. But yeah, it’s a really cool on-ramp, and my encouragement would be yes, play around with them, consume them, put your applications on them, but at some point you need to master it and how it works. Otherwise when things start to break or they don’t go well and you’ve been enjoying yourself because somebody else is managing a platform for you and suddenly it’s not working, you don’t really know what to do or how to troubleshoot. It’s not a great situation to be in.

Nigel Poulton:
So yes, I would say, 2019 was a great year for all of the managed Kubernetes platforms out there, and I think 2020 will be going forward, and you look at things like… So generally speaking, 2019, the managed Kubernetes platforms were saying, “We will take the control plane aspects of Kubernetes for you and we’ll manage that for you, but you still manage all the nodes that your user applications run on.” And then you look at things like Virtual Cube written things and how they’ve been integrated into some of these managed platforms where you may potentially no longer have to manage the nodes that your applications run on. So it’s like more of an entirely managed service, and I think that that’s great from the perspective that maybe I’m a developer and I want to focus on applications and that’s a good thing. We don’t really want the infrastructure to get in the way or for it to be a huge learning curve for people. So if you’re that kind of application developer or a business that says, “I don’t really want to be in the business of building my own infrastructure and stuff, I just want to consume it as a service and run my applications on it.” I do think that’s a great model.

Nigel Poulton:
But I would always, and I might be old fashioned here Mike, because I come from an infrastructure background from the late 90s and the noughties or whatever you call them, and I just got this hangover that you’ve got to understand… For line of business production stuff, if you don’t understand how your application works and how the infrastructure and stuff works, you’re running the risk of… I don’t know, when it goes wrong, you just haven’t got a clue what to do. I feel like I’m waffling a little bit there. Yes, I love them. But I would like people to say if you’re using them as a quick on-ramp, still take the time to invest in really understanding how Kubernetes and everything works underneath so that you can consume it properly.

Mike Pfeiffer:
I think it makes sense. Especially if people are talking about doing the managed service version of these things to be a stop gap from getting vendor lock in. So if you have that conversation with a customer, then it’s like, “Well if you’re completely relying on managed service and you don’t really know how Kubernetes works, if you go to another platform, now you’re going to have a problem there because now you got to learn that platform.” I think it depends too on who the person is on the team. I think there may be some people that maybe they can have a higher level idea, but to your point, people supporting production infrastructure, whether it’s managed or not, they got to understand what they’re dealing with so they can ask the right questions. I know it was kind of a gray area, but the reason I’m asking is because those conversations are starting to come up. But on that note, kind of related to that, I’d be curious to hear your perspective on… And since you interact with so many people that are working through this, is there any common patterns that people get stuck on that you notice over and over and over again?

Nigel Poulton:
I know that people get stuck or find it harder when you move away from that low hanging fruit. So again, tell me if you don’t feel this is addressing your question, but as you get to the more complex applications, adoption and migrations just seem to slow down quite a lot. So things that require persistent storage and require more application level persistence and things as well. I don’t know, persistence is just a harder thing to do than… Or stateful is harder to do than stateless. We can all run stateless web servers and things like that in containers and on Kubernetes, that’s pretty easy and you can get a good head of speed going as you start deploying things, but once you start hitting things that require, call it a database, on the back end on, you want to run that on your container platform as well, that then becomes more of a challenge.

Nigel Poulton:
Then I see that people will start to say, “Okay, well we will and consume whatever our cloud’s native database… This type of database or that type of database is.” So let me just step back a bit. So they wouldn’t maybe go to… One of the reasons they might go to Kubernetes is that it will give them that ability to move from one cloud to another and even to an on premises Kubernetes deployment if they wanted to, because Kubernetes is Kubernetes wherever you run it. So if you write your application to run on Kubernetes and it’s in Azure today and you want to move to DigitalOcean tomorrow, relatively easy compared to if you weren’t running Kubernetes to abstract all of the cloud below it.

