Welcome! This is the fourteenth edition of CloudProfs, sent to subscribers on October 29.
If you enjoyed this newsletter, why not sign up to receive it in your inbox every week? Or if you have any feedback, email the editor.
NEWS
As befitting an Azure special edition, Microsoft’s FY22 Q1 earnings report dropped this week, beating investor predictions and showing Azure y/o/y growth of 50%. Microsoft posted overall revenues of $45.3 billion, up 22% on this time last year, and net income of $20.5bn, up 27.5% on the year before. The company does not disclose specific figures for Azure, however CFO Amy Hood did disclose a figure of $20.7bn for ‘Microsoft Cloud’ revenue. Azure figures are believed to be pegged predominantly in the Intelligent Cloud revenue bucket – $17bn for the quarter – but also with some in Productivity and Business Processes ($15bn), where the likes of Office, LinkedIn, and Dynamics revenues are housed. Source: https://www.microsoft.com/en-us/investor/earnings/fy-2022-q1/press-release-webcast
An IBM Cloud research report puts it simply: hybrid and multi-cloud has won the race to become the dominant architecture for cloud service delivery. The study, titled ‘Cloud’s Next Leap: How to Create Transformational Business Value’, polled more than 7,000 C-suite executives across 29 industries. Only 2% of respondents said a single public cloud was their primary archetype, down from 16% in 2019. The research talked about a cloud model for enterprises. While enterprise organizations are tackling the low-hanging fruit with ease, IBM argued that a dominant architecture is required to ensure investments can be recouped. Hence the assertion that a single cloud strategy – public or private – is officially dead. Source: https://www.ibm.com/downloads/cas/K0ZGR6BW
Staying with IBM, the company has also launched an open source guide which aims to provide ‘comprehensive learning for hybrid and multi-cloud developers.’ “Our goal is to give the global developer ecosystem one place to go to see where to focus their open source development efforts when developing for specific use cases related to multi-cloud development,” IBM wrote in a blog post. The guides are separated into five areas; artificial intelligence, APIs, big data, containers, and databases, and has links out to repos, courses, blogs, and tutorials. Source: https://open-cloud-guide.dev/
Pallavi Phadnis, senior software engineer on the product data science and engineering team at Netflix, outlines the similarities and differences between data engineering and software engineering roles at the company. “Both roles involve designing and developing large-scale solutions using various open source technologies,” said Phadnis. “In addition to the business logic, they need a good understanding of the framework internals and infrastructure in order to ensure production stability, for example maintaining SLA to minimize the impact on the upstream and downstream applications. At Netflix, it is fairly common for data engineers and software engineers to collaborate on the same projects.” Data engineers ‘bridge the gap between data producers, such as client UI teams, and data consumers, such as data analysts and data scientists’, Phadnis added. Source: https://netflixtechblog.com/data-engineers-of-netflix-interview-with-pallavi-phadnis-a1fcc5f64906
Getting started with Azure architecture
By Sjoukje Zaal
Cloud computing is redefining how modern services and applications are designed. Instead of building traditional monoliths, applications are broken down into smaller, decentralized microservices. And instead of running on a traditional server, they are using serverless services where you don’t have to worry about infrastructure at all and only pay for the services you actually use. Microservices typically communicate with other microservices by through APIs and asynchronous messaging. This allows applications to scale more efficiently, be more cost effective and easier to replace and deploy. Cloud platforms and microservices ask for a different type of architecture.
The are many cloud providers in the market, but Microsoft Azure is one of the biggest, used by 95 percent of the Fortune 500 companies. Microsoft provides a lot of resources on how to architect and develop applications and services on their platform, which will be covered in the next sections.
