Patrik's Tech Lightning
Patrik's Tech Lightning
  • 67
  • 111 989
ClicksOps to DevSecOps in Azure
Are you still provisioning your resources manually through the Azure Portal? This approach, often called ClickOps, has significant drawbacks.
In this video, I’ll break down what ClickOps is and explain why it's not the best practice for managing your Azure resources. In the perfect world, we want to use Infrastructure as Code (IaC) with a DevOps or DevSecOps practice.
Join me if you want to know more. I also give you tips and ideas in case you already have an environment in Azure and want to move this into a Dev(Sec)Ops environment.
Let's go !
▬ ⏰ ClicksOps to DevSecOps in Azure⏰ ▬▬▬▬▬▬▬
00:00 - Introduction
00:30 - What is ClickOps ?
00:52 - What is DevOps and DevSecOps ?
02:20 - Good things about ClickOps
03:15 - Bad things about ClickOps
07:51 - Challenges with IaC and DevOps/DevSecOps
11:12 - Outro
▬▬ ⚓ RESOURCES & LINKS ⚓ ▬▬▬▬▬▬
acagroup.be/en/blog/from-clickops-to-devsecops-smarter-cloud-management-in-azure/
Переглядів: 487

Відео

Azure Virtual Network: DNS Time Out
Переглядів 338Місяць тому
Azure Virtual Networks offer powerful networking capabilities, but they come with certain limitations. One of these can lead to unexpected DNS timeouts, particularly affecting Windows virtual machines. In this video, I dive into the details of this issue and guide you through practical steps to work around it. Join me to better understand how to keep your VMs running smoothly! ▬ ⏰ Azure Virtual...
Don't do this in Azure (Antipatterns) !
Переглядів 1,3 тис.2 місяці тому
There are some things which you just shouldn't do when it comes to moving your business to the cloud. Get ready to ignite your learning on the Antipatterns of the Cloud Adoption Framework (CAF) ! Learn how to identify and avoid these pitfalls, ensuring your cloud journey stays on track. Whether you're an architect, developer, or IT professional, understanding these antipatterns will help you im...
Thank You ! 100,000 Views !
Переглядів 1832 місяці тому
Wow, more than 100,000 views and 2000 subscribers ! This is just madness :) Thank you all for the support and engagement on my channel. It has been an honor to have you part of my viewer and community. I'm humbled with the feedback and interaction I've had from all of you. Even from all the trolls, after all... When someone takes time to troll, it means you are on to something. Keep it up ! 😎 N...
Azure Encryption 101
Переглядів 7382 місяці тому
Cover all encryption basics as we dive into the essentials of encryption in Azure. Learn how to secure your data with Azure's encryption options, including encryption at rest, in transit, and key management best practices. ▬ ⏰ Azure Encryption 101 ⏰ ▬▬▬▬▬▬▬ 00:00 - Introduction 00:12 - Terminology 02:05 - Keys in Encryption 05:20 - Server & Client Side Encryption 06:15 - Data at Rest in Azure 0...
5 Secret Azure Services
Переглядів 5023 місяці тому
Are you an Azure enthusiast looking to dive deeper into the platform? In this video, I uncover 5 hidden Azure services that most people haven't heard of! ▬ ⏰ 5 Secret Azure Services ⏰ ▬▬▬▬▬▬▬ 00:00 - Introduction 00:16 - Azure Baremetal 02:54 - Azure Orbital 04:38 - Azure App Spaces 06:54 - Azure SignalR 08:45 - Extended Zones 10:45 - Outro ▬▬ ⚓ WHERE DO I WORK ?⚓ ▬▬▬▬▬▬ I work for the ACA Grou...
Customer Story: Azure Firewall - Application Gateway
Переглядів 6054 місяці тому
Join me as I dive into a customer story where their policy required routing all traffic through Azure Firewall first-a decision that isn’t always ideal, especially when Application Gateways are in the mix. In this video, I break down the challenges of such an approach and share insights on how to navigate these discussions effectively, using the OSI model as a guiding framework. Whether you’re ...
Azure Log Analytics Workspace Design
Переглядів 4224 місяці тому
Time for a refreshment on how to design an Azure Log Analytics Workspace ! ▬▬ ⏰ Azure Log Analytics Workspace Design⏰ ▬▬▬▬▬▬▬ 00:00 - Introduction 00:30 - Azure LAW placement 02:10 - Microsoft Sentinel impact 03:02 - More reasons to split up LAW's 05:06 - Resilience 07:45 - Data retention 04:19 - Security 09:24 - Outro ▬▬ ⚓ RESOURCES & LINKS ⚓ ▬▬▬▬▬▬ Microsoft Cloud Adoption Framework (CAF) ua-...
10 Azure Application Design Principles
Переглядів 1,5 тис.9 місяців тому
