 good morning who's a good boy you've never seen a man dog before ready for the season it's it's here we've got sunday but halloween yeah it's it's it's funny because for people in the chat like we we were in the in the green room just before the broadcast but he didn't have that on so he snuck that on during the video and i didn't see it so that was a good surprise try to keep it fresh here you know every week uh we we've got to try to find something new to talk about you know halloween's here might as well enjoy some silly rubber masks yeah halloween is that the typically is a big thing at my house but this year um we got a new pup so there is a two two dogs in the house uh they freak out at like the drop of a hat so we're a little concerned as to what it's gonna look like on sunday when the the kitties uh every time they ring the doorbell the dogs are gonna go completely uh completely nuts and mac which is the youngest uh he's a mix of german shepherd and uh i think it's german shepherd and australian shepherd yeah my my my dogs uh part dox and part ozzy okay so it's tons of energy but also a really dark a very deep bark so when he when he runs out the door and starts barking it's actually quite scary for the person of the other end every once in a while i'll get like a um skip the dishes or or uh uber eats guy or something like that and also as i get to the front door i see them like running down the the driveway because they've heard they've heard the dog so they just dropped the food on the front step and run well you know we've got a another jam packed show pre ignite because we got ignite next week and so uh while there's some stuff that we're going to talk about today uh but you know that probably uh the next time we do this we're gonna have a whole lot more to talk about uh so if you haven't registered for ignite yet i really recommend you do um there's an easy way you can just go to aka.ms but put it in the chat for everybody slash ignite and uh you can register there it's free it's available for everybody across the globe uh if you want to see a lot of amazing talks here about new features and products ignite is typically the place to do it it's it's built for developers and ops people to to get the most out of what's new in uh azure and microsoft general yeah and speaking of event uh you had a you had one live this week or was it this week last week yeah yeah we did uh create dev ops which was a fun time to uh be able to share a huge conversation on dev ops across the uh speaking to members of across the community uh so we we all got together it was about three hours we had two hours worth of talks and then we had an hours worth of a workshop all that's available on the azure dev ops youtube channel if you just do a search for azure dev ops youtube you should be able to find it there the video is ready for you okay perfect and um i was trying to find the i was trying to find the the the learn page for create dev ops but we'll we'll link that into the chat later so i went well i'm glad uh i i'm also finishing uh i have also finished a big event for us last week yeah dapper con which is that the reporting is done the stats are in was uh it was a good success it was fun but what about this week yeah what's new this week you know i i got a chance uh earlier in the week to talk to um or i should say uh talk yesterday to julien debois who the java master if you will really a great conversation on how to use noobs gem and i think we might have touched on it once before noobs gem is a really great way to kind of kick off deploying your application using terraform and using it uh with a get-off methodology and if you haven't learned a lot about get-offs yet if you go over to my channel uh you'll be able to get a nice little introduction from julien who you know his his whole thought process was that deploying the azure should be one get push away and i'm getting a a note in uh in the chat uh it's talking about with the public cloud and the push for dev ops and organization what's the future for it pros i don't think we have uh enough time in this show to cover that but let's just say uh let's state the the uh what is obvious to us um is that it pros are the key to uh operations and operations is a major chunk of dev ops so uh we're not going anywhere uh we are more than than very important in the equation and uh yeah i feel like we had this conversation you and i uh in our planning yesterday where i kind of just said that you know ops is always going to kind of be a part of the process of even within a dev ops organization because infrastructure management uh monitoring and learning now what's also known as observability now being able to do things like you know on call rotations these are all still important parts of the uh the it experience and i don't really see people going away you know dba's got worried when databases as a service became you know popular but yeah and now they're new to never yeah now dba's are are managing the data that are in services like cosmos dba or azure as well you don't have to manage the underlying hardware hardware anymore and i think that it enables even it pros to be able to work more on automation things like that yeah all right so let's get going with the news so this week um this week is a little thin in terms of like real news mostly because everybody's kind of holding on to their news item for ignite next week um oh and we have to be careful our boss just jumped into the chat room but uh for the first item uh general ability azure backup now supports archive tier tier through the azure portal now what does that mean um last august we announced the support for um uh archive tier through azure portal it really means that we enabled you to be able to take some of your retention points so or your