 Good morning, everyone. Good morning, Jay. Hey, Pierre, how are you today? I'm doing fine. I'm happy to be back considering that the last week, we took a little bit of time off. We're all very busy and not only busy, but it was a long weekend for us up here in Canada. My parents were in town to visit for the first time, like staying over the weekend. Since the lockdown has been lifted, so that was nice. Yeah, I enjoyed a long weekend myself. Went to Comic-Con here in New York City. Had a really cool time. You can see in that image that Pierre shared of me and my into-darkness top for it was a Kirk one. I went a little different rather than using a next generation or something like that. I'm a Star Trek nerd, whatever. I always enjoy it. I want to say hi to everybody who's watching today, everybody in the chat. I know we got a lot of really great people who always try to keep up and appreciate it. So, let's start the week with a quick one. Did you hear about this denial of service attack that we towarded? Yeah, it was a week. What was that about? There was an article that Amir Dahan, who's a part of the Azure networking team, in early August, there were some information put out about Azure's DDOS attack trends. We reported a 25% increase in the number of attacks compared to... All right, I clicked on the wrong thing. I'm trying to answer a question. I got a chance to dance then. But anyway, the maximum attack... There was a decline in maximum attack throughput from one terabyte in Q3 to 625 megabit in the first half. But the last week of August, and this is wild, there was a 2.4 terabyte DDOS attack targeting an Azure customer in Europe, which is 140% higher than 2020's 1 terabyte attack against higher than any network volumetric event previously detected on Azure. It's pretty crazy. Do you have that article? Yeah, you can show there are these two graphs of the maximum attack bandwidth between the year and then just the inbound UDP attack bandwidth and that it was mitigated. So Azure has a commitment to thwarting these attacks through our DDOS protection or distributed denial of service protection platform. It's distributed. It's using mitigation pipelines. It can absorb tens of terabytes of DDOS attacks. And so we want you to know that Azure thinks about these things in the long term and really wants your applications to be online, your websites to be online. So there are automated ways to kick those out. And we also have some DDOS protection that you can look at in the portal. There's lots of things that you can do and we've got telemetry and logs so that you can see what's going on, how it's going on and how to mitigate these problems. I was actually, when you told me about that last night and I started looking into it and I looked at that and I'm like, it's actually ridiculous the amount of traffic that was generated just for that attack and the fact that the customer basically just kept on going as if it was business as usual is just mind blowing it. A year ago or a couple of years ago, something like that would have happened and the whole system would have been down for hours. Yeah, and it's a testament to the work that the Azure Network team does to be able to create this really robust and secure network that can withstand these massive attacks which are becoming more and more common on the internet. Whether it's network-based, I personally remember the days of script kitties that would throw these kind of DDoS botnet programs through poorly secured websites and things like that. Now it's becoming more and more common, especially the fact that cloud servers and insecure Kubernetes and things like that are things that are out there in the wild and so when we talk about IT operations, I think it's very, very important for your team to consider network intrusion protection and how that can help best reduce your risk profile and really strengthen your position. Well, I think this is a... This is not a cloud sickness. I think this is the wrong word. A symptom of cloud because everything is so easy to roll out. In just a couple of clicks, you can roll out a website. It doesn't mean that it's secure at that point. You have to do your homework. You still have to set up your certificate. You still have to set up your proper authentication, your role-based access control, and everything else. But because it's so easy, there's some people that's really... Or organizations or developers that may not have an operations person to talk to about how to arrange and secure their environment and then they're out there. And then when something happens like that, they wonder why their system went down. So operations is in everything. Yeah, it's really true. Ops is still... We've seen a revolution around self-service, but Ops is still a big portion of what companies need because there's got to be some thought around network. There's got to be thought about monitoring, logging, telemetry, and how that all kind of comes together. And so the DevOps movement really looks to bridge all that into one single team. And it really creates a better environment for people because there's more communication. There's more capability to beat these issues when they happen. So we got some more stories for the week, don't we, Pierre? We do, we do. And I think you have the first one about AKS. Yeah, so it was KubeCon this week. And we had our team of Kubernetes experts who were part of the KubeCon event. And I know Brendan Burns always does some really interesting stuff. And so one of the things that we've done is announced the public preview of the AKS out-of-tree cloud provider controller manager. And you might be like, what are you talking about, Jay? What is that? So since Microsoft's a cloud provider, we have to work closely with the community to support our own