AWS to Azure – Making the Leap

I’m not even pretending that this is definitive or comprehensive. But, at 11 pm, here’s a few notes and some helpful links and resources as a companion to a presentation I wrote earlier today.

Migrating Workflows

If you’re an AWS developer and you are thinking of exploring your options in Azure-world – here are some things to keep in mind:

  • You’ve already hit the big challenges in moving to the Cloud, It’s much easier to move workloads from AWS to Azure, than from onprem to the cloud.
  • The majority of AWS functionality has a map in Azure. My take is – AWS started with a 3 year head start in the IAAS space, and that’s their strong point. Azure has a much stronger backbone and pedigree to where the cloud really gets interesting – PAAS/SAAS scenarios. The feature competition between Amazon, Microsoft and Google is a going to continue accelerating – which is a very good thing for you.
  • VM conversion from EC2 is easy; PAAS/SAAS conversion is tougher. None of these are truly apples-to-apples (example, AWS Lambda -> Azure Functions)
  • Availability models are very different
  • Project specific – know the integration points and SLAs and underlying platform services.
  • Deployment models are better in Azure!


Migration is remarkably easy – basically you follow some simple steps using Azure Site Recovery.


Amazon AWS to Azure – General Resources

TechNet Radio Series from Microsoft:


Great Pluralsight video – I loved this. An excellent starting point for people new to PAAS architecture.



Architecture Overview

Wonderful set of reference architectures – this is a terrific link:

 (see below for snapshot)


And a central repository for more whitepapers:


Another outstanding book – free – on Cloud Design Patterns. This is a terrific book and it has some outstanding reference works that can pair with this:

Web Development Best Practices Poster (and see the link above for a Scalability poster as well)


(screenshot below)




Now let’s talk a little more about how some of these components in the AWS space map over more into the Azure space.

Azure Functions


Blob Storage 

Blob Storage – very good walkthrough:


And more general notes on storage models in Azure:


Event Hubs


Azure Stream Analytics






API Management



ARM Templates






Talent is Overrated.

This is a review of Talent is Overrated by Geoff Colvin. I highly recommend this book, it got me to think about my work – and how I go about my work – in an entirely new way.

Check out this video of the great Jerry Rice. Jerry is widely considered the best ever to play the game. His records for total receptions, touchdowns, and receiving yards aren’t just #1 in each category – they’re ahead of the runner up by almost 50%. It’s likely no one will ever beat them.

The odd thing is, Jerry is widely understood to be lacking the one quality agreed to be the essential quality needed for a wide receiver – and the one that can’t be bought. Speed. Jerry Rice was never a particularly fast runner. So how did he stay so dominant – until he retired at 42 years of age?


The answer is practice, hard practice. His offseason workouts were legendary. Jerry Rice and his trainer realized that three things were necessary to excel at his position – running precise patterns, evading defenders (outmuscle, outjump) and then outrunning them after the catch. So his offseason workouts focused on that. He did precision running of routes and worked on his hands to help with reception. Trail running helped him change directions on a dime. And his legendary Hill wind sprints helped give him explosive acceleration. He did this 6 days a week, in the offseason. His trainer would not release his regimen to people that asked –afraid they would try it, and hurt themselves. That workout helped him excel beyond his more talented competitors.

Above is a snapshot of Shizuka Arakawa at the 2006 Winter Olympics. Notice about 1 minute 30 seconds in this video what she does:

This is her famous signature “layback ina Bauer” move. This is an incredibly difficult movement – a backward, almost double leaning back that leads to a three jump combo. She spent 19 years of practice on this, and it’s likely that she fell almost 20,000 times trying to execute this. Onto a very hard, unforgiving surface.

Above are three album covers by the Beatles. If you’ve ever listened to Help, or any of their other first three albums – they’re pretty average. Something happened though about the time Rubber Soul came out. (Besides LSD and Timothy Leary!) At this point – and Malcolm Gladwell talks about this in his book Outliers – they had put about 10 years, or 10,000 hours of practice, in starting with those famous Hamburg days where they were playing multiple sets a day. Their music made huge leaps.

The book makes an excellent point that the one thing most people believe about talent – that you have to be talented to make it, and that if you aren’t born with it you’re out of luck
– is wrong, dead wrong. With enough practice, and hard work, you can achieve greatness.