Azure Architecture Center
The Azure Architecture Center is a great starting point for everyone who wants to start developing services and applications on Azure. It offers proven guidance for architecting solutions on Azure including patterns and practices. You can use the technology choices and guides to decide which services are right for your solution. The guides include all aspects for building apps and services for the cloud, such as operations, reliability, performance, security, and cost optimization. There are a couple of sections that I want to highlight here:
- Reference Architectures: Microsoft provides a collection of reference architectures that you can use as a starting point for building your own applications and services. This also gives architects a lot of in-depth information about how to combine the different services.
- Cloud best-practices: This guide presents structured approach for designing scalable, resilient, secure, and highly available applications and services on Azure. A great starting point for gaining knowledge about building distributed apps.
To get started, you can refer to the following overview page: https://docs.microsoft.com/en-us/azure/architecture/
Cloud Adoption Framework
The Cloud Adoption Framework is a collection of documentation, best-practices, implementation guidance and tools that can accelerate cloud adoption in organizations. It is focused on different methodologies, such as strategy, planning, readiness, migrations, innovation, governance, managing, and organizing which all together offers a full broad adoption lifecyle framework, which supports organizations throughout each phase of cloud adoption.
To get started, you can refer to the following site: https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/
Landing zones
Microsoft offers a set of enterprise scale landing zones that you can use to get started as well. A landing zone is an environment for hosting your workloads, preprovisioned through code. Because no single solution will fit all technical environments, there are a couple of landing zone implementations that you can choose from to get started:
- Enterprise-Scale foundation: This landing zone offers a foundation for organizations to support their application portfolios, regardless of whether the applications are being migrated or are newly developed and deployed to Azure. It enables organizations to start as small as needed and scale alongside their business requirements. It is a good solution when hybrid connectivity to on-premises datacenters is not required from the start.
- Enterprise-scale for small enterprises: This landing zone is similar to the foundation one above. It also allows organizations to start small. This reference implementation is aimed at organizations that do not have a large IT team and do not require fine grained administration delegation models.
- Enterprise-Scale with Azure VWAN: This landing zone offers a foundation for organizations that want to focus on application portfolios and hybrid connectivity with ExpressRoute or VPN. It also offers an architecture based on an Azure Virtual WAN network topology.
- Enterprise-Scale with hub and spoke architecture: This landing zone example is also for organizations that want to support their application portfolios and add hybrid connectivity with ExpressRoute or VPN. If organizations require hybrid connectivity to on-premises locations from the beginning, you can start with this architecture based on the traditional hub and spoke network topology.
Well-Architected Framework
Lastly, I want to cover the Azure Well Architected Framework. This can be used to improve the quality of your workloads on Azure. The framework consists of five pillars of architecture excellence:
- Cost optimization: The principles of cost optimization are a series of important considerations that can help achieve both business objectives and cost justification.
- Operational Excellence: This pillar covers the operations processes that keep an application running in production. If focuses on reliable and automated deployments, which can easily roll back or forward when required.
- Performance Efficiency: Performance efficiency is the ability of your workload to scale to meet the demands.
- Reliability: In the cloud, we acknowledge up front that failures will happen. Instead of trying to prevent failures altogether, the goal is to minimize the effects of a single failing component.
- Security: Extremely important nowadays. You should protect your applications and data from threats at all costs.
SC-900: MICROSOFT SECURITY, COMPLIANCE AND IDENTITY FUNDAMENTALS
The following article will cover the SC-900: Microsoft Security, Compliance, and Identity Fundamentals role based certification, and cover the following areas:
- Recommended Study Resources
- Important Topics to cover
- Exam tips
For those who are not aware, the SC-900 certification measures your ability to describe the following: concepts of security, compliance, and identity; capabilities of Microsoft identity and access management solutions; capabilities of Microsoft security solutions; and capabilities of Microsoft compliance solutions.
Recommended Study Resources
I decided to start my learning with the Microsoft Learn path for this specific exam. This is broken down into four parts:
- Part one: https://docs.microsoft.com/en-us/learn/paths/describe-concepts-of-security-compliance-identity/
In part one you will cover topvics that include security methodologies and methodologies, and describing identity concepts.
