Betatalks the podcast

In deze aflevering spreken we met Henry Been in een drukke periode waarin het lijkt alsof alle in-person evenementen vlak voor de zomer zijn gepland. We delen onze ervaringen en meningen rondom developer productivity en het feit dat 'niets doen' soms nodig is.
Omdat Henry letterlijk het boek heeft geschreven, duiken we in alles wat Azure native is rondom infrastructure als code zoals Bicep, ARM en zelfs Deployment Stacks dat nog in preview is.

Over deze aflevering, en Henry in het bijzonder: Voor informatie over het boek Azure Infrastructure as Code geschreven door Henry Been, Eduard Keilholz, en Erwin Staal bezoek je deze link. Je kunt Henry vinden op Twitter op @henry_been of op https://www.henrybeen.nl/

Over Betatalks: bekijk onze video's en praat mee op ons Betatalks Discord kanaal

00:00 - Introduction
01:27 - Friend of the day
08:21 - Measuring performance
11:10 - What to do while waiting
17:48 - What is deployment stack?
23:53 - How long does the support last?
31:38 - Talking about BICEP
38:57 - The importance of organizational controls
41:47 - Closing

Introduction – 00:00

Oscar 
Hey there, welcome to Betatalks, the podcast in which we talk to friends from the development community. I'm Rick and I am Oscar.

Rick 
Oscar how have you been?

Oscar 
I've been great. Been busy. also had some really fun days. Two weeks ago, we talked to what was it like 20 BATS, as we call them. Yeah, Azure talents. So young professionals from our company. And we went through two client cases, both of them using .NET. Stack both of them using Azure, but completely different.

Rick 
You bet. But really, completely different, right?

Oscar 
So one, one is a sales company, born in the cloud, using all the latest stuff all the time, and the other one just moving to the cloud, but big enterprise with all kinds of other issues and a lot of infrastructure service. But it was fun. A lot of questions. Nice to get to know the group, because there are new colleagues. Good opportunity.

Rick 
So yeah, and I think it's a good thing that we actually discuss how Azure works in practice, right? Because we can learn all of the theory along the way, but we start learning how stuff actually works. When we start working with it,

Oscar 
you start learning the moment you start making mistakes. If everything goes right, the first way you learn nothing, so yeah, no, but that day, we had some fun war stories for them I think.

Friend of the day – 01:27

Rick 
Oscar who is our friend of the day.

Oscar 
Our friend of the day is Henry Bane.

Rick 
Henry is an independent architect and developer from the Netherlands. He enjoys working with software development teams to create and deliver great software. His interests include the Azure Cloud, agile DevOps software architecture and the design and implementation of testable and maintainable software. Besides his work, he is a conference speaker at international conferences, is the author of two books, and creates online training courses for Pluralsight. For his work in the community, he has been awarded the Microsoft MVP award since 2019. To follow Henry, you can go to his blog or find him on Twitter at Henry underscore Ben Henry. Welcome.

Oscar 
Welcome, Henry.

Henry 
Hey, gentlemen. Good morning.

Rick 
So how are you?

Henry 
I'm fine. Still getting used to you know, talking to somebody at this early hour. I'm going I'm your very, very traditional Geek. I don't really get started before lunch. And for the listeners, it's even before 10 right now. So I'm struggling, but hanging on.

Oscar 
Sorry, but great for you to make time of your night rest.

Henry 
Yeah, absolutely.

Rick 
And your busy schedule, because you're doing a lot of things right now. Right.

Henry 
Yes. Juggling a lot of things right now. I think everybody is, you know, towards the end of the season. Conferences, events. Everything seems to be happening in June this year.

Oscar 
Yeah. All the real events started again. So a lot of traveling for a lot of people, I think.
Yes, I think so. So I'm so I'm actually quite fortunate that most of the things that I've been doing are in the Netherlands or close to the Netherlands. I still haven't seen a plane, in two and a half years. I've done everything by train so far. Also feeling very good about sustainability. From that point of view.

Rick 
Yeah, I can imagine.

Henry 
Yes, but I've spent hours and hours in the train again, which is great, actually, you know, being under the people seeing people in 3D again.

Rick 
Except instead of those Metaverse avatars, right.

Henry 
I'm not doing that.

Oscar 
I'm waiting for them to get legs.

Henry 
I'm still curious to see if that will work out in the future. Honestly.

