Hands-on with Azure Landing Zones (lesson)

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

well hey what's popping what's going on Tim Warner here wanted to give you a quick lesson on Azure Landing zones and I want to frame this wherever possible with the Azure open AI service I'll do my best to use Azure open AI as our representative example I'm trying to shoehorn it in because I'm such a proponent of the Microsoft co-pilot generative AI platform if you want to call it that so what is a landing Zone and why do you care well they're formally defined in a website there's three foundational websites that I'm going to share in the YouTube description and they go together like peanut butter and banana and that's a joke on Elvis Presley who's not too far away from me right now in Memphis Tennessee of course he's been long gone but he liked peanut butter and banana sandwiches just like me the Microsoft cloud adoption framework or calf for short is a collection of guidance and best practices now what does this mean best practices well first of all let me finish my definition then I'll come back to that that's a collection of proven practices that helps you in your Cloud adoption Journey so maybe you're a green field and you're doing a cloud first Cloud only that's always a fun experience you got maximum flexibility there but I find the 80% scenario and as you can see in the overview you're linked right on the cloud adoption framework home homepage to start looking at the scenarios to start downloading tools solution accelerators and ultimately I want to go to the get started page to actually show you how it's set up it's actually a little bit confusing in the dock set we've got the landing page then about the framework that's the specific article I wanted to show you because the calf is a life cycle that Microsoft presents again with the goal of helping you avoid the pitfalls that people who have gone before you have encountered in terms of their Cloud adoption just about every conceivable scenario you can imagine is encapsulated in these things lift and shift migrations into Azure cross Cloud multicloud migrations you've got app refactoring and rehosting and containerization there are so many possibilities Now The Proven practice guidance means that Microsoft in conjunction with its partner Network and volunteer customers and of course Microsoft has its own Army of Cloud solution Architects and other Specialists not to mention all the devs on the engineering teams throughout the Microsoft cloud everybody has Consolidated their best advice best practices I'm not a big fan of proven practices I like better cuz it's more definitive now I don't have the time or the scope to go through calf and a a great deal of detail but it's really a first stop it's your first home base when you're considering getting into Azure now what I want to go over in particular with Landing zones Landing zones are as you can see in these levels in their framework first you're defining your business justification your expected outcomes what are your actionable adoption plans ready is where you're actually starting to lay in your Landing zones migrate for those workloads innovate where if you've got monolithic web applications that you can see running say an Azure kubernetes service there's migration paths for similar Security Management governance and organization now you might think wow those are a lot of pillars do I have to implement all that guidance myself no and that is the magic if you want to call it that of the landing Zone and in the ready phase in the Microsoft cloud adoption framework for Azure this is where it's formed Al defining it so what does it say a landing Zone hosts the workloads that you plan to build in or migrate to the cloud and then it goes in with some more vocabulary it's differentiating platform Landing zones and application Landing zones basically your platform Landing zone are all of your Azure and Microsoft cloud and maybe even uh Management Solutions and other clouds are on premises but the platform Landing Zone defines in Azure what you're doing in terms of your identity and auditing and compliance and just the framing of your Solutions then you also have the concept of application or workload specific Landing zones now the metaphor is very simple think of you're on an island I mean I'm being a little bit creative in my definition here but imagine you're on an island you you took a a boat to get to this remote island and now a plane needs to come in and resupply you you're going to spend time preparing Ing and curating a landing Zone where that plane can safely come in similarly we have deployment templates or we will use deployment templates and they don't have to be bicep or even arm Json Microsoft supports hashy Corp terraform almost as well as it does its own stuff to Microsoft's Eternal and Lasting credit and so the the idea if I I keep recursing on it is that you want to measure twice and cut once and the bottom line is by embracing these Landing zones you don't have to adopt them in totto because there's plenty of them that that the community and again people like Jack Tracy or people that you want to follow on LinkedIn TR R A Cey that dude has forgotten more about Landing zones than I'll ever know and I can give you