Just over a year ago (time flies!), I wrote a post about the importance of the right foundation when working with Cloud Environments – it’s an area that I talk to customers, both new and existing, about all the time. The right foundation in my view is absolutely integral to ensuring success in Cloud environments, and is also essential for specific workload requirements. This post will be primarily focused on Microsoft Azure – but the key concepts and takeaways apply across most Cloud environments alike.
Note: Most of the areas I cover here are those I have personally seen as growth areas/common questions in 2023 – so this is my experience, rather than an exhaustive list!
You can read my previous post on this here: https://jakewalsh.co.uk/cloud-done-the-right-way-start-with-a-foundation/
In summary, this post covered the following key areas:
That a foundation sets up a Cloud Environment to allow consumption of Cloud Services in a compliant, optimal, and secure manner.
That most foundations cover Compliance, Optimal use, and Security as core areas – most other areas or configurations fall into these three categories.
That cloud foundations require design and consideration for each organisation or specific application/workload, along with the use of vendor backed reference architectures, methodologies, and practices.
That there is a HUGE range of resources, blogs, knowledgebases, videos and more out there to help.
In this post, I want to explore some of the key takeaways I from my own experience during 2023, based on three key areas that I saw uptake in, and revisit the resources and wider reading out there to assist.
2023 – Did someone say AI?
It’s simply not been possible to get through 2023 without seeing the huge impact that AI has had – in particular, generative AI’s rise to prominence, with key events like the release of GPT-4 in March. With many of Azure’s AI services now accessible and actively in use, it’s clear this is a huge growth area. And with any growth area comes the need to ensure key foundational elements and guardrails are in place – for me there are a few key aspects here:
- Secure access to AI Resources – for end users, applications, internal systems etc.
- Secure AI access to internal systems – for example, internal models accessing corporate data or systems securely/privately, and within relevant guardrails.
- Securely controlling and managing AI resources across an organisation – who, what, where etc?
- Managing Cost – and ensuring optimal usage.
Whilst all of the above present challenges that need to be solved for organisations adopting AI services, there are a wide range of resources available to help – two key starting points, covering the foundational areas are below:
A great resource to help here is the Azure OpenAI Landing Zone reference architecture – https://techcommunity.microsoft.com/t5/azure-architecture-blog/azure-openai-landing-zone-reference-architecture/ba-p/3882102.
There is also a brilliant Microsoft Learn Video that covers Integrating OpenAI into your Azure Landing Zone – https://learn.microsoft.com/en-us/shows/azure-enablement/integrating-openai-into-your-azure-landing-zone.
2023 – Azure Virtual Desktop!
Another area I personally saw huge growth in during 2023 was Azure Virtual Desktop – not just in my day to day work, but also growth in community interest and articles. In many cases AVD’s capabilities and simple integration into wider Azure environments, as well as it’s extensibility via other platforms (Citrix for example), has made it a natural choice for many organisations. Key to this uptake, in many cases, was also the ease with which AVD can be brought into organisations, and then adjusted or scaled flexibly to meet varying needs. For organisations that are already consuming Azure, and have a foundational environment that has been well architected – adding AVD into the environment is usually a simple process.
Again, key considerations that I saw in 2023 for AVD and its foundations were focused on the following points:
- How AVD will integrate with the wider foundational environment and applications – the most common area for focus here was around connectivity, and adjusting or recreating existing processes (from other platforms or on-premises solutions) to suit AVD.
- How AVD will be controlled from a cost perspective – the large numbers of resources with AVD necessitates ensuring that adequate cost controls are in place. Often this goes beyond simply policy based control or monitoring, and into the realm of automation and intelligent scaling to ensure optimal FinOps.
- Upskilling, Training, and Maintenance also continues to be a key theme – you can have the best configuration and environment possible, but if you can’t support it, problems arise.
- Managing Applications and Profiles – Anyone with a background in VDI will see nothing surprising about this point. As it has always been, the complexity in VDI is always largely around applications and managing user personas and profiles. Key to this in Azure is the consideration of things like DR and extending AVD across Zones and Regions in a logical and optimal way.
Key to ensuring AVD architected and configured for success, is ensuring the right foundation – again there are numerous resources that are out there to help, but below are a few key starting points I’d recommend reading through during your design phase:
Enterprise Scale support for Microsoft Azure Virtual Desktop – https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/wvd/enterprise-scale-landing-zone
Azure Virtual Desktop Landing Zone Review – https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/wvd/ready
Resource Organization considerations for Azure Virtual Desktop – https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/wvd/eslz-resource-organization
Network topology and connectivity for Azure Virtual Desktop – https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/wvd/eslz-network-topology-and-connectivity
2023 – PAAS PAAS and more PAAS!
In 2023, I also saw a huge uptake of Platform as a Service offerings (PAAS), particularly with organisations looking to consolidate during migrations to Azure. Azure Files was a clear frontrunner here – offering an opportunity to provide a flexible and scalable file platform, whilst reducing the overhead of managing Windows IAAS Resources. As well as large amounts of Azure Files, I saw a range of other PAAS Services see popular growth and interest amongst Clients in my day-to-day work, and also within community events and forums.
A few key points from myself around PAAS looking back at 2023:
- Scope, Test, Assess, and Plan – this is essential for PAAS Services, and particularly Azure Files deployments. Scope out the requirements, test the suitability with a POC, assess the needs (throughput, quantity, sizing, transactions etc.), and then plan the whole process end to end. Ensuring planning documentation is followed too – there is a wealth of information out there for Azure PaaS Services.
- PAAS Services really do help manage costs and scalability – start small and expand is a key concept with PAAS, providing flexibility and scalability, but the key here is to understand and plan for changes and expansion.
- Prepare for a Service without Windows – Whilst PAAS Services reduce the overhead of managing a Windows Virtual Machine, there are considerations needed around what NOT having Windows running a service means – I don’t mean this as a negative point, but for example replication, DR, failover testing are all examples of things that differ from Windows running on Azure IAAS, when compared to PAAS Services in Azure. This needs consideration and may mean changing business processes and practices.
- Understand how services like Azure Private Link and Private Endpoints can help secure PAAS Services further. My default view here is usually that unless we need public access, we should be using private networking features.
Planning for an Azure Files deployment – https://learn.microsoft.com/en-us/azure/storage/files/storage-files-planning
Azure Private Link FAQ – https://learn.microsoft.com/en-us/azure/private-link/private-link-faq
I hope this recap and the linked resources are helpful!
Additional Resources / Further Reading
- Microsoft Cloud Adoption Framework for Azure – https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/
- Azure Architecture Center – https://learn.microsoft.com/en-us/azure/architecture/
- Azure Fundamentals Training – https://learn.microsoft.com/en-us/training/paths/microsoft-azure-fundamentals-describe-cloud-concepts/
- Azure OpenAI Landing Zone Reference Architecture – https://techcommunity.microsoft.com/t5/azure-architecture-blog/azure-openai-landing-zone-reference-architecture/ba-p/3882102
- Microsoft Learn – Integrating OpenAI into your Landing Zone – https://learn.microsoft.com/en-us/shows/azure-enablement/integrating-openai-into-your-azure-landing-zone
- Sam Cogan (MVP) – Secure your Azure AI Resources before it’s too late – https://samcogan.com/secure-your-azure-ai-resources-before-its-too-late/
- Connecting OpenAI Private Endpoints Across VNETs – https://www.youtube.com/watch?v=NjHeF4cluNU