 Good morning everyone how you doing Jay? Good morning Pierre welcome back missed you buddy. I was just saying that in the chat this is the first time ever I have ever taken three consecutive weeks of vacation and it was good it was good well two weeks were planned and then late into the late into the second week I get was talking to a buddy of mine and he's like I feel depressed winter's coming I don't know what to do I said oh let's head south beach and he went done so what within like four days we had the trip book the all the vaccine and COVID papers failed out and we took off from Mexico so that was a really really fun very cool yeah I am I had a quiet holiday here in the US you know got to make some food spend some time with my wife enjoyed some quiet time and you know got to go see another wonderful Brooklyn Nets basketball game they who who had a victory over the New York Knicks which was very fun because listening to Knicks fans is always entertaining but that's a whole other conversation completely different but you know I'm glad that we're back here this week we took last week off because of Thanksgiving plus you know yeah and you're busy I want to pull I want to apologize to the viewers because as I was getting ready to go on vacation I figured okay so I I scheduled all of the the streams and I forgot that while I was away that you were off for Thanksgiving and Rick was off for Thanksgiving so nobody nobody was around to pick it up so I did notice I was in Mexico and my I picked up my phone in the morning and I started looking through it and also it was like I'm seeing people in the chat wondering whether or not we were having studio issues and no we weren't having studio issues we were having a Pierre brain fart issue I should have I should have removed the the scheduled stream and I really apologize for you to you our viewers that were waiting for us patiently to get online and we never did all right well we're we're back this week and it's another week of more updates from the world of Azure and Microsoft and things to kind of cover and I really like this one this little thing silly thing that we we talked about yesterday when we were planning this Microsoft every year comes up with some sort of charity initiative that can involve you know people who do things around windows or developers and so one of the things if you want to stand up just a little bit Pierre and show them what you've got this is the one from like two years ago yeah so that's the one from two years ago dev the halls and then this year we've got the Microsoft Microsoft Minesweeper ugly sweater so for those of you who are Windows diehards and you love like like Marquis here wearing the the wonderful ugly sweater ready for the season I think these things are always fun there's stuff around like you know windows or stuff around clippy that we we always do that try to remind people that there there's a there's a fun aspect to all of this that you should keep in mind when you're thinking about like how how we think about technology there there's got to be some fun involved and so you can go to the Xbox Gear shop you can find this Minesweeper sweater sweater if you want and Microsoft will be donating a portion of the proceeds for each sweater to let it to able gamers which is a charity they they are actually giving I think what is a hundred thousand dollars yeah that's it last year was girls who code who got that and apparently you know these Minesweeper sweats sweaters are more popular than last year's well sold out in 24 hours I know I I got one did you get one no no I didn't get that in time I got one I know it's a bit expensive for an ugly sweater but I'm more looking at who's gonna benefit from that and able gamers this year is a very very worthy cause kids should be able to play whether or not they're they're physically abled or not so I'm really support that and yeah you want to check out there is a able gamers website you can go over there it is able gamers network for good calm I'll put in the chat the link where you can go to for this particular charity initiative so take a look at it if you it's a good time of the year for us to want to give back and you know help others be able to be part of everything including video games yep yeah I'm really stoked about this one yeah and just as a side note you know sometimes you buy one of these ugly sweaters and they're like super itchy and and uncomfortable these ones are actually really good quality and they're soft and you can actually wear them without having to want to scratch the skin off of yourself but it's a nice nice soft wool or polyester or whatever it is well whatever it is it's there's probably no no natural fibers in here but hey we only wear it for a couple a week before Christmas so can only hope it's recycled plastic right absolutely all right should we shall we get on with the news yeah yeah let's let's do it um how about you start us off sure so other than ugly sweaters you know we've got some actual Azure news and I think that this is a another big one we love to talk about security when we talk about implementation of infrastructure and containers our infrastructure you know they run as processes and on computers and we think of them as real like disposable things but there is a fair amount of security concerns that you still need to put in place when you're deploying applications to a service like Kubernetes and so the AKS feature is now going to allow for an Azure Active Directory integrated cluster to be created without any local admin user so that's removing one more potential intrusion point so by default when you create a case cluster access to the cluster is through a local administration account and this is not desirable for security reasons as anyone can use that local account so and it's also just more difficult to manage them that's right but I'm very stoked about the