some other names as well but definitely Jack is one that you need to follow for this stuff now I want to again just hands on boots on the ground let me switch over to Vio there's a couple Landing Zone power well you can find l lots of Landing Zone solution accelerators and viso files I just downloaded a couple one you'll find it's also hosted at GitHub under the Azure organization is this Enterprise scale architecture and this is showing one of the representative Landing Zone topology diagrams and there's no question about it it's absolutely monstrous in fact this Enterprise scale architecture Vis file if you look at the bottom I know I don't have the contrast set really well on my color thing but there's actually an index page because it's so overwhelming where it to remind us that we can use these page selectors to look at different cases and basically just imagine you using either Hashi Corp terraform or ideally using bicep with modules to Define your your Landing Zone golden environments and uh not only once for your own organization but because these templates are giving you can adapt them and Port them especially if you are a solution provider and you have multiple customers or clients and so you can see here that if you've got an Enterprise enrollment you've got multiple subscriptions and one of the core principles that you'll find with these Landing Zone architectures they're called alz for short Azure Landing zone is that they really lean into the management Scopes provided in both Azure resource manager and to a degree Microsoft graph and that's the entra ID identity platform and in this topology you see we've got a link between on premisis ad domain services and entra so again what's wonderful about the landing zones is that Microsoft is really appearing to prioritize them and so the the work that's going in with Microsoft their Partners community and Beyond in developing these alz templates and these these loadouts is that Microsoft is prior izing them more on their side so we're seeing better at least I've been seeing better support for tenant level deployments management group we really can deploy to any scope now and that's important especially when we're rolling up several subscriptions into management groups and remember that the tenant route is the very tippy top of your Azure management hierarchy so we've got a subscription for management where we're doing automation we're doing our log analytics monitoring and alerting our Azure policy we've got a subscription to contain and constrain costs for our hybrid Cloud termination if we're doing aure DNS private resolver with private link which we most likely are we're encapsulating those in that subscription and then for different applications I've got another example let me switch my window oh or not looks like I can't get to it here we go another Vis file I grabbed this one is called Azure Landing Zone open all video I again I just got it from the calf or in the Azure architecture Center which we'll look at shortly this is an easier to understand example where you've got a landing Zone that's defining a a more straightforward hybrid Cloud where we've got a connectivity now again you don't have to do this you don't have to break all this out into subscriptions in a common question is look some of these alz uh deployments that Microsoft offers in gith are way too complicated I've got a very important power user tip on addressing that that I think you'll like a lot at least I hope so it has to do with generative AI in case you you can't stand the suspense so um this particular example as I mentioned I wanted to bring in Azure open AI service a nice pattern for securely consuming your gpts and your do in Azure open AI is to take advantage of the pr endpoint which means that we can communicate we will communicate not only with our models and deployments and Azure open AI service but also securely with any fine-tune data that we've got in Azure storage and we also can do private endpoints into the Azure AI Services the cognitive Services the Azure machine Learning Studio and on all that kind of stuff you see private endpoints very very big deal and again I want to hammer home that idea is that not only can we automate and templa all of this to suit our business case but we're also by using or at least starting our deployments from a landing Zone architecture we're bringing in an enormous amount of best and proven practices because the truth of the matter is the cloud adoption framework or calf is only one of the three Microsoft foundational Azure architecture sites that you need to always be on another one is the Azure well architected framework or wff as Microsoft people call it now once again this is a pillared collection of proven practices and you should know that this is Microsoft's Azure wff but the other big providers you may already know Amazon web services has a well architected framework as does Google Cloud now you should find them to be pretty similar really when you think about it but let's take a brief look here these are the pillars that Drive architectural Excellence now you should know that we're talking about workloads here calf is designing your overall strategy WF is where you get into workload by workload and see what's going on and again I'm going