Is Azure a tier 3 datacenter? And what about Service Levels in a broader sense…

Introduction

Everyone who has been working with cloud, and involved with tenders, has had the follow question (in one form or another) ; “Has the cloud datacenter achieved a tier 3 (or higher) classification? In today’s post we will delve into the specifics linked to the ask ; Why do organizations ask the question, and how does it related to cloud?

What is a “Tier 3 Datacenter”?

To better understand the concept of data-center tiers, it is important to understand that several organizations (like the Telecommunications Industry Association (TIA) and the Uptime Institute) have defined standards for data-centers.

Uptime Institute created the standard Tier Classification System as a means to effectively evaluate data center infrastructure in terms of a business’ requirements for system availability. The Tier Classification System provides the data center industry with a consistent method to compare typically unique, customized facilities based on expected site infrastructure performance, or uptime. Furthermore, Tiers enables companies to align their data center infrastructure investment with business goals specific to growth and technology strategies.
Source ; https://uptimeinstitute.com/tiers

Which typically consists of several tiers…

Four tiers are defined by the Uptime Institute :

• Tier I : lacks redundant IT equipment, with 99.671% availability, maximum of 1729 minutes annual downtime
• Tier II : adds redundant infrastructure, with 99.741% availability (1361 minutes)
• Tier III : adds more data paths, duplicate equipment, and that all IT equipment must be dual-powered, with 99.982% availability (95 minutes)
• Tier IV : all cooling equipment is independently dual-powered; adds Fault-tolerance, with 99.995% availability (26 minutes)

Source ; https://en.wikipedia.org/wiki/Data_center#Uptime_Institute_-_Data_Center_Tier_Standards 

So it is a classification for organizations to understand the quality of the data-center, and be able to take a given availability into account. Though it is important to understand, that this relates to “datacenter housing” (colocation) and not to the cloud service models! Why is this statement important? As on top of that housing, additional services will be delivered by cloud providers to achieve service models like IaaS, PaaS, SaaS, …

UPDATE (2020) ; Azure Datacenter Tier = Higher than Uptime “Tier IV” Institute’s DC Tier standard

In the following document the datacenter classifications have been documented (Link updated in 2021; https://azure.microsoft.com/mediahandler/files/resourcefiles/azure-standard-response-to-rfi-on-security-privacy-and-compliance/Azure%20-%20Standard%20Response%20for%20Request%20for%20Information%20-%20Compliance%20Privacy%20and%20Security.pdf

From generation 1 the datacenters have been designed to meet the customer SLAs and service needs of 99,999%. Given that a tier 4 datacenter is designed towards a customer SLA and service need of 99,995%, we can state that an Azure Datacenter exceeds the expectations of a tier 4 datacenter.

Continue reading “Is Azure a tier 3 datacenter? And what about Service Levels in a broader sense…” →

Inbox Zero – How I (still) do it after about 10 years…

Introduction

A bit less than 10 years ago I posted about “Inbox Zero“. Though for as long as I’ve known the concept, I’ve been an avid fan/believer of it. Over the course of the years, I’ve evangelized about the concept to many, where a lot of people typically asked me : “Isn’t that really time-consuming?!?”. My answer has always been ; “It is a habit… And indeed, you invest a bit of time into it, though the gains of not having to pick up the same email(s) over and over again is where you easily win!”.

 

Theory

The basic premise of Inbox Zero is that your inbox is at all times.. EMPTY!

For a lot of people this seems impossible to achieve, though you realize this by going though the following flow for each mails that comes in… at the time it comes in. So yes, you “immediately” (as in the moment you open your mailbox) process all new mails. How do you do that, by the following rule set…

1. Do I/we need to care?
   1. No, Delete.
   2. Yes. Great! Is the mail something I should do?
      1. No, Delegate (forward).
      2. Yes. Interesting! Can I reply in less than 2-3 minutes?
         1. Yes, Respond (reply).
         2. No, Defer (flag for follow-up). => And schedule times to where you’ll focus on burning through your “backlog” (read: deferred mails), so Do.