Nigel Poulton:
But then they’ll say, “Okay, we’re deploying our applications to Kubernetes and we’ll get into the stateful stuff and it’s a little bit hard. So we’re on AWS and we’ll start to consume some of their database as a service services.” And then if they want to move away from AWS to another cloud or to on premises in the future, those parts of their application are a bit stickier with AWS. I hope I’m not waffling there. Am I making sense there?

Mike Pfeiffer:
Yeah, that makes 100% sense to me. It’s great to get your perspective on this stuff, and it’s still so early too, there’s going to be so much that we see happen over the next couple of years. But this has been really valuable, man. I’m going to link up a ton of stuff in the show notes. So for everybody listening, there’s just tons of content from Nigel that’s going to be awesome. Magic Sandbox is really insanely cool. You guys should check it out. Nigel, last thing I’d want to ask you, man, is, what is the best career advice you’ve ever gotten?

Nigel Poulton:
It was indirect. I was at a friend’s house a lot of years ago now, and I’ll be careful how I say this, just because I don’t mean any disrespect to anybody when I say this, but his dad was in a bit of a bad place in his own personal life. I remember him saying it. He just having to get out of bed on a Monday morning to go to an awful mundane job that he really didn’t like, and I remember being sat there and just thinking to myself, “Cannot bear to allow myself to get into a life where I would literally hate to have to get out of bed and dread a Monday morning.” I’m super careful about how I say that, Mike, because I understand that we all have to do what we have to do to support ourselves and our family. And in no way am I disrespecting anybody that has a difficult, mundane job. But I remember thinking on that day, “I have got to prepare myself for a life where I can enjoy going to work and enjoy getting up on a morning,” and don’t get me wrong, I’m not a morning person by any stretch, but I do love what I do and I cannot imagine what it would be like to be in something where I was like, “Gosh, how can I face another like 20 years of this?”

Mike Pfeiffer:
It’s a really good message. I agree. It’s important because you spend most of your adult life working and if you’re going to be doing that and you might as well enjoy it. All right, Nigel Poulton, I really appreciate you taking the time. I know there’s a big time difference for us as well, so thank you so much, and maybe we’ll have you back on another episode sometime later this year.

Nigel Poulton:
Yeah, by all means.

This podcast is sponsored by the Azure DevOps Training and Certification Bootcamp at CloudSkills.io

Cloud Native Patterns and Practices

Mike Pfeiffer — Thu, 23 Jan 2020 22:35:24 +0000

In this episode we chat with Cornelia Davis about her latest book Cloud Native Patterns and how you should approach building change-tolerant software.

You can listen to the full episode here:
https://cloudskills.fm/034

Cornelia Davis is a software technologist with more than 25 years experience who helps to drive technical strategy, product development and go to market, and to help customers leverage said technology to further their business goals. I prefer to spend half my time directly engaged with customers and prospects deeply understanding their needs and helping them solve their problems. The other half of the time I distill what I learn through these engagements and use that to drive product evolution as well as industry advancement through evangelism – conferences and writing. My personal mantra is “free your mind.” And I still cut code, even if only a bit of the time.

A self-proclaimed propellerhead, Cornelia Davis is Chief Technology Officer at Weaveworks, the leading provider of operational (#gitops), Kubernetes-based solutions. In that role she is responsible for the technology strategy of the company, hyper-focused on helping customers develop and execute on their cloud platform strategies. Ultimately, her aim is to enable developers and operations teams to fully support the business needs of their organizations.

When not doing those things you can find her on the yoga mat or in the kitchen.

Here are the resources we discussed in this episode:

Cornelia on LinkedIn
Cornelia on Twitter
Cornelia's new book Cloud Native Patterns from Manning Publications
Pivotal Cloud Foundry (PCF)
The twelve-factor app methodology

Full Transcript:

Mike Pfeiffer:
All right everybody, welcome back to another episode of CloudSkills.fm. As usual, I really appreciate you guys being here. Today’s episode, I’m really excited for. We’ve got Cornelia Davis. She’s the vice president of technology at Pivotal Software, and she’s also the author of a new book called Cloud Native Patterns: Designing Change-tolerance Software. Cornelia, welcome to the show.