Azure community the AKS Azure AD integration now because if you have an application that requires authentication to AD now through this same service through this the same enhancements now you can have that like right out of the box without having to go through a little crap load of different configuration yep so it simplifies the integration there are some limitations so once you go into an AKS managed Azure AD integration cannot be disabled so you're either an Azure AD integrated Kubernetes cluster or you are not so changing in changing a AKS managed Azure AD integrated cluster to legacy AAD is not supported and clusters without Kubernetes are back enabled are supported for the AKS managed Azure AD integration so the process is what you would expect of creating a new Kubernetes cluster let's take a look at the docs for just a sec before you begin you create your resource group you create the AKS cluster and this is with Azure CLI just pick your cluster type then you add this AAD admin group object IDs and you can add your tenant ID you get your output from JSON it gives you the information that you've got ahead and now you're able to access this Azure AD so typically when you would run this AZ AKS get credentials command it would want to get you the credentials for the local account and in this case because you've integrated with an AAD account it'll go ahead and specify those credentials so it'll download into your your config file that you have locally for group cuddle that the AD enabled user credentials and then you'll be able to do that so there we go that's that's this week's big Azure Kubernetes edition I always think that these are really big additions when you integrate AAD into any service because it just reduces the amount of complexity associated with user management and identity management you've got something that's trusted and tried understood known and loved and active directory yeah there was another there was another news which is not part of our four segments today but this week and I haven't had a time to really dive into it but there was also Azure AD now has like a Kerberos for Azure AD so that's possibly going to unlock some more capabilities and I'm going to drill into that a little bit more this week and maybe we'll talk about it next week sure yeah any getting the supported authentication methods that people trust are important you know we can move past the password I think that that's a big deal is to move past the password use whatever authentication methods that we know that we trust that are part of I guess the best way to think is the part of single unified place and AAD provides you that single unified place yeah no that's that's you're absolutely right and I can't wait to the day that we have no more passwords thank God for passwords management passwords managers that will like randomly create to those God awful but I was trying to log in to I think it was like a one of the service like Disney Plus or Netflix not too long ago and I had to enter that long stupid ex-adjustable password that I that I had in there and now I was praying for them to actually turn to a password list where I would get just a notification on my phone to say hey you're trying to log in here put a code in and and and authorize two factor for the win absolutely all right so next item in our journey this morning is the general availability of VPN gateway not and you might think to yourself well hasn't it always been available to do not on a VPN gateway and yes however there's a few things that are a little different now so now if you have like two virtual network so business to business B2B configuration where it has two gateways in between and if your address space on each side is the same in the past they would fail because it wouldn't know how to navigate that specific not because your address is the same on both side now with the added capabilities on the VPN Azure VPN gateway you can enable static and one too many dynamic gnats even for extending your network to areas where the address space will be the same or or overlapping I have got this cool little image that can give people a quick example of what it would look like so if you can see there's that Matt main vNet behind the Azure VPN 10 10 1 0 slash 24 and because there are netting rules set up that allowed translation between the Azure network and your local network you can see that we're able to maintain that that same internal IP address so subnet so we're able to say internal 10 0 1 0 24 for branch one so if we have a number of client computers that are being used to access systems that are based in Azure they won't have to have a different IP subnet to manage they can all be done on the same one which also can lead to a lack of IP collisions things like that yeah and it's it's been a long time since we've had to deal with that like I remember like network addressing an address space and subnet mask calculation have been the bane of network administrator existence for decades now but now it makes it a little easier because you don't have to worry about okay so if I've got a hundred branches I've got to set up my subnet mask and my my addressing so that there's no overlap across my entire organization but now with this you could basically cookie cutter your branch offices and they would still be able to connect to to the the corporate environment through the Azure VPN gateway and then you don't end up with those collision you just mentioned so I think it's a win-win for the administrators easier deployment city it reduces complexity of configuration when you're actually creating these networks also just not having to maintain another address space on a different subnet just can be a lot easier for a network administrator who's got to manage both the cloud side and then also the local on-site side of it absolutely absolutely when do we move on to the next item and