GitOps = IaC + MRs + CI/CD

The biggest benefit in using Git and infrastructure-as-code (IaC) is that you can now use continuous integration and deployment. With tools like GitHub actions, you can automatically deploy and/or update infrastructure code and automatically apply it to your cloud environment. Resources that have been added to the infrastructure code are created automatically and made ready for use.

The resources that were changed are updated in your cloud environment and resources that are removed from the infrastructure code are automatically spun down and deleted. This allows you to write code, commit it to your Git repository, and take full advantage of all the benefits of the DevOps process.

GitOps

GitOps uses a Git repository as the single source of truth for infrastructure definitions. Simply put, a Git repository is a “.git” folder in a project that tracks all changes made to files in a project. Infrastructure as code (IaC) is the practice of keeping all infrastructure configuration tracked and saved as code files. The actual desired state may or may not be stored as code, depending your approach and organizational policies.

MRs

GitOps uses merge requests as the change process for all infrastructure updates. The merge request (MR) is where teams can collaborate via reviews and comments. The MR could also have a formal approval for changes to take place. A merge commits to your “main” branch is a potential changelog for a later audit and/or troubleshooting when needed.

CI/CD

GitOps automates infrastructure updates using a Git workflow with continuous integration and continuous delivery (CI/CD). When new code is merged, the CI/CD pipeline enacts the change in the environment. Any configuration drift, such as manual changes or errors, is overwritten by GitOps automation so the environment converges on the desired state defined in the Git.
GitHub actions uses CI/CD pipelines to manage and implement GitOps automation.

GitOps isn’t a black box anymore. It just takes IaC tools you already know and wraps them in a DevOps-style workflow. This approach provides a better revision tracking, fewer costly errors, and quick, automated infrastructure deployments that can be repeated for on any environment.

By adopting GitOps in your organization, you could improve the developer experience because often-dreaded releases become fully automated. This will allow developers to focus on their code. Teams eliminate or minimize manual steps and make deployments repeatable and reliable.

You could also improve security and standardization by utilizing GitOps.
By practicing GitOps, developers have no need to manually access cloud resources and additional security checks can be put in place at the code level in CI/CD pipelines.

I hope you like the GitOps approach and please let me know, what are you working on. Or how you could relate your work to GitOps?

What is a good service to perform data transformation in Azure?πŸ€”

Hello friends and data marathoners!


I am excited to annonce my next Cloud Lunch and Learn tech meetup session with you.

During the previous session, you have learned about how to up-skill existing data and SQL skills with the new Data engineering mindset πŸ‘ŒπŸ‘

Updated: Check out the recorded event session on YouTube: https://youtu.be/h3AaL9AhuXI

I am glad to invite you all – to learn how to get started with Data Transformation services inΒ Microsoft Azure β„’Β 


Thanks you πŸ™ Cloud Lunch and Learn for organizing this session.

Event detail: 24 March @ 18:00 UTC
Open registration πŸ‘‰ https://lnkd.in/dNb5vUr#SharingIsCaring❀️

Fᴏʟʟᴏᴑ ᴍᴇ 🎯 α΄€Ι΄α΄… κœ±α΄›α΄€Κ€α΄› Κα΄α΄œΚ€ α΄„ΚŸα΄α΄œα΄… ☁ α΄Šα΄α΄œΚ€Ι΄α΄‡Κ – 𝐋𝐄𝐓’𝐒 π‚πŽπππ„π‚π“ πŸ‘
#microsoftazure#CloudLunchLearn#azuredata#upskilling#cloud#dataengineering#datatransformation#gettingstarted#continuouslearning

Why “Start small and Expand” approach is good for your company business?

As cloud☁️ journey matures, each company 🏨 knows that service
requirements and needs will be changing. As cloud providers add new features and products, the new market opportunities and possibilities will rise.

There are several reasons why you would want to pursue the cloud landing zones. Using the start small and expand landing zone, you could get started with cloud adoption at a low-risk pace, and build up the security, governance, and regulatory policies over time.

As a benefit, with “start small and expand” you can use Azure Resource Manager templates and Azure Policy to create a CI/CD pipelines for subscriptions with Azure Blueprints.