- Part two: https://docs.microsoft.com/en-us/learn/paths/describe-capabilities-of-microsoft-identity-access/
In part two you will cover topics that include exploring service and identity types of Azure AD, exploring the authentication capabilities of Azure AD, exploring the access management capabilities of Azure AD and identity protection and governance capabilities of Azure AD.
- Part three: https://docs.microsoft.com/en-us/learn/paths/describe-capabilities-of-microsoft-security-solutions/
In part three you will learn about the basic security capabilities of Azure, security management capabilities of Azure, security capabilities of Azure Sentinel, threat protection with Microsoft 365 Defender, security management capabilities of Microsoft 365 and endpoint security with Microsoft Intune.
In the final part of the Microsoft Learn course, part four, you will learn about compliance management capabilities in Microsoft, information protection and governance capabilities of Microsoft, insider risk capabilities of Microsoft 365, ediscovery and audit capabilities in Microsoft 365 and resource governance capabilities in Azure.
This seems like a lot of content for a Fundamentals level certification, however the subject matter is very high-level and does not go deep into any of the topics.
The other resource I would recommend is video based and is available via John Savill’s YouTube channel which is more of a study cram than a course, however it was very helpful and covers all the key areas on this subject matter. You can find the content at the following link – https://www.youtube.com/watch?v=Bz-8jM3jg-8
Important topics to cover
The following table shows a break-down of the skills measured and how much of the exam percentage the count towards:
| Skills Measured | Percentage |
| Describe the concepts of Security, Compliance, and Identity | 10-15% |
| Describe the capabilities of Microsoft Identity and Access Management Solutions | 30-35% |
| Describe the capabilities of Microsoft Security Solutions | 35-40% |
| Describe the capabilities of Microsoft Compliance Solutions | 25-30% |
You can find a further breakdown of each of these skill-sets at the following link – https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4Mr81 . This certification is aimed at those people who are wanting to learn the basics of Microsoft Security, compliance, and identity across cloud-based Microsoft services.
Exam Tips
The fundamental exams are setup slightly differently to the associate and expert level exams. With those you have a mixture of multiple choice, user cases and scenario based questions, whereas with the fundamental level exam you only have multiple choice questions. The number of questions can differ, however my experience was 42 questions in total and there was a heavy emphasis on Azure Identity Management principles and the various security solutions. This experience does tie into the skills measured, as those two topics carry the highest percentage (30-35% and 35-40% respectively). With there only being multiple choice questions it made the exam much easier to complete as the questions were short and easy to understand, whereas with the associate level exams the questions can be long winded and sometimes difficult to follow. Please note this is just my own experience with the exams in this format and it could be different for you.
MD-101: MANAGING MODERN DESKTOPS EXAM GUIDE
By Shabaz Darr
The following article is a follow on from the MD-100: Windows 10 blog that was posted earlier in the year. This follow-up post will cover the MD-101: Managing Modern Desktop Microsoft role based certification, and will cover the following areas:
- Helpful Study resources
- Topics you need to cover
- Exam Tips
For those who are not aware, the MD-101 is the second certification required for the ‘Modern Desktop Associate Administrator’ and focuses on Windows 10 deployment and management using services such as Microsoft Endpoint Manager and Configuration Manager (Formerly known as SCCM).
Study Resources
To start my learning for this exam with the content on Pluralsight (https://www.pluralsight.com/). There are some great videos on here which gave me a good starting platform for my preparation. The main course series you will need to watch is “Microsoft Modern Desktop Administrator: Managing Microsoft Desktops (MD-101)” by Glenn Weadock. The course is 5 videos totalling up to 8 hours altogether which have the following headings:
- Introduction to Microsoft Modern Desktop Administrator MD-100 and MD-101 exams
- Managing Microsoft Desktops: Deploying and Updating Operating Systems
- Managing Microsoft Desktops: Policies and Profiles
- Managing Microsoft Desktops: Managing and Protecting Devices
- Managing Microsoft Desktops: Apps and Data
It is important to note that this content is not free and you must have a subscription to Pluralsight before being able to access this course. All the content is video based and I, like others I am sure need more than just this to learn a topic. What I found worked really well for me was watching a video and then doing some practical content around that subject. For example I would watch the video on ‘Managing Microsoft Desktops: Policies and Profiles’ and then login to my test Office 365 subscription and put what I just watched into practice by configuring policies and profiles, then deploying them to my test Windows 10 VMs.