infrastructure on behalf of our users. But currently, our cloud provider integration is within the Kubernetes entry, where changes to cloud specific features have to follow the standard Kubernetes release cycle. And so that means that when we find and fix issues, we need to roll out enhancements, we have to do this within the context of Kubernetes community release cycle. So there's now, thanks to Kubernetes, an out-of-tree model where the cloud providers will still control their releases independently of the core Kubernetes team. And it allows us to create features that are available specifically to AKS. So one of the big things is the cloud storage interface, CSI, those drivers, are going to be default in Kubernetes 1.21. So you can go ahead, you can enable that with AZ-CLI as an AZ feature that you register. You can create an AKS cluster with Cloud Controller Manager and you can use things like the CSI drivers. So there's a lot of great information out there. If you go onto the Kubernetes blog, you'll see a post about from Andrew Saikim of VMware and a few other cloud providers that contributed as well about what it is, how it is, and why they decided to make this big change. Yeah, I've always thought, not always thought, but I've always had conversations with IT pros and operations folks. And every once in a while, we start talking about Kubernetes because they say, oh, our enterprise is looking at Kubernetes and they may say, oh, it's developer thing. No, it's not a developer thing. Like Kubernetes is an orchestration platform to enable containerized application, but it is crucial for IT and ops to be involved in how you not only secure it, but how you run it and monitor it. So this one is going to be really critical or very nice because the Cloud Provider, the Controller Manager, now you have kind of like an Azure native way of accessing Azure disks and Azure files. So you decide where you put the data, and then you can actually manage the data the same way you manage the rest of the data of your enterprise because it's all into an Azure storage account or an Azure disk or an Azure file. So I find that really, really cool. Yeah, and AKS has been one of the fastest-growing products in the Azure catalog. The adoption rate is tremendous, and a lot of it is a testament to the people who have built the product. And I think that's a huge thing that we should remember is that there's been some really great people over the years like Gabe Bonroy and Locky Evanson and of course, Brendan. They've really put in a ton of time in making this a world-class product. And so it's great to see it kind of advancing more for Cloud Providers. Yeah, I'm just wondering to close on that topic. Is the Out-of-Tree at some point do these branch get roll up to the community version? I would imagine that there will be kind of a separate fork because Out-of-Tree providers can be developed, built, and released independent of the Kubernetes core. They can look to remove some of these things in favor like existing entry providers can start thinking about using these Out-of-Tree provider equivalents. It really is a matter of, I think, what the contribution is and if it's something that really fixes a core problem. I would imagine the Kubernetes community will take a look at it and see if it should be added into the main branch. Okay. Well, to continue on the IT and Ops supporting DevTools, my next story is about Azure Web Apps, Static Web Apps, which... Love that service. I'm using it for my personal blog, which I have not written on in a truly long time, which I should really get back to. But also, I'm using it for my Hockey League because now it's easy. My statistician just updates the statistics, pushes a poll request, and automatically gets the website updated. So I don't even have to do anything about it. It's just all done. But now we can have IP protection for access to Azure Web Static Web Apps, which means that you can define the IP range and IP addresses that are allowed to access your environment. There's just one more tool that ITPro and operation has in order to secure the environment. So if you've got an application that is internal, for example, then you can set up your internal address range as the only one that can access it so you don't have to worry about somebody from outside the company accessing your environment. That is just one of the new restrictions capabilities that's available for Azure Static Web Apps. You can now use also front door and stuff like that because you can manage the address range that can access your environment. You can do that with service tags as well. That's one of the things that I love doing it via service tags, because then you don't necessarily need to manage entire IP ranges. If you want to just specify, all right, there needs to be access to front door or there needs to be access to Cosmos DB or something like that. I mean, kind of gate things by product. And I think that that just helps simplify how much overhead goes into setting up these security rules. Yeah, and the more control we have over security, somehow today feels like a security special edition. Started about DDOS, then AKS, and now Azure Static Web Apps. Yeah, well, you know, security is everybody's responsibility. Absolutely. It's not shocking that security is kind of a part of all these different articles that we've got to talk about because you've got to manage it somehow and you've got to be able to integrate good security practices into your software delivery lifecycle. That's just got to be part of what you do and that also kind of bleeds into how you manage your infrastructure and making sure security is just a huge part of your thinking. Well, speaking of security and managing your infrastructure, the next story is yours and it's really about