that one is yours sure so now available as of December 1st is the SQL server infrastructure as a service agent extension for Linux SQL VMs is generally available which means we're making the capabilities of this SQL server agent available for Linux platform specifically the Ubuntu one so if you're running SQL server on an Ubuntu Linux virtual machine you can add the extension that'll give you the features on the SQL server on Azure blade within the Azure portal so you can start seeing and how to manage this so it gives you some features that will only enhance your your SQL experience on Azure especially for those of you who want to still run it on virtual machines aren't ready to use something like Azure SQL I'm not a big DBA guy I tried in my old career to kind of try to stay away from databases mostly because it's a very specialized skill set and I don't have it so I prefer to rely on the experts so but this is basically the same SQL that runs on like a Windows box it's like Microsoft SQL but you're we're running it now on Linux so a bit more flexibility as to how and where you're running it and with this agent I can now kind of like manage my like licensing and the visibility into the portal the same as I would regardless of where it's running correct yes correct correct and so SQL server started in I believe with 29 running on Linux 2019 and it's the same SQL database engine that you're already used to it's just put on Linux so it helps reduce what your licensing requirements are if you already also have some sort of a Buntu enterprise licensing situation and it's not worth it for you to start using something in Windows or you don't have the Windows administration experience maybe you're in a situation where you've been told look we need to migrate off of our on-prem Windows hosted SQL servers but we need to cut cost in the process well in this case like all you're really doing is you're licensing the SQL server that you need so SQL on Linux it gives you the same replication support support for MSDTC open LDAP support machine learning services tempdb improvements polybase on Linux and change data capture cdc so you can use SQL Linux in containers or you can use it in a virtual machine and in this case the the virtual machine is just extended with your visibility via azure by using this new extension and I think it's just a matter of specifying the agent install with the az extension command I could be wrong but I think that that's all you really need to do to get started if you already have one of these servers up and running yeah and I did read the documentation page late last night as you mentioned right now it's just too bunchy but that are they are working on more distributions that will become live in the near future so yep just so like I was saying there are a few ways to install that extension um you can do it by the azure portal you can see it sql la as or ias extension you can do it by a power shell command and there are some limitations only SQL server VMs running on the Ubuntu is supported like we just mentioned we're looking for more Ubuntu Linux pro not supported generalized images are not supported so you need to use the Ubuntu with sql specific disk image oh okay yep that's what it says here only sql server VMs deployed through the azure resource manager are supported uh SQL server VMs deployed through classic are not which makes a lot of sense because you're using harm to do some of this management yeah and you only can do single instance multiple instances aren't supported but you know it's early it's early into the product release and baby steps baby steps yeah absolutely cool what do we got next year what do we have next uh right now we have the next a thing is let me share the screen is uh this one was I was a little hesitant to put that in but it is uh I came in some situations lately that required this and it wasn't quite available yet you can now audit in your audit log your monitors uh you can actually identify the log queries so somebody's going into your your your azure monitor logs and querying that you can now audit who is querying your logs sure just another form of auditing of the data even the metadata I believe that you know when you talk about compliance there could be requirements to say well what is the the process of querying this data where does it come from who does it when who did it when they did it captures what the the query command was um at the time where it came from so you have an audit trail of anybody who's looking at all of your logs whether they'd be your application logs your system logs your custom logs anything that's ingested into azure monitor you can now audit whoever and whatever is querying that whether it's a service or a user so that's kind of cool uh especially in terms of compliance where you have to be able to show to auditors for example who access that data uh this is a big win for me I think yep and enabling it you can see right here you can go into the azure portal go to azure monitor select your diagnostic settings and then locate the select workspace or you can use the log analytics workspaces menu select the workspace and then select the diagnostic settings and there's also the availability to do it via arm and then here is all the audit data created it's a time-generated correlation a ad object that all this stuff like I said when it comes to like things like governance um compliance it's all super important to have access to because you could get audits of your audits from from third parties but it may be as simple as you want to know whether or not your security your RBAC configuration is right so you run an audit to see who is uh querying your logs and you could say okay well this person has no reason or no uh should not have access to these logs and it kind of gives you an opportunity to review your RBAC configuration that could be as easy as that