Aaron Bjork on Driving Team Productivity and Promoting Culture Through Azure DevOps - Episode 009

Today’s episode is a bit of a special one — your host, Jeffrey Palermo, interviews his own older brother, Aaron Palermo. Aaron is a DevOps engineer, solution architect, and all-around cybersecurity expert. He works for a global cybersecurity services company, is a member of the Cloud Security Alliance, and is a co-author of the up-and-coming Software Defined Perimeter Specification Version 2. SDP is a full replacement for VPN — providing better protection to fully secure your data, devices, and accounts. This episode is jam-packed with incredibly useful information applicable to software developers — but also anybody who has a Wi-Fi network. Stay tuned to hear about how an SDP replaces a VPN, Aaron’s recommendations on how people can fully protect themselves online, which state-of-the-art multi-factor authentication people should be using, how to keep your data safe and protect from Wi-Fi vulnerabilities, and more.   Topics of Discussion: [:52] About today’s topic and guest. [1:24] About the Palermo family and Aaron’s background in the industry. [5:23] Aaron explains what an SDP is. [7:18] How an SDP affects a person’s setup. [13:22] Does an SDP complement a VPN or does it replace a VPN? [13:40] Does an SDP create a network to a data center or can parts of the network exist anywhere? [14:23] What are the products available now to use an SDP? [16:00] Some differences between an SDP and a VPN. [17:00] A message from The Azure DevOps Podcast’s sponsor: Clear Measure. [17:28] Aaron’s thoughts on whether or not companies not using SDP would be considered malpractice in the future. [19:26] Why SDP serves a good solution. [21:05] Would an SDP be an absolute recommendation to people working from home when accessing anything that’s not ‘software as a service?’ [22:49] For smaller organizations, what are Aaron’s SDP recommendations that are easy to get started with? [24:32] What are some things that people should be doing to protect themselves and their accounts online? [26:55] On the corporate side, Aaron gives his suggestions on what people should be doing with their ‘software as a service’ accounts. [28:05] The state-of-the-art multi-factor authentication people should be using. [29:22] Aaron gives a rundown of YubiKey and how it’s used. [31:35] The brands Aaron and his customers use (multi-factor authentication-wise.) [32:05] Aaron speaks about general Wi-Fi vulnerabilities. [35:08] Aaron explains the premises of his two recent presentations: “Tell My Wi-Fi Love Her,” and “Wi-Fi Trolling.” [39:27] Aaron’s best recommendations for keeping your data safe. [41:26] Aaron’s recommendations for backup services. [43:00] Aaron’s recommendations for backup services on the business or corporate level. [45:52] Aaron’s take on single sign-on providers and his recommendations to balance ease of development. [50:30] Aaron and Jeffrey wrap up this week’s episode.   Mentioned in this Episode: SDP Specification v1.0 Cloud Security Alliance Azure DevOps Cyxtera Zscaler Duo Security Clear Measure (Sponsor) YubiKey KeePass LastPass 1Password BitLocker for Windows FileVault on Mac CrashPlan BackBlaze   Want to Learn More? Visit AzureDevOps.Show for show notes and additional episodes.