how you monitor specific workloads. Yeah, absolutely. So Azure Monitor is now in GA for Azure Arc-enabled Kubernetes and if you don't know what Azure Arc Kubernetes is, it's allowing you to manage Kubernetes no matter the provider in a single pane of glass in the Azure portal using Azure Arc. It's a really incredibly useful service for people who are in hybrid, multi-cloud environments and so one of the things that we are able to get here are container insights so we can see information about our different pods, we can get statistics. So the key features are one-click onboarding from the Azure portal, automatic agent updates because who wants to spend time updating agents constantly, performance visibility by collecting memory and processor metrics from controllers, nodes and containers that are available in Kubernetes, visualizations through workbooks and in the Azure portal. Really useful. Alerting, big, big thing. Talking ops, learning and querying historical data for troubleshooting issues and then the one big thing that I also think is really cool because monitoring, monitoring, monitoring capability to scrape Prometheus metrics. So here's another thing you can go. You've got to make sure that you've set up a contributor role and then you can start using Log Analytics Reader to go ahead and set up a workspace so you can put all your logs that are there and start doing some real-world information processing of the raw data that comes in about your Arc-enabled Kubernetes and if you're a U.S. government environment it's also available for you too. Yeah, no, it's I've always been a big fan of Azure Monitor mostly because it's so easy to onboard multiple services and work loads of VMs wherever they may be. With Azure Arc makes it even easier because now those VMs and those services have an identity within Azure that you can just basically click and say onboard to this and onboard to Sentinel and onboard to Monitor. But the fact that now through Monitor we can see the health and the performance of each node within that container cluster and each container instance and so it gives you also a little insight as to how your application and your workloads are behaving and is there where is your bottleneck, how do you deal with it because often enough you end up with a phone call or somebody raises a ticket that says the system is slow. Where do we start? You start with data. One place to look and having one place to look really helps. Our teammate Thomas Maurer he's done so much amazing stuff around this subject because Hybrid tends to be one of his big, big features of his content and so if you haven't checked out any of his Azure Arc enabled stuff go take a look. He came on Azure FunBytes my show every Thursday 11 Pacific 2 p.m. Eastern on LearnTV. He came on a few months ago and actually had a really great conversation about it. You can go ahead and look at on just search for Thomas Maurer Azure FunBytes. I'm sure you'll find it. Really thoughtful person, love his content and love how much he's committed to the community. Our last item of the week which is not a developer support type of IT and ops thing. Windows 11 is now generally available to Azure Virtual Desktop. I'm actually running 11 on all of my machines now so that's very cool. I haven't had any significant issues of course not every machine has been as smooth as the next but it's all good but I think it's good to say that the now Windows 11 is available to the Azure Virtual Desktop. There is a note in there that if you're planning on using some of the aesthetic capabilities of Windows 11 such as like all of the rounded corner like the semi-transparencies like some of the visual aspects, they do require a GPU so when you build your Virtual Desktop environment you have to pick a machine class that has access to a GPU so just keep that in mind if you're looking at it but I'm truly excited about the fact that now those machines can start leveraging security items like TPM 2.0's like secure boots like all of the capabilities that make it so that the low level virus attack on workloads are mitigated so considering that a lot of us are working remotely now having that access to the desktop that is that secure is a great thing in my opinion. What do you think? Windows 11 is a great platform for developers as well. Just for the sake of seeing there is completely a developer hook in here because there's even developer mode which it replaces the Windows 8.1 requirements for developer license. It does side loading it even enables SSH so you can do some deployments to that Windows machine there's so many things especially when you're using Visual Studio that you can do that Windows 11 has enabled to kind of create a better environment for developers to work in and then of course there's things like WSL too that's part of Windows 11 and WSL 2 I think is such an innovative part of Windows now I'm still a Mac user and I am kind of envious of this Windows 11 platform I'm actually considering picking up a surface or something like that just so I can start working with it because I had an old laptop no TPM2 chip in it so I can't use it but that's because they want to make sure that security is also and we keep going back to security. Security is a big part of utilizing Windows because you think back I think to the Bill Gates memo and I think it's a big thing and if you don't know about what the Bill Gates memo was it was trustworthy computing being able to create platforms that and I'll just quote eventually our software should be so fundamentally secure that customers never even worry about it that's a direct quote from this letter that Bill Gates maybe 20 years ago wrote to everyone in the Microsoft Development Organization but he put development on whole around Windows products and said we got