As an ongoing improvement effort, you could expand and improve the landing zone with the Cloud Adoption Framework enterprise-scale design guidelines from Microsoft Azure β„’

Get started by learning “What is an Azure landing zone?” πŸ‘‰ https://lnkd.in/eD7xtWV #SharingIsCaring❀️

Fᴏʟʟᴏᴑ 🎯 theΒ #cloudmarathonerΒ β›…πŸƒβ€β™‚οΈπŸƒβ€β™€οΈ on LinkedIn α΄€Ι΄α΄… 𝐋𝐄𝐓’𝐒 π‚πŽπππ„π‚π“ πŸ‘

How to up-skill with Azure Data services and get certified?

I am excited to annonce πŸ“’– that my two webinar submissions have been accepted and scheduled by Cloud Lunch and Learn.

Please. join me to learn more about how to up-skill existing data and SQL skills with the new Data engineering mindset πŸ‘ŒπŸ‘

Thanks you πŸ™ @CloudLunchLearn for hosting this event!

Event detail: 17 March @ 18:00 UTC
Open registration πŸ‘‰ https://www.meetup.com/AzureDublin/events/276559449/ Β 
#SharingIsCaring❀️

Fᴏʟʟᴏᴑ ᴍᴇ 🎯 α΄€Ι΄α΄… κœ±α΄›α΄€Κ€α΄› Κα΄α΄œΚ€ α΄„ΚŸα΄α΄œα΄… ☁ α΄Šα΄α΄œΚ€Ι΄α΄‡Κ – 𝐋𝐄𝐓’𝐒 π‚πŽπππ„π‚π“ πŸ‘

What is an Azure administrative unit and its benefits? πŸ€”

The Administrative Units (AU) are Azure AD resources which can contain only users and groups.

AUs could manage permissions πŸ›‘οΈπŸ” in a role to any segment of your organization. For example, you could use AUs to delegate the User Administrator role to regional support specialists, so they can manage users only in the region that they support.

The AUs are especially helpful when an organization whose IT department is scattered across globe and wants to categorize and define relevant geographical boundaries.

Currently, supported scenarious from Azure AD portal are:

  • Create administrative units
  • Add users and groups members of administrative units
  • Assign IT staff to administrative unit-scoped administrator roles.

In addition, assigned users can easily manage their AU users from mystaffΒ MicrosoftΒ website πŸ‘‰ https://mystaff.microsoft.com/

Check out the following Microsoft docs post for more details and use asesπŸ‘‰Β https://lnkd.in/dXMMncJ #SharingIsCaring❀️

Now, if you end up loving this story and want to lean about managing your sers with “My Staff” – then check out this handy post on Micrsoft docs page:

Fᴏʟʟᴏᴑ ᴍᴇ 🎯 α΄€Ι΄α΄… become the #cloudmarathoner β›…πŸƒβ€β™‚οΈπŸƒβ€β™€οΈ – 𝐋𝐄𝐓’𝐒 π‚πŽπππ„π‚π“ πŸ‘

Exam Guide Tips AND prep resources: 2-in-1 sweet combo

My little intro – well, skip this as it might be boring πŸ™

Let’s start with a little bit of background to my somewhat unorthodox journey into Azure Developer cert way back in 2018.

Three years ago, I got a beta exam invite for Azure Core Developer (AZ-200) certification. At the time, there were no readily availiable study materials to learn from and prepare. My focus was on the exam objectives document, with a special highlight on Azure services that I did not have a chance to work with.

Long story short, at the end of the exam I did not know if it was a PASS βœ… or not ❌, as it was a beta exam. However, good and somewhat unexpected “pass news” with a cert email came back in 2 months. I was over the moon 🌜 and delighted to be one of the few candidates to succeed. Later, this exam was retired, as most cert nowadays…

Back to the current time, Feb 2021

Today, I was feeling excited & pumped to go after Azure Developer cert (AZ-204) πŸƒβ€β™‚οΈπŸš΄β€β™‚οΈπŸŠβ€β™‚οΈπŸ’ͺ – and yes, I posted earlier that I will share the result – either pass or fail.