Rick 
This is actually something that you touch upon that I think all of us have, have found out the last couple of months, or maybe the last two years, that although virtual events work, when there's too many, it stops working, or at least you kind of get tired of how it works with those virtual events. What's your take on that one?

Henry 
Yeah, I would agree. So I think as a participant or somebody listening to fortunately, fence, it becomes a little bit of a lull. I don't, you don't have the variation. That's where you sometimes you talk to people in the hallway, then you'll listen to a very well-known very famous international speaker, which has a very polished talk. And then you walk over to somebody who is more local end, but just a live demo for a smaller audience. You don't have that variation. I feel listening to online things. And another thing is it's way too tempting to do email on the side, or slack or teams or whatever your poison is. So you don't really zone out of your day-to-day job, detracting from the actual learning and thinking experience that you normally would get from a conference. And as a speaker, I found it very hard to and I've barely done it. Because you're sending your energy into a black hole, and you don't get a lot of response, which is what I enjoy. So yeah, completely different and not sustainable for me at least.

Rick 
Yeah, and I totally agree on that one. Because, like you said, most of the times when you go to conferences, the real value of the conferences is in the hallway talks right in the in the people you meet in the hallway and the short conversations you have there and the possibility you have to go to maybe even a team member of the product team of stuff that you're working with or working on, that you lose that with all the virtual events. And although quite a few events have tried to pull that off even virtually, as far as I'm concerned, it doesn't work.

Henry 
Yeah, I would agree. And but the I think the other angle is also that you don't get you know, completely away from your work. Especially when you're working as an associate in a profession where a lot of your work is about thinking creatively about problems, you will need downtime, you need time away, to not just ponder the problem currently at hand, but also think about what we're going to do next week, next month, next year. And to me, that happens much more easily when I'm away from the work when I'm taking a walk when I'm talking to somebody else. And that's also a thing that I missed in the online conferences. They're getting away from the day-to-day thing.

Oscar 
Yeah, it's like at the office, if you go into a planning meeting or retrospective, and everyone brings their laptop, in the end, everyone will see their email coming in. And like it doesn't work like close that thing off. It's the same of lecturing, trying to really refocus on something new at a conference, you have the traveling, you have some downtime, and indeed a completely new crowd where you normally wouldn't want to engage with that quickly. Because, yeah, you're indeed staring into a black hole, you might get some questions, but that's it.

Henry 
And downtime is the thing that actually gives us creativity. So for example, if you see a lot of people into train, everybody is looking at their phone, it's very likely they're killing their creativity, because they can do nothing anymore for more than three seconds. Just look around, people do nothing for three seconds. And then they're like, out of a reflex, they pull their phone and start looking at it. But not doing anything. Having no point in your action is very good for creativity and problem solving. At least, I believe.

Rick 
Yes, sometimes I find myself staring out the window, because I have this problem that I need to figure out. And then with all of the distractions around you, it's hard to, to really think about that kind of stuff. So then I moved myself towards the window and just stare outside for a bit. And then I think that's it's also an XKCD. I'm not really sure. Where it actually says that somebody who's looking out the windows is working really hard. Well, sometimes in our work that really is the case, or can be the case.

Henry 
My first employer. Story goes day, they once got on a bill from a consultant. And he built four hours of typing report and 96 hours of thinking. And he actually put that on the bill, which was agreed upon, but still it was apparently hilarious when they got the bill. So he really, you know, had the guts to put that time on the bill, which is not very common.

Rick 
No, it isn't.

Measuring performance – 08:21

Oscar 
But like in the end, it is real. Like, I made a remark this week to someone there's like, even if you I don't know, type with one Pinky all day, and you would constantly write code, you would do more than any developer I know. And in a day, like that's ridiculous. You don't need the super-fast input or anything because the typing is just the typing in the end.

Rick 
And that's the reason why measuring performance by lines of code is the worst way of measuring performance. Right?

Oscar 
Yeah. Unless you count lines of code, delete it, because then then I'm really happy with

Rick 
The best code is code you didn't write. I totally agree on that one.

Henry 
Have you ever seen that in practice?

Oscar 
You mean, counting the code, delete it?

Henry 
No, no counting code written. Of course.

Oscar 
I've seen some but that is long time ago. I'm also very old by now.

Rick 
Now, but I'm glad you said it yourself. Yeah.