to consider security a little bit more around all products not just Windows sure and excuse me, yeah all products and so it was a big ambition big ambition to make sure that all products are far more secure than they previously were because we went through years of things like SQL Slammer dealing with different intrusions for the Windows kernel things like that. The fact that Microsoft has advanced ideology about how security is a part of the development cycle and we can see actually I just had to do my strike training personally you know and strike is a security force if you will within Microsoft that does a lot of things like when you hear about big zero days discovered by the Microsoft team there's so many security experts that are in-house that are constantly pouring over you know applications and services protocols for different internet usage and making sure that this is being done in a secure manner and also sharing this publicly so that providers who are using this software or these protocols know to update them and come up with patches and fixes and things like that. Yep No I completely agree with you and I know within the community out there there's been a lot of not a lot but there's been some pushback because we force a TPM 2.0 chip to be available for compatibility even though a lot of the modern BIOS is that have it already there it's just a matter of turning it on you may not have a physical separate chip but there is the FTPM firmware TPM that is there at least I've got machines that are over 2 years old and they have it so I just had to turn it on and it works fine It reminds me a lot about how when virtualization really became something that you could do at home at first or I should say when they first kind of introduced like virtualization at home and you needed to actually enable in your BIOS a hypervisor could have capability so this was something like you know people were like I can't do this I can't do this sure you can go into your BIOS settings you know turn this on and I think that that's you know one of the things that people have moved away from being able to do is to work with their BIOS because the things are so much easier for you that you really don't normally have to think about it yeah and Paul Paul's just put in our chat that this weekend will be an upgrade fest for him I don't know how many machines Paul is looking to upgrade but I'm telling you that it's I've upgraded one, two and three of them last week and then take nearly long as a weekend of course they were all in place upgrades none of them were flat and I just wanted to test because I typically don't do in place upgrades and it weren't great well I want to before we run out of time I want to say hello to a few people in our community that are taking part one of the first I want to say is James Vandenberg is a huge huge fan of the work that a lot of people in advocacy does or do they he's constantly sharing it he's constantly making the visible for others and so James on behalf of myself and everyone else and the Azure advocacy world thank you so much you're a great part of our community and I appreciate your commitment to things like getting information out to the Azure DevOps community yeah so there's James there's Jared there's Paul, there's all kinds of Andrew there's like a number of folks out there that are like participating in the community but actually helping others with ideas with help with pointers it's so great but speaking of community that kind of leads us into upcoming events yeah we've got Ignite it's November 2 to 4 it's a virtual event you can check out a lot of great sessions I know Jared Klaus he's going to be a little bit a part of it he's got some stuff going on as always I believe Thomas has some things going on so make sure you register aka.msslash I believe it's MS Ignite go sign up and be part and then also next week DAPRCON DAPRCON and Microsoft Create MS Create DevOps DevOps events on LearnTV you can go to aka.msslash MS Create DevOps sign up you can register there's a great event agenda Donovan's going to be part Martin Woodward from GitHub who's formerly with us at the Azure DevOps world Steve Morassas can be helping me out got really great people like Kat Cosgrove who wonderful, great community Alex Hidalgo, Quintessence all these really great speakers and our own April Edwards the April Edwards who was just on FunBytes yesterday she's really great so I think we're just about out of time Pierre we do have one thing Patch and Switch is back this week after short hiatus speaking of Rick exactly because he's our boss so we have to plug him it's part of our contract but for the Learn module of the week we decided considering we talked about this that we would go with the Azure Static Web Apps learning path so it's not just a learning module it's several learning modules that will basically take you through how to deploy Azure Static Web Apps from different perspective from different languages from different tools so I think one is you can use Gatsby Gatsby, yeah I did a video for tips and tricks around using Gatsby and SWA it's great very easy even allows you to integrate into GitHub Actions or Azure DevOps for your CICD process automated deploys it's interesting you name it it's all part of it even you can include Azure Functions and API calls to it yeah I use you go for our Hockey League site and it works great and as you mentioned having the GitHub Actions so that one might statistician sends the files and it automatically gets done it's a great thing to learn Azure Static Web App Learning Path on Microsoft Learn so we're out of time Jay jam packed jam packed we got it all in though everybody it was really cool to see you all I want you to have a wonderful weekend and we'll catch you next time on AZ Update see ya