7 Jan 201952min

In today’s episode, your host, Jeffrey Palermo, is joined by his guest, Gopinath Chigakkagari. Gopinath is Principal Group Program Manager on the Azure Pipelines product and is an expert on continuous delivery. He’s been with Microsoft for over 20 years, serving a variety of roles at the company — starting out as a developer, then becoming a program manager, and then transitioning to his current role as GPM for Pipelines.   Today, Gopinath hits on some fascinating points and topics about Azure Pipelines, including (but not limited to): what listeners should be looking forward to, some highlights of the new optimizations on the platform, key Azure-specific offerings, as well as his recommendations on what listeners should follow up on for more information!   Topics of Discussion: [1:03] About today’s guest, Gopinath Chigakkagari. [1:43] Gopinath’s speaks about his roles at Microsoft over the years. [3:11] Is there a particular part of Azure Pipelines Gopinath focuses on more than the rest? [4:02] Gopinath explains the similarities and differences of continuous integration and continuous delivery. [6:38] Gopinath reveals what listeners should be looking forward to with Azure Pipelines. [9:52] Fastforwarding in the future with the GitHub acquisition in mind, does Gopinath see GitHub becoming the default way to store source control? [11:15] A word from Azure DevOps Podcast’s sponsor: Clear Measure. [11:46] Gopinath highlights some of the new optimizations in the Azure platform. [14:09] How many Clouds are there? [15:41] Gopinath explains some of the key optimizations for Azure specifically. [17:23] Are there any application types that still have some gaps in Azure Pipelines or are they now all supported? [20:20] Gopinath goes over several more key Azure-specific offerings. [23:23] What parts are ready to move to Containers right now and have good support in Azure? [25:02] Is there a firm, recommended way to do automated database schema migrations at this point in time? Or are there multiple options being designed? [27:39] Gopinath’s recommendations on what listeners should follow up on for more information and some more key points about Azure.   Mentioned in this Episode: Azure DevOps .NET Build Conference Azure Pipelines Azure Repos Azure Boards Azure Artifacts Connect Conference GitHub GitHub Acquisition ServiceNow VSCode YAML Clear Measure (Sponsor) AWS Azure Stack Windows Containers ReadyRoll Azure SQL Paas Jenkins   Want to Learn More? Visit AzureDevOps.Show for show notes and additional episodes.   Follow Up with Our Guest: Gopinath Chigakkagari’s LinkedIn Gopinath’s Chigakkagari’s Twitter

31 Dec 201830min

Today’s episode of the Azure DevOps Podcast is featuring Roopesh Nair, a Principal Lead Program Manager at Microsoft. He has over 20 years of experience in custom software. And at Microsoft, he works on the release capabilities in Azure Pipelines. Roopesh is incredibly passionate about DevOps and enjoys working with customers.   In this episode, Roopesh gives an overview of the capabilities within Azure DevOps in terms of deploying software, gives his recommendations on how to quickly get started with Azure DevOps and the best package to start out with, and offers guidance on how to package applications so they work well with the release capabilities. He also gives a bit of a sneak preview into some of the work he and his team are currently working on around deployment and experimentation services!   Topics of Discussion: [:42] About today’s episode with Roopesh Nair. [1:39] Roopesh talks about his personal journey and how he found himself at Microsoft. [3:07] The most interesting change Roopesh has observed since coming to Microsoft. [5:13] Roopesh talks about the transition from WPF to web-based. [7:02] Roopesh gives an overview of the capabilities within Azure DevOps in terms of deploying software. [13:35] Roopesh’s recommendation for how to get started quickly with Azure DevOps. [14:47] A word from Azure DevOps Podcast’s sponsor: Clear Measure. [15:15] Roopesh gives his recommendations for the best package to start with and offers his guidance for how to package applications (so they work well with the release capabilities). [17:22] Are any of the services or groups deploying anything using Windows Containers? [18:15] Roopesh’s guidance for listeners getting started (literally this month!). [18:53] Features Roopesh’s team is working on in terms of experimentation services. [21:41] What they’re planning on in other spaces for deployment. [24:47] Are there any release hub examples listeners can look at as a reference? [26:21] When does Roopesh think that the YAML configuration will be ready? [26:52] How Roopesh sees deploying software will be like in the future. [28:08] Are there capabilities in the release hub that are aimed at database integration? [32:00] The tool Roopesh’s team uses internally to execute their directory of files. [34:06] What Roopesh recommends listeners follow up on to learn more.   Mentioned in this Episode: Azure DevOps Azure Pipelines Buck Hodges on the introduction to Azure DevOps Services - Episode 001 WPF Azure DevOps Projects Clear Measure (Sponsor) Service Fabric Windows Containers Azure Container Registry SQL Server Azure Cosmos DB Azure Blob Storage SQL Roundhouse Alias ReadyRoll (SQL Change Automation) 34:24 resource mentioned here   Want to Learn More? Visit AzureDevOps.Show for show notes and additional episodes.   Follow Up with Our Guest: Roopesh Nair’s LinkedIn Roopesh Nair’s Twitter