to keep repeating and I know I'm going to sound like a broken record but by using Landing zones you don't have to worry as much about M factoring in these pillars because these pillars in the W are critical I'm sure anybody would agree check it we've got reliability High availability Disaster Recovery while keeping it simple you'll find that these pillars often times uh they blend into each other a lot for example what is while keeping it simple means well if we look at Cost optimization we're optimizing our usage we're paying enough to get the services and the service level agreements and the benefits we need but we're not overpaying you see what I mean so this brings into all of the cost forecasting and modeling tools that you've got within Azure as well and also again that's going to drive your decisions on these other pillars security we're looking at data confidentiality integrity and avalability so for example in Azure container registry you can as long as you're at the right skew or stock keeping unit you can do digitally signed dock Docker images we've got storage service encryption server side encryption you've got the Azure app service domain certificate so you've got TL we have lots and lots of and whole bunches of data confidentiality integrity and availability options for us there but you'll find that Microsoft often times will not do the work for you remember the cloud responsibility model the shared responsibility model means that Azure provides you with the toolkit and a set of reasonable defaults but they're not going to make big decisions for you that's for you to do operational excellence refers to your degree of devops what are you doing with build Automation and release automation automatic testing how short are your feedback loops all of that kind of stuff stage deployments performance efficiency is handling load not actually going in and out of availability that's reliability but performance efficiency means can your customers have a solid can they expect a solid predictable performance level regardless of how many customers there are whether you're on a spike or a LW and once again these pillars come together because in designing a load balancing solution we're also keeping in mind these other pillars very much so cost optimization you see what I mean now right below the Microsoft Azure well architected framework we have a reference to the third and final of these critically important Azure architecture websites and that is the AAC or the Azure architecture center now this is actually a subpage in the Azure Arch tecture Center this is the landing page right here and very conveniently check this out you might just want to bookmark the AAC because as you can see at the very tippy top we've got a link to the well architected framework as well as the cloud adoption framework pretty nice now the center piece of the Azure architecture Center in my humble opinion are the reference architectures because what you have here is an opportunity to combine all of the best practices of the calf and the West and Landing zones potentially into a reference architecture that you can just use as reference or sometimes not always the people who created or submitted the architecture to the center will give you a link to GitHub let's see if we can find one of those now I don't have one canned I'm actually going to be searching live let's look for Azure open AI Service First 19 results what if I do open AI service reference reference is a good keyword to look for for reference architectures let's see if I can find one Implement logging and monitoring aure openai chat Baseline architecture in an Azure Landing zone now seriously I just discovered this live so if we click into that definition we can see we're in the Azure architecture Center under design architecture this is another way to browse it actually now again there's not a huge of standardization so you'll want to browse to see what's offered here they give you an architecture diagram and some workload resources and some detailed guidance for sure but what okay here we go look look for the Box tip the Azure openai chat Baseline reference implementation sweet that's what we need so we can click out to there now um some of the Azure or excuse me some of the GitHub orgs you'll want to take a look out for are azure Azure samples and so on this is azure Dash samples there's a lot out on GitHub actually regarding that but I'm just going to go ahead and grab the Clone URL on this guy and let me switch over to my editor vs code and I'm going to um do I actually want to clone this in not really to be honest with you well I'll tell you what I'm going to go in a little different direction because in VSS code I already have some Landing zones stuff already in here and here's a pro tip for you if you plan to use GitHub co-pilot and VSS code make sure that you've got your source code once you've you know you can rightclick and add folders and so on and then save your environment as a workspace which mine is that's going to give you much better use when you're using GitHub copile and that's actually what I wanted to do here is I'm starting I think to round out this brief lesson I didn't intend this lesson to be particularly long well it was targeted as an hour to be honest with you but we