your backup images in an azure backup vault and drop them to an uh to a lower tier of storage and therefore saving your your some some cost is if you're backing up your entire infrastructure or your entire uh workloads uh to make sure it creates it needs all of that storage so it allows it to uh go to like like a colder storage uh deep cold so the very optimize for long stay but no not for read and writes so when you actually need it it'll take a little longer to get it out uh but it's but it's a lot uh a lot cheaper uh long term and it pros can still really consider themselves a part of this process even though it's automated you'll need someone to actually and here's something I always recommend like you have backups but have you tested them have you made sure that you know how to recover them have you checked the your database backup process uh and your disaster recovery uh you understand how everything works so you know understanding rto rpo and how all those things fit in it's still a big part of the it pro and ops uh experience and so I don't see any of that going away and services like this that actually just extend what people have to do it really makes a lot of what we do in the cloud absolutely I was talking with Dean Wells which is a program principal program manager here at microsoft and he was saying that his department or the what they're going towards is um that they don't have a backup pro policy they have a restore policy and the backup is implied because you're the backup is not considered complete until it's been restored and tested yeah in the battle days and remember going to a lot of scenarios where we had backups but they weren't really usable databases were always like the the big part of that especially around databases that you needed to have like a freeze of the block device or something like that or or you needed to be actually actually stop transactions and say a an sql or my sql database so finding ways to actually take a lot of that out of your workflow and offload it to a service is just great and then being able to just make restoration plans and and make your return to uh recovery point objective and your return to operations objectives the most important part rather than the scripting something to make your backups work yeah so this month uh basically the only thing that has changed is that it's almost like last august when we released it we weren't finished so this month we actually lit up this service where you could actually look and manage your your recovery points and and move them to the lower tier through the portal through azure cli and through power shell so you can automate a lot of that stuff say saying as soon as you get a new full backup the last full backup can be offloaded to to the other that could be automated so this is new uh the but now in line with uh with uh what was once since august only available through power shell now it's available through all of the management capabilities of azure definitely makes it a lot easier for people to get started that's right next item on our news list is yours sure uh red hat open shift is now previewed for azure government customers so that's federal state local governments and their partners if you haven't worked with azure red hat open shift it's our azure implementation of using red hats enterprise product for managing kubernetes clusters so in the enterprise there's a desperate need to have more things connected and giving you a single place to look at it and so you know we use something like azure arc for azure natively but you could have you know resources and kubernetes clusters that you want to use that are on other cloud providers because you're in a multi-cloud scenario you can have all of your uh clusters monitored and managed and uh information about performance in red hat open shift some of the new features in the government offering is uh there's some new vm options and disk encryption options so uh open shift supports creating machine set machine sets for worker nodes using azure spot virtual instances and uh virtual machine instances and that's huge because we want to make sure that our pricing around our scale makes sense and so spot pricing helps us you know get the best possible price at the moment um previously you can only encrypt os disks with auto-generated keys uh now you can bring your own key uh storm and keyboard another big thing that people just like having a little bit more control around when it comes to some sort of compliance internal policy whatever it is now there's also end-to-end encryption to encrypt on your host using azure storage so you've got more platform keys things like that that or platform manage keys that you can have that's part of that you don't need to actually do the rotation and manage it yourself um and the roadmap you know there's there's more things that are coming that people really want to see you can see there's our board on the the options that are going to be part of it in the future the work that our team is doing they like to have it out in the open so you'll be able to go to the project section of github and take a look so i think like just expanding our reach to build things that are made for governments means that we're just going to add more hardening more security and create a more safe environment environment for users to actually deploy their code into azure and feel secure about it so i i think that this is a great new offering open shift um it's a really great product and like i said single pane of glass kubernetes wherever you haven't managed um and also big part of that is if you were a regular red hat enterprise customer or a red hat customer in general you know a lot of times you may already have some familiarity around that ecosystem and so being able to have it native