Are you planning to migrate your IT environment from on-prem to the Microsoft Azure cloud? Or maybe you've already started, found it challenging, and need tools to help you along?
We understand that the journey from on-prem to the cloud is no cakewalk. Fortunately, we’ve done this a few times and want to share our expertise with you. We’ll introduce two key concepts: Cloud Governance and DevOps. These tools and processes will help you overcome your challenges and help you prepare for the complex journey ahead.
What are Cloud Governance and Dev Ops and how will they help your organization succeed?
Check out the presentation and watch the full webinar led by Microsoft-certified MVPs and cloud migration experts! http://bit.ly/35qvoPk
2. If you will get disconnected
o Refresh your browser
o Try different browser
o Write in the chat
Questions? – post them in chat window
At the end we will do Q&A session
In unlikelycase of emergency when webinarwill stop
– PLEASE WAIT – be sure we work on it
3. Tomasz Onyszko Daniel Krzyczkowski
CTO, Technical Fellow Principal Software Engineer, Technical Fellow
Twitter: @tonyszko
E-mail: tomasz.onyszko@predica.pl
LinkedIn: https://www.linkedin.com/in/tomaszonyszko/
Twitter: @dkrzyczkowski
E-mail: dkrzyczkowski@predica.pl
LinkedIn: https://www.linkedin.com/in/daniel-krzyczkowski
4. Our mission is to accelerate transition to self-managed
organizations
Microsoft technology consulting and delivery
215+ FTE English-speaking skilled consultants, MVPs and
former Microsoft Services employees
Offices in 6 physical locations
Projects in 23 countries on 4 continents
We value reliability and making things happen
5. Why bother?
Cloud adoption within organization
o Change in IT approach and people skillset
o Migrations and new types of workloads build for cloud
Multiple teams work independently across organization
o Rise in number of resources to manage
o Cost control and allocation
Challenges?!?
o Ensure control and consistency
o Do not slow down adoption and benefits from cloud
6. What is and why you should adopt Cloud Governance
Framework and DevOps within your organization.
Must-have Tools For Your Journey Into the Azure Cloud
o Tools and use cases to apply IMMIDIATELY after this
webinar
Case study – Cloud Governance and DevOps in large
organization
o How to start!
o Additional resources
Main topics for today!
8. Business People Technology
• Organization objectivesfor your cloud
deployment and governancemodel
• Building rightskills and awareness of
the cloud technology and deployment
• Cross-disciplineteams
• Technical measures to cover required
business objectives within cloud
deployment
9. Performance
• How your cloud
adoption will
translateto
performancein terms
of your business
goals
• Optimization and
controlof costs
related to cloud
operations
• How to keep your
data and
infrastructuresafe
and secure
Business objectives
Cost optimizationCompliance
Risk
management
• How to meet
requirements for your
compliance
regulations (be it
internal or external)
• What is your risk
model and what risks
are you trying to
mitigate with your
cloud deployment?
Security
10.
11. Organizational structure
Resource management
Network controls
Privacy and security policy
Data retention policy
Customer data
Cost control
Cloud
Adoption
Framework
Cloud
Governance
DevOps
Process Tools+
Environment Framework Implementation
13. What is DevOps?
DevOps is the combination of cultural philosophies, practices, and tools that increases an organization’s ability to deliver IT
solutions and services fast and efficiently.
14. Culture is fundamental
Collaboration is one of the most important pillars of DevOps. Team interaction and collective input are absolutely crucial when
working towards a desired common goal.
The DevOps culture promotes traits like:
• Ownership
• Persistence
• Transparency
• Open communication
• Agility
15. Practices
DevOps also is often described as a set of practices to follow to achieve a planned end-state in the shortest time possible.
Here are just a few of DevOps best practices:
• Application development teams use version control
• Stakeholders actively participate in the development process
• Deployment patterns for building applications and services are reusable
• Automated testing
• Source code is available for other teams.
16. Tools
Adhering to best practices is much easier with the right tools.
With the right tools it is possible to:
• Support teams to plan work
• Collaborate on code development
• Build and deploy applications fast and efficiently.
17. Why organizations should adopt DevOps?
DevOps accelerates the company technical capabilities by affecting the following metrics:
• Shorter time to market (improved deployment/release frequency)
• Lower failure rate
• Shorter lead time between fixes
• Shorter mean time to recovery.