Cornelia Davis:
Thank you so much. I’m so delighted to be here.

Mike Pfeiffer:
It’s really exciting because everybody’s talking about cloud native these days, but it seems like there might be a little bit of confusion, so we’ve got lot to talk about. I started reading your book this week. It’s amazing. People are talking about pivotal software cloud foundry, which you guys produce and work on, but to get started, maybe we could talk about your career, your backstory, and what you do as a vice president of technology at a major software company.

Cornelia Davis:
Sure, sure. Thank you. I am a computer scientist by training, and I have been in the industry for about 30 years, which is really fun, especially now that we’re in this cloud native space because it is so different. I’ll touch upon that a little bit. I am still, after 30 years, is still cutting code as you can see in my book. Maybe it’s mostly on the nights and weekends. I think my day job during the day, I spend a lot of time doing technical strategy, not so much cutting code anymore, although those are my best days when I get to do that.

Cornelia Davis:
I have spent time in my career. I started my career in aerospace actually working for Hughes Aircraft, doing imaging systems for them. Then I moved over into the commercial space, and about 20 years ago, almost exactly 20 years ago, went to work for a company called eRoom Technology, which did web-based collaboration. It’s the things that I spent a lot of time actually speaking with young people as well early in their careers, and when I describe to them what we did 20 years ago in eRoom, where we did things like, “Ooh, web-based document sharing or web-based threaded discussion,” they look at me like I have two heads.

Cornelia Davis:
Like, “What? That hasn’t always existed?” Long story short, very small startup company got acquired by Documentum. Documentum got acquired by EMC. I went from being employee number 65 in eRoom to being employee one of 30,000. I worked for small companies and large companies across the board, pretty much always stayed in a technical capacity. At EMC, I worked in the corporate CTO office doing architecture and emerging technology, and then EMC and VMware did a spinoff, which is now pivotal and that am I still in my role as VP of technology, still focus on architecture and emerging technology.

Cornelia Davis:
Now, the emerging technology space that I started working on about six or seven years ago, around the time of the pivotal spinoff, was Platform as a Service. Now, Platform as a Service really where cloud foundry was successful was really successful in this space of… The timing was perfect. Cloud native was starting to become understood. I won’t sit here and tell you that we had it all figured out at Pivotal and in the cloud foundry platform six years ago, but what ended up emerging was there’s this whole new class of software that we need to build as we move into the cloud, because where we used to think of software…

Cornelia Davis:
We used to build software assuming some level of stability from the infrastructure. Now, when we moved to the cloud, we can no longer make that assumption. Our software has to remain running even when AWS has a regional outage. That’s in fact how I start the book is talking about this regional outage that AWS had and all these businesses that were affected by it. For Netflix, it was a shrug. They were like, “Minor, minor glitch,” and yet there were companies that were offline for 12 hours. It was far more than a minor glitch for them.

Cornelia Davis:
That’s what cloud native is all about, and so I focus on these emerging spaces and help our customers come along into these emerging spaces, and cloud native has been by far the overarching, biggest disruptor in the last I would say half dozen years or so.

Mike Pfeiffer:
That’s so fascinating. I was actually had planned on asking you about that because when I was reading the first part of the book, I remember that incident, and I remember Netflix being responsive to it because, I think, they went through a bigger one maybe several years ago before that, and they’ve learned from that lesson just to your point. They do things like chaos engineering, which is a new concept for a lot of folks, but Netflix got it so figured out. To your point, they’re doing stuff in multiple geographic regions so they can actually recover from these outagess [inaudible 00:05:36].