to the azure cloud environment definitely helps people work with things that they know yeah and that's the part that's to me um is the the highlight here is with a red hat the open shift and and it's the same for vmware our vmware solution on azure it really becomes we don't really it doesn't really matter what your workload is and where you're running it currently uh we are facilitating and enabling you to actually expand or or migrate or diversify um your workloads into azure without having to like basically rip and replace everything you have you can basically like grow with your existing stuff um so if you're a vmware customer great you expand with vmware uh on azure and that's and it works and if you're an open shift person then you don't have to relearn everything from scratch you just extend your open shift to azure um yeah i don't think we know everything about multi cloud solutions quite yet i still think that multi cloud is very young and we're still learning about how all our different providers and services that they have can work in tandem so you know there there could be some stuff on another provider that you find is uh what you want to use alongside azure or you have existing services that are in your even private cloud that you may have in a data center wherever it whatever it is there there's got to be a solution to connect it all together and simplify the the visibility of all the different resources you got yes all right uh and our uh next uh item for the news is um general availability availability who rented mouth this morning uh of azure governance policies for azure key vault i'm actually quite excited about this one um because i've been using key vault and and i'm a big i've always been uh and rick knows that he's in the the chat um the automation kind of automating everything or everything that makes sense but also monitoring and auditing and compliance uh is very important to me mostly because of my uh my previous lives as a corporate director of so when i found out that azure governance for policies for azure key vault was becoming uh available it it really struck a nerve because now you can actually run uh audit reports on your key vault you can uh specify by policy the your key link for example or or when they need to be refreshed or uh block and that is really important to to me like in production you may want to actually block somebody from being able to create self signed certificates in your in your key vault is you want to keep it secure you have a automated or or or audited process depending on whether or not your uh high um eye assurance uh you have an automated and and an audited process to create those keys so that they go into the right place and being leveraged in the right way well if you if anybody is allowed to just create a self-serve key or self sign key then it kind of defeats the purpose so with azure governance policies for azure key vault you can actually now start managing this as the corporate resource that it should be and report on it and and a audit it and also block it depending on the environments that you're at so to me this is a a huge thing and it it couldn't be it couldn't be at a good at a better time yeah like i just like said and we got to automate all the things we got to secure all the things and the more options that we have to do so and the less kind of friction that comes along with that we can always improve our security posture and that's a big part of the shifting left strategy is to be able to think about security earlier in the process and being able to encrypt things and then set policy that allows us to ensure that the things that we expect to be encrypted the things that we expect to be available we don't necessarily allow for anything to go into that process we like you said you don't want self-signed keys you don't want necessarily everyone to be able to store a secret if you don't think that that's necessary you may only want particular secrets that are added so you know anthony great great part of that anthony as he said cloud governance is everyone's responsibility and make sure you have an open dialogue with in your org when setting governance and i i got to agree with that you know just like the the security is everybody's responsibility how resources are created managed that that's a big it ops responsibility but everybody needs to actually agree on how it's implemented yeah but there in my views there are some significant significant differences between um security and governance security is is obvious uh in terms of when we were talking like the key vault uh to have the proper rights in in in the key vault who's allowed to read the key who's allowed to create the key who's out to list the key who's allowed to purge the keys uh like all that and there's two models right now which is a bit of a in my opinion um confusing for a lot of people you can have the the access policy model within key vault and now you have the r back the azure uh role-based access control uh in azure for key vault so there's these two so for the security part that's it for the governance part it's really how we want to manage our resources as a whole and security is definitely a part of that but i think it's a lot broader and as you mentioned everybody like a stakeholders it dev uh and management has to agree on how we're going to manage those but it has a tremendous voice at that table yeah there's got to sometimes be someone that really develops the policy that everyone understands and says okay well people who are developers they should not be able to create these types of resources uh they should only be create this type of resource and maybe it's you want your developers to be able to use uh web app service so that they can test things and maybe you want them not to be able