24 Dec 201835min

Today’s episode is all about the future of Azure Pipelines. To discuss this topic is Chris Patterson, Principal Program Manager at Microsoft. Chris has been working at Microsoft for over 13 years — starting in 2005 as a Technology Specialist, then transitioned into his current role in 2006. His focus is on the Team Build features of Team Foundation Server and Visual Studio Team Services. In this episode, Jeffrey and Chris discuss how the infrastructure of Azure Pipelines is changing, what a build will mean in the future, the goal of Azure Pipelines evolution, and more.   Tune in to hear today’s conversation about the future of Azure Pipelines!   Topics of Discussion: [1:07] About today’s episode with Chris Patterson. [1:30] What Chris was excited for at the Microsoft Connect 2018 Conference. [2:30] Chris’s background working at Microsoft. [5:30] Chris outlines what’s in store for the future of Azure Pipelines, starting by looking at the past. [7:50] The goal of what Azure Pipelines is evolving into. [8:47] Will it be difficult to move into this change (or evolution)? [11:02] How close does Chris think they’ll get to Jeremy Epling’s vision of the future of Pipelines? And how soon? [14:40] A word from Azure DevOps sponsor: Clear Measure. [15:08] The changes to come in the Pipelines infrastructure, and what users can use right now in Windows Containers vs. what they have to wait for (come next year). [20:53] Some occasional downsides with Windows Containers. [23:25] Chris and Jeffrey discuss the recent performance improvement. [30:26] What does “shift the product right” mean? [34:52] Jeffrey and Chris talk log analytics, DevOps diagnostics, and workflows. [37:30] Resources Chris recommends listeners follow up on.   Mentioned in this Episode: Azure DevOps Azure Pipelines Microsoft Connect Conference YAML Azure Devops Podcast: Jeremy Epling on Azure Pipelines Clear Measure (Sponsor) Windows Containers Azure Kubernetes Service (AKS) Service Fabric Azure Pipelines Agent Docker VS 2019 Preview PhantomJS Azure Repos GitHub   Want to Learn More? Visit AzureDevOps.Show for show notes and additional episodes.   Follow Up with Our Guest: Chris Patterson’s LinkedIn Chris Patterson’s Twitter Chris Patterson’s GitHub Profile

17 Dec 201839min

In today’s episode Jeffrey is joined by Jeremy Epling, Head of Product for Azure Pipelines and a Principal Group Program Manager at Microsoft. He has been a leader at Microsoft for over 15 years in various roles. There’s a lot going on in the DevOps space with Azure right now — and in particular, with Azure Pipelines. Jeremy is incredibly passionate about the current progress being made and is excited to discuss all the new features coming to Pipelines in today’s episode!   Topics of Discussion: [:48] About today’s episode with Jeremy Epling. [1:07] Jeffrey welcomes Jeremy to the podcast. [1:27] Jeremy speaks about his journey at Microsoft and what he’s worked on over the years. [2:30] Jeremy gives a rundown of the new features coming to Azure Pipelines. [8:34] Jeremy explains how IntelliSense with VSCode works and the capabilities it has added in. [11:19] Jeremy talks about how the same editor in VSCode (Monaco) is in Azure Repos and is going to become the YAML Pipeline editor in Azure Pipelines. [12:52] A word from Azure DevOps sponsor: Clear Measure. [13:18] How long is it going to be until people can use these new features? And the new features that are currently being worked on (to come early 2019). [15:18] How close is Azure Pipelines to an all-encompassing, forkable experience? [19:33] How does Rosalind being converted impact listeners today vs. down the road. [22:03] Jeremy outlines some public projects that demonstrate the interconnectedness of all of these features (creating a productive environment for teams to work in). [25:34] Is there a discoverable way to peruse public projects at this point in time? [27:56] Jeffrey and Jeremy discuss what users can do with Windows Containers and future innovations. [32:47] Jeremy explains the new Windows Container Hosted Agent feature and performance scenarios. [41:11] The latest pushes to making Azure Pipelines better. [43:08] Jeremy reflects on the mission of his team and why it works so well. [44:00] How and where to reach out to Jeremy online!   Mentioned in this Episode: Azure DevOps Azure Pipelines Azure Repos Connect .NET Python Library GitHub NuGet YAML VSCode IntelliSense in Visual Studio Code Monaco Editor Github.com/Microsoft/monaco-editor Clear Measure (Sponsor) Atom Dev.Azure.com/Github/Atom Windows Containers @Jeremy_Epling on Twitter Azure Container Registry Matt Cooper’s LinkedIn Cloud Build #AzureDevOps on Twitter @AzureDevOps on Twitter   Want to Learn More? Visit AzureDevOps.Show for show notes and additional episodes.   Follow Up with Our Guest: Jeremy Epling’s LinkedIn Jeremy Epling’s Twitter