Mike Pfeiffer:
That’s something we’ve never been able to really do before, the low-cost entry, which is fascinating with these cloud platforms. When it comes to the book, I know there’s a lot in there. Is it something where it’s going to be, “I have to know Pivotal’s cloud boundaries software or I have to be a specific platform expert at AWS or Google or Azure,” or what’s the idea? Is that more of a big picture type of thing?

Cornelia Davis:
It’s definitely more of a big picture thing. I like to describe the book as it’s a software architecture book supported by code samples and supported by real deployments. Now, the deployment, so when I have my readers go through the exercises… By the way, I was just speaking with somebody who’s read the book, who did not do any of the code exercises and said, “My goodness, I learned so much just understanding the concepts without going through the code exercises.” She’s not somebody who cuts code on a regular basis, so she didn’t need to take it to that level, but when I do have my readers, if you do follow along and do the exercises, I actually have you do the deployments into Kubernetes.

Cornelia Davis:
Most of them, you can do on a local Kubernetes instance, no cost, nothing at all. There are a couple of places in the book where I need a larger deployment of Kubernetes because I do a simulation. Actually, I do a simulation of a network outage, and I want to see some of the cascading failures that happen. If you follow along with those, you need a bigger cluster so you can do that on GKE or EKS, Amazons or Azures, or if you have some other capacity where you can get Kubernetes. Kubernetes, by the way, is the new shiny emerging technology that I’ve focused on for the last two or three years and have been working with customers to help them understand what’s the actual business value that you can glean from adopting Kubernetes.

Mike Pfeiffer:
It’s been interesting to see so much around Kubernetes. Even in just the last six, seven months, there’s so much coming through on a daily basis on social. You can tell it’s very hot. Is that something that you guys… I haven’t really spent a lot of time lately digging into what you’re doing at Pivotal. Is that what cloud foundry is leveraging these days is Kubernetes?

Cornelia Davis:
Absolutely. It’s moving in that direction. We have always been a container-based platform. We have always had what I like to say the DNA of Kubernetes built into it, but it predates the existence of Kubernetes. In fact, it even predates the existence of Docker, but we have been leveraging containers for seven or eight years in the cloud foundry system, but now that Kubernetes has emerged, we are moving over to rather than maintaining our own orchestration engine for containers, leveraging where all of this innovation is happening around Kubernetes. You will see us moving in that direction.

Mike Pfeiffer:
Wow. That’s really interesting. I think that it’ll be fun to see how things play out because it seems like there’s a lot of people that maybe are going down the road of Kubernetes or things like micro services. Maybe they don’t know what they’re getting into yet, and they don’t know that maybe that is going to work for them or maybe it’s too much for them. Are you seeing that? Are you seeing anything where folks maybe or taken a sledgehammer to a thumbtack, so to speak, like they’re over-engineering or doing things when it might be a little bit easier, or do you find that these newer of patterns and practices are easy for teams to pick up and it’s pretty straight forward?

Cornelia Davis:
I wouldn’t say that it’s easy for people to pick up. If we circle back to the book, one of my goals… I would love to say that three years ago, I had this goal in mind, but I was a novice author three years ago and learned as I wrote the book. I teach patterns in the book. As you said, the book has cloud native patterns. I teach patterns like retries or circuit breakers, which are terms that we hear as you were just mentioning, social or articles. We see lots of articles about those types of things.

Cornelia Davis:
Those patterns in and of themselves actually aren’t that hard. A retry, it’s a super simple concept. We no longer throw up our hands and say, “Shrug. I made a request, never got a response, so therefore, it’s okay for me to fail.” No. A retry says, “If I make a request and I time out, well, maybe I’ll just retry that request.” We do that as humans. If we’re navigating the web and we get to a webpage and the little icon’s spinning and the page never renders, we hit stop and refresh. That’s our retry. We can do that in software, and the concept of a retry is really that simple.