 

Practical Guidance

That sounds quite simple to do? So why don’t we all do it?!? From what I’ve seen, it starts with not knowing / being taught the system. And on the other had, it also requires a given level of discipline / organization to achieve it. Though in my mind, it can be accomplished by all if you are just given a bit of practical guidance. That’s what we’ll be talking about today!

Continue reading “Inbox Zero – How I (still) do it after about 10 years…” →

Azure Subscription Management – Beyond the 101… aka The Advanced Topics

Introduction

Today’s post will cover three more advanced topics that I’ve seen surfacing on a regular basis ;

• Transferring a Subscription versus Changing the Directory of a Subscription
• Moving resources between subscriptions with different AAD (Azure Active Directory tenants
• Understanding the relationships between components when leveraging an Enterprise Agreement (EA)
• Various advanced scenarios on how AAD in intertwined between subscriptions & the EA

Transfer vs Change Directory

Apparently there is a bit of confusion between the “Transfer” and the “Change Directory” buttons for a subscription ;

In essence ;

Transfer Subscription = Change the Owner AND Change the Directory

What does that mean?

• If you want to transfer the billing of a subscription, you do a “Transfer“.
  (Do note: Transferring a subscription will also change the directory to the one linked to the new owner. If this is a different one, then you’ll be linked to a new AAD Tenant.)
• If you do not want to transfer the billing, and just change the directory, you do a “Change directory“.
  (Do note: Changing a directory will not remove the account owner. And (s)he’ll still have owner rights on it! Also be aware that all rights set linked to the previous tenant will disappear. So you’ll have to reinstate IAM. For which you can easily leverage management groups...)

Continue reading “Azure Subscription Management – Beyond the 101… aka The Advanced Topics” →

Putting Azure API Management in front of an Azure Function API

Introduction

Today’s post will be on how to expose an API hosted via an Azure function via Azure API management. So what are we going to configure today? We’ll expose the function API externally. The “user” (or client app) will authenticate with API management via a “subscription key“. Afterwards API management will call the back-end function, where it will authenticate via the function authentication code.

 

Configuration

So let’s go to our function …

Where we’ll grab the “function URL”. This contains the query parameter “code” which uses the function key as authentication.

Continue reading “Putting Azure API Management in front of an Azure Function API” →

Azure : IT Governance in the cloud

Introduction

During the weekend I saw the following tweet passing by …

Hosting company Verelox has had all their customers dedicated and virtual servers wiped. Their statement: pic.twitter.com/XvAQcofJKu

— Kevin Beaumont (@GossiTheDog) June 10, 2017

Apparently, a hosting company (allegedly) got all their data wiped by an ex-admin. Now I can imagine people thinking that this is something that is part of the territory when it boils down to cloud. So I wanted to write a blog post entailing what you do to set up a governance structure in Azure. Here I’m aware that the above tweet is more related to the security aspect of governance, it’s a part of it nevertheless.

 

Governance?!?

Let’s get started on our scope… IT Governance can cover a lot of ground. In essence, the goal is to assure that the investment in IT generates business value and the risks that are associated with IT projects are mitigated. Though I found that CIO.com has a nice definition on it ;

Simply put, it’s putting structure around how organizations align IT strategy with business strategy, ensuring that companies stay on track to achieve their strategies and goals, and implementing good ways to measure IT’s performance. It makes sure that all stakeholders’ interests are taken into account and that processes provide measurable results. An IT governance framework should answer some key questions, such as how the IT department is functioning overall, what key metrics management needs and what return IT is giving back to the business from the investment it’s making.

So let’s take a look at how we can put an enterprise-grade structure around the management of Azure!

 

TL;DR = Azure Enterprise Scaffold

For those who want to skip the post below… When talking about governance in Azure, the best place that summarizes it the following page in our documentation ; “The Azure Enterprise Scaffold“.