The final resource I used for my preparation was the Microsoft OpenEDX learning resource (https://openedx.microsoft.com). I cannot speak highly enough about this resource as it blends written content with practical and test quiz questions which helps you test the skills you have learnt over the course. For the MD-101 it is split into three course:
- MD-101.1: Deploying the Modern Desktop
- MD-101.2: Managing Modern Desktops & Devices
- MD-101.3: Protecting Modern Desktop and Devices
Each course has a great mixture of written, video, practical labs and a quiz at the end which I found to be a great blend for a learning resource.
Topics you need to cover
The following table shows a break-down of the skills measured and how much of the exam percentage they count towards:
| Skills Measured | Percentage |
| Deploy and Upgrade Operating Systems | 25-30% |
| Manage Policies and Profiles | 20-25% |
| Manage and Protect Devices | 30-35% |
| Manage Apps and Data | 10-15% |
You can find a further breakdown of each of these skill-sets at the following link – https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE3VJVD. This exam is aimed at administrators who deploy, configure, secure, manage, and monitor devices and client applications in an enterprise environment. Candidates manage identity, access, policies, updates, and apps.
Exam Tips
In our article on the MD-100, we explained the overarching format with the standard multiple choice questions, scenario based questions and use case section which consisted of 7 questions. As with the MD-100 there was no lab in the MD-101 either, however I would recommend preparing as if there is a lab section just in case Microsoft decide to change it up.
The exam was 42 questions in total with the big use case to start (7 questions in total). I have actually found a great way to tackle these types of questions. What I found was that there is a lot of information to take in with these use cases and it can take up to 5 minutes plus to read through everything. What I did with both the MD-100 and MD-101 exams was is that I did not read the use case to begin with, and instead read the question first and then referred to the specific part of the use case I needed to read to be able to best answer the question. I found this way of tackling the question saved a lot of time but also didn’t clog up my mind with a lot of information i didn’t need for the questions. As I mentioned there were 7 questions in this section, so I only needed 7 bits of information. Please note this is just my own experience with the exams in this format and it might not work for you.
SECRET KNOWLEDGE
Container Security Checklist: A checklist for container security and DevSecOps best practices. Last updated Oct 28.
Dumpling: A fast, easy-to-use tool written in Go for dumping data from the database (MySQL, TiDB) to local/cloud (S3, GCP) in multifarious formats (SQL, CSV). Latest release: Oct 29. Primary language: Go (88.8%)
Google Cloud Runner: Easy R scripts on Google CloudPlatform via Cloud Run, Cloud Build and Cloud Scheduler. Last updated Oct 27. Primary language (unsurprisingly): R (95.5%)
CASE STUDY! Ministry of Justice Cloud Platform CLI: A command-line tool used by the MoJ cloud platform team and tenants to perform actions on the platform, such as creating environment configuration using a template, divergences in Terraform states, and Terraform apply. Latest release: Oct 28. Primary language: Go (98.4%)
Rowy: Open source Airtable-like experience for your database (Firestore) with GCP’s scalability. Build any automation or cloud functions for your product. Latest release: Oct 15. Primary language: TypeScript (99.5%)
Service Fabric Observer: Highly configurable and extensible resource usage watchdog service that is designed to be run in Service Fabric Windows and Linux clusters. Latest release: Oct 28. Primary language: C# (94.8%)