But Jerry Rice and the ice skater we mentioned earlier would tell us – hard work by itself is not enough. Both of those athletes learned to practice specifically on their craft in a very planned way. They stayed in a middle zone.

Mr Colvin pointed out studies done where we learn best in a middle zone – where we are challenged, but just out of reach of our current skills and abilities. Think about a teenager learning to drive. At first, we’re terrified – totally out of our depth. That’s the Panic Zone. We’re so out of our known experiences here that we’re a danger to ourselves and others – which is why there’s so many accidents for kid below the age of 24. Then we start to put things together, over time, where we match book learning with real world experience. That’s the optimum point -where we really start to excel and thrive. For most of us, we then move on to the comfort zone, where our abilities plateau. We’re good at driving at this point, but no better – just average. Definitely we’re safe at driving but not good enough to be a NASCAR driver. At this point we’re not reaching our potential.

The key is to stay in that challenging middle zone, where we are always trying to refine our technique or abilities according to an ability. See this graphic below:

Notice above – this is for trained classical violinists, specialists that have been spending hours in individual practice each week since the age of 5. You’ll notice – although the best (genius level) violinists practiced just as much as those considered better, what set them apart was the consistency. They sunk almost 2000 more hours than the level below them. Instead of just slogging along, they practiced what the author calls Deliberate Practice:


So the book calls out some common traits of forward thinking organizations.


This led me to do some thinking about my own life. I often think of my favorite author, Norman MacLean. He wrote two classics – A River Runs Through It, and a second book published after his death on the 1949 Mann Gulch fire called “Young men and Fire”. Both are classics, and outstanding. I always feel a sense of loss when I read these books, because there’s only two of them. What if he had started to write earlier than his late 60’s?

The book stresses being able to accept mentoring and feedback, and the value of failure – practicing deliberately and steadily making improvement. I will start following these steps in following my writing goals.





Appendix – Jerry Rice’s workouts (from NY Times article)

Rice’s six-day-a-week workout is divided into two parts: two hours of cardiovascular work in the morning and three hours of strength training each afternoon. Early in the off-season, the a.m. segment consists

The workouts are the key to Rice’s longevity and endurance. They are brutal because they are so long. And there is no question that they pay off. When he sprinted up the middle and outran the San Diego secondary for his first touchdown in Super Bowl XXIX, he felt the accelerators kick in. When he separated his shoulder only to return to the game and then actually run over a Chargers player, that’s when the weight training came in.

“I never have an easy day,” he said, “because there is never an easy day when the playoffs begin.”

It is what Rice says now — sitting on a bench with ice draped around his shoulder — that may symbolize the man more than anything. “I have to fight for everything,” said the man who came out of Mississippi Valley State, a Division II school. “I always have. I have to prepare myself every year. There is always some young guy who thinks he can take me. And then when the day is done, he realizes he can’t.

Even when I was younger, people were waiting to see if I was a fluke. And I proved time and time again — through hard work — that I was not. Now, as I get older, people are looking for me to slip. They are waiting for me to lose a step. That hasn’t happened and I will get out of it before it does. If anything I’m faster and better than I have ever been.”

of a five-mile trail run near San Carlos on a torturous course called, simply, The Hill. But since five vertical miles can hardly be considered a workout, he pauses on the steepest section to do a series of ten 40-meter uphill sprints. As the season approaches, however, Rice knows it’s time to start conserving energy — so he forgoes The Hill and instead merely does a couple of sprints: six 100-yarders, six 80s, six 60s, six 40s, six 20s, and 16 tens, with no rest between sprints and just two and a half minutes between sets.

For the p.m. sessions he alternates between upper-body and lower-body days. But no matter which half of his body he’s working on, the volume is always the same: three sets of ten reps of 21 different exercises. Yes, your calculator’s right: That’s 630 repetitions a day.

DevOps – where to start

I had a friend come to me the other day with what seems to be a simple ask. His company, a large banking enterprise, is looking into DevOps. So where should he start in building awareness?

Some context here – my friend is a programmer, a lifelong developer with high-level black belt skills in a variety of languages. He doesn’t want this to become a full time job for him – he loves coding and application development/architecture in particular. He just wants some resources to pass along.

Here’s my response:

A few words first on what DevOps is…

If you’re just getting started, there’s a decent Microsoft site out here at this address. Including a great series of videos that introduce what DevOps is and means, with some really rich content in the footnotes for next steps..