Henry 
I was I need to be ahead of you this time. But yeah, I've seen people that looked at code churn graphs, especially in the early days that you could pull that from repositories and stuff and like, oh, what, what kind of amount work went in there. And I was actually at a customer not too long ago, helping them out. And they wanted some KPIs. And there was clearly a manager asking for getting more performance out of their dev teams. They had four teams, and I recommend it to count the amount of releases. Start with that KPI like how many things are you pushing out? How many times don't care about how small or big it is, but see if that increases because if that's the factor people are actually shipping the whole thing, they will get smaller increments. And I guarantee you in the end, you will, you will do more because of that. It's not the amount of work you put in because I pulled open their code repositories. And I saw like 900 dead branches from the past four years. It's like, yeah, that's where all your work is whether it's not coming out. Yeah. So don't push them to write code or throw new items at them, just start measuring the output. Once that bottleneck is gone, you can go to the next one, but it's never the amount of work picked up. It's still fairly common, though, I originally talked to two developers from two different companies. And you see that it's culture thing happening under pressure from, like you said, management to take a board more things. And then you get this culture where people go over the list of things to be done. And everything is in progress. Everything is taken care of taken a look at and nothing is getting done. I think the quote is, you know, start finishing stop starting is really, really applicable here. That's I do see in practice, unfortunately, way too many things in parallel.

What to do while waiting – 11:10

Oscar 
It will stack right like even though you're you tried to do it, right. In the end, something doesn't get finished, because there's a bottleneck, there's some impediment outside your control, people will tend to start the next thing, while they normally would need to take more ownership and more control to push that thing through. And in some cases, I also see stuff in production. We have feature toggles now. So we shipped but it isn't shipped until the toggle is on and we're getting some feedback. But with like 100 different feature toggles in production, you have really complex problems, still waiting for you. Because at some point, you won't know what's on and what's not on. So you can drive it really far. And some point it is removing the lines of code or dismissing stuff you actually don't need will help you a lot. And just get that get that loop fully going. And it's not the amount of features or work or whatever. But really, really get small pieces out there.

Henry 
It's stuff, my current engagement where we're building a new team. So we're spending a lot of time on the culture and the way of working. And the problem is, it feels so good to start something else when you have to wait. Nobody likes to say I'm just waiting for 20 minutes for the for the bill to complete, and my colleagues to take a quick look before I push this to production. And then you know, continue drinking coffee. Nobody wants to do that. Everybody wants to say, Yeah, I'm just waiting on some feedback. But meanwhile, it feels so good to be busy, and to and to show your teammates that you're trying to do a good job. And while you're actually indeed optimizing for your own productivity and not for Team outcomes. And I think that's what we have to learn that, you know, waiting 5-10, maybe 20 minutes, to be able to continue your work at hand is way more valuable to the team than being very busy on an individual level. But it's a conflict between the actual measurable outcomes, and how we feel about what we're doing.  And I know that some teams are a bit more at the office have teams are together, I would recommend, like waiting for something. So I push something to test and the bill takes a while. Just slide over to your colleague and bear with them a bit or something like that, instead of picking up a brand new thing.

Rick 
Yeah. Because then also you got that context switch going. And that that kills it for you. I mean, you got to completely let go of what you restarted when once the build finishes, or they need to reinvest in getting to know the situation again of what the build was actually doing. So yeah, as far as that that's concerned. I agree on that one. However, it is kind of hard to just sit there and say, Well, I'm waiting with your coffee. And then again, the compiling XKCD which, which everybody knows when the two developers are sword fighting Oh, why are you doing nothing? Nope, my code is compiling. Well, that's something that we need to actually pick up, right? We need to say, Well, my codes on its way to either APR or going to production. So we just need to wait for a bit. Yep. Henry, one of the things that stood out in some of the information that you sent us was the fact that currently you are working on getting a next book out, right? Yes. Tell us a bit about that book.