It's time to uncover ten Azure Application Design Principles ! When you design an Azure Landing Zone, these are the design principles you should follow in Azure. ▬▬ ⏰ Azure Application Design Principles⏰ ▬▬▬▬▬▬▬ 00:00 - Introduction 01:06 - Overview of the principles 02:51 - Deep dive of the principles 12:05 - Outro ▬▬ ⚓ RESOURCES & LINKS ⚓ ▬▬▬▬▬▬ Azure Application Design Principles learn.micro...
Azure NAT Gateway Design
Переглядів 1 тис.10 місяців тому
Let us delve into the mysterious depth of the Azure NAT Gateway. With the imminent retirement of the Default Outbound Internet Access in 2025, another way to access the Internet is required. The Azure NAT Gateway is here for you ! This video provides all the necessary information on how to design and use the Azure NAT Gateway in your cloud environment. ▬▬ ⏰ Azure NAT Gateway⏰ ▬▬▬▬▬▬▬ 00:00 - In...
Cloud Center of Excellence (CCoE)
Переглядів 1,2 тис.10 місяців тому
Let us unravel the mysteries behind a Cloud Center of Excellence (CCoE). Learn the purpose and how it can serve your organization in adopting the Public Cloud with a focus on Microsoft Azure. ▬▬ ⏰ Cloud Center of Excellence⏰ ▬▬▬▬▬▬▬ 00:00 - Introduction 00:32 - CCoE Explanation 02:47 - Company without CcoE 03:36 - Company with a CcoE 06:18 - Summary 08:18 - Outro ▬▬ ⚓ RESOURCES & LINKS ⚓ ▬▬▬▬▬▬...
Azure Enterprise Scale Landing Zone (2023 Update & Quiz)
Переглядів 1,6 тис.Рік тому
Get ready to uncover the secrets of the Microsoft Enterprise Scale Landing Zone (ESLZ). This video is updated with the latest changes in 2023 ! We will start off with a quiz to test your knowledge. Afterwards, we continue with a deep dive to show you what it's all about. ▬▬ ⏰ Enterprise Scale Landing Zone ⏰ ▬▬▬▬▬▬▬ 00:00 - Introduction 00:35 - Quiz: Enterprise Scale Landing Zone 03:21 - Deep Di...
Azure Architect Interview
Переглядів 9 тис.Рік тому
Welcome to the ultimate Azure Architect real life interview ! Are you ready to take the hot seat and answer these questions ? There is one way to find out :) I'm showing you my interview process and how I assess candidates. The questions and answers here are taken from a real life interview. Good luck ! ▬▬ ⏰ Azure Architect Interview ⏰ ▬▬▬▬▬▬▬ 00:00 - Introduction 01:45 - Interview Questions/An...
Azure Private DNS Resolver
Переглядів 6 тис.Рік тому
Learn everything about the Azure Private DNS Resolver ! In this video, I go through all the options available to have a full DNS resolution with the Azure Private DNS Resolver. I show you how to name resolve Private End Points along with a full hybrid setup. Azure Private DNS Resolver allows us to setup a very elegant architecture. ▬▬ ⏰ Azure Private DNS Resolver ⏰ ▬▬▬▬▬▬▬ 00:00 - Introduction ...
Application Architecture in Azure
Переглядів 1,2 тис.Рік тому
Want to do more than just deploy an empty landing zone in Azure ? Buckle up and get ready to understand different Application Architectures and which services to use in Azure. ▬▬ ⏰ Application Architecture in Azure ⏰ ▬▬▬▬▬▬▬ 00:00 - Introduction 00:53 - Three different Application Architectures 02:04 - Monolithic 03:07 - Microservices 03:36 - N-Tier 04:49 - Benefits / drawbacks 08:15 - Outro ▬▬...
Azure Traffic Flow: Firewall & NSGs
Переглядів 1 тис.Рік тому
Azure Traffic Flow: Firewall & NSGs
Proxy Servers in Azure
Переглядів 5 тис.2 роки тому
Proxy Servers in Azure
Azure Cross Region Load Balancer
Переглядів 5112 роки тому
Azure Cross Region Load Balancer
Microsoft Cloud Adoption Framework
Переглядів 1,4 тис.2 роки тому
Microsoft Cloud Adoption Framework
Azure Gateway Load Balancer
Переглядів 2,1 тис.2 роки тому
Azure Gateway Load Balancer
Azure Compute Services
Переглядів 3402 роки тому
Azure Compute Services
Azure Firewall Terminology
Переглядів 1,4 тис.2 роки тому
Azure Firewall Terminology
Data Lake in Azure
Переглядів 1532 роки тому
Data Lake in Azure
Working as an Azure Architect
Переглядів 4,7 тис.2 роки тому
Working as an Azure Architect
5 Tips for An Azure Architect in 2022 !
Переглядів 1,7 тис.2 роки тому
5 Tips for An Azure Architect in 2022 !
Azure AD Authentication for VMs
Переглядів 6 тис.2 роки тому
Azure AD Authentication for VMs
Azure Peering Services (Potatoes)
Переглядів 4282 роки тому
Azure Peering Services (Potatoes)
Microsoft's Global Network
Переглядів 2292 роки тому
Microsoft's Global Network
Design Azure Application Gateway & Firewall
Переглядів 2,9 тис.2 роки тому
Design Azure Application Gateway & Firewall
Azure Networking for Network Engineers
Переглядів 1,5 тис.2 роки тому
Azure Networking for Network Engineers