DevOps means in practical terms making sure your release pipeline from a development workstation to production is as smooth and automated as possible. So that implies:

  1. Infrastructure as Code: You have your infrastructure written out as a recipe and it’s rebuilt each time you push out code (Infrastructure as Code). Following a template enforces consistency, it’s the only sane way to handle things. The big players in this space to date are Chef and Puppet, maybe Octopus.
  2. Testing: Your testing is as rigorous as possible. This means when you do a release no person needs to look at anything but exceptions where there’s failures – your releases are gated where if there’s major bugs you’ll catch them early on and prevent a release to production. This means integration and unit testing using things like Selenium for the UI layer.
  3. Release Management: When developers check in code its continuously integrated and released. Note – this is mostly IDE based. I believe MSFT has best in class tooling here especially built on top of VSTS releases, where essentially it becomes fire and forget, a checkbox. (Remember when Agile used to be hard?)

For my open source friends – the big players in the industry right now come from the Linux community. So start in your learning efforts with Chef ( and Puppet ( . Ansible is also a hot name. You can download VM’s and start playing with them, or run these tools on the cloud, free with Azure, and they’re Linux based, very easy on the $.

OK, That’s Great. Now What?

Well, if you want to tackle this, and you’re book oriented, I would recommend the following:

The “Gang of Four” Books:

  1. Get “The Phoenix Project” by Gene Kim. This is great in particular for you executive/leadership types. Think about leaving this on the desk of decisonmakers you know if you need support for your DevOps initiative.
  2. Another, very practical book is “Leading the Transformation” by Gary Gruver and Tommy Mouser. This is a much more connected approach on how one leader found a way around serious organizational constraints – yes your efforts will make enemies if handled badly! – by chaining it to specific business (not technical) phased objectives. A must read.
  3. You developers out there should already have “Continuous Development” by Jez Humble on your bookshelves. It’s a modern classic and explains why developers should be 100% onboard with RM and continuous delivery movements.
  4. IT people need to pick up a copy of “Visible Ops” by Gene Kim, very prescriptive and outstanding in basing your transformation on key IT/operations based KPI’s. Nonfuzzy, clear, short and sweet at about 100 pages in a little booklet. I love it.

Yeah, I’m more into videos. Books are so 90’s, dude.

OK, well do you have 12 minutes? Check out this intro with Donovan Brown,  and an excellent three part series on Release Management – Part 1 (overview), Part 2 (RM architecture), and Part 3 (release pipelines). Outstanding, and will give you a nice overview of setting up Continuous Integration and build pipelines.

My blog has some links on “All Happy Families Are Alike“, “Devopoly“, “Cats and Dogs Living Together“, and “The Five Dysfunctions of DevOps“. These are lengthy but put together will give anyone a good overview of the Phoenix Project and Visible Ops.

Now We’re Getting Started…

Well that’s enough to at least whet the appetite.

Here’s the three things I’d like you to come away with:

  1. DevOps is a big effort, you will need help. You can’t do it grass roots. It will require strong commitment by management and the understanding that this will require both time and money. If you feel that you lack that level of commitment, manage expectations or scrub the effort until the conditions are more favorable. Likely, you will need some experienced help to form a roadmap and get buy-in, and coach/mentor so the first few months go smoothly. You will also need to commit time and effort to mastering and maintaining your code for both testing and building out your infrastructure. (Hopefully, your releases themselves will be mostly code-free).
  2. Build maturity through better testing. Your gated releases are going to need a high level of assurance that your builds are functional. So building up your QA maturity is one big investment that will pay huge dividends in avoiding production mishaps and environmental anomalies that come through manual deployment methods.
  3. Infrastructure As Code is where its at. As long as environments are manually provisioned, you have a vector for errors and time-sucking anomalies. Once you start writing out environments as recipes and going away from manual patching to destroying/rebuilding environments along with your production releases – you’ll never, ever go back. It rocks!

Thanks guys, hope this is helpful to you with those first few steps on your journey!

Azure auditing options for your custom reporting needs

Here’s the five options I’ve been able to find – so far – if you need fine-grained detail on your Azure subscription usage. (i.e. historically showing user access for security audits across multiple resource groups, etc.)


If you want a one-sentence recommendation – sorry I have to stick with “It depends”. I think you get great power with the OMS option (#2), but the PowerBI option (#3) is up and coming and very robust.