Henry 
About the book so I'm it's not just me. I'm working together with Edwards Cal holes in Erwin Staal, two co authors. All of us have risen about 1/3 of the book. And you know, given our opinion about the other two third. So that's one of the things that I really liked about writing this book that I didn't have to do it alone, which is really a pain in the back. So I will never write anything alone. Again, teamwork is much better than working alone. And the book is about Native infrastructure as code things for Azure. And I say things because of course, we start with ARM templates and bicep. They do real infrastructure as code. But we also try to touch upon the ecosystem around it. So for example, template specs, which allow you to create an ARM template and store it as a resource in Azure so that others can reuse your template. We discuss policy, action policy, the way that you can apply, guide run and guide rails, either mandatory or advisory to your Azure environment that will help others write better infrastructure definitions. What else do we talk about, we talk about testing ARM templates and infrastructure deployments. We talk about deployment stacks, which is a new feature that has been announced for a while but is still in private preview, which is going to be very exciting, because I think the book is not officially off to the presses. Okay. And there is a small chapter that touches a little bit of on deployment stacks in there with approval of the product group. But it's, it's still a brief preview. And it's probably going to be a race condition, what hits the market first, the public preview of deployment stacks or to book. So it might be that we are writing about something that isn't even available to the general population yet.

Rick 
And that there's actually pretty impressive that you have something as I'm going to say something as relatively old school as a printed book, to be faster than a public preview of a service in something as fast moving as Azure.

Henry 
Thank you. But I think one of the things that we may all misunderstand, Microsoft, I think is very agile and reactive to demand when it comes to Azure. But it doesn't mean that there isn't a lot of happen, or planning happening or trends. Things that we see haven't been thought up three weeks ago, six weeks ago. No, weeks ago, some things have been in the works for years. But yes, we were very lucky. To be included. I was in the private preview right from the start. And I did was every Dutch person does. I just tried and asked if it was allowed to write about it's "Ja heb je nee kan je krijgen" we say in Dutch you have a no you can always trying to get a yes. Or as soon as I've been told you can ask everything. Just be prepared for a no. But we got a yes. So Thanks, Brian. If you're listening.

What is deployment stack? – 17:48

Oscar 
But yeah, that is that is definitely cool, because I haven't seen the feature. And I don't know what it is, and what separates it from the rest of the infrastructures code or what provides extra.

Henry 
So one of the things that you want to do when you when you start with when you continue with infrastructures code is that you don't only want to create new resources, you also want to update or at least guarantee the state of existing resources to be the same as you want it to be. And maybe at some point, you also want to remove resources that you don't need anymore. Let's say I have a template that describes a service bus and a number of topics in queues. And then a new queue is added. It's created an Azure when I deployed a template, that's fine. But then let's say I don't need to queue anymore. And I remove it from my template. It doesn't get automatically removed in Azure as well when I redeploy.

Oscar 
No, that is the HRM and bicep problem at the moment. Yeah, you can do a full, complete a full deployment, but then it removes everything that you didn't, didn't put in.

Henry 
Yes. So when you do it, there is indeed complete deployment mode. And what it does, it looks at the target scope of your deployment. And it finds everything in the target scope. So let's assume that's a resource group. And it's we'll compare that against the description of the template. So if you're deploying two different templates to the same resource group, or you're manually making changes, which you never should, you can never use the complete deployment mode because you're unexpectedly removing resources that you don't want to remove.

Oscar 
Yeah, where did the database go?

Henry 
Yes. So anything with state is the worst kind of mistake that you can make, you know, compute, you can restore it, but it status is terrible. So make backups test them. We said something adult.

Oscar 
Put resource locks on things that are really important.

Henry 
Yes, everything with state. So what's the deployment stack is it's going to be the solution for this problem. The deployment stack is a resource in itself. And it contains another list of resources. And basically, it's a custom grouping that operates separate of Do a resource group subscription management group hierarchy. So I create a grouping myself, let's call it my application. And then within that grouping, I create an app service plan and an app service and a service bus and this service bus namespace and Service Bus queue. And then whenever I deploy my template with the deployment stack, and in the deployment sector resources, I say what to do with the resources, that word of previous version of the stack. And other than the one that I'm deploying right now, I can either detach them, which means that they will no longer be part of my deployment stack will be retained in Azure. Or I can purge them, which means that they will also be removed in Azure. And as I'm now relying on my own custom grouping, the deployment stack, instead of the implicit grouping by resource group, I can be much more confident, I don't remove or delete anything that I don't, that I actually need, or even worse, somebody else needs that I'm not aware of.

Rick 
Yeah, because that's, that's the case most of the time, right, somebody else, potentially added something in your resource group that you're not aware of. And then you don't want to accidentally remove that.

Henry 
Yes. And now in theory, that shouldn't happen, because there is this recommendation, group resources by a Deaf shared lifetime in the same resource group.