or as as complicated as auditors coming in and say give me all of the information as to who accessed any logs pertaining to the machine x for example in in case of a breach or something so it's it's something while good auditing and actually Jared mentioned that in the in the chat right now having good auditing capabilities is very important and Jared would know he's an sre uh running uh internal microsoft systems so i take my cues from him uh for stuff like that yeah all right so hey are you feeling festive pierre i am are you i i you know i'm trying to get into the spirit um my my birthday is on christmas day so i i i celebrate are you serious yeah so i celebrate that but as everybody's getting ready for their big holiday and for those of you who celebrate hanukkah happy hanukkah i hope you're uh you're having fun you're lighting the lights you're you're spinning the dreidel you're having that whole good time i i remember those days when i was a kid uh was definitely some special time uh and of those of course those of you who's celebrating christmas you know you want to get uh all your your wishes in to santa early and and to mom and dad and and all your family uh but but in the meantime if you want to be able to do some really good festive giving there is the festive tech calendar 2021 it's run by richard hooper and uh Gregor subtle i i i always struggle when saying his last name my apology i apologize greger but all through december there are community driven talks and and things like that someone in our chat mentioned that they're doing the whole lot on youtube which you can see that there are a number of different sessions on the festive youtube page let me bring that up for everybody for a sec and and as you mentioned they do uh are collecting uh pledges to raise money for gold girls who code uh so again another wonderful uh cause that we should support as much as we can yep so go to the just giving page and you can go ahead and make your donations to these really really good um places that need your help i i know girls to code is a great organization i've spent some of my time sharing uh and my money with that organ i i appreciate it and there's so many great speakers that are a part uh i know our own uh april edwards is part of it there's so many people that are from our community that want to uh be able to share this information with you and do it in a way that's that's fun and even our own johnny chips who is currently in the chat room is going to be participating so i'll be sure to uh to catch that one um sarah lean our our old friend who is now moved on to another role uh wish her well and uh she's also going to be participating i saw some tweets from her it's it's going to be a month full of goodness and you know she's um she's always still making great azure content and it's sometimes i forget she doesn't work uh at the company anymore because she's still building some great stuff around azure yep absolutely absolutely uh and while we're talking about community uh the boys are back the boys are back in town the boys are back in town so patch and switch is uh well i was a little annoyed with that um they're taking over my time slot today at uh at noon eastern time or nine pacific uh for another episode of the patch and switch show where uh two guys that couldn't couldn't cut it uh in uh in the landscaping business i've decided to start uh a podcast about it pros and all things geeks so you can join them on twitch uh for patch and switch and uh i think they're starting kind of like their holiday season so we're going to uh that and johnny chips actually says that he loves patch and switch i just find it entertaining at the end of the week to to watch the shenanigan occur and to see what trouble rick has gotten himself into uh during the um during the week so it's it's fun yeah apparently rick uh it is surprised he's got one today to what i say get the podcast and uh you know you're you're the boss come on get some new work job job job job uh all right oh he is in the chat room so better go to start the morning routine yes boss man you should um and to conclude our episode this week uh let's talk about the uh learn module of the week uh and this was a suggestion from you considering we had news about uh running sequel on linux so why don't you give us a little intro on to onto that one yeah if you want to be able to actually run sql server on linux and learn more about it microsoft learn has free education it's all gamified so you can see uh how many experience points pr as is a uh what is that what level are you a level oh i uh level eight i'm i'm way behind a level eight azure wizard um i'm far behind oran who has done every single um learn module in on the platform uh yeah shoutouts to oran and sonia they they are uh their machines masters and commanders of uh of microsoft learn so yeah uh another great module that you take a look at uh if you want to learn how sql on uh linux works this is a great introduction i really recommend it yep all right so we are done with this episode of um az update you are away next week yeah i'm going out to the lovely land of los angeles uh west coast i haven't been to the west coast in quite a while and it's it's gonna be nice don't worry i will be wearing my mask but stay safe um it's a nice big five and a half to six hour flight from here in new york and you know i am not uh going to be careless i'm gonna take care of myself and make sure that i'm safe perfect come back to us safe and but next week uh folks uh to uh help me out with the show since jay's gonna be around away uh i think my boss is gonna be joining us yeah rick was a great guest to have on uh i guess it was two weeks ago two weeks ago yeah he and i uh he and i had some fun good all right so gentlemen ladies and gentlemen uh children of any age uh have a great weekend and we will see you next week cheers y'all cheers