Cornelia Davis:
Now, I was just mentioning a moment ago that I did a simulation where I wanted to show some cascading failure. It turns out that if you do retries in a very naive way, where you just keep retrying, then you run the risk of creating what’s called a retry storm, where you’ve got a whole bunch of retries that are queued up so that when the network does come back, let’s say the reason you’ve never heard back was that there was a network blip. When the network comes back, you overwhelm the system at the other end with a whole bunch of queued up retries. Then that in fact is exactly what was the cause of that Amazon outage, that regional outage, was it ended up being a retry storm on RDS at the back end.

Mike Pfeiffer:
I see. Interesting.

Cornelia Davis:
Exactly. That’s what then created this cascading failure. You do need to understand retries at the next level. There’s some fairly simple heuristics that you can put in place to protect yourself from retry storm, so you can make sure that from a client perspective, when you’re doing retries that you don’t just do it indefinitely. Maybe you say, “I’m going to do no more than three or four retries, and then I will actually error out.” You can put in place caches so that after three or four times, if I’m still timing out, I’m going to leverage cash data.

Cornelia Davis:
You can also put in exponential back offs or logarithmic back offs where you say, “Okay, well, I’m not going to try every half a second, but I’ll try, and if I get past three, then I’ll wait, and I’ll wait five seconds before I do the retry.” You can throttle from the client’s side and then you can also protect yourself on the service aside from retry storms with things like circuit breakers. Again, circuit breaker, the concept is relatively simple. It’s just like in your house. If you are getting overwhelmed with load, and your wires are getting very hot, then you flip the breaker, and you say, “I’m not going to actually address any incoming requests until I give my system a chance to relax and then somebody is going to go flip that breaker back.”

Cornelia Davis:
Again, a relatively simple concept, but back to your question of are people able to just do this? Are they picking up on this? The concepts themselves are simple. Knowing when to apply them and how to apply them is actually where the complexity is. What I do in the book and why I think my colleague who said she didn’t execute the code samples but still gleaned a lot of value was that she understood I probably spend more time on the context than I do the patterns themselves, recognizing when and where to apply retries and how to do it carefully, when and where to apply circuit breakers.

Cornelia Davis:
I think a lot of people talk about circuit practice, but when do you do it and in what context? That’s super important. That is far more difficult is to get that holistic picture, and that takes time. That takes time for engineers who are coming maybe from a traditional place, three tier client server architectures with assumptions of stable infrastructure, and release cycles that were 18 months or maybe six months but not release cycles that are three times a day. Moving over into this new world I think is definitely something that requires getting your legs under you.

Mike Pfeiffer:
It makes a lot of sense. It’s easy to see the slew of tutorials that fly through your stream. Then like, “Oh, it looks so easy,” but to your point, it’s simple perhaps concepts, but in practice and knowing when, I really love that you brought that up because knowing the context of when to use it actually makes a lot of sense. Going down that road a little bit, it’s interesting how established software patterns just in writing code have been so important for developers, but now, this concept of knowing cloud native patterns, just what you were talking about, knowing those circuit breaker and all of this, and actually coding to a contract might be a complete departure for folks.

Mike Pfeiffer:
We’ve got people that are operations focused listening to the show. We’ve got developers as well, but one of the things that people keep talking about is the concept of getting into cloud native and really programming to a contract and things like the 12-factor application model. I think that’s something that you talk about in the book, the 12-factor app concepts?

Cornelia Davis:
What’s interesting about the 12 factors is, and just to give you a little bit of history, ironically, when Manning reached out to me initially three years ago, it’s been about three years, the first person who reached out to me from Manning said, “Hey, you seem to know something about 12 factors.” That was the topic that they teed up, and that then eventually turned into cloud native, cloud native patterns and those types of things, but one of the things that I think is interesting about the 12 factors, and for your listeners who maybe aren’t familiar with this, if you go to 12 factors, the number 12factor.net is where you’ll find the 12 factors.