Oscar 
That's the theory Yeah,

Henry  
But it gets tricky when you have, for example, I don't know a centralized team that provides me with a fee net and a resource group. And then as a workload team, I want to put a private endpoint on that v net. And I put that in the same resource group, because it feels very natural to me to group all the networking resources and you have and mixed.

Oscar 
And, indeed, that one is a perfect example, because you want the network team to be able to control the resources, and you probably manage your permissions through the resource group. So it is not even that weird that you're in that situation.

Henry 
No, so there aren't enough cases, where this becomes a problem. Automatically generated resources is another one, when you create a secondary of something, sometimes it gets automatically created. And you cannot manage it manually manage the resource. But the primary resource, but it's a good example doesn't come to mind,

Rick 
I think synapse analytics might be interesting, since if you add synapse analytics, and you add the serverless pool, I think it automatically adds a management resource group where it adds some supporting services.

Oscar 
But also in like log analytics, it creates resource group, if you start storing your queries and stuff like that, there's some automatic experiences.

Rick 
But this actually sounds like a like a decent solution to your let's call it the problem that we have currently with arm and bicep. But I would like to maybe also dive a little bit more into infrastructure as a code, infrastructure as code in general, since a lot of companies where I have advised him to start using bicep, and as far as I'm concerned, start using bicep as early on in the project as possible, since if you manage everything through infrastructure as code, you're better off. But I, there have been three different customers in two weeks time who have all asked me, will Microsoft keep supporting bicep? Because it's relatively new? Is there something that we should really heavily invest in? And then my answer always is, in the end, it's just arm, right? And arm is everywhere. As far as Azure goes. So if you invest in bicep, even in the worst case scenario, where they would stop supporting it, you could just generate an ARM template based on your bicep and work from there. But it's really front and center. As far as infrastructures code within Azure goes, right?

How long does the support last? – 23:53

Henry 
I think so. Yeah. So one thing that comes to mind is people asking, Will this be supported for 20 years? They're trying to hang on to a world that doesn't exist anymore.

Rick 
True, nothing is supported for 20 years anymore, probably

Henry 
At least not guaranteed to be supported.

Oscar 
Oh, but no, Microsoft, at least the next seven.

Henry 
But just look at the rate of change that comes with .NET nowadays, and how versions are going out of support. And I know it can be tough to keep up with. Remember everyone .NET core 3.1 is go out of support. I think December 13. Top of Mind this year, yep, upgrade everything. So this is that that rate of change is constant. So maybe it's the wrong question. But to still answer it. Yes, I don't think bicep is going away. As you already said, Rick bicep is transpiled into the traditional ARM template, which makes your eyes bleed. Because it's a lot of JSON. And that JSON isn't it's submitted to the core API of the control plane of the whole of Azure, the Azure Resource Manager, it's that REST API that says sits in front of all the individual API's of all the product groups and product teams in Microsoft, that's going away.

Oscar 
Change that, again, we have the classic resources, of course, but I think since like a and 2013, they had the arm, the resource managers, everything. So the arm is indeed just a manifestation of that you cannot replace that

Rick 
Our resource manager. I mean, if you work with Azure CLI, or the Cloud Shell or PowerShell, Azure commands or the Azure portal or I mean, anything you can do with resources in Azure, you're going through that management API.

Henry 
Actually, most of the things when you create them in the portal using the forbidden clicky, click, you can still go to the deployment, tap on the resource group and see that it's actually just triggering deployment to, to arm.

Oscar 
They're all just wizards building an ARM template for you, right?

Henry 
Not all of them. There are exceptions. But to grant majority, yes. There are still places where API's are invoked directly.

Rick 
Well, at least for all, probably at least for all the classic services.

Oscar 
Well, can you still create what classic service still around there? You can create new,

Rick 
I think you can still create new cloud services, classes, and storage accounts, probably The classic storage account

Oscar 
Create a new classic storage account

Rick 
I think. So I think we can still create classic cloud storage accounts. Let's find out after

Oscar 
I updated my last one couple of weeks ago, somewhere in the corner only a couple of weeks ago. Yeah, had like the 50 or something in one account, like wow, now I got to do it, I trust them.