Continue reading “Azure : IT Governance in the cloud” →

DevOps : What’s the impact on my ITIL/COBIT/… based shop?

Introduction

When talking to customers about DevOps, I often get the two following questions ;

• Does this mean I have to get rid of ; ITIL / COBIT / … ?
• Do I have to start moving people around and creating new units?

The quick answer is ; No.

A typical parabel in any project methodology is  ;

How do you eat an elephant? Take snack sized bites and work your way through it.

And the same goes for DevOps!

Continue reading “DevOps : What’s the impact on my ITIL/COBIT/… based shop?” →

Rancher : Docker Lifecycle Management – Or how to upgrade containers?

Introduction

It’s all fun & games to create & deploy containers. And the “pets vs cattle” thingie is also cool… Though what about the lifecycle management? That’s something we’ll be handling today!

What will we be doing today?

• Create a small dummy container
• Setup a source respository (at BitBucket) for that dummy container
• Setup an automated build (linked to the source repository) on your docker hub respository
• Deploy a service on rancher
• Update the source
• Upgrade the service to the latest version
• Enjoy life even more!

What will already need to be setup?

• A host with docker installed
• Have rancher installed

Continue reading “Rancher : Docker Lifecycle Management – Or how to upgrade containers?” →

Xmas Tech Cookbook : Docker Swarm & Rancher Walkthrough

Objectives of this post

• Install Docker on all machines
• Setup a Docker Swarm
• Setup Rancher to manage the lot

Test Scenario

For this walkthrough I’ll be using 4 x Azure A0 Machines with Ubuntu 14.04TLS on them. Three of those will serve as docker hosts and one will be my Rancher management tooling. The docker hosts will be put into a swarm. For easy reference (and as a basic enterprise simulation), I’ve setup my docker hosts in a seperate subnet compared to the rancher.

Continue reading “Xmas Tech Cookbook : Docker Swarm & Rancher Walkthrough” →

Lingo Explained : Lombardi Time

Personally, I am someone who is always on time. A disaster must have struck down upon us before I am late to anything. I would rather sit in my car for an hour as I am way too early for a meeting, than to be a minute late. This week I learned that there is a term that follows the same belief!

Vince Lombardi was the head coach of Greenbay Packers. He ran a disciplined regime and introduced something that later became known as “Lombardi Time” ;

Lombardi expected his players and coaches to be 15 minutes early to meetings and practices. Not on time — 15 minutes early. If they weren’t, he considered them “late.” Thus, it came to be called Lombardi time.

A fun fact ; The clock above the entrance of the Greenbay Packers their stadium runs 15 minutes early… 
So next time we have a meeting together, show up on Lombardi time. I’ll be there!

A roadmap to the cloud… Where should I focus on?

Cloud is here to stay!
A lot of questions about “THE Cloud” have risen the last years. In the beginning, the most responses included that it was a hype or that it was a rebranded solution from the past (“ASP“). Though at this point in time, it is safe to say that “Cloud Services” are here to stay and that there is no point back but to embrace them as an IT department. My personal sentiment is that the current market leaders “Amazon” & “Microsoft” will continue to grow and eventually dominate this market. As google has enough cashflow, I suspect that they will join in this battle. So the current conundrum is ; how to move your current landscape from an “on premise” way of working towards the cloud…?

Cloud Maturity Model
For organisations who are stuck with this question, I would like to point out to a fine document (“Cloud Maturity Model“) of the Open Data Center Alliance. It describes the different stages, even from different perspectives, that you will traverse in your journey.

