Cloudinthealps

L'IA ne remplace pas les gens — elle casse les organisations en silence

Fri, 05 Jun 2026 00:00:00 +0000

Gartner nous dit que 20 % des organisations vont utiliser l’IA pour virer plus de la moitié de leur management intermédiaire d’ici fin 2026. En face, Sam Altman déclarait à Sydney le 26 mai qu’il était “content de s’être trompé” — l’apocalypse emploi qu’il annonçait, ben finalement, elle n’a pas eu lieu.

Les deux ont raison. Et les deux passent à côté du sujet.

L’IA ne supprime pas massivement les postes. Elle supprime les étages. Elle redessine l’organigramme sans que personne ait validé le plan. Et ça, on ne le verra pas dans les résultats trimestriels de 2026 — on le verra quand les organisations ne tourneront plus en 2032.

Pourquoi les Big Tech partent en vrille, merci Cory :)

Thu, 16 Apr 2026 00:00:00 +0000

Je n’arrive pas à corriger la date de naissance de mon fils sur Gmail. Ça fait des mois.

Le support Google m’explique poliment qu’ils ne peuvent pas procéder à la modification. Pas qu’ils ne veulent pas — qu’ils ne peuvent pas. Mon fils a un compte Gmail, avec une mauvaise date de naissance, et personne chez Google n’est en mesure de rectifier une donnée personnelle factuelle. En Europe. En 2025. Sous le régime du RGPD.

Apprendre à gérer l'humain, avec l'IA, et non l'inverse!

Thu, 13 Feb 2025 00:00:00 +0000

Comment gérez-vous un collègue en situation difficile? Comment aborder un sujet délicat avec un collaborateur? Que peux dire un manager pour avoir une bonne position d’écoute?

Et si vous simplifiez vos formations au savoir être?

Je vous ai accrochés? J’espère que oui.

Pour mettre un peu de contexte, j’ai pu tester, brièvement, une solution qui permet de procéder à des exercices de mise en situation, sans avoir besoin d’acteurs ou de formateurs. Evidemment, c’est aidé par de l’IA, sinon ça ne serait pas amusant.

Retour sur la première de MS Build en France!

Thu, 26 May 2022 00:00:00 +0000

Voilà, la première édition de ce #MSBuild #SpotlightFrance s’est terminée.

Ce fut une édition épique, forcément la meilleure jusqu’ici :)

Il y a eu beaucoup d’annonces et de sessions passionnantes, en ligne et en présentiel, mais j’ai choisi de vous parler plutôt de tout ce qu’il s’est passé en dehors des annonces. Et donc, finalement, vous parler de ce que j’en retiens.

Pour les annonces, je vous recommande le book of news!

Mes premières impressions sur les Realwear HMT-1

Wed, 08 Dec 2021 00:00:00 +0000

Et voilà, j’ai lâché quelques teasers, maintenant je dois assumer. Nous sommes donc partis pour mes premières impressions au déballage de cet appareil étrange, un unboxing quoi :-).

J’ai pu donc, courtesy of Lenovo, avoir entre mes mains un Realwear HMT-1, et mener quelques essais :

mise en route et configuration manuelle
Installation d’une application, utilisation des lunettes avec un document PDF, et essais de base
Utilisation de la plate-forme Foresight by Realwear

Je parlerais sûrement de Lenovo Thinkreality, la plate-forme dédiée à la gestion des devices de XR, mais cela fera l’objet d’un second article, celui-ci sera déjà bien assez long.

Premières impressions sur les Lenovo A3

Mon, 04 Oct 2021 00:00:00 +0000

J’avoue, j’ai été très tenté de faire un titre clickbait sur ce coup… et je me suis retenu avec difficulté.

Alors voilà, j’ai eu l’occasion, grâce à Loic Beauvillain, de prendre en main ces nouvelles lunettes Thinkreality A3 de Lenovo, et voici un petit résumé de cette expérience.

Pour poser le décor, je manipule de manière plus ou moins régulière des Lenovo A6, les ancêtres des A3 donc. Et j’ai eu de multiples occasion de tester des Hololens 1 & 2, mais pas de manière prolongée. Je suis un tech, pas du tout du côté développement, et j’ai essayé de me positionner en tant qu’utilisateur des lunettes relativement standard.

Répondre ou ne pas répondre à la sollicitation d'un recruteur?

Fri, 25 Jun 2021 00:00:00 +0000

Oui, c’est un peu provocateur, vu le nombre de recruteurs qui se trouvent sur Linkedin.

Cependant, la question m’a été posée plusieurs fois ces derniers temps, et je me suis dit que mes réflexions pourraient servir, et surtout que je suis intéressé par les avis de la communauté, y compris les fameux recruteurs :-)

Précisons bien, je parle d’une situation où je suis en poste, sans avoir annoncé la moindre volonté de changement de job, et je suis contacté par un recruteur pour une opportunité qui pourrait m’intéresser. Prenons l’hypothèse que la proposition est bien ciblée, et que donc, je sois potentiellement intéressé en réalité. Si c’est une offre mal ciblée, passons :)

