From SysAdmin to Platform Engineer with Steve Buchanan on RunAsRadio

I was recently a guest on the RunAsRadio podcast. This was the second time being on the show. The last time was 4 years ago. You can catch the old episode here: Terraform vs Bicep/ARM with Steve Buchanan.

This new episode is #924 and is titled: “From SysAdmin to Platform Engineer with Steve Buchanan“. On this new episode we talked about Platform Engineering and a bunch of other stuff.

Here is the description from the episode:

Aren’t we all platform engineers? Steve Buchanan says yes!

But there’s more to it. Steve talks about the mindset of looking beyond individual products that we might have skills with and owning the entire problem of providing platforms for your organization to get work done.

The conversation dives into the many products that can help our applications function better and the challenge of making them secure and fast. Are containers the solution? Possibly!

It’s your platform; focus on the fundamentals and go further!

I had a great time chatting with Richard and we didn’t even mention AI until 40 minutes in. haha

You can check out the episode here:

https://runasradio.com/Shows/Show/924

or here:

Read more

Speaking at MMS 2023

MMS is back for 2023 and it’s back in Minnesota! Here is the main MMS website:

https://mmsmoa.com

I am honored to be speaking again at MMS. I will be on a panel and co-present 2 sessions. You can check out all of my sessions here:

https://mms2023atmoa.sched.com/speaker/buchatech

I will be speaking on:

Azure Arc: Deliver Proven Governance, Security, and Monitoring at Virtually No Cost!” with a good friend John Joyner!

Securing Your Hybrid and Multi-Cloud Servers Using Azure Arc” with another good friend Kristopher Turner!

I will also be part of the “Ask the Experts: Everything You Want to Know About Azure Arc” panel with a bunch of rockstars.


If you are at MMS 2023 be sure to check out my sessions: https://mms2023atmoa.sched.com/speaker/buchatech

Read more

Watch Learn Live Episode 7 – Introduction to Azure Arc enabled Kubernetes

Today Pierre Roman (@wiredcanuck) Senior Cloud Advocate of Microsoft & myself (@buchatech) streamed “Introduction to Azure Arc enabled Kubernetes” on Learn Live. Here is what we covered in this session:

In this session, showed you how Azure Arc enabled Kubernetes clusters can help customers like Contoso to optimize and simplify their operations. Here are the Learning objectives we covered:

  • Describe Kubernetes, Azure Arc, and Azure Arc-enabled Kubernetes.
  • Connect Kubernetes clusters to Azure Arc.
  • Manage Azure Arc enabled Kubernetes clusters by using GitOps.
  • Integrate Azure Arc enabled Kubernetes cluster with Azure services like Azure Monitor and Azure Policy.

If you missed it don’t worry. 🙂 You can watch the playback on the Microsoft Developer YouTube channel here:

You can check out more Learn Live episodes on the:

Or

Read more

Pre-Order: Azure Arc-Enabled Kubernetes and Servers Book

I am excited to announce my 8th book is complete and is available for pre-order. I am even more excited that long-time friend and fellow Microsoft MVP John Joyner joined me on the journey of writing this book. John is one of the few people I have looked up to when coming into the MVP program. He also was like an OG showing me the ropes of being an MVP. This is John’s latest book since his last 8 years ago! Thanks again John for saying yes to being a part of this!

Microsoft Ignite 2016 with Fellow MVP’s Sam Erskine, and John Joyner.

In this book, we also had the honor of having the forward written by Thomas Maurer a former MVP and now Microsoft Azure Evangelist. This book was reviewed by fellow Microsoft MVP Adnan Hendricks and a chapter contributed by a buddy of mine Fred Limmer.

This book covers an exciting technology from Microsoft exploring Azure Arc-Enabled Kubernetes and Servers. This book is for DevOps professionals, system administrators, security professionals, cloud admins, and IT professionals that are responsible for servers or Kubernetes clusters both on-premises and in the cloud. This book covers:

  • Introduces the basics of hybrid, multi-cloud, and edge computing and how Azure Arc fits into that IT strategy
  • Teaches the fundamentals of Azure Resource Manager, setting the reader up with the knowledge needed on the technology that underpins Azure Arc
  • Offers insights into Azure native management tooling for managing on-premises servers and extending to other clouds
  • Details an end-to-end hybrid server monitoring scenario leveraging Azure Monitor and/or Azure Sentinel that is seamlessly delivered by Azure Arc
  • Defines a blueprint to achieve regulatory compliance with industry standards using Azure Arc, delivering Azure Policy from Azure Defender for Servers
  • Explores how Git and GitHub integrate with Azure Arc; delves into how GitOps is used with Azure Arc
  • Empowers your DevOps teams to perform tasks that typically fall under IT operations
  • Dives into how to best use Azure CLI with Azure Arc

You can pre-order the book and watch for its official release here:

https://www.amazon.com/gp/product/1484277678

Read more

Speaking at Omaha Azure User Group

Today I will be speaking at the Omaha Azure User Group. I will be speaking on Azure Arc enabled Kubernetes and GitOps.