don't have any Q&A because I'm I don't yet have the um setup to go live on YouTube but anyway we're looking at a couple one is that Enterprise scale and the other I have called tenant deployments so what do I want to show you here let me take a look um when you are at GitHub finally and you get to one of these reference deployments sorry that I keep ping ponging back and forth it occurred to me that we were actually looking for an open AI example so let's actually stay here before we get into my editor so once you've reached what could be a workable candidate for your use as a landing Zone you want to take a look obviously and read the read me I mean let me tell you what I do I'm going to look who published it first of all this is from Microsoft it's a verified publisher number two I'm going to look at its activity you could either go to the activity graph and see how active is this repository how many contributors are there and frankly I I don't I don't say I'm judgey because I don't think I am but I will look for Hallmarks of a well tended repo there's a contributing there's there's quite a bit let's see we've got um website infrastructure is code docs you know it's laid out fine again we're going to read the read me but what you'll find is depending on who specifically creates The Landing Zone and where it actually lands in GitHub you you may find Json with bicep you might find only bicep and modules this one's using both uh Json bicep and modules uh that's probably the most common scenario because let's face it when we're in Azure using first party Solutions you're going to use bicep and we can take a look at a representative bicep file and again this is something I would evaluate is the quality of the bicep so this one is doing uh it's got a parameter or a variable set to do a default scope and again if you've used bicep it's meant to be an an abstraction it's a domain specific configuration language that abstracts the complexity and awkwardness of trying to use Json as a deployment language so um what did I mean when I said earlier I have some potential helps on this well let me frame it to you this way if I go back to viio do really want me to when you start looking at some of these reference even the ones that are supposedly more simple I mean I've worked for some of the biggest companies in the world so I know that and I also know there's a whole lot of businesses in the world that this is overkill for so check this out what you might want to do is load up your VSS code with one or more of these repos create a workspace so you've got a environment to come back to and also this the requirement and this is unfortunate is that my solution if you want to call it that relies on generative AI specifically GitHub co-pilot so if you don't know GitHub co-pilot is a GPT implementation a generative AI intelligent chatbot that's going to give you programming advice live as you work you can sign up at github.com and then once you've done that you'll need to in your editor install the appropriate extensions there's GitHub co-pilot and GitHub co-pilot chat you need them both and you will then be signed in to those extensions you can get that over here in your accounts rightclick in the activity bar make sure you've got accounts there it is okay good so I've signed into GitHub I've got GitHub co-pilot now here's what I suggest so you've loaded up one or more uh Azure zones maybe you're really being experimental and you've loaded way more than you you could use that's actually a good thing and I'm going to show you why I'm going to bring out my GitHub co-pilot chat and I'm going to throw in at at is is becoming the standard way to address uh gpts or generative AI models in general and I think it's appropriate given that that's how we reference humans and um any power virtual agent bots so anyway we can use the at workspace which is technically here this is my understanding and I always stand to be corrected if anybody's watching this who's from GitHub who knows anything about this please contact me will you at workspace is supposed to help you ask questions about the workspace object in vs code which happens to be my source code so I submit to you that we can say at workspace and say uh for example I don't need all these Landing zones can you give me a small one that or instead of give me sometimes the Lang well it's not sometimes always the language is the important thing when you're doing a generative AI prompt can you generate me some bicep that uses these principles but deploys only an ACR instance at the top skew with image signing enabled so I'm just asking vs or I'm asking GitHub co-pilot to look look at my workspace enumerate all of this way too much again there's quite a bit in here but it's overwhelming you want to start with the readme and take a look here there's links to topologies and flows and stuff if you're looking at a Microsoft curated Landing Zone library to their credit they do a pretty good job the best job they can trying to simplify complexity let's go back here to chat and see what it's doing now you don't have to use GitHub co-pilot for this you can just as well use something like chat GPT you know that's actually a pretty good idea let me go back to my edge browser and if we just go over to chat. open.com let me