Well, the good news is – I did not have to wait 2 months to learn the result πŸ˜ƒ It was a pass – and not an easy one though, as there were 60% more materials and more detail oriented questions on different inner workings of Azure services.

Let’s give a round of applause πŸ‘πŸ‘πŸ‘ to Microsoft Learn modules and Learning path tracks – as they are getting better and better – and help me to cover this material in a somewhat fun way….

How was my actual exam experience?

The overall experience was exciting 😲 and scary 😱 at the same time. Mainly, because of the two case studies appearing at different sections of the exam. Well, at the end of the exam I shared this non pleasant experience by providing feedback ✍. I think every exam participant should be willing to share their experience, as it will be a good set of metrics for exam creators to assess and modify the exam experience to make it better overall.

Speaking about the exam, I got approximately 50 questions❔; where two case studies contained approx. 5-7 questions each. My surprise was to discover πŸ‘€, one case study right in the beginning, and another one right at the end of the exam. It threw my timing a little bit off.

So, be prepared to save enough time for exam case studies (yes, there might be more than one, and I had three in the Microsoft exams last year), no matter what, as they consume a considerable chunk of your time and could cause your brain to start steaming ♨ – due to time constraints.

If you are a Cloud Solutions Architect (aka, CSA) you may find certain questions too technical in nature, like knowing the exact sequence of operations to place each task correctly. Well, if you never played with that specific feature then don’t panic. Just focus on the question and use your #quizskills. As an example: I had several educated guesses ⁉ – on what might be the right order of operations without knowing 100%.

In the real world, you could easily find your way with a quick search on your favorite engine… but an exam is an exam… and you are not penalized for wrong answers.

Good news is: a certain number of questions are high level, and your current CSA experience will be very handy; like assessing/suggesting the workload for the most effective Azure service or solution based on customer requirements.

Exam duration is180 minutes⏰ or 220 min including the feedback time. Generally speaking, this should be enough with a small caveat: You have to plan your time carefully and watch for the exact # of potential questions and remaining case studies of the exam. That said, there were several questions with true/false options, many drag-and-drop scenarios, and multi-select choices that seemed easy and tricky at the same time.

Microsoft Certified: Azure Developer Associate

Where should I start my Azure Developer journey?

The official exam page AZ-204 is a really good place to start. Followed by the suggested learning track and modules in the bottom of the page.

The exam page AZ-204 gets even better with a final section on “Exam resources“. I consider this section a REAL “gem” πŸ’ŽπŸ’ŽπŸ’Ž

Dear friends, stay tuned – as your information on how to earn a #free exam voucher is included in this post. Look into Microsoft’s “Cloud Skills Challenge” program below.

Any other tips or resources for study?

Labs and practice material suggestions

  • Reference to the AZ-204 lab exercises GitHub repo
  • Quick start references on Microsoft Docs

FREE exam voucher through Microsoft Cloud Skills Challenge (Expired – Not a Valid anymore)

For a limited time, Microsoft Learn provides a free, interactive way of learning by combining short step-by-step tutorials, browser-based interactive coding and scripting environments, and task-based achievements to help you advance your technical skills while earning achievements.

What are you waiting for? Register today via this link πŸ‘

That is it folk, I tried to share and illustrate my exam experiences in this post. I hope you will find it helpful and apply to your “Azure developer” certification journey.

Please, feel free to share your experience or thoughts, as i am planning to keep this post up to date with your contributions going forward. #keeplearning

Stay safe and be the 4th with you … #nevergiveup #keeppushing

What is “Cloud native”, how you could define it?


So what is “Cloud Native”? πŸ€”πŸ‘€/

My approach is to hit on Re-FRESH β™» before thinking about Cloud Native; as it is an evolving space that at minimum includes following components:


βœ”οΈ Modern Design
βœ”οΈ Microservices
βœ”οΈ Containers
βœ”οΈ Backbone Services
βœ”οΈ Automation

By the way, check out the official CNCF definition (Cloud Native Computing Foundation) definition for clarity.

Cloud-native technologies empower organizations to build and run scalable applications in modern, dynamic environments such as public, private, and hybrid clouds. Containers, service meshes, microservices, immutable infrastructure, and declarative APIs exemplify this approach.