Cornelia Davis:
It’s very brief. Some of those factors are software architectural patterns. It does talk about things like design for failure, which can set some of the things we’ve just been talking about like retries and circuit breakers and those types of things. It also talks about practices, so it talks about various practices, some of which are again around developing codes. It talks about single repose and things like that for each service. It also talks about some of the operational practices. I think it’s critically important that we as developers understand that element of the context as well.

Cornelia Davis:
Not only the context of what does the architecture look like and what kind of architectural changes do I need to be able to adapt to, but also what are some of these operational practices? I actually spend an entire chapter in the book. The book is broken up into two parts. The first part has no specific patterns, no code samples, but it is setting the overall broader context. In chapter one, I talk about how I define cloud native and differentiate it from cloud. In chapter two, I actually dedicate the whole chapter on what does it mean to operate cloud native software, because it’s important for us as developers to have empathy and to have an understanding what those operational practices are so that we can support them.

Cornelia Davis:
Then the third chapter says, “Well, as you’re learning these patterns, in fact, you’re not necessarily as a developer responsible for implementing every one of them. You’ve got to understand them,” but the implementation of some of these things actually will come through a platform. Kubernetes as a platform provides implementations of some of the patterns that you need to understand and understand when to leverage them from the platform in your cloud native software.

Mike Pfeiffer:
It’s interesting that you mentioned empathy because the light bulb went off in my head, because I’ve been dealing with a lot of teams lately, enterprises that are getting into cloud for the first time, and they’re still in the traditional model of IT teams. You see a lot of lack of empathy, and you see a lot of people stepping out of their lane because your point there is you want to control everything. It’s been interesting the cultural shifts as well as the technical side of it.

Mike Pfeiffer:
Are you seeing that as a challenge for the folks that you work with and the customers that you deal with? Has that been a common thing?

Cornelia Davis:
No question. This is a constant dialogue that we have within Pivotal. I’ve been, like I said, with Pivotal since the spin off. I’ll tell you that the first couple of cloud foundry sales, if you will, that we had where we sold cloud foundry as a product, I don’t think we even have Pivotal had fully appreciated the other changes that needed to come along with embracing a new platform like that, because the platform again is really designed for cloud native software. In retrospect now, I will tell you that it’s become really, really valuable to understand and to really break out a couple of different personas, and for the customers, where they’ve really embraced this model and they’ve actually changed some of their organizational structures and changed even the way that IT worked.

Cornelia Davis:
IT historically has been an application team comes along. They’ve done their evaluation of what they need. They come to the IT team and they say, “Here’s the infrastructure I need. When will you have it ready for me to be able to deploy my application into production on this?” Each one was maybe bespoke and those types of things. Well, you talked about this earlier actually Mike, where you said it’s about the contract, right? If we’re coding to a contract, this understanding around cloud native and around cloud native patterns, then we can start to make some of those primitives available in a platform, and a platform team can be responsible for those.

Cornelia Davis:
They can be responsible for providing a platform as a product to an app team that can then depend on some of those things that they no longer have to code themselves. Now, we start to have fewer and fewer snowflakes, and fewer and fewer snowflakes is so essential to these agile deployment practices that we put in place, where we want to do deployments very frequently. We can’t do deployments frequently or go from code complete to a deployment and production if each time we need to do some bespoke configuration or even bespoke standing up of infrastructure in some way. We need to have a little bit more of a repeatable pattern there.

Cornelia Davis:
We definitely have to help our customers get there.

Mike Pfeiffer:
Totally. It’s an interesting time because so many people are not only trying to figure out the tech, but they’re trying to figure out the bigger picture. I think they’re struggling there. I think that’s what I love the most about your book was that what we talked about earlier is it’s not specific to a particular technology. It’s the patterns, the practices that can be applied everywhere. One of the things I see people struggling is they’re getting caught up in the details of a certain cloud platform like, “Oh, I need to learn this specific piece of AWS or this specific piece of Google,” but the reality is all the major public cloud platforms have the same services, right?