  • Option 1: Powershell Client for Azure RM. See the links below for more on this.
  • Option 2: Operational Insights
  • Option 3: Azure built in portal reporting
  • Option 4: PowerBI consuming the REST service. (See the links but this may very well be your best and most powerful option)
  • Option 5: Other tools consuming the ARM auditing APIs/SDK/CLI. There’s lots of log aggregation tool ranging from Excel to very sophisticated third party tooling that consumes the REST interface.


    In more detail:


    Option #1 – Powershell

    This was what we used two years ago. Nowadays, it seems like best practice is log aggregation–using Operations Management Service. That gives you the best level of customization and fine grained detail without having to take on PS scripting or consuming REST endpoints manually.


    Auditing reports using ARM Powershell, which in turn rests on the REST API we expose as part of the Azure resource manager. A Microsoft walkthrough of setup including deployment is here.


    There’s a good walkthrough on installing Powershell Client for Azure Resource Manager here. This blog goes through this in detail, including answers like ‘who accessed by subscription in the past 60 days”, “what access does a specific user have”, etc. We could extend this to show more detail points.


    There’s a walkthu on this blog of building out auditing reports. This blog uses ARM Powershell to come up with user list on subscriptions, modules used etc. And of course there’s third party products offering services in this space as well.


    The auditing APIs are evolving fast per my friends on the product team – there are some great third party tools out there that will provide this info. For you script based junkies – PS might be a great option. You can use PowerShell to view the Azure Activity Logs, showing all operations on the subscription and who did what. From here you can consume those API’s – fairly easily – and then you can crunch them into something useful.


    Start with the PS Commandlet Get-AzureRmLog:



    Option 2 – Operational Insights

    On #2 above, there’s an overview here of Operational Insights. A overview page on Log Analytics is here, documentation and FAQ is here, Not too much deep dive info on Operational Management Service (OMS) within Premier, but if you think this is a worthwhile option we can engage with a PFE and even build you out a pilot on it.  It can also now be connected directly to OMS (as well as Event Hubs and storage accounts). For the type of reporting you are talking about I think OMS would be the answer.



    Also worth pointing out that this is only activities carried out though ARM. If you want to see the audit records for changes to RDFE resources i.e. Classic Cloud services etc. then you still need to use the Operation Logs in the classic portal (or API). This caught me out recently trying to help a customer audit config changes to cloud services.



    Option #3 – Built in reporting in Azure

    Note that the audit data from Azure (ARM) is now available and searchable in the Azure Portal via the Activity Logs blade.





  • According to this article, there’s five different types of reporting available to subscription admins OOTB.
    • Anomaly reports – Contain sign in events that we found to be anomalous. Our goal is to make you aware of such activity and enable you to be able to make a determination about whether an event is suspicious.
    • Integrated Application reports – Provides insights into how cloud applications are being used in your organization. Azure Active Directory offers integration with thousands of cloud applications.
    • Error reports – Indicate errors that may occur when provisioning accounts to external applications.
    • User-specific reports – Display device/sign in activity data for a specific user.
    • Activity logs – Contain a record of all audited events within the last 24 hours, last 7 days, or last 30 days, as well as group activity changes, and password reset and registration activity.


    Option 4 – PowerBI

There’s a couple of slick ways to build out PowerBI reports direct from the REST endpoints. Some great references on this here. – this goes through the Power BI Content Pack for Azure Audit Logs. There’s a secondary article right here with some snapshots. From this doc:

“In a nutshell, Azure Audit Logs is the go-to place to view all control plane events/logs from all Azure resources. It includes system and user generated events. You can also access this through the Azure Insights SDK, PowerShell, REST API and CLI. The logs are preserved for 90 days in Azure’s Event Logs store.”

Here’s the data you can gather:

  • Events by any particular resource over time
  • Which users perform what actions, how frequently and on what resources
  • Actions and events per subscription, resource group, region etc.
  • Azure Service Health (outages and maintenance) events that potentially impacted your resources
  • Alerts and AutoScale events by resource and time
  • Failures, success of deployments and registrations


Microsoft has further documentation explaining how you can access Azure Audit Logs in the Azure Portal.


Option 5 – Other options:

  • There’s advanced reporting available in Azure Active Directory as well. Azure Active Directory Premium. Advanced reports help you improve access security, respond to potential threats and get access to analytics on device access and application usage. There’s a walkthrough of this at this page.



I hope to add to this in the future with some great third party tooling we could recommend. Stay tuned!