hide my chat so I don't embarrass myself and I'm here to tell you if you're using chat GPT at the paid tier we can send up a whole repo to it check this out where is that framework uhoh I'm trying to find where we were is it in my same session here yeah I guess it is so let me go back to our Baseline architecture this one here and I'm going to actually download a zip of this whole architecture so I've got it on my system you might find this impressive and that zip may be just a naked stock Landing zone or one that your teams have worked on a little bit to date it doesn't matter at all watch this when you're using a generative AI that has data analysis now Microsoft cop pilot I'm using the pro tier on it and I'm having better results in the office applications which I'm loving yesterday copilot in PowerPoint was able to give me some good teaching examples for custo query language now just as recently as a week ago it was giving me hot garbage whenever I asked it for anything that I needed frankly so in chat GPT I'm going to use the paper clip icon and I'm going to browse my file system let me switch that over to another monitor here and go into my downloads and I'm going to upload that whole dadgum archive and basically ask the same question that I gave GitHub co-pilot I don't need all this Landing Zone stuff can you give me one that involves one subscription one Resource Group and ACR instance configured for image signing and as oops it's not not Azure it's entra ID rback so I'm just going to dump my requirements long story short my tip is for you to consider uploading your work however rough it is sharing it with GitHub co-pilot sharing it with a generative AI model and not only asking for advice but ask it to do some work for you and again to wrap up with the importance of prompting anything you leave out in your prompt will be inferred by the AI and it's in a direction that I don't think I like it's assuming I want to use Azure CLI which is not what I want at all but I'm letting it Yak a little bit more well it looks like it just finished we could look at this final deployment script I mean let's take a look at it okay uh create a resource Group create an ACR now that's well and good where are the actual files yeah it's it's doing the actual ual deployment but in this response it doesn't seem to be referencing I'm going to say I want you to reference the zip I uploaded and use deployment bicep that pertains to ACR Etc sometimes you just have to be more specific don't give up if you do your best with a prompt and you get garbage back you may be on the right track it's just a question of fine-tuning on the fly in your turn-by-turn conversation so to fast forward for a minute I mean here it looks like it found one of the golden acrs it's probably more complicated than we need but we can absolutely work with GPT here and hone it and in fact what I would do is I'll feed it the names of the resources that I want it to create the the location the region the subscription name as long as you're on a paid tier and you have that data privacy guarantee from the vendor feed it in everything that way you can almost take the code it gives you and then use it almost in place I mean check this out and it's so easy too it's just a a thought away to get where you need to go you might decide that this is beautiful but we are a Powershell shop no problem check this out that's great it's great to give the AI feedback positive or negative because it will take that into consideration the next turn I'm going to say now please give me a single code listing of that same exact work but in Azure Powershell and again in my system message I'll want to remind it but I'm going to say now use the latest a modules you are aware of and hopefully the Gen can get out onto the internet to make sure that it is in fact using the latest of those modules you see but without any must f or greasy aftertaste as you can see we now have that very same operation in a more compact way even using Azure Powershell and we could make this a python script or whatever it is that we wanted to do great stuff all right well I don't want to go more than a half hour for this session so to wrap things up as neatly as I can we've got these three interrelated websites the cloud adoption framework for initial Cloud planning adoption guidance you've got the well architected framework or wff which I've got somewhere around here and the Azure architecture Center which among other things it has a lot more than just the reference architectures but it has a whole bunch of those architectures some of which you can gra you can grab from GitHub and then refine them with the help of generative AI as I suggest well fantastic my contact information I'll give it to you audibly best thing to do is find me on GitHub timw.in Lin that's the social that I'm standardized on now it's a direct pipeline so let's connect there all right I hope you enjoyed this training until next time thanks

Info

Channel: Tim Warner

Views: 1,619

Rating: undefined out of 5

Keywords: alz, azure architecture center, azure landing zones, bicep, cloud adoption framework, generative ai, microsoft azure, well architected framework

Id: ZRpauhTY1Ks

Channel Id: undefined

Length: 29min 45sec (1785 seconds)

Published: Thu Jun 20 2024