Quote about the cloud maturity model ;

Progression through the various maturity levels is based on the evolution of a number of parallel capabilities, as described in the following figures.
The result is represented by an inferred resulting maturity, roughly mapped as follows:

• CMM 1. (Initial / Ad Hoc) The existing environment is analyzed and documented for initial cloud potential. Pockets of virtualized systems exist, for limited
  systems, without automation tooling, operated under the traditional IT and procurement processes. Most of the landscape still runs on physical
  infrastructure. The focus is on the private cloud, although the public cloud is used for niche applications.
• CMM 2. (Repeatable / Opportunistic) IT and procurement processes and controls are updated specifically to deal with cloud and who may order services and service
  elements and how. Private cloud is fully embraced with physical-to-virtual movement of apps and the emergence of cloud-aware apps.
• CMM 3. (Defined / Systematic) Tooling is introduced and updated to facilitate the ordering, control, and management of cloud services. Risk and governance controls
  are integrated into this control layer, ensuring adherence to corporate and country requirements. Complementary service management
  interfaces are operational. More sophisticated use of SaaS is evident, and private PaaS emerges.
• CMM 4. (Measured / Measurable) Online controls exist to manage federated system landscapes, distributed data and data movement, federated and distributed
  application transactions, and the cross-boundary transitions and interactions. Defined partners and integration exist, enabling dynamic
  movement of systems and data, with supporting tool layer integration (for example, service desk, alerting, commercial systems, governances).
  Cloud-aware apps are the norm and PaaS is pervasive. Hybrid apps develop across cloud delivery models.
• CMM 5. (Optimized) All service and application deployments are automated, with orchestration systems automatically locating data and applications in the
  appropriate cloud location and migrating them according to business requirements, transparently (for example, to take advantage of carbon
  targets, cost opportunities, quality, or functionality).

So far, so good… yeah? I know, this all still sounds a bit “fluffy“. The basics to remember is that there are various stages involved so you can keep track of where you are. Though for me there are three focus points that every organisation should embrace in order to be ready for the future with cloud services.

• IAAS has become commodity
• Federation is the new black
• Interoperability is mandatory

IAAS has become commodity
I do NOT believe in on-premise virtualisation farms anymore… for the majority of organisations. I must concur that there are use cases that would still require this, though for the majority of organization this is not the case. I can see you pondering “But we are special!”, and I must disappoint you, most organisations are not. Internal IT should focus on the things that deliver real value to an organisation. An Infrastructure-as-a-Service layer has become a basic commodity in the market and you should embrace it. The time you spend in maintaining the lowest layers is better invested in real business value. I, yet again, concur that this will imply a shift of skills needed…

“When the winds of change blow, some people build walls and others build windmills.” -Chinese Proverb

Federation is the new black
Let’s start with a quote from the maturity model ;

Federation refers to the ability of identity and access management software to be able to securely share user identities and
profiles. This ability allows users within a specific organization to utilize resources located in multiple clouds without having to generate
separate credentials in each cloud individually. IT is able to manage one set of identities, authorizations, and set of security review processes.
From the user perspective, this enables seamless integration with systems and applications.

For most organisations, start with setting up a federation service… Active Directory Federations Services, or a SAML provider, pick something that best fits your current technology stack. Though be aware that federation is a key, if not THE key, component of a succesful cloud roadmap!

Interoperability is mandatory
And, yet again, let’s start with a quote ;

There are two key concepts of interoperability: (1) The ability to connect two systems that are concurrently running in cloud
environments, and (2) the ability to easily port a system from one cloud to another. Both involve the use of standard mechanisms for service
orchestration and management, enabling elastic operation and flexibility for dynamic business models, while minimizing vendor lock-in.

Your high level architecture should consist of “islands”, which are linked together via APIs and/or abstraction layers and where authentication is done via federation mechanisms.

In addition, keep in mind that you will move systems around. So interoperability towards migrating systems is a key requirement and should always be a focal point in your decision-making. For instance; Think about exit scenarios with a specific cloud provider. How will you handle this?

Conclusion (TL;DR)

• Cloud is here to stay. In a few years, it will be the defacto standard.
• Infrastructure-as-a-Service has become commodity. In a few years, this segment will be dominated by Amazon, Microsoft & Google.
• Federation is the new black. If you haven’t set up a federation system… DO IT NOW!
• Interoperability is mandatory. Always keep in mind that systems should be portable islands which are built for data interaction.