10 Dec 201845min

In this episode, Jeffrey Palermo is joined by Jamie Cool to discuss what’s going on in Azure DevOps! Jamie is the Director of Program Management for Microsoft. In his role he manages dozens of Program Managers all around the world, shipping loads of features on the platform. He has been at Microsoft for 20 years now. When he was first interviewing out of college, he was very intrigued by the PM role, and so he tried out for the role at Microsoft — and the rest is history.   Today, Jamie and Jeffrey dive deep into what the internal roadmap is looking like for Microsoft’s DevOps transformation and discuss some of the big shifts that Jamie is currently working on. Jamie also talks about what is happening around the GitHub acquisition, where he sees DevOps headed in the future, and gives his advice on what you should be keeping an eye out for as a Visual Studio Developer.   Topics of Discussion: [:47] About today’s episode and guest. [1:39] How Jamie ended up in his current role and his career journey. [6:23] What the internal roadmap is looking like for Microsoft’s DevOps transformation. [13:30] The next big shifts for the Microsoft transformation that Jamie is currently working on. [18:20] A word from Azure DevOps sponsor: Clear Measure. [18:48] How Azure DevOps is supporting open source software. [20:13] Jamie explains what is going on now that Microsoft has acquired GitHub. [23:35] The evolution of DevOps and where Jamie sees it headed in the future. [31:20] Does Jamie see Containers being the way to package up an application in the future? [32:51] Jamie’s advice to listeners on what they should be using now and keeping an eye on in the future. [33:57] When to switch to Windows Containers if you haven’t already. [35:22] What Jamie thinks listeners should be following up on!   Mentioned in this Episode: Azure DevOps Azure DevOps Youtube Channel Azure DevOps Twitter Clear Measure (Sponsor) GitHub CI/CD Pipeline Azure Artifacts GitHub Acquisition Azure Boards Azure Pipelines NuGet .NET Core Windows Containers   Want to Learn More? Visit AzureDevOps.Show for show notes and additional episodes.   Follow Up with Our Guest: Jamie Cool’s LinkedIn

3 Dec 201836min

In this episode, Jeffrey is discussing security in DevOps with his guest, Henry Been. Henry is an independent DevOps and Azure architect from the Netherlands. He enjoys working with development teams to create and deliver great software — and for him, this includes the full DevOps cycle; starting with discovering and planning new features and ending only when end users are satisfied. Henry’s interests include the Azure cloud, Agile, DevOps, software architecture and the design and implementation of testable and maintainable software. Next to his work, Henry is one of the Microsoft ALM DevOps Rangers — which is a group of 130 engineers worldwide who share professional guidance and create gap-filling solutions surrounding Azure.   Henry and Jeffrey discuss, in-depth, everything you want to know when it comes to security with DevOps. Henry offers advice on how to implement security into your DevOps practice, makes recommendations on how to be more secure at each stage of the software development application lifecycle, highlights possible vulnerabilities that you might want to watch out for, and offers tools you can utilize to combat this and up your security in your DevOps environment.   Topics of Discussion: [:40] About today’s episode and featured guest expert. [1:35] Jeffrey welcomes Henry to the podcast. [1:41] What Henry has been up to of late. [2:21] How Henry has found himself in the DevOps space. [3:08] Henry shares some information about the ALM DevOps Rangers he is a part of. [4:16] About the half-marathon Henry recently finished! [5:50] How did the term DevSecOps come about? And what do people need to know about it? [7:22] Henry offers advice on how to implement security into your DevOps practice. [8:26] Henry’s recommendations for being more secure at each stage of the software development application lifecycle. [12:47] The vulnerabilities of copying your database offsite. [13:44] Is keeping your database offline more secure than having it online? [14:04] A word from Azure DevOps sponsor: Clear Measure. [14:29] Henry outlines ways to limit the surface area of personal access to environments. [16:29] A vulnerability in the FCKeditor WYSIWYG HTML editor and how to avoid it. [17:53] Henry and Jeffrey’s take on why many are fearful of a scheduled, automated deployment or redeployment. [20:45] The work Henry has done with Azure Policy and how can help. [24:04] One of the most vulnerable attack surfaces: any area that a human’s account has access to. [24:41] What’s on the roadmap for Henry! [26:32] How to keep up with Henry and everything he’s doing. [27:02] Henry’s recommendations to those who want to learn more about security in their DevOps environment.   Mentioned in this Episode: Azure DevOps Azure DevOps User Group on Meetup Microsoft ALM DevOps Rangers DevSecOps SQL Clone from Redgate Redgate Clear Measure (Sponsor) Infrastructure as code FCKeditor WYSIWYG HTML Azure Policy Henry’s Blog (HenryBeen.nl) Henry’s Twitter @Henry_Been   Want to Learn More? Visit AzureDevOps.Show for show notes and additional episodes.   Follow Up with Our Guest: Henry Been’s LinkedIn Henry’s Blog Henry’s Twitter