Henry 
Very retro of you, storage accounts, I don't know, but cloud services, you can still create them. And so when it comes to the length of support, and if there is a solid customer base, Microsoft will do its best to support those customers. And I think cloud services is a very good example. Because we are now I think eight or nine years into the IRM journey. And they were still running on ASM up to I didn't know a year ago or something, you still had to convert them manually.

Rick 
Yeah. And then now finally, they have the old ones actually called classic. And you can also create new ones. Have you looked at other infrastructure as code solutions apart from the Azure native ones? Because one of the things I tend to hear as far as, for instance, plumie, or TerraForm goes is the fact that they use a local state file, which potentially could give you issues if somebody else does something that's not depicted in your local state file. Have you looked at other infrastructures code? Options?

Henry 
I myself haven't. I know, Erwin has done quite a few things with TerraForm. So when he's in the audience, and questions come about other things, I always refer to him which is very, very helpful, but not really. And the reason is, I only do Azure exclusively Azure and bicep is so closely integrated with Azure, I believe it is a natural choice, because you don't have to onboard another supplier or another tool outside of your existing ecosystem. Now, if you're working in small company or startup, it doesn't sound like a problem. I just download TerraForm installed on my laptop and wehoo, but if you're in a big company, getting a new supplier on board, it is a very costly and painful exercise nine out of 10 times. So I think that's a very good argument to stick with bicep and not look at other solutions like plumie, TerraForm, pharma, etc. Where there are use cases where those tools do make more sense. Absolutely. It's not a silver bullet.

Rick 
They don't exist silver bullets.

Oscar 
We know that by now. Hey, Rick. Yeah. Do you know what time it is?

Rick 
Is it time for a totally random question?

Oscar 
It's time for a totally random question.  Henry, what was cool when you were young, but isn't so cool now?

Henry 
Wow. So nobody told me that this would happen.

Rick 
Otherwise he wouldn't be rad.

Oscar 
Now this is a bit of a technology podcast so maybe it's a hard question because we were never really cool.

Rick 
Hey, we could talk about technology that was cool once but isn't now.

Henry 
I don't know what to call in English do you call them jojo's in English as well? Or spinners,

Oscar 
But I think every six years, jojo's revive right.

Rick 
Spinners are the things that you hold in your hand right that's a spinner,

Oscar 
Jojo's?

Henry 
Jojo's I don't know but jojo's were really cool when I was a teenager and we did all kinds of tricks with them and you bought this one is heavier so you can do better tricks and then you bought the same model that somebody else had. And we did all kinds of tricks with them.

Rick 
And they've had lights in them, right?

Henry 
Yes.

Oscar 
Not when I was a kid.

Rick 
You're not that old.

Henry 
So I think we're looking back on it's like why the F did we find that funny or cool or weird.

Oscar 
I could have spent my time programming.
Henry 
I think that's about the same time that I indeed, I've wrote my first line of code.

Rick 
You started at a young age?

Henry 
Yes, I did a lot of a lot, a little bit of fiddling with web development. When I was attending Middle School. I think like a lot of people in our profession, I created my first web site, using a book about PHP that had a lot of very insecure examples in the first half. And I've tried them all. And then I stopped reading because I thought I knew it all. Yeah, and then some HTML and CSS. And then then I got bored. Because we, are you familiar with developer design, that something works and is very handy in the eyes of a developer. But, but when a real business user comes in, it looks at and said, What? What's this?

Rick 
Oh, yes, yeah. Oh, yes. You asked me to design something, you get the button, you get the input, it all works. And nobody wants to use it, because it doesn't look handsome.

Oscar 
And if another developer sees it, almost sees the code behind it straightaway, because like, oh, yeah, this makes sense. This is doing that.

Henry 
Yes, CRUD operations for the win. And so I'm very good developer design, which is the reason that I stopped, stopped building front ends, mostly, I don't do any front end. Right now.

Talking about BICEP – 31:38

Oscar 
Yeah. I don't know. I want to go back to bicep, if you're the specialist, you wrote a book, let's say that I found out like, in the early days of bicep, I did some preview work in there. And your only target was a resource group. Later on, I saw you could do something from subscription level and gain some things. And I was at a customer doing some preparation for a really big rollout of actually lift and shift. So a lot of infrastructure service. But they needed a lot of management groups and subscriptions. And someone said, Well, can you write the bicep for that? And with your team? And it's like, can you actually create a subscription with bicep and I found out you can create management groups with bicep and I didn't know it went up that did it get our add on? Like, is that also the resource manager that you're talking to? Because to me, in the beginning, it was like bicep starts working. From the moment you also have HRM. So resource group is your..