I am really looking forward to this user group meeting! I will be speaking on & showing real-time the power of using Microsoft Azure Arc enabled Kubernetes and GitOps, deploying a Container app to a Google Kubernetes Engine (GKE) cluster on the Google Cloud Platform (GCP). More info on my session:

Session title: Push Code, Not Containers with Azure Arc enabled Kubernetes and GitOps

Session details: Use Azure Arc enabled Kubernetes to manage Kubernetes clusters across Google Cloud Platform and Azure without running a single Kubectl command! In this session, Steve Buchanan will take you into the world of GitOps. He will show you how to deploy applications and configuration to GKE clusters and AKS clusters from a GitHub repository. Explore how we can use this new operating model for Kubernetes and cloud-native apps to declaratively describe and ensure the state of our applications and Kubernetes environments.

Register here:

https://www.meetup.com/Omaha-Azure-User-Group/events/275898750/

Read more

SAP on Azure Course on Pluralsight

I am happy to announce that my latest Pluralsight course has been published. I am extra proud of this one because it is a first on the Pluralsight platform! The course is “SAP on Azure: The Big Picture“. This is the first SAP on Azure course to land on Pluralsight.

SAP is the #1 business software in the world. SAP is used by so many companies around the world. SAP projects are some of the largest projects in IT. SAP has a huge push for customers to move to its latest version SAP’s ERP solution S/4HANA by 2025. Even though you can buy extended support for current versions there is still a preference for customers to move to the new version. With this push to move most businesses and CIO’s view this as a chance to also move to hosting SAP in the cloud.

There is a shortage of IT professionals that know SAP and know cloud such as Azure. Having SAP skills can be a game changer for anyone’s IT career. Combine SAP and Azure skills and watch your career accelerate even further.

Both Azure and SAP skills can be hard to gain without someone taking a chance placing you on one of these projects. It is not easy to break into the world of SAP and part of that reason is a lack of starter courses.

I have held various roles on several SAP on Azure projects gaining key skills in this area. My goal with this course was to bring forward a starting point for those looking to get some training and break into this area.

This course will teach you a fundamental understanding of SAP, the various cloud hosting options, and core knowledge for hosting SAP on Azure.

This course is packed with 1 hour and 29 minutes of info for those wanting to get started with running SAP on Azure.

If one of these sound familiar:

-You have skills with Azure and want to learn more about SAP

-You have skills with SAP and want to learn more about Azure

-You want to get started with both Azure and SAP

-You want to pursue the AZ-120: Planning and Administering Microsoft Azure for SAP Workloads exam

Well this course is for you!

In this course, SAP on Azure: The Big Picture, you’ll learn to what it takes to host SAP on Azure. First, you’ll explore the different SAP cloud hosting options.

Next, you’ll discover why Azure is a good fit for SAP and gain an understanding of the Microsoft and SAP partnership.

Finally, you’ll learn how to learn about the different SAP components, get SAP on Azure architectural guidance, and learn the about the differences between SAP on Azure migrations compared to greenfield deployments.

When you’re finished with this course, you’ll have core skills and knowledge of hosting SAP on Azure needed to be an asset on SAP on Azure projects.

Check out the course here:

https://app.pluralsight.com/library/courses/sap-azure-big-picture

I hope you find value in this new SAP on Azure course. This new course brings me to a total of 6 courses now published on the Pluralsight platform. Be sure to follow my profile on Pluralsight so you will be notified as I release new courses! I will be releasing more courses soon!

Here is the link to my Pluralsight profile to follow me: https://app.pluralsight.com/profile/author/steve-buchanan

Read more

Inside Azure Management Sessions now on YouTube

I recently presented at the Inside Azure management event. This event was packed full of Microsoft MVP’s and community experts from around the world. The focus on the event was around Azure Management based topics with some Kubernetes, AI, and DevOps topics sprinkled in.