19. Management
Group
• Define
organizational
hierarchy
• Deploy and update
cloud environments in
a repeatable manner
using composable
artifacts
• Monitor cloud
spend and
optimize resources
Governance toolkit for the Azure cloud
BlueprintsPolicy Resource Graph
• Real-time
enforcement,
compliance
assessmentand
remediation
• Query, explore&
analyzecloud
resources atscale
Cost
Management
Hierarchy Control Environment Visibility Consumption
20. Azure Governance Architecture
1. Environment factory
Deploy and update cloud
environments in a repeatable
manner using composable
artifacts
2. Policy-based control
Real-time enforcement,
compliance assessmentand
remediation at scale
3. Resource visibility
Query, explore& analyze
cloud resources atscale
Providing control over the cloud environment
Resource
Provider
NetworkVirtual Machine Storage
Azure Portal CLI 3rd party
CRUD
Azure Resource Manager (ARM)
Policy Engine
Azure
Resource
Graph
Query
Role-based
Access
Policy
Definitions
ARM
Templates
Subscriptions
Azure
Blueprints
Management Groups
21. Subscription
management
Where subscriptions are created?
Who manages subscriptions?
How subscriptions are organized?
How subscription is created?
o What are types of subscriptions (and requirements for
such)?
o What is the process (ITSM)?
o What is the blueprint of subscription?
o Naming convention
How subscription costs are allocated?
22. Simplify subscription
management
Fit your
organization
Apply controls at
scale
• Group subscriptions into
logical groups
• Inheritproperties that apply to all
subscriptions
• View aggregated information above
the subscription level
• Create a flexible hierarchy that can be
updated quickly
• Mirror the hierarchy to the
organizationalmodel that works for
you
• Scale up or down depending on the
organizationalneeds
• LeverageAzureResourceManager
(ARM) objects that integrate with
other Azureservices
• Azureservices:
o AzurePolicy
o RBAC
o AzureCostManagement
o AzureBlueprints
o AzureSecurity Center
Azure Management Groups
Governance controls and manage groups of Azure subscriptions
23. Org Management Group
App A
Pre-Prod
App B
Pre-Prod
Shared services
(Pre-Prod)
App C
Pre-Prod
App A
Prod
App B
Prod
Shared services
(Prod)
App D
Prod
Prod RBAC + Policy Pre-Prod RBAC + Policy
24. Enforcement&
compliance
Apply policies at
scale
Remediate &
automate
• Turn on built-in policies or build
customones for all resourcetypes
• Real-time policy evaluation
and enforcement
• Periodic & on-demand compliance
evaluation
• VM In-GuestPolicy
• Apply policies to a Management Group
with controlacross your
entire organization
• Apply multiple policies and &
aggregatepolicy states with
policy initiatives
• Exclusion Scope
• Remediate existing resources atscale
• Automatic remediation resources at
deployment time
• Trigger alerts when a resourceis out of
compliance
Azure Policy
Control and governance for Azure resources
26. Streamline
environment
creation
Enable compliant
development
Lock foundational
resources
• Centralize environmentcreation
through templates
• Add resources, policies and role access
controls
• Track blueprint updates through
versioning
• Empower developers to create fully
governed environments through self-
service
• Create multiple dev-ready
environments and subscriptions froma
centralizelocation
• Leveragethe integration with Azure
Policy on the DevOps lifecycle
• Ensurefoundationalresources cannot
be changed by subscription owners
• Manage locks through a
centralizelocation
• Update locked resourcethrough
blueprint definition updates
Azure Blueprints
Quick, repeatable creation of fully governed environments
27. Azure Blueprints
Azure Blueprints
Subscription A
Subscription B
Subscription C
…
Role-based access controls
Policy Definitions
ARM Templates
Deploy and update cloud environments in a repeatable manner using composable artifacts
30. Azure DevOps Boards
Azure Boards enable planning, tracking and discussing work across the teams in the organization.
31. Azure DevOps Repos
Azure Repos is a set of tools that helps to manage source code. It enables developers to collaborate and review code.
„Application development teams use version control”
DevOps offers two version control systems:
• GIT
• TFVS (Team Foundation Version Control)
32. Azure DevOps Build and Release Pipelines
Continuous Integration and Delivery is also a part of DevOps best practices.