Rick 
Say push something into a research group? Yeah, I did know that. You could target subscription level as well. But if you can even create management groups,

Oscar 
You can create the subscription itself, I found out so.  Yes, in certain situations. So if you go way back, do you notice subscription was the highest order element and Azure. And you can also see that in the resource IDs, right? Is this management dot danger dot com slash subscription slash, go it and then yada, yada, yada. If you if you look at what a management group is, it's IDX actually looks like as if it is a resource in a subscription. Something like slash provider slash Microsoft dot management, and then the name of the management group. So the way management groups aren't there, you can see actually from their implementation, they kind of bolted on top of them. Because people were creating more and more subscriptions and needed more layers of management. So bicep works for those management groups for everyone. Because it because it just does. For creating subscriptions, you have an interesting extra problem except for creating the resource for which you need authorization on the management group that you're adding the subscription to you. The subscription is also the boundary for billing and invoicing. So you need to also have authorizations to create something that's going to incur cost. So that's called a billing account in Azure. And I recommend most of the developers don't have ever seen that kind of thing, because that's what's the more on the finance or business side. And to have to authorization, it's very limited that everybody has it. And only under certain conditions, you can invoke the creation of a subscription using those two authorizations combined. And I think that's only when you have an MCA contract with Microsoft. So if you're on a pay as you go credit card kind of subscription or when you're in a student's construction, that's not possible. Only when you're using an MCA. And maybe when you're on the CSP construction, which I don't know anything about. Maybe the two of you do. Well, I've been in a few of those situations where I needed to handle the billing and Setup accounts. But like last time I did it from scratch was, was a while ago, still the old, almost half broken account portal that like had a lot of buttons that didn't work and like was so odd. But there was still there was there when the old portal was there and come on.

Rick 
Now we do CSV from the project side of things. But most of the times, Oscar and I are at customer. So that means, well, as far as I'm concerned, most of the times it's credit card or under an enterprise agreement. But that's it.

Oscar 
Yeah, and this stuff is already there and nine out of 10 times when you're entering but now the where I was the start wanted to expand it. And it was fun to actually see you as like, Oh, I'll check it just in case and just a world opened for me because I never seen that on that level, you could do that. But it also makes me a bit nervous because you also say, like this got bolted on. And it feels like that. Like if you ever built a system and you made the decisions like okay, this is the root thing that everything hangs on, which in my eyes was always the subscription in Azure. From there, the technical stuff starts. It feels a bit odd if you now have the management groups, and you can have like five layers of them. And this stuff starts happening like it feels a bit indeed bolted on, like

Henry 
But you need to if you're looking at larger organizations, I'm a big believer in subscription democratisation. So using a subscription per workload, or a subscription per product, or a subscription for team, even maybe I really favor product, not per team, because teams move products rarely do. And if you adopt that model, and you're working in a larger organization, you can end up with hundreds of subscriptions. And you will need some overarching way for governing all of those, especially when it comes to applying policies, or applying authorizations for people that have a nonfunctional responsibility that that runs across all these subscriptions, something like networking, or security or cost management, you really need that level of off. So I really understand why they have done it, and is curating into a more and more workable experience over the years.

Oscar 
Yeah, I definitely saw the benefit of it, the implementation and you can wonder how big the change that Azure was to make this work. But indeed, what you will also see you don't want the production policies that you need to be specific, like let's say you create like 50 subscriptions, because you go towards that model. You want your dev teams to also experiment with new types of systems and stuff like that, but you want to prevent them creating resources in production with not a production SLA on it. So you will have to break. Yeah, like branches in your management groups to say, well, this is like playgrounds, and the other one is real stuff. I definitely see the benefit of it. But this is this is such a one off creation, the subscriptions and billing and stuff like you won't put that in a built pipeline, would you?

Henry 
It depends on the size of the organization. So I've been involved in the building and Azure, I still call it an Azure foundation. From Scratch, I think we would nowadays call it a cloud adoption framework approach. We did everything from the pipeline, for a number of reasons. So first of all, we were all coming in as temporary on the job either through a contract role or an intermediate party, that means that we were all going to be gone at some point. So then having everything in source control.

Oscar 
That's the best documentation.