My session was “Azure Policy Insights & Multi-Tag demo via Azure Policy” Here is what it covered: “Azure Policy is a great tool when it comes to auditing and ensuring your cloud governance is met. In this session 9 time Microsoft Azure MVP Steve Buchanan is going to take you on a full-speed ride on the ins and outs of Azure Policy and land you with a recipe for handling a multi-tagging strategy with Azure Policy. Some of the key topics you will learn from this session include:

  • Overview of Azure Policy
  • Azure Policy Configuration best practices to meet compliance (NIST, PCI, ISO, HIPPA)
  • Securing Azure services: AKS / Networking / SQL / App Service
  • Azure Policy vs RBAC
  • Overview of Azure Policy Guest Configuration
  • Tagging and more

The event has passed and if you didn’t make it no worries! All of the sessions have been recorded and uploaded to the Inside Azure management YouTube channel to be watched at your leisure. Here is the link to the YouTube channel where you can watch all the sessions:

https://bit.ly/azurevideos

The event coordinators have also set up some Youtube playlists to make it easier to find videos on the topics that pertain to you. They broke these out in the following categories: Azure Management, Artificial Intelligence in Azure, Cloud Governance, Cybersecurity, and DevOps.

You can watch my session right here:

Also here is the direct link to the video of my session on YouTube: https://youtu.be/EfAiITcExK0

Thanks for checking out my session and others from this event. Stay tuned to my blog for info on where I will be speaking next!

Read more

Tech Reviewer – Free Azure Strategy and Implementation Guide, Third Edition

Towards the end of 2019, I had the opportunity to be the sole Tech Reviewer on an Azure Azure Strategy and Implementation Guide. This is the third edition of this guide so it has really current Azure information. It was authored by former MVP and now Microsoft trainer Peter De Tender (@pdtit) and others.

This guide gives a step by step introduction to using Azure for your cloud infrastructure. The guide also covers an overview of Azure benefits and best practices for planning your migration, assistance with cloud architecture and design choices, and insight on how to manage and optimize your new cloud environment.

The best part is that this guide is free! Get your copy here:

https://azure.microsoft.com/en-us/resources/azure-strategy-and-implementation-guide-third-edition

Read more

Master Azure with VS Code

At Experts Live Europe 2019 I presented a session titled “Master Azure with VS Code”. This was a fun session with an engaging audience that took to twitter after the session. There was some chatter asking this session was recorded. It was not. I did note that I planned to write a blog post on this topic.

Here is that blog post and it is the first one of 2020 for me! In this post, we are going to dive into how VS code is helpful when working with Azure and many extensions I find useful when working with Azure. This post is not set to be an end-all to using VS Code with Azure but from my experience. Use this post as a starting point or a reference for expanding your use of VS Code with Azure. Also, check out the many other community experts and Microsoft MVPs for their additional knowledge plus tips and tricks on this topic.

VS Code Overview

First off if you are not using VS Code stop reading this right now, go download it and install it then come back to finish reading. 🙂 VS Code is a must-have in your toolbox and it is free! For those that are new to VS Code, it is an open-source – code editor developed by Microsoft that runs on Windows, Linux, and macOS. Here is a shortlist of the many benefits of VS Code:

  • Has support for hundreds of languages.
  • Has Integrated Terminal.
  • Also powerful developer tool with functionality, like IntelliSense code completion and debugging.
  • Includes syntax highlighting, bracket-matching, auto-indentation, box-selection, snippets, and more.
  • Integrates with build and scripting tools to perform common tasks making everyday workflows faster.
  • Has support for Git to work with source control.
  • Large Extension Marketplace of third-party extensions.

Note that yes, VS Code is for the “IT Pro”. Not just developers.

Azure Extensions in VS Code

VS Code has a ton of extensions in general. There are a number of Azure specific extensions and you can work with Azure directly from VS Code.

If you go to the VS Code Marketplace here: https://marketplace.visualstudio.com/vscode and search on Azure you will see results for many published by Microsoft and many community based extensions for Azure. As of the time of writing this blog post, there are 93. Here is a screenshot showing some of the results:

You can also go directly to the Azure Tools extension from Microsoft here: 

https://marketplace.visualstudio.com/itemdetails?itemName=ms-vscode.vscode-node-azure-pack

Or the

Azure Extensions from Microsoft here:

https://code.visualstudio.com/docs/azure/extensions

In the rest of this post, I am going to share some key extensions I use with Azure. I will post the marketplace links at the end of each extension I talk about and if it is maintained by community or Microsoft.