КОМЕНТАРІ

  • @TotallySD
    @TotallySD 4 дні тому

    Very well explained, thank you!

    • @PatriksTechLightning
      @PatriksTechLightning 4 дні тому

      Thank you for the nice comment ! Have an awesome start of the new year 😁

  • @techwithdebrah
    @techwithdebrah 17 днів тому

    Do you have any idea how good and clear you explain things. Thanks for this man.

  • @ravindranaths513
    @ravindranaths513 19 днів тому

    This is regarding TrafficManager in front of DBs @ 6:20. With respect to my knowledge, we cant put AzureTrafficManager (ATM) in front of DBs, bcause TrafficManager works at the DNS level. Please give your comments on this. Thanks in advance

  • @peteriron
    @peteriron 23 дні тому

    Great video!

  • @DanielVoyles
    @DanielVoyles 23 дні тому

    I have used this method with MFA, but I have only been able to get this working with a Hybrid-joined machine with WHfB enabled. Any ideas on other ways to connect with MFA enabled? I also did not need to use the 'AzureAD\' prefix to use WHfB.

  • @joalmiza
    @joalmiza 24 дні тому

    Awesome video once again! I can only agree on the first comment. Well explained and addressing the advantages and drawbacks of both ways of managing your environment. What I missed was a bit more around the actual management of the IaC code which might be another video for the future. Thanks again!

    • @PatriksTechLightning
      @PatriksTechLightning 23 дні тому

      Glad to hear it - thank you ! Indeed, I didn't touch upon a lot of management of IaC. I feel that more time and attention is needed to make that topic useful.

  • @marcwesterink7742
    @marcwesterink7742 24 дні тому

    Great explanation once again. Many aspects of the cloud adoption journey require you to start small. Moving from clickops to devsecops is no exception. To make things more complicated is to decide between declarative vs. imperative code. But that may be a topic for another video. I like the Terraform approach as it makes the code more 'modular' and solution agnostic...

    • @PatriksTechLightning
      @PatriksTechLightning 23 дні тому

      Thank you ! Yeah, it's a bit of a rabbit hole, where you can keep on digging with regards to code choices, pipelines, tools, etc.

  • @natarajvd
    @natarajvd 24 дні тому

    Just one word Amazing video

  • @NicolasLhoir
    @NicolasLhoir Місяць тому

    Thanks for very good feedback

  • @accrevoke
    @accrevoke Місяць тому

    UDP65330 has been overlooked in the 3 companies I last worked in, it's really surprising when there are no tool tip at all in in Azure portal. I would think something like this is still very common and easily missed during first setup.