to spin up virtual machines because you don't think that they're properly secured you know maybe they're not patching them up to patch maybe they're not closing the right ports and that's another great thing is with azure blueprints if i'm right you can set policies up to be able to do governance around even the the simplest things like port numbers that are open like i know our own we've got azure security configured for all of our demo accounts and i can't just spin up a server with port 22 or or the rdp port open i have to follow the policy that is across our organization that states that we need to spin up servers and we need to do it in a secure way using a private link or something like that um or use something like bastion rather than have public ports open so and blueprints governance and you're mentioning like in certain situation that's the beauty of it is because you can have a policy for uh production and a policy for dev and in dev you can let your developers create self-sign certificates because sure it's dev but not in production and what's nice is it doesn't all have to be in the same resource group things like that you can set up and actually have some organization so you could set up a resource group for just your development team and in there set up a policy just for that particular resource group that states you're only allowed to create this and you're only allowed to add this to those resources that that's that's huge it's a big big part of being able to really put some safety gates around your cloud yeah we are coming towards the end of the show um i wanted to give you the opportunity to introduce our uh learn module of the week considering uh it was one of your news item sure so we're going to talk about introduction to red hat on azure uh red hat you know one of the longest lasting providers of linux and linux tools uh they've been around forever i remember installing my first batch of cds of red hat i think it was like maybe five and that was before they had their enterprise edition up and there's always stuff to learn about how to use the os images for vms because you may want to have your rel enterprise configured you wanted to have access to certain packages that they make available so ubuntu may not be right for you you may have some sort of policy requirements that state you have to use this enterprise version and then there's also stuff about um open shift so you can go you can take a look at the open shift modules uh and understand how this all comes together this module actually does some uh java related deployment and so you you know like i was mentioning uh julian debaub before and java also still a big thing what we can work with in order to uh deploy our applications yep i i there was a time where like red hat was considered like the enterprise uh linux distro so uh knowing how and it's a little it's different than ubuntu which is the one that i'm using most these days um so you you do need to have like working knowledge of how it's different and whether or not that's right for you and i really appreciate you suggesting this learning learn module because it's it's now on my list of things to to cover whenever i get uh some downtime and i need to learn something new yeah and not only is red hat available on azure there's all these different types of enterprise linux versions like suce uh that you can use now if you need i'm pretty sure oracle linux is up there i'm not really sure off top of my head but there are all these enterprise class versions of linux that come with uh support directly from the vendor and that's a big difference than you know what canonical does with ubuntu um that you know ubuntu is a great product it is something that the community has driven and made a huge part of the linux experience however you know we do still have tried and trusted vendors who you can rely on to you know release package fix updates when things come out there and and i've always appreciated that you know paul you know said that he also was once uh red hat enterprise linux certified and you know what that's another thing that they provide than not ubuntu typically provides you with is an actual enterprise level certificate that states that you are an expert on this particular piece of knowledge yep yep speaking of knowledge uh coming up now that we're going into our community events uh next week as you mentioned is uh ignite so uh make sure to register i know rick's been tweeting uh a lot about some new types of of sessions sessions like like like board sessions which i find really i'm really intrigued as to how that's going to uh work and and learning from that because i'm a visual learner so i need to see it so somebody who like does pictograph as explaining something uh really speaks to my type of brain so i'm looking forward to it um steve says there's a crew party uh at his house uh on sunday for ignite but i guess uh the crew parties are going to have to be uh virtual this year again uh but if you want to uh get together with your friends and with uh your uh colleagues and watch and comment uh and chat about ignite uh we still have our uh it ops talk discord server and we've just created i just created a um ms ignite uh fall 2021 uh channel where we will be hanging out all week so join us on uh it ops uh talk discord server which i believe i probably have not set the banner for it yet no uh is aka.ms slash it ops talk dash discord so come and join us online and we can have uh a good time and learn bunches uh with ignite got it up there right there for you very quickly what can i say i got fast fingers but hey we're just uh about a time uh i'll catch you after ignite pierre uh have a great weekend and always everybody thanks for being in the chat we really enjoyed here for me absolutely yeah everyone