Mike Pfeiffer:
Different names, but ultimately, they’re very similar. It’s almost like understanding the big picture is the first part. Understanding that cloud native patterns is the first key, and then you can drill into the details because everybody’s talking about multi-cloud, right? This all supports that, your book and even Pivotal cloud foundry if I’m not mistaken, right?

Cornelia Davis:
That’s right. That has been the mainframe for us from the very beginning is to be multi-cloud.

Mike Pfeiffer:
People seem like they’re talking about a lot this year. Part of the other big difference I’m seeing too with enterprises is that before, they weren’t really serious as much as they are now. They’re really doing true proof of concepts now, where before, a developer maybe were spinning up their own account and their trial account in their own credit card. Now, stuff’s actually more formal. It’s been really interesting. Is there any other major struggling points that you’ve seen out there for folks getting into this new world that somebody listening might be able to close the gap on that as they’re getting started?

Cornelia Davis:
I mean, it’s very much related to what we were just talking about a moment ago, and that is that when we go into organizations and start to chat with them about cloud-native, both software patterns and operational patterns and deployment and how you get to production, I think probably the biggest barrier that we run into is that we’ve always done it this way. When we think about it, I just want to really say this directly is that… I started my career about 30 years ago, and I was at the university right when we were making that from mainframe into client server.

Cornelia Davis:
This was in the early, well, actually probably mid to late '80s. When I started at the university in 1983, I still coded on the mainframe, but not for too, too long. After that, we were moving over to client server. The phase that we’re going into now, where we’re going from that going into cloud native, that is the shift that we’re having for the first time in three decades. When we think about it, we can sometimes be a little bit judgmental and we say a legacy system. Legacy system sounds so judgmental or legacy prophecy. That’s the way we’ve always done it.

Cornelia Davis:
Even just now when I said that, we’ve always done it this way. I guess to some extent it might’ve found it a little judgmental, but the thing that I want to point out is that 30 years is a long time, and we generated, I learned in the university, software engineering practices that will waterfall. That’s what we were taught. That was the state-of-the art in terms of software engineering practices. A great number of my colleagues come from that era as well. Even if you went to school 10 years ago, you probably were still learning about waterfall because that was still relevant.

Cornelia Davis:
Things like ITIL and these development practices were established, and they truly were best practices for the time, and so there shouldn’t be judgment on that. I think that’s one of the areas that we struggle is we get a little judgmental about, “Oh gosh, look how silly that was,” but it wasn’t silly at all. We do have to recognize that we are right now coming up with ITIL, if you will, for the next big wave. Now, do I think this wave is going to be 30 years? I don’t know. I think that we’re accelerating the rate of change, so I don’t know if it’s going to be 30 years, but I certainly think that these fundamentals around cloud native are going to be around for the next 10 to 20 years, and we still have to generate all the practices around those.

Cornelia Davis:
I think what is the ITIL for this next generation? I was hinting at that a little bit with the the platforms and platform teams and all of that stuff, but we’re still in the early days of coming up and scaling those best practices.

Mike Pfeiffer:
That’s really interesting because I think one of the things people tend to do is, and you’re right, they tend to stick with what they know, and that can prohibit them from going forward, but we shouldn’t judge it. We should just acknowledge it and say, “Okay, it’s all right. I’ll keep moving.” It seems like a lot of people are having a problem with letting go of the idea of you’re going to have to always keep learning something. I think you’re a great example of somebody that has been in the game 30 years, and you’re still writing code. You’re still doing all these different things.

Mike Pfeiffer:
I think maybe for some folks, the thought that you’re just going to get to a certain point coast for a while, but it’s just in this industry, it’s even faster than ever now. I think that’s going to be a big thing for people to wrap their brain around going forward as well.