  • @drivetrainerYT
    @drivetrainerYT Місяць тому

    Great finding, I wish it was related to my omnipresent TCP0 and Semaphore timeouts on the SSIS Win Server VM calling Az SQL DB via the PEP on a VNET. What you think, is it related too? (I wish I could squeeze Wireshark on that VM too, to catch the ephemeral port DNS call.) Many thanks!

    • @PatriksTechLightning
      @PatriksTechLightning Місяць тому

      Good question ! Intermittent time outs ? If DNS isn't the culprit, check the dependencies. Is there enough compute power on the VM ? Is there a connection time out / retry setting you can configure ?

  • @liudmylasoderstrom6226
    @liudmylasoderstrom6226 Місяць тому

    Great video Patrik! Thanks for your work! Can we have videos about tips how to introduce Azure into small business working environment?

  • @marcwesterink7742
    @marcwesterink7742 Місяць тому

    Nice one again. You would expect that the Azure Connected Machine Agent (Windows & Linux) would have this exclusion knowing that this behavior is by design. Now this needs to be added in any post deployment mechanism to automate this in any VM deployment. On the other hand, the OS configuration is the customer's responsibility according to the Shared Responsibility Model so there's room for debate. Funny to see that the general rule "it's always DNS" still stands after all these years...

    • @PatriksTechLightning
      @PatriksTechLightning Місяць тому

      Thank you Marc 😎 Some things indeed never change... "It's always DNS" !

  • @Abdalla.BE.81
    @Abdalla.BE.81 Місяць тому

    Awesome , Wonderful , Direct Thanks for great videos ♥

    • @PatriksTechLightning
      @PatriksTechLightning Місяць тому

      Glad to hear you liked that one. Good to have you onboard ! 😀

  • @shhmasood
    @shhmasood Місяць тому

    Good content, easy to understand !

  • @tdannecy
    @tdannecy Місяць тому

    Great overview-Thank you!

  • @CarlintVeld
    @CarlintVeld Місяць тому

    Why would it be bad to try to stay away from IAAS? My recommendation would be to always first try PAAS. Identitify the gaps and make a plan. Fall back to VMs as a last resort.

    • @PatriksTechLightning
      @PatriksTechLightning Місяць тому

      We are in agreement :) It's exactly how you phrased it, see if you can go PaaS but don't let it be a deciding factor for moving to the cloud. I've seen companies going with the attitude "If we can't use PaaS then we're not considering the cloud". In certain scenarios, it may be interesting to start with IaaS to get the wet feet.

  • @MohitSingh-rq9hd
    @MohitSingh-rq9hd Місяць тому

    😮

  • @zheniachubarov3384
    @zheniachubarov3384 Місяць тому

    What password should you use during connection? From your microsoft account?

  • @joalmiza
    @joalmiza Місяць тому

    Spot on as usual with your content! And a nice reminder of this important topic. TY!

  • @liudmylasoderstrom6226
    @liudmylasoderstrom6226 2 місяці тому

    Hey Patrik! Thank you for a fresh topic! Really interesting and useful!

  • @marcwesterink7742
    @marcwesterink7742 2 місяці тому

    Ooooh, great video!!! Thanks for reminding me of the existence of this, wasn't aware it's nicely summarized. To me, it's a feast of recognition by seeing some many organizations fail miserably in doing cloud adoption in a better fashion. I see so many people going into the wrong direction. I have identified two potential pitfalls myself that may result in these antipatterns: 1. No business information plan or governance and certainly not translated into an IT governance plan 2. Misunderstanding the concept of a framework and transforming it into a 'bible' or 'constitution (law)' Frameworks are just a bunch of 'recommended practices'. It can simply be summarized in failing to understand the concept of People -> Processes -> Technology

    • @PatriksTechLightning
      @PatriksTechLightning 2 місяці тому

      Good to hear from you Marc and thank you for the nice words 😎 I completely agree with you... Especially on point #2, which always leads to interesting discussions. For junior architects, I would definitely tell them to follow the best practices. Seasoned architects like yourself, it's best practices but you have enough experience to tailor them or go for a different solution.