These techniques enable loosely coupled systems that are resilient, manageable, and observable. Combined with robust automation, they allow engineers to make high-impact changes frequently and predictably with minimal toil.

CNCF

More on this topic πŸ‘‰ https://lnkd.in/eUkgs9P#SharingIsCaring❀️

Fᴏʟʟᴏᴑ ᴍᴇ 🎯 α΄€Ι΄α΄… κœ±α΄›α΄€Κ€α΄› Κα΄α΄œΚ€ α΄„ΚŸα΄α΄œα΄… ☁ α΄Šα΄α΄œΚ€Ι΄α΄‡Κ – 𝐋𝐄𝐓’𝐒 π‚πŽπππ„π‚π“ πŸ‘

What is Microsoft Cloud App Security and what it does?

Well, it is a Cloud☁️ Access Security Broker (CASB) πŸ›‘οΈ πŸ” that supports various deployment πŸš€ modes; like log collection, API connectors, and reverse proxy.


You can get a rich visibility, control over data travel, and sophisticated analytics to identify and combat cyberthreats across all yourΒ Microsoft Azure β„’Β and third-party cloud services.

Cloud App Security integrates visibility with your cloud by providing:
βœ”οΈ Cloud Discovery
βœ”οΈ Sanctioning and unsanctioning an app
βœ”οΈ App connectors
βœ”οΈ Conditional Access App Control protection
βœ”οΈ Policy Control
βœ”οΈ Types of apps to migrate

Check out how to get started withΒ MicrosoftΒ Cloud App Security πŸ‘‰Β https://lnkd.in/eZg2Pby#SharingIsCaring❀️

Fᴏʟʟᴏᴑ ᴍᴇ 🎯 α΄€Ι΄α΄… become α΄€Β #cloudmarathonerΒ β›…πŸƒβ€β™‚οΈπŸƒβ€β™€οΈ – 𝐋𝐄𝐓’𝐒 π‚πŽπππ„π‚π“ πŸ‘

Starting points in DevSecOps journey

Hello friends,

During my journey to become a Microsoft Azure Security professional, I have compiled set of useful resources in addition to the exam materials. These resources do complement cloud and application security with open-source tooling, and a book that is much needed for success.

I am excited to share this with my network and DevSecOps enthusiasts πŸ™‚

  1. WhiteSource Bolt – is a #free developer tool for finding and fixing open source vulnerabilities.
  2. Find Security Bugs – it is a SpotBugs plugin for security audits of Java web applications – https://find-sec-bugs.github.io/
  3. OWASP Zed Attack Proxy (ZAP) – one of the most popular free web security tool, actively maintained by a dedicated international team of volunteers – https://owasp.org/www-project-zap/
  4. Sqlmap – is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers – http://sqlmap.org/
  5. OpenVAS – Open Vulnerability Assessment Scanner is a full-featured vulnerability scanner. Its capabilities include unauthenticated testing, authenticated testing, various high level and low level Internet and industrial protocols, performance tuning for large-scale scans and a powerful internal programming language to implement any type of vulnerability test. – https://openvas.org/
  6. Recon-ng – is a full-featured Web Reconnaissance framework written in Python. Complete with independent modules, database interaction, built in convenience functions, interactive help, and command completion, Recon-ng provides a powerful environment in which open source web-based reconnaissance can be conducted quickly and thoroughly – https://tools.kali.org/information-gathering/recon-ng
  7. OWASP Glue – is a framework for running a series of tools. Generally, it is intended as a backbone for automating a security analysis pipeline of tools – https://github.com/OWASP/glue
  8. Awesome DevSecOps book. Inspired by the awesome-* trend on GitHub. This is a collection of documents, presentations, videos, training materials, tools, services and general leadership that support the DevSecOps mission. These are the essential building blocks and tidbits that can help you to arrange for a DevSecOps experiment or to help you build out your own DevSecOps program.
  9. #lambhack is A vulnerable serverless lambda application. This is certainly a bad idea to base any coding patterns of what you see here. It allows you to take advantage of our tried and true application security problems, namely arbitrary code execution, XSS, injection attacks and more.
  10. Black Duck is a commercial alternative to WhiteSource Bolt. It helps to manage the risks that come with the use of open source. Black Duck software composition analysis solutions and open source audits give you the insight you need to track the open source in your code, mitigate security and license compliance risks, and automatically enforce open source policies using your existing DevOps tools and processes.
  11. OWASP Honeypot-Project. Goal of the OWASP Honeypot Project is to identify emerging attacks against web applications and report them to the community, in order to facilitate protection against such targeted attacks. Based around the earlier OWASP/WASC Distributed Web Honeypots Project.
  12. Open Source Honeypots That Detect Threats For Free. You could read details on this interesting post.