Cornelia Davis:
Personally, that would drive me nuts if I wasn’t learning something new every day. I’m totally a change junkie.

Mike Pfeiffer:
I’m the same way. I cannot not learn. It’s what I’m all about. That’s why I love this business. There’s always something new to learn, right? Just a couple other things. I know you’re super busy, but I know that we’ve worked with Manning, the publisher of your book, Cloud Native Patterns. I love the subtitle designing change-tolerant software, because you have to think that way, right? When I worked at AWS, I would always hear Werner Vogels, the CTO of Amazon always talk about everything fails all the time, and just trying to ingrain that in folks minds.

Mike Pfeiffer:
I love that you’re doing that with your book, but we’re working with your publisher Manning to give away a certain number of free copies so the folks listening, you guys can hit the show notes. There’ll be links to all that stuff in the show notes. Where else can we send people to after this episode, Cornelia, that might be interesting for stuff you’re working on or stuff that Pivotal’s working on or even just maybe supplemental things for your book? Any other resources we might want to point folks at?

Cornelia Davis:
A couple of things, I mean, the first thing is that the company that I work for in my day job, not associated with the book directly, but the company I work for my day job as we’ve talked about Pivotal, because we focus so much on cloud native and we focus on this new way of building software. In fact, I mean that’s our tagline is we transform the way the world builds software, which software architecture and platforms to support those as well as working stuff. We do a lot with Agile and XP, extreme programming and those agile ways of working.

Cornelia Davis:
We have a very vibrant blog where you can learn about a lot of the things that are relevant to our customers, and our customers are the ones that are embracing cloud native. I think that’s a really good place to just look at the Pivotal blog. I will tell you that one of the sources that I use, because I’m still learning, I don’t know everything about cloud native and there’s always the next new thing as we were just talking about, is I am a huge fan of Medium and the Medium platform.

Cornelia Davis:
When I of course registered at Medium, I was able to go in and select the areas that I was interested in, which includes things like software and cloud and those types of things, and so my daily news feed has lots from lots of stuff around Kubernetes and those types of things. Kubernetes is a very vibrant community that is very much in that cloud native space. That is a great place where you can see conversations. The other thing that I’ll tell you just a little bit of… There’s never enough hours in the day, but I watch videos when I’m on the treadmill in the morning, and so I have my feed.

Cornelia Davis:
Of course, YouTube is good enough that once I start watching things, like this morning, I was actually watching some videos on RSocket, which is hugely interesting. I want to do a whole nother chapter on going deeper into the network and what does cloud native mean for the network. In my book, we certainly as an industry have talked a lot about what cloud native means at the application layer. I do touch a little pin upon cloud native and the implications on the data layer. I definitely talk about interactions like when we talked about retries and circuit breakers and things like that, but I made the assumption of those interactions happening largely over the existing protocols that we have, which is http, TCP.

Cornelia Davis:
RSocket is now saying, “Well, what if we actually make the network itself cloud native?” That’s a hugely interesting thing. All of that is to say that I learn a ton. I’m one of these people who likes to listen to things as well as watch, and so also YouTube. If you start watching a couple of things, do some Googles on cloud native, and then those things will start being suggested to you. I find that to be a great source of seeing broadly what’s happening in the market and then know where I want to drill into more details.

Mike Pfeiffer:
That’s like a master hack to do your cardio or get your workout in and get up to speed. I’m the same way. I’m always learning something. I know we’ll never get to the end and wrap my brain around everything. I think everybody listening has to commit to that concept of being an eternal student, so I’d love that.

Cornelia Davis:
Exactly.

Mike Pfeiffer:
Well, Cornelia Davis, I really appreciate you being on the show. Everybody listening, you should run out and buy the book, but make sure you join the giveaway. You might get a free copy. It’s going to be awesome. I really enjoyed having you on the show. Thank you so much, Cornelia.

Cornelia Davis:
It was such a delight to be here. Thank you so much.