  • @corneliusmixon
    @corneliusmixon 2 місяці тому

    Do you know if this is possible with an NVA(Fortigate) instead of the Azure Firewall? I have been trying to get Hub and Spoke Topology to work with an NVA and NAT Gateway for a week now. I have only been able to find one document on the topic but it needs to be more detailed.

    • @PatriksTechLightning
      @PatriksTechLightning 2 місяці тому

      Hi there !👋 An Azure NAT Gateway has the framework laid out to work with third party NVA's. As always, there's a "but" somewhere 😶 The instructions on how to integrate this has to come from Fortinet. I've myself done a quick search to get some implementation guides but unfortunately not found any. I would recommend to contact them directly. I can't imagine a leading vendor not having a good implementation guide for this. Let me know how things work out, this is really an interesting topic to watch...

  • @joalmiza
    @joalmiza 2 місяці тому

    Thank you! You a have a very good approach and way of describing the techincal parts of the different technologies you talk about. I

  • @CarolineSdm
    @CarolineSdm 2 місяці тому

    Hard work pays off, well done! 💪💪

  • @SK-iv4ml
    @SK-iv4ml 2 місяці тому

    Great summary, thanks

  • @nickstathakis5263
    @nickstathakis5263 2 місяці тому

    As described, If you send traffic outbound via the NAT gwy PIP, how will it return traffic to the AzFW PIP, and if it somehow arrives back to the AzFW PIP isn't the traffic asymmetric or it doesn't care based on it leaving the same subnet. just confused.

    • @PatriksTechLightning
      @PatriksTechLightning 2 місяці тому

      Yes, traffic would be asymmetric. The actual flow is: VM (in Azure) --> Azure Firewall (Private IP) --> Azure NAT Gateway --> Internet Host Return traffic is vise versa. Internet Host --> Azure NAT Gateway --> Azure Firewall --> VM Hope this cleared it up a bit? 😎

  • @CarolineSdm
    @CarolineSdm 2 місяці тому

    10/10 - need I say more?

  • @liudmylasoderstrom6226
    @liudmylasoderstrom6226 2 місяці тому

    Really interesting and well explained. Thank you for this video!

  • @Synflood-dot-txt
    @Synflood-dot-txt 3 місяці тому

    You're awesome , thanks

  • @liudmylasoderstrom6226
    @liudmylasoderstrom6226 3 місяці тому

    Great video! You explained cloud services so clearly and made it easy to follow. Thanks for sharing!

  • @anthonydelagarde3990
    @anthonydelagarde3990 3 місяці тому

    Great video and explanation

  • @VetinCloud
    @VetinCloud 4 місяці тому

    thank you for making is better... looking fwd for the next one

  • @monique9003
    @monique9003 4 місяці тому

    I'm confused could you use Azure Gateway Load Balancer? Then filter to the NVA Firewall subnet.

    • @PatriksTechLightning
      @PatriksTechLightning 4 місяці тому

      Can you elaborate a bit on the question ? I focused solely in this video on the Azure Firewall and Application Gateway. If you replace the Azure Firewall with an Azure Gateway Load Balancer and NVA, the design pattern has to be checked with the specific NVA vendor. As there are several NVA vendors each with may differ a bit on feature and functionality, this has to be checked by each.

  • @tl1062
    @tl1062 4 місяці тому

    Enjoyed watching this format of video. Thanks for the upload!

  • @zack.123.
    @zack.123. 4 місяці тому

    Yep. This is caused by traditional network thinking. Another disadvantage of putting the AZFW in front, is that you lose the client's original IP address. And will require an additional setup to get it back. As the AZ FW will snat inbound traffic.

  • @marcwesterink7742
    @marcwesterink7742 4 місяці тому

    Very good explanation. Must admit it's pretty common to see a lack of flexibility and internal sanity checks when certain organizational policies are enforced. That such a rigid policy exists doesn't automatically mean it's a good idea. This introduces an 8th (financial) and 9th (political) layer on the OSI model. Finally, interesting to see that ChatGPT or any other LLM solution takes precedence over vendor documentation by said customer. I have similar layer 8 & 9 discussions regarding Azure Firewall at time of writing...