La data, une amie qui vous veut du bien

Wed, 29 Jan 2020 00:00:00 +0000

L’heure est à l’inquiétude face à la reconnaissance faciale. La Chine nous inquiète par ses pratiques de contrôle permanent, l’Europe et la France suggèrent de l’interdire pour quelques années, le temps de bien poser la réflexion et les enjeux, et pourtant les applications se multiplient. Forcément, l’idée de ne plus pouvoir être anonyme, d’être tracké dans la moindre de nos actions peut inquiéter. Sans être un dissident, je n’ai pas forcément envie qu’un gouvernement, ou une entreprise transnationale, puisse tout savoir de moi. Sauf que, il est déjà trop tard. Pas pour la reconnaissance faciale, mais une technologie bien plus simple et déjà très établie vous tracke en permanence : votre smartphone. Le pire, c’est qu’il le fait à votre demande, ou en tout cas avec votre accord. Nous avons pour la plupart activé le GPS de notre téléphone, et accepté que notre position soit partagée avec certaines applications. Mais savez-vous lesquelles à un moment précis ? Et savez-vous ce que les entreprises qui collectent ces données en font ? Et savez-vous ce que ces données indiquent ? Petit tour d’horizon d’un monde digne de 1984. Commençons simplement : vous avez sûrement installé Google Maps, et accepté de partager votre position avec cette application. Cela semble une évidence pour son utilisation correcte. Avez-vous déjà vérifié ce que l’application enregistre à propos de vous sur le Cloud de Google ? Rendez-vous, via leur site web, sur votre historique de cartographie. Vous pourrez ainsi constater que la firme californienne possède parfois un historique de vos déplacements remontant à plusieurs années. A priori, Google est une société en qui nous devrions pouvoir avoir confiance, et qui ne devrait pas partager ces données avec n’importe qui. Ces données ne servent en principe qu’à vous aider lors de vos recherches ou de vos déplacements, et à « améliorer » les services Google. Qu’est-ce qui se cache derrière ce terme, Améliorer ? Bonne question. Pour le moment, il s’agit surtout de mieux cibler les publicités qui vous sont présentées. Seulement rappelez-vous Cambdrige Analytica. Pour résumer, cette société a acheté des jeux de données similaires à Facebook, et les a utilisés pour définir des profils d’électeurs. En fonction de leur lieu de vie, de leurs relations, des groupes qu’ils suivent etc, Cambridge a ensuite défini avec son client (un certain M. Donald T.) quelles étaient les meilleures communications à envoyer pour inciter ces personnes à voter pour eux, ou bien à ne pas aller voter du tout. Si l’on en croit les résultats de cette élection, ou bien ceux du référendum du Brexit en 2016, il semble que la méthode soit efficace. Seulement, vous allez me dire : pas de ça chez moi, je suis attentif et éclairé et je garde mon objectivité. Alors rendons-nous à l’étape numéro deux. Avez-vous déjà vérifié quelles applications ont accès à votre position sur votre smartphone ? Il est si vite fait d’accepter des conditions lorsque l’on veut utiliser sa nouvelle application. Je vous invite à le faire. En fonction de votre téléphone, le menu est différent mais vous devriez rapidement trouver une liste des applications qui possèdent cette autorisation. Vérifiez dans la liste si chacune des applications est bien légitime à collecter votre position, et sous quelles conditions. Cela peut sembler un peu extrémiste, surtout dans notre métier de s’inquiéter de cela. Je ne peux que vous conseiller la lecture d’un excellent dossier du NY Times dédié à cette problématique : https://www.nytimes.com/interactive/2019/12/19/opinion/location-tracking-cell-phone.html Comme nous ne sommes pas reporter, je vous propose de rester dans le domaine de la théorie. Vous avez installé des applications, dont certaines vous réclament l’accès à votre position, d’une manière qui semble légitime. Vous êtes vous demandé ce que les entreprises qui publient ces applications font de ces données ? La loi n’est d’aucune aide, pour le moment, car vous avez accepté le partage et la société a sûrement écrit de belles conditions d’utilisation. Conditions que vous n’avez pas lu, comme tout le monde. Et quand bien même, le texte doit contenir une vague référence à un usage sécurisé et raisonnable de vos données, pour l’amélioration de vos services. Bon, inutile de pleurer sur le lait renversé, ce qui est fait est fait. Vous vous dites sûrement : mais qui peut bien s’intéresser à mon parcours quotidien, et se passionner pour ma visite hebdomadaire au club de gym ? Soit dit en passant, il est étonnant que chaque visite au club de gym ne dure que 30 minutes, alors que vous aviez dit à votre cher.e et tendre que vous feriez une heure de sport par semaine. D’autant plus que chaque visite à la salle est suivie d’un arrêt à la boulangerie. Mais cela ne nous regarde pas. Prenons le problème dans l’autre sens : si je suis quelqu’un de mal intentionné, je peux acquérir des fichiers contenant les données de positionnement de milliers de personnes, moyennant quelques centaines ou milliers de dollars. Il existe quelques dizaines de sociétés qui vendent ces données de manière tout à fait légale. Etonnamment, ce sont elles qui fournissent des services d’applications gratuites, ou des kits de développement permettant aux auteurs d’application de mieux monétiser leurs propres services. Rappelez-vous : si le produit est gratuit, c’est que vous êtes le produit. Nous pouvons rester rassurés malgré tout, ces données sont dites anonymisées. C’est-à-dire que le collecteur en a retiré votre email, votre nom… pour ne laisser qu’un identifiant unique mais anonyme. Personne n’a de moyen de savoir que

La technologie, les investissements et l'antimondialisation

Wed, 29 Jan 2020 00:00:00 +0000

La technologie, les investissements et l’antimondialisation Conflits commerciaux et indus (Huawei/Google ou 5G par exemple) Quantique rapport Forteza Apple et ses fournisseurs pour les smartglasses lien vers article complet. Finalement les plus grands capitalistes du monde ne soutiennent un libre-échange que quand ils sont en position de force. Lorsque la dépendance se fait ressentir, chacun se positionne derrière ses remparts. Est-ce un bien ou un mal? Exascale, atos et eurohpc Cisco et polytechnique C’est la pandémie, le re-confinement dans beaucoup de pays, les élections aux USA, les conflits