The importance of organizational controls – 38:57

Henry 
It is a very good documentation of how stuff should be. And also allows you to you know, annotate changes with why. The other reason is, it was extremely highly regulated environment. Lives depend on the software there. What you want to do is have a lot of organizational controls like nobody has access to production period. And to make that possible, you can say nobody make changes in the portal except for the pipelines. And then you can, for example, make a policy that says, hey, all my production environments, I should not have any assignment where the target is a personal account, but we only allow SPSS so we had in production. Even if you were to temporarily assign yourself access as an individual, you would get denied. We did allow groups because you need to have some kind of escape policy, but everything else came from the pipeline, even the things that we thought who will probably just create one or two times so that we have just one approach for everything. So that that we did it and I worked at a very large bank. And they also used to subscription dream accreditation. And when I say very large bank, you have to think 1000s of teams. So possibly 1000s, or even 10s, of 1000s of application components that you all want to constrain, in some kind of namespace thing you that allows you to manage access, rights, billing, and throw away independently of anything else, meaning subscription. So they actually had a process for requesting and delivering subscriptions to teams, they had a product team and internal product team, that as a product had preconfigured Azure subscriptions. So those are two instances that I knew about, for creating subscriptions from a pipeline.

Rick 
Yeah, it's if that's the level that you're where you're working at, then I can totally see the value of having everything inside of a pipeline parameterize it and make sure that you push it from there because, well, it everything that eliminates manual labor, eliminates potential issues,

Henry 
And delivers a lot of compliance. And that can be the actual argument in enterprises, being noncompliant or manually compliant, or proof every time you are compliant, can be very, very expensive. If I can prove that my mechanism for making changes is compliant, I don't have to prove that my environment is compliant, I just have to prove the checks and balances. Of course, they're gonna make some they're gonna take a look at your actual outcomes, of course. But it's an approach that work there. But you need to have considerable size for this to be worthwhile.

Closing – 41:47

Oscar 
I think so yeah. Henry, is there anything we've missed, or you'd like to get back to or you'd like to add?

Henry 
And this is where I plug my book that you can buy on Amazon?  You should yeah, definitely.

Rick 
We will add a link to the book in the description of this episode, because, well, I'm already looking forward to that one. So we will be adding it. But please take the time, you need to plug that book.

Oscar 
So what's called?

Henry 
As I've written two books, the first one is implementing Azure DevOps solutions, which is intended to be a rough preference for the AZ 400 exam, which talks you all the way through from continuous integration to how do you watch your stuff after deployment in production on the Azure platform, using Azure and Azure DevOps? I'm just going to say it. And there's going to be a second edition of that book. They're going to be new authors that write a new number of new chapters. So it's going to be completely updated to the contents of the AZ 400 exams.

Rick 
But you said I'm just going to set it to say it. So does that mean that we have a scoop now?

Henry 
You have a scoop, yes.

Oscar 
Wow

Rick 
Nice. And the other book, it's called infrastructures code using bicep and ARM templates. It's also available on and not on Amazon yet, but only on the side of many, it's still in officially in early access. But it's off to the presses. So it will be released soon. And to give you another scoop, I had to go to be two forwards for that book. And first one is going to be written by somebody who's part of the product team that creates bicep and the Azure Resource Manager. And the other forward, which is going to be written by somebody who's quite senior, and Microsoft staff.

Oscar 
Really?

Henry 
Yes. So if you want to know who just look to book up when you look it up, of course, I wouldn't mind if you also bought it.

Rick 
Okay, again, we will add links to those books in the episode and now I'm really curious who those two people are. I have a general idea, but I'm not really sure yet. So we'll see.

Oscar 
I've a shortlist comes to mind that I would really love to have them there.

Henry 
 I can imagine. Again, the tip is don't dream. Just ask.

Rick 
Yeah, we found that out as well.

Oscar 
That's the some guests we will have on the podcast that's quite senior.

Rick 
Okay, we're, we're drifting off to fan being starstruck and yeah. fanboying over.

Oscar 
We want to thank you so much for your time. It was a blast having you.

Henry 
My pleasure. It was great being here. Thank you.

Rick 
Thanks. Thanks for listening to Betatalks the podcast. We publish a new episode every two weeks.

Oscar 
You can find us on all the major streaming platforms like Spotify and iTunes.

Rick 
See you next time.

Oscar 
Bye.