    • @PatriksTechLightning
      @PatriksTechLightning 4 місяці тому

      Thank you ! Yeah, it makes things quite interesting. Especially since LLM's are very convincing in their answers. We are well trained to spot when humans give inaccurate information, deliberate or not.

  • @liudmylasoderstrom6226
    @liudmylasoderstrom6226 4 місяці тому

    Thank you for such a useful video! Looking forward to your new lessons!

  • @chao.m
    @chao.m 4 місяці тому

    Thank you for an excellent introduction. I am wondering if this has since been made available beyond Azure BLOB? Specifically, we are trying to figure out how we can implement ABAC with Microsoft Entra for our SharePoint (we have M365 licenses at the highest tier) and for our Azure Data Lake? Can you help us? Can I connect with you in LinkedIn?

    • @PatriksTechLightning
      @PatriksTechLightning 4 місяці тому

      Thank you for the kind words ! ABAC development doesn't seem to move super fast but there definitely have been developments. There are new features along with a list that entered preview. I'm always looking to connect with professionals as yourself on LinkedIn. Send the request ! I haven't had a real business requirement to use RBAC yet. If I can point you in the right direction I will definitely do so. Keep in mind that my schedule is overfull 😎 It's not humanly possible to answer all requests but I'll do my best.

  • @NicolasLhoir
    @NicolasLhoir 4 місяці тому

    Tks Patrick, what options do we have when spliting Security law from application law: do applications havé to send twice the log ?

    • @PatriksTechLightning
      @PatriksTechLightning 4 місяці тому

      Depends 😎 If you indeed need to have seperate LAW's , one for security and one for Application it may result in sending the logs twice. I would try to avoid those scenarios as much as possible. You can fine tune VM's with DCR's and specify which exact logs to send to what LAW. Technically, it's possible to split it up. It all comes down to governance. If you send all the logs (security + application) to a single LAW, is table based RBAC an option ? Meaning, only certain administrators have access to the security logs and other the application. Do you have a security policy in place which prohibits this ? Bottom line: try to see if a single workspace can handle it.

  • @devops-studios-kr9wx
    @devops-studios-kr9wx 4 місяці тому

    Just wonderful!!

  • @liudmylasoderstrom6226
    @liudmylasoderstrom6226 4 місяці тому

    That’s a great new video, Patrik! Thank you for your work!!

  • @yoketah
    @yoketah 5 місяців тому

    Question for you as someone who has aome networking knowledge but no network engineering experience. I have had a few recruiters contact me about a position that is stated as a network engineering job. I have a specific rare language skillset which is why im probably getting these requests. I have experience in CDN break/fix, but no engineering experience at all. I've used the network topology tool like 1 time, and know how to subnet just just looking up hwo to do it for 30 minutes, so pretty kuch no knowledge. How screwed would i be for taking this job? I know wnough about dns, load balancing, TLS, linux stuff like curls, rewrites and other http stuff, ddos and SIEMs, rule engine for caching, cactu and grafana for packet loss, routing, and saturation. Would any of this help me? Tjy are offering $40-50 for an 18 month contract. I make like $90k (~45/hr ) if you include the good amount of overtime I do, so i dont think it would be worth it unless it was like $55-60. Is this unreasonable?

  • @zeus783
    @zeus783 6 місяців тому

    @Patrik, Thank you so much for all the wise recommandations!!

  • @Dimbinhobr
    @Dimbinhobr 6 місяців тому

    Funny it’s exactly what Microsoft papers says but doesn’t show e exactly how to configure it

  • @mohammadzeeshan5048
    @mohammadzeeshan5048 6 місяців тому

    Love the way you explain concepts. Wishing you more success ahead

  • @zeus783
    @zeus783 6 місяців тому

    "Mother in law" !! 😁 Nice video, great explanation Patrik!

  • @FNobary
    @FNobary 7 місяців тому

    Nicely done, concise and effective, well done.

  • @shathasahawneh7517
    @shathasahawneh7517 7 місяців тому

    Hello, Have you tried to login with MFA enabled user to this Azure Virtual Machine?

    • @harrisjosye824
      @harrisjosye824 5 місяців тому

      Hi, Did you get a solution or if MFA is enabled we cannot authenticate with password in VM?

  • @arpanchakraborty9874
    @arpanchakraborty9874 7 місяців тому

    Excellent video. Thank you