26 Nov 201828min

In today’s episode, Jeffrey is joined by Eric Hexter, the Chief Technology Officer of Quarterspot LASO — a fintech company that produces lending platforms using machine learning. He built the company in the Cloud with DevOps as a foundational component of delivering the product. Eric has filled roles as CTO, Chief Architect, Developer, and Consultant. He’s spent most of his career working with web technologies, with a total of twenty years experience producing technology solutions that deliver business value.   As Jeffrey says, Eric is the DevOps King. He’s done some incredible work over the past decade and a half and has even written some books — well, namely one book back in 2012, ASP.NET MVC 4 in Action, co-authored by Jeffrey as well.   Eric and Jeffrey talk all about DevOps Diagnostics today, running through the various categories within it, such as: system metrics, log files, air conditions, heartbeats, and data integrity checks. Eric also gives his recommendations to those new and experienced with the system — tools, resources, and services.   Topics of Discussion: [:47] About today’s guest, Eric Hexter. [1:19] Jeffrey welcomes Eric to the podcast. [2:28] How Eric first got interested in the world of DevOps. [4:01] Eric talks about some of the key points made from his presentation on the Azure DevOps User Group on Meetup. [6:46] What Cloud DevOps diagnostics consist of. [8:10] What categories .NET developers need to be watching in order to operate their systems effectively. [9:08] Eric talks about one of these categories: his favorite system metrics. [12:15] Eric gives a quick rundown on queue-based processing. [14:23] Eric’s favorite queue at the moment. [15:21] The importance of having metrics on every running piece of your application. [18:23] A word from Azure DevOps sponsor: Clear Measure. [18:52] How Eric looks at system metrics. [20:06] On Eric’s team, who looks at the metrics? [20:34] Eric gives an explanation of the next category of Cloud DevOps diagnostics: log files. [22:32] What Eric recommends developers should be logging to a text file. [23:33] Eric explains what a decorator pattern looks like in code. [24:42] Eric briefly explains built-in log files. [25:03] How Eric brings all these log files together to cohesively view them all. [26:31] How does Eric log files? [27:30] Why logging as a first class feature within the application can be incredibly useful. [29:14] The next category of Cloud DevOps diagnostics: air conditions and common patterns within it. [38:13] The next category: heartbeats. [42:00] Eric dives into the next diagnostics category: data integrity checks. [44:04] The differences in structured logging compared to regular logging. [48:46] For structured logging, does Eric have a favorite library? [50:41] Eric’s recommendations tools and services to get started in all of this. [53:06] Eric’s advice on how to consolidate all your flat files to start a consistent view. [54:16] Eric’s favorite heartbeat source. [55:00] Additional resources Eric recommends listeners to go check out after this week’s episode.   Mentioned in this Episode: Quarterspot ASP.NET MVC 4 in Action, by Eric Hexter, Jeffrey Palermo, Jimmy Bogard, Matthew Hinze, and Jeremy Skinner Azure DevOps Azure DevOps User Group on Meetup PREMISAzure Storage New Relic Stackify Application Insights Azure Queue Storage Clear Measure (Sponsor) Grafana Loggly The Netflix Tech Blog   Want to Learn More? Visit AzureDevOps.Show for show notes and additional episodes.   Follow Up with Our Guest: Eric Hexter’s LinkedIn

19 Nov 201856min