Speaking on Azure DevOps at BITCon 2019

BITCon is back in Minnesota this year. The event is shaping up to be another great one! This year BIT locked in the mayor of Minneapolis to keynote one of the days!

The conference also has a new website. The new website is https://bitcon.tech. It will be held at multple locations again through Minneapolis and Saint Paul.

I have the honor to speak at the event again. I will be giving one session and will potentially sit on a panel.

Here is the information on my session:

When:
Friday, October 11 • 1:45pm – 3:00pm

Title:
Azure DevOps + VS Code + Teams = Perfect Match

Description:
For anyone getting started with or already working with Azure managing your cloud environments through Infrastructure as Code (IaC) with ARM Templates at some point is guaranteed.

There are many extensions available to optimize VS Code for an enhanced ARM Template authoring experience. Discover how to integrate your Azure DevOps CI/CD pipeline with Teams for enhanced collaboration across your DevOps team. Get updates directly in a Teams channel for commits, pull requests, and learn how to work with an Azure DevOps Kanban board directly from Teams.

Come to this session and see why Azure DevOps + VS Code + Teams = Perfect Match.

What you will learn:

  • About the various ARM Template related extensions in VS Code
  • How to integrate Microsoft Teams with Azure DevOps

A few months back I blogged about Azure DevOps and Teams intergration here. It was a popular blog so I decided to turn this into a presentation with demos!

Here is a direct link to my session:

https://bitcon2019.sched.com/event/TCh8/azure-dev-ops-vs-code-teams-perfect-match

If you are attending BITCon 2019 be sure to check out my session!

Read More

Walk-through: use Azure Policy modify effect to require tags

In my day to day I do cloud foundations work helping companies with their Azure governance and management. On projects we will develop a tagging strategy. A tagging strategy is only good if it is actually used.  One way to ensure that tags are used is by using Azure Policy to require tags on resource groups or resources.

In the past I have used the deny effect in an Azure Policy to require tags upon resource creation. I basically use the template as previously blogged about here: http://www.buchatech.com/2019/03/requiring-many-tags-on-resource-groups-via-azure-policy. This policy works but can be a problem because the error that is given when denied during deployment is not clear about what tags are required. Also, folks think it is a pain and slows down the provisioning process.

I set out to require tags using a different method. The idea was to use the effect append vs deny so that resources without the proper tags would be flagged as non-compliant and the policy would add the required tags with generic values. Someone from the cloud team could then go put in the proper values for the tags bringing the resources into compliance. Th end result was that the effect append does work remediating with a single tag but falls down when trying to remediate using multiple tags.

I discovered that this behavior was intended and that the append effect only supports one remediation action (i.e. one tag). On 9-20-19 Microsoft updated the modify effect so that Modify can handle multiple ‘operations’ – where each operation specifies what needs to be remediated.

Now let’s walk through using the modify effect in an Azure Policy to add multiple tags on a resource group.

You will need to start off by coding your Azure Policy definition template. There are three important parts you need to ensure you have in template. You need to have modify effect for the proper effect, roleDefinitionIds as this is the role that will be used by the managed identity set as contributor, and operations to tell Azure policy what to do when remediation out of compliance resources.

"effect": "modify",

and

"roleDefinitionIds": [
            "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"

and

 "operations": [
            {
            "operation": "addOrReplace",

Here is a screenshot of the template.

You can get the full Azure Policy definition ARM Template on my GitHub here:

Required Tags Azure Policy Modify Effect.json

Add the ARM template as a new policy definition in the Azure portal.

See the following screenshot to complete your Azure policy definition.

Click for larger image

You will then see your new Azure policy definition.

Next, you need to assign the Azure policy definition. To do this click on Assignments.

See the following screenshot to complete your Azure policy assignment.

Click for larger image

Note that this policy assignment will create a managed identity so that the policy has the ability to edit tags on existing resources.

The assignment will now be created but the evaluation has not happened so the compliance state will be set to not started as shown in the following screenshot.

Read More

Presenting on Azure Stack and Native Azure Management in June/July 2019

It has been a while since presenting on Azure Stack. On June 26th I will be presenting on “Azure Stack 101 in 45 minutes” at an Azure Virtual Day Camp for a D365 user group. Here is a link to the main site:

https://www.d365ug.com/participate/azure-virtual-day

Here is a direct link to my session:

https://azurevirtualdaycamp2019.sched.com/event/PTQE/azure-stack-101-in-45-minutes?iframe=no&w=100%&sidebar=yes&bg=no

In July I will be co-presenting with Kyle Weeks at the Minnesota Azure User Group on Azure Management. The session is titled “Scale Matters: Policy + Azure Management Groups”. Come check out this session if you want to go through what Azure Management Groups are, how they scale to any complexity and the best part… how to do this with policy configurations + Azure blueprints + RBAC. Here is a link to register for the meeting:

https://www.meetup.com/Minneapolis-Azure-Cloud-Computing-Meetup/events/dtbmtpyzkbgb/

Read More

Azure Blockchain Workbench Whitepaper

I recently read a Career Advice for IT professionals in 2019 article and was reminded again by a friend and fellow MVP’s on his blog that “Change is always constant in IT.

Part of being an IT professional is keeping an eye on and ramping up on new technology. Change in IT is constant and it is critical to explore new technology so you can bring innovation to your organization and ensure you are ready if the business decides they want to use a specific technology to gain an edge in the market.

With all the excitement around Blockchain, I decided to spend time ramping up on Azure’s Blockchain technology specifically Azure Blockchain Workbench. Azure Blockchain Workbench is a way for developers and IT pros to get A blockchain network up and running quickly.

Once Azure Blockchain Workbench is up and running IT pros can administrator the network and developers can dive right into building blockchain apps. Most people that have heard of blockchain are familiar with cryptocurrency such as Bitcoin. Most people don’t know of or associate blockchain with smart contracts. Azure Blockchain Workbench powers smart contract technology. A smart contract is a self-executing contract between two or more parties involved in a transaction. Getting started with Blockchain can seem intimidating but with Azure Blockchain Workbench it is not hard to get started. I wrote a white paper that you can use to get started and takes you beyond cryptocurrency into the world of smart contracts using Azure Blockchain Workbench.

The white paper covers the following:

  • Explorers blockchain beyond cryptocurrency
  • Has an in-depth overview of Ethereum and smart contracts
  • Helps identify when and what to use blockchain for?
  • The Azure Blockchain Workbench architecture
  • How to deploy Azure Blockchain Workbench
  • How to deploy a blockchain application

The Azure Blockchain white paper titled “Blockchain beyond cryptocurrency – A white paper on Azure Blockchain Workbench” can be downloaded here: https://gallery.technet.microsoft.com/Blockchain-beyond-b18066b9

Read More

0 to 60 with Azure Blockchain Workbench

Almost every day when you go to a news website, a news program on the radio or news on the TV you can expect to hear some mention of Cryptocurrency and increasingly something about Blockchain.

Blockchain has a strong buzz and yet it is still misunderstood by many. It is an exciting time for technology and blockchain is one of the many reasons why. Blockchain is a public distributed digital ledger. Transactions between parties are processed in an efficient, verifiable and immutable way using cryptography. Transactions are tracked without a central entity such as a bank processing and keeping a record of the transactions. The ledger in a Blockchain is distributed across many nodes in the Blockchain network. Each time a transaction occurs the ledger is reconciled across all the nodes.

The Blockchain you typically hear about is related to some cryptocurrency such as Bitcoin, Litecoin, or Ripple. Blockchain goes way beyond this and is a technology that is being widely explored in use by some enterprises. Here are some examples of Blockchain in use within the enterprise. Microsoft’s Xbox uses Blockchain to deliver royalty statements to game publishers, FedEx uses Blockchain for storing shipping records, and 3M is using Blockchain for a new label-as-a-service concept. The commonality those examples is that they are using Blockchain smart contract technology.

A smart contract is a self-executing contract between two or more parties involved in a transaction. A smart contract holds each party in the transaction responsible without the need for a third-party authority. Smart contracts are essentially code running on top of a blockchain that are digitally facilitated, verified, and auto-enforced under the set of terms laid out within the contract.

Opposite of Blockchain used for cryptocurrency Blockchain used for smart contracts enable more complex scenarios beyond the exchange of digital currency. To illustrate an example of a Blockchain smart contract think about being able to buy and sell cars without a DMV processing the exchange of titles but instead the exchange of the title being verified and transferred digitally.

In today’s fast-moving world of technology, it is important to be able to take your solution from idea to MVP aka 0 to 60 as fast as possible. That is the goal of the Azure Blockchain Workbench (ABW). As shown in the following image with ABW you can literally go from idea>consortium blockchain network>code/use pre-built blockchain app>Blockchain app ready to use in a short amount of time.

 When I first started with Blockchain I was able to go from nothing to a fully functional Blockchain app in a couple of hours using ABW. As seen in the previous image ABW is made up of a combination of Azure services and capabilities. The main services include:

An App Service Plan with two web apps and two web APIs

An Application Insights instance

An Event Grid Topic

A couple of Key Vaults

A Service Bus Namespace

A SQL Server with a SQL Databases

A couple of Azure Storage accounts

Two Virtual Machine scale sets that consist of the ledger nodes and workbench microservices

A couple of virtual Network resource groups that contain Load Balancers, Network Security Groups, Public IP Address, and Virtual Network, VNet peering, and Subnets

Other components leveraged by ABW are Azure Active Directory for identity, Azure Monitor (optional), and log analytics workspace for logging (deployed with Azure Monitor), a mobile app for both iOS and Android along with a REST-based gateway service API to integrate to blockchain apps. Workbench provides the infrastructure needed to build and deploy blockchain applications so when you deploy ABW it includes everything you need. As of now ABW only supports Ethereum as its target blockchain. Microsoft has plans to add Hyperledger and Corda Blockchains in the future.

ABW is designed to make it easy for developers to bring Blockchain to the enterprise. ABW is deployed in the Azure Portal via a solution template. You can deploy Ethereum or attach to an existing one. After the Blockchain Workbench is deployed developers have the option to either create a Blockchain app or use one of the Applications and Smart Contract Samples from a repository maintained by Microsoft.

These Blockchain apps consist of a configuration metadata and smart contract. The configuration metadata file is in JSON format and determines the multi-party workflow the smart contract is in a language named Solidity and determines the business logic of the Blockchain application itself. The configuration and smart contract together make up the Blockchain application user experience. The Applications and Smart Contract Samples can be used as is to take Blockchain for a test run or can be modified to fit an organization’s specific need. As an example, some of the information you can modify with the configuration is application name, display name, state, and application roles.

As you can see it is relatively easy to get a Blockchain application up and going. Another real benefit to running a Blockchain application on Azure is the integration points with many of the other services available on Azure. Here are a few examples. ABW writes a copy of the Blockchains on-chain data from the Blockchain distributed ledgers to an off-chain SQL database. Developers can connect to this database to work with the Blockchain data for any number of scenarios one of them could be reporting in Power BI. The Workbench has a REST API, Service Bus, IoT Hub, and Event Grid that could be used for integration with other technology such as IoT devices, other systems, and Azure Streaming Analytics to further expand the possibilities. With the Blockchain workbench developers also have access to one of Azures automation tools called Logic Apps opening the door to a world of further automation scenarios.

There is much more to the Azure Blockchain Workbench then can be covered in a single blog. The main point of this post is to show how a developer can go from 0 to 60 within a short amount of time with minimal effort to stand up the scaffolding needed to support a Blockchain app. For a deeper dive into the Azure Workbench it is recommended to download my Blockchain Beyond Cryptocurrency whitepaper once it is released. Thanks for reading. To get started with the Azure Blockchain Workbench visit this link: https://azure.microsoft.com/en-us/features/blockchain-workbench

Read More

Speaking at MMS 2019

In a week I will be speaking at MMS 2019! I will be presenting 3 sessions and co-hosting 2 panels. If you are attending MMS check out my sessions and the panels. Here is the rundown:

Sessions:

Monday, May 6 • 1:00pm – 2:45pm
Deploying Infrastructure as Code with Azure and Terraform – With fellow Microsoft MVP Ned Bellavance
https://sched.co/N6cC

Tuesday, May 7 • 8:00am – 9:45am
Improving your on-prem and cloud security with Azure Security Center – With fellow Microsoft MVP Ned Bellavance
https://sched.co/N6c9

Thursday, May 9 • 1:00pm – 2:45pm
Mastering Azure with Visual Studio Code – With fellow Microsoft MVP Peter De Tender.
https://sched.co/N6d4

Panels:

Tuesday, May 7 • 3:00pm – 4:45pm
Azure Governance and Management Panel
https://sched.co/N6gD

This panel includes an all-star group from Microsoft including:

Tim Benjamin
Principal Group PM Manager, Microsoft

Michael Greene
Principal Program Manager, Microsoft

Jim Britt
Senior Program Manager, Microsoft

and

Eamon O’Reilly
Principal Program Manager, Microsoft

Thursday, May 9 • 3:00pm – 4:45pm
Azure Stack Panel Discussion – (400)
https://sched.co/N6hE

This panel consists of a bunch of Microsoft MVP rockstars and Microsoft staff including:

Ned Bellavance
Founder / Microsoft MVP, Ned in the Cloud LLC

Thomas Maurer
Senior Cloud Advocate, Microsoft

Kristopher Turner
Sr. Cloud Architect/Microsoft MVP, NTT Data Services

Bert Wolters
Principal Consultant, Class-IT

Here is the MMS website:
https://mmsmoa.com

Read More

Featured on Cloudskills.fm and New Azure course

FEATURED ON CLOUDSKILLS.FM ~

CloudSkills.fm is a podcast by fellow Microsoft MVP Mike Pfeiffer and veteran in the tech space with 5 books under his belt and numerous courses on Pluralsight. The podcast can be found here: cloudskills.fm. Mike is an all around good guy and I was honored to be a featured guest on one of his podcast episodes. The podcast is weekly with technical tips and career advice for people working in the cloud computing industry. The podcast is geared for developers, IT pros, those making move into cloud.

On this episode Mike and I talked about managing both the technical and non-technical aspects of your career in the cloud computing industry. We also discuss DevOps stuff around Docker, Azure Kubernetes Service, Terraform and cloud stuff around Azure management including my 5 points to success with cloud. You can listen to the podcast here:

https://cloudskills.fm/015

Also on you can listen here: iTunes: https://podcasts.apple.com/ca/podcast/cloudskills-fm/id1448194100 and PlayerFM: https://player.fm/series/cloudskillsfm/ep-015-managing-your-cloud-career .

NEW AZURE COURSE ~

I’m very excited Opsgility recently published a new Azure course by me titled: “Deploy and Configure Infrastructure”. This course is part of the AZ 300 certification learning path for Microsoft Azure Architect Technologies. More about the AZ 300 certification can be found here: https://www.microsoft.com/en-us/learning/exam-az-300.aspx. The course is over 4 hours of Azure content!

Description of the course:

In the course learn how to analyze resource utilization and consumption, create and configure storage accounts, create and configure a VM for Windows and Linux, create connectivity between virtual networks, implement and manage virtual networking, manage Azure Active Directory, and implement and manage hybrid identities.

Objectives of the course:

  • Configure diagnostic settings on resources
  • Create baseline for resources
  • Utilize Log Search query functions
  • Configure network access to the storage account
  • Implement Azure storage replication
  • Configure high availability
  • Deploy and configure scale sets
  • Modify ARM Templates
  • Configure Azure Disk Encryption for VMs
  • Create and configure VNET peering
  • Install and configure Azure AD Connect

It can be watched here:

https://skillmeup.com/courses/player/deploy-and-configure-infrastructure

Read More

Deploy Rancher on Azure for Kubernetes Management

Lately I have been hearing a lot about a solution named Rancher in the Kubernetes space. Rancher is an open source Kubernetes Multi-Cluster Operations and Workload Management solution. You can learn more about Rancher here: https://www.rancher.com.

In short you can use Rancher to deploy and manage Kubernetes clusters deployed to Azure, AWS, GCP their managed Kubernetes offerings like GCE, EKS, AKS or even if you rolled your own. Rancher also integrates with a bunch of 3rd party solutions for things like authentication such as Active Directory, Azure Active Directory, Github, and Ping and logging solutions such as Splunk, Elasticsearch, or a Syslog endpoint.

Recently training opened up for some Rancher/Kubernetes/Docker training so I decided to go. The primary focus was on Rancher while also covering some good info on Docker and Kubernetes. This was really good training with a lot of hands on time, however there was one problem with the labs. The labs had instructions and setup scripts ready to go to run Rancher local on your laptop or on AWS via Terraform. There was nothing for Azure.

I ended up getting my Rancher environment running on Azure but it would have been nice to have some scripts or templates ready to go to spin up Rancher on Azure. I did find some ARM templates to spin up Rancher but they deployed an old version and it was not clear in the templates on where they could be updated to deploy the new version of Rancher. I decided to spend some time building out a couple of ARM templates that can be used to quickly deploy Rancher on Azure and add a Kubernetes host to Rancher. In the ARM template I pulled together it pulls the Rancher container from Docker Hub so it will always deploy the latest version. In this blog post I will spell out the steps to get your Rancher up and running in under 15 minutes.

First off you can find the ARM Templates here on my Github here: https://github.com/Buchatech/DeployRanchertoAzure.

The repository consists of ARM templates for deploying Rancher and a host VM for Kubernetes. NOTE: These templates are intended for labs to learn Rancher. They are not intended for use in production.

In the repo ARM Template #1 named RancherNode.JSON will deploy an Ubuntu VM with Docker and the latest version of Rancher (https://hub.docker.com/r/rancher/rancher) from Docker Hub. ARM Template #2 named RancherHost.JSON will deploy an Ubuntu VM with Docker to be used as a Kubernetes host in Rancher.

Node Deployment

Deploy the RancherNode.JSON ARM template to your Azure subscription through “Template Deployment” or other deployment method. You will be prompted for the following info shown in the screenshot:

Host Deployment

Deploy the RancherHost.JSON ARM template to your Azure subscription through “Template Deployment” or other deployment method. Note that that should deploy this into the same Resource Group that you deployed the Rancher Node ARM template into. You will be prompted for the following info shown in the screenshot:

After the Rancher Node and Rancher Host ARM templates are deployed you should see the following resources in the new Resource Group:

NameType
RancherVNet Virtual network
RancherHost Virtual machine
RancherNode Virtual machine
RancherHostPublicIP Public IP address
RancherNodePublicIP Public IP address
RancherHostNic Network interface
RancherNodeNic Network interface
RancherHost_OSDisk Disk
RancherNode_OSDisk Disk

Next navigate the Rancher portal in the web browser. The URL is the DNS name of the Rancher Node VM. You can find the DNS name by clicking on the Rancher Node VM in the Azure portal on the overview page. Here is an example of the URL:

https://ranchernode.centralus.cloudapp.azure.com

The Rancher portal will prompt you to set a password. This is shown in the following screenshot.

After setting the password the Rancher portal will prompt you for the correct Rancher Server URL. This will automatically be the Rancher Node VM DNS name. Click Save URL.

You will then be logged into the Rancher portal. You will see the cluster page. From here you will want to add a cluster. Doing this is how you add a new Kubernetes cluster to Rancher. In this post I will show you how to add a cluster to the Rancher Host VM. When it’s all said and done Rancher will have successfully deployed Kubernetes to the Rancher Host VM. Note that you could add a managed Kubernetes such as AKS but we won’t do that in this blog. I will save that for a future blog post!

Click on Add Cluster

Under “From my own existing nodes” Click on custom, give the cluster a name and click Next.

Next check all the boxes for the Node Options since all the roles will be on a single Kubernetes cluster. Copy the code shown at the bottom of the page, click done and run the code on the Rancher Host.

In order to run the code on the Rancher Host you need to SSH in and run it from there. To do this follow these steps:

  1. In the Azure Portal, from within the resource group click on the Rancher Host VM.
  2. On the Overview page click on Connect.
  3. Copy “ssh ranchuser@rancherhost.centralus.cloudapp.azure.com” from the Connect to virtual machine pop up screen.
  4. Open a terminal in either Azure cloud shell or with something like a terminal via VS Code and past the “ssh ranchuser@rancherhost.centralus.cloudapp.azure.com” in.

Running the code will look like this:

When done you can run Docker PS to see that the Rancher agent containers are running.

In the Rancher portal under clusters you will see the Rancher host being provisioned

The status will change as Kubernetes is deployed.

Once it’s done provisioning you will see your Kubernetes cluster as Active.

From here you can see a bunch of info about your new Kubernetes cluster. Also notice that you could even launch Kubectl right from hereand start running commands! Take some time to click around to see all the familiar stuff you are used to working with in Kubernetes. This is pretty cool and simplifies the management experience for Kubernetes. 

If you want to add more nodes or need the configuration code again just click the ellipsis button and edit.

In Edit Cluster you can change the cluster name, get and change settings and copy the code to add more VMs to the cluster.

That’s the end of this post. Thanks for reading. Check back for more Azure, Kubernetes, and Rancher blog posts.

Read More

Require Many Tags on Resource Groups via Azure Policy

Azure Policy can be used to enforce rules and effects on resources in your Azure subscriptions. It is a part of the Azure Governance and management toolbox native to Azure. I actually wrote a blog post all about Azure Policy here as a part of my native cloud management in azure blog series.

In this blog post I want to dig into Requiring Tags on Resource Groups via Azure Policy. There is a sample policy ARM Template to accomplish this here:

https://docs.microsoft.com/en-us/azure/governance/policy/samples/enforce-tag-on-resource-groups . What is not clear with the this policy template is how to add an enforce additional tags within the single ARM Template. This is important as you don’t want to have multiple templates to enforce multiple tags.

Well its actually pretty straight forward. You need to add the additional tags as Rules and Parameters. For example:

{
"not": {
"field": "[concat('tags[',parameters('Environment'), ']')]",
"exists": "true"
}
},

and

"Environment": {
"type": "String",
"metadata": {
"description": "Provides information on what the resource group is used for (useful for maintenance, policy enforcement, chargeback, etc.) Tag value: Dev, QA, Stage, Test, Prod. Example: Prod"
}
},

Be sure you add a parameter for every rule. Also in the example I gave I removed the “equals”: “[parameters(‘tagValue’)]” from the rules because I did not want to populate the tag value. I simply needed to require the tag and leave the value open for the person creating the resource to fill in. Here is the full example Policy ARM Template here:

{
  "mode": "all",
  "policyRule": {
    "if": {
      "allOf": [
        {
          "field": "type",
          "equals": "Microsoft.Resources/subscriptions/resourceGroups"
        },
        {
          "not": {
            "field": "[concat('tags[',parameters('BillTo'), ']')]",
            "exists": "true"
          }
        },
        {
            "not": {
              "field": "[concat('tags[',parameters('Functional Area'), ']')]",
              "exists": "true"
            }
          },
          {
            "not": {
              "field": "[concat('tags[',parameters('Environment'), ']')]",
              "exists": "true"
            }
          },
          {
            "not": {
              "field": "[concat('tags[',parameters('AppOwner'), ']')]",
              "exists": "true"
            }
          }
      ]
    },
    "then": {
      "effect": "deny"
    }
  },
  "parameters": {
    "BillTo": {
      "type": "String",
      "metadata": {
        "description": "Provides a charge code or cost center to attribute the bill for the resources too. Tag value: Cost Center. Example: team@domain.com"
      }
    },
    "Functional Area": {
        "type": "String",
        "metadata": {
          "description": "Provides information on department or team is responsible for administering/supporting the application. Tag value: Team name/email. Example: 1506548"
        }
      },
      "Environment": {
        "type": "String",
        "metadata": {
          "description": "Provides information on what the resource group is used for (useful for maintenance, policy enforcement, chargeback, etc.) Tag value: Dev, QA, Stage, Test, Prod. Example: Prod"
        }
      },
      "AppOwner": {
        "type": "String",
        "metadata": {
          "description": "The Business app owner to contact. Tag value: Business App owners’ email. Example: name@domain.com"
        }
      }
  }
}

After you create the Policy definition using the ARM template it will look like this:

When you assign the policy you will need to complete the parameters:

The next time someone deploys a resource group without the required tags in the subscription this policy is assigned to it will fail.

Thanks for reading!

Read More

Where to host Docker Containers on Azure (AKS, ASE, or ASF)?

Azure Kubernetes Service (AKS) service Azure App Service Environment (ASE) Azure Service Fabric (ASF) Comparison

Scenario:

So, your team recently has been tasked with developing a new application and running it. The team made the decision to take a microservices based approach to the application. Your team also has decided to utilize Docker containers and Azure as a cloud platform. Great, now it’s time to move forward right? Not so fast. There is no question that Docker containers will be used, but what is in question is where you will run the containers. In Azure containers can run on Azure’s managed Kubernetes (AKS) service, an App Service Plan on Azure App Service Environment (ASE), or Azure Service Fabric (ASF). Let’s look at each one of these Azure services including an overview, pro’s, cons, and pricing.

This Azure Kubernetes Service (AKS) Pros and Cons chart is clickable.
This Azure App Service Environment (ASE) Pros and Cons chart is clickable.
This Azure Service Fabric (ASF) Pros and Cons chart is clickable.

Conclusion:

Choose Azure Kubernetes Service if you need more control, want to avoid vendor lock-in (can run on Azure, AWS, GCP, on-prem), need features of a full orchestration system, flexibility of auto scale configurations, need deeper monitoring, flexibility with networking, public IP’s, DNS, SSL, need a rich ecosystem of addons, will have many multi-container deployments, and plan to run a large number of containers. Also, this is a low cost.

Choose Azure App Service Environment if don’t need as much control, want a dedicated SLA, don’t need deep monitoring or control of the underlying server infrastructure, want to leverage features such as deployment slots, green/blue deployments, will have simple and a low number of multi-container deployments via Docker compose, and plan to run a smaller number of containers. Regarding cost, running a containerized application in an App Service Plan in ASE tends to be more expensive compared to running in AKS or Service Fabric. The higher cost of running containers on ASE is because with an App Service Plan on ASE, you are paying costs for a combination of resources and the managed service. With AKS and ASF you are only paying for the resources used.

Choose Service Fabric if you want a full micros services platform, need flexibility now or in the future to run in cloud and or on-premises, will run native code in addition to containers, want automatic load balancing, low cost.

A huge thanks to my colleague Sunny Singh (@sunnys101) for giving his input and reviewing this post. Thanks for reading and check back for more Azure and container contents soon.

Read More