Deploy to Azure using VS Code

It is important to note that not all of the Azure extensions available in VS Code can be used to deploy to Azure. Some can but most can’t here is a list of the services that you can deploy to from extensions in VS Code.

Azure Service Description
Azure Functions Build and manage Azure Functions serverless apps directly in VS Code with the Azure Functions extension.
App Service Manage Azure resources directly in VS Code with the Azure App Service extension.
Docker Deploy your website using a Docker container.
Azure CLI Create, deploy, and update a website using a terminal and the Azure CLI.
Static website Create, deploy, and update a static website on Azure Storage.

NOTE: This list is current at the time of writing this blog post. This will change over time.

Azure Cloud Shell in VS Code

Cloud Shell is something you should be using with Azure to make your life easier. It is an interactive command-line shell. You are authenticated to your Azure account when you launch it, It typically runs in the browser and is used for managing Azure resources. When you launch it you can choose the shell experience that best for you, either Bash or PowerShell. With VS Code you can launch Cloud Shell directly in VS Code!

Cloud Shell is a part of the Azure Account extension. Here are some key points on using Cloud Shell with VS Code:

  • Free (storage consumed has costs.)
  • Launch Azure Cloud Shell directly in VS Code.
  • Launch Bash, PowerShell, or Upload.
  • Works in the Integrated Terminal.

Azure and open-source Tooling in Cloud Shell:

Azure Tools:
blobxfer Azure CLI and Azure classic CLI Azure Functions CLI AzCopy Service Fabric CLI Batch Shipyard  
Open-Source:
Bash Terraform Packer Ansible Chef InSpec Puppet Bolt Docker Kubectl Helm DC/OS CLI iPython Client Cloud Foundry CLI

PowerShell Modules in Cloud Shell

You get the following PowerShell modules in Cloud Shell:
Azure Modules (Az.Accounts, Az.Compute, Az.Network, Az.Resources, Az.Storage)
Azure AD Management (Preview)
Exchange Online (In development)
MicrosoftPowerBIMgmt
SqlServer

Marketplace Link:

Azure Account: https://marketplace

Maintained By Microsoft

Read more

Walk-through: use Azure Policy modify effect to require tags

In my day to day I do cloud foundations work helping companies with their Azure governance and management. On projects we will develop a tagging strategy. A tagging strategy is only good if it is actually used.  One way to ensure that tags are used is by using Azure Policy to require tags on resource groups or resources.

In the past I have used the deny effect in an Azure Policy to require tags upon resource creation. I basically use the template as previously blogged about here: https://www.buchatech.com/2019/03/requiring-many-tags-on-resource-groups-via-azure-policy. This policy works but can be a problem because the error that is given when denied during deployment is not clear about what tags are required. Also, folks think it is a pain and slows down the provisioning process.

I set out to require tags using a different method. The idea was to use the effect append vs deny so that resources without the proper tags would be flagged as non-compliant and the policy would add the required tags with generic values. Someone from the cloud team could then go put in the proper values for the tags bringing the resources into compliance. Th end result was that the effect append does work remediating with a single tag but falls down when trying to remediate using multiple tags.

I discovered that this behavior was intended and that the append effect only supports one remediation action (i.e. one tag). On 9-20-19 Microsoft updated the modify effect so that Modify can handle multiple ‘operations’ – where each operation specifies what needs to be remediated.

Now let’s walk through using the modify effect in an Azure Policy to add multiple tags on a resource group.

You will need to start off by coding your Azure Policy definition template. There are three important parts you need to ensure you have in template. You need to have modify effect for the proper effect, roleDefinitionIds as this is the role that will be used by the managed identity set as contributor, and operations to tell Azure policy what to do when remediation out of compliance resources.

"effect": "modify",

and

"roleDefinitionIds": [
            "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"

and

 "operations": [
            {
            "operation": "addOrReplace",

Here is a screenshot of the template.

You can get the full Azure Policy definition ARM Template on my GitHub here:

Required Tags Azure Policy Modify Effect.json

Add the ARM template as a new policy definition in the Azure portal.

See the following screenshot to complete your Azure policy definition.

Click for larger image

You will then see your new Azure policy definition.

Next, you need to assign the Azure policy definition. To do this click on Assignments.

See the following screenshot to complete your Azure policy assignment.

Click for larger image

Note that this policy assignment will create a managed identity so that the policy has the ability to edit tags on existing resources.

The assignment will now be created but the evaluation has not happened so the compliance state will be set to not started as shown in the following screenshot.

Read more