Note: in noway this presents a complete guide. However, I hope it will guide your project into a more successful DevSecOps state.

I do encouragetoΒ comment and shareΒ your tips and resources here. This will ultimately help every community member to become a better security professional. Thanks!

Microsoft Azure Data Engineer Certification Tips + Study Guide

Hello my friends,

Last week, I was able to knockout the second “Azure Data Engineer” exam and get the certification. Most importantly, I got a chance to have a deep dive into Azure Data technologies from a holistic solutioning perspective. The main focus areas of this certification are neatly visualized below:

Those exam objectives, are high level focus areas that cover DP-200 and DP-201 exams. The first exam is more technical and has focus toward implementation while the second one is shifting gears toward design and solutioning options based on project requirements.

As dealing with data solutions was not my primary work responsibility, I was really impressed by depth of service options, capabilities and tools that could accelerate many data solutioning projects.

Starting an “Azure Data Engineering” learning journey will help any cloud professional to get deeper understanding on designing different data solutions based on project requirements. In fact, it helped me to get a well informed understanding technical limitations in each solution; like deciding between different data processing and/or storage options and their respective security configurations. Well, enough about intro, let’s look into what it means to be an “Azure Data Engineer” πŸ˜‘πŸ€”

Azure Data Engineer vs Database Administrator

A Database Administrator’s (aka, DBA) job is to ensure everything is working smoothly with things like performance tuning and monitoring, data migrations of third party systems, performing backups, checking performance, and load balancing, and everything to do with databases operations. On the other hand, DBA could also perform data engineering tasks in a small or mid-size organisations.🀠

Azure data engineers are responsible for data-related implementation tasks that include provisioning data storage services, ingesting streaming and batch data, transforming data, implementing security requirements, implementing data retention policies, identifying performance bottlenecks, and accessing external data sources. They are responsible for data-related design tasks that include designing Azure data storage solutions that use relational and non-relational data stores, batch and real-time data processing solutions, and data security and compliance solutions.πŸ‘©β€πŸš€πŸ‘¨β€πŸŽ“

Getting ready for each exam πŸ“†

There is no right or wrong starting point with this certification. I would start with the one that you find more familiar. Here is the exam flow diagram from the official Microsoft learn website:

Exam study resources for DP-200: Implementing an Azure Data Solution

This exam really tests your ability to demonstrate good understanding of setting-up a data processing pipeline and configurations of each component. A lot of questions were on optimizing, operating, loading and reading data from Azure SQL DB and Synapse Analytics (formerly SQL DW), I found them tricky and quite challenging.

The DP-200 exam has around 40-48 questions and is somewhat similar to other Azure Associate exams. The exam duration is fixed around 180 minutes with additional 30 minutes for reading instructions, signing the non-disclosure agreement, and giving feedback to each question at the end.

Expect different types of questions (single choice, multi-choice, binary choice and sorting order) and one or two case studies.

Exam study resources for DP-201: Designing an Azure Data Solution

My exam experience with DP-201 was much smoother, as mainly questions were focused on design related topics and solutioning options. As an Azure Architect – you may find them familiar and a bit easier than the previous exam.

This exam was 150 minutes long and had 42 questions, with much more case studies (i got three on my exam). There were few questions with set of drop-down choices that were easy and tricky at the same time.

That is it folk, i tried to share and illustrate my exam experiences in this post. I hope you will find it helpful and apply to your “Data Engineer-ing” journey.

Please, feel free to share your experience or thoughts, as i am planning to keep this post up to date with your valuable contributions going forward. #keeplearning

Stay safe and be the 4th with you! #nevergiveup