• It is possible to set up automatic builds for different types of applications (like web or mobile)
• During the build phase, there can be an additional verification — like a security scan
Once application packages are ready to be deployed to the environment (development, QA or production)
34. Large organization with existing on-prem and cloud
environment
o 50+ existing subscriptions
o Business critical workloads moved to the cloud
Challenge
o Control over cloud resources consistency
o Ensuring compliance and security control for resources
deployed / moved to the cloud
Customer case study
35. Cloud Governance Framework
o Rules and requirements from organization
o Design of policies, rules and delegations for entire
organization
Subscription design blueprint
o Consistent role delegation across all subscriptions
o Shared resources across all subscriptions
o Enforcement of traffic control rules
Step 1: Subscription governance
36. Azure subscriptions enrolled into Enterprise hierarchy
Delegation of controls over subscription creation
Clear guidelines and rules for subscription creation
o Type of subscription (Prod/Dev/Test)
o ITSM process
o Tags and information required
Tooling
o Azure Enterprise portal
o Azure RBAC
Account level management
37. Management group structure
o Split based on organization structure
Subscription types with different policies
o Production / Development
o Governed / Not governed
Tooling
o Azure Management Groups
o Azure Policies
Subscription management
38. Shared set of services across all subscriptions
o Delegated responsibilities for shared services
o Repeatable setup for base subscription resources
o Common roles used across all subscriptions
Control over network resources
o All network traffic must flow through shared services
subscription
o Resources owner can’t modify network traffic
configuration
Step 2: Resources design (hub-n-spoke)
Azure
Shared Services PROD 1
DEV 1
PRODUCT
39. Shared services subscription
o All network traffic routed through Shared Services
network
o Single point to connect with other networks (on-prem)
o All services required for workloads
o Centrally managed (delegation only for specific group
of administrators )
o RBAC delegation for specific resources – per resource
group
Shared Services (hub)
40. Subscription blueprint for workload specific subscription
o Pre-defined resource groups for shared elements
(network, backup, logging)
o Dedicated production workload resource group
o Pre-defined RBAC model to delegate access to specific
resources
Each workload subscription connects to Shared Services
subscription
Workload subscription (spoke)
41. Make it real!
• Shared Services subscription:
• Separate Resource Groups for each
service
• Dedicated RBACrole per Resource
Group (function)
• Fully automated deployment
42. Project backlog governed in Azure DevOps
o Documents with workshop outcome
o Defined tasks for infrastructure creation
Shared subscription deployment fully automated
o ARM templates
o Deployment pipeline
Blueprint for workload subscriptions provisioning
Step 3: Deployment
43. Cloud Governance
o Make key decisions for service implementation
o Maps requirement to technology choices
Resource deployment
o Automated deployment of Shared Services
o Subscription blueprint for workload specific resources
Tooling
o Azure Management Groups, Azure Policies, Azure
DevOps, Azure RBAC, ARM templates
Case study summary
Azure
Shared Services PROD 1
DEV 1
PRODUCT
44. Cloud Governance
What does it
cover?
Azure Toolkit
• Itis iterative process of aligning your
cloud operations with business
objectives
• Itis guidance how to build and deploy
resources aligned with organization
requirements
• Costmanagement
• Security baseline
• Identity baseline
• Resourceconsistency
• Deployments.
• Azureprovides entiretoolkit to cover
Cloud Governanceprocess from
technical point of view
• Apply Azuretools to speed up
deployments, controlcosts and ensure
resources complianceand risk
mitigation
Key takeaways!
45. DevOps
What does it
cover?
Azure DevOps
• Combination of culturalphilosophies,
practices, and tools that increases an
organization’s ability to deliver IT
solutions and services fastand
efficiently
• Culture at organization
• Practices
• Tools
• Tool that provides developers with
services to supportteams to plan
work, collaborateon code
development, and build and deploy
applications
Key takeaways!
46. DevOps adoption facts
Organizations around the world already invested in the DevOps and benefit from it, based on the worldwide 2018 State of DevOps
Report prepared by leading experts in this area.
Interesting fact is that organizations using DevOps as a practice are:
• 44 times more likely to use repeatable testing patterns – which saves time
• 44 times more likely to improve their tooling – which increases quality and efficiency
• 27 times more likely to use configuration management tools for standardizing deployments – which improves quality
• 24 times more likely to make monitoring and alerting configurable by teams – which helps build stable and predictable software
releases
47. Tomasz Onyszko
o Twitter: @tonyszko
o E-mail: tomasz.onyszko@predica.pl
Daniel Krzyczkowski
o Twitter: @dkrzyczkowski
o E-mail: Daniel.krzyczkowski@predica.pl
Q&A
48. Start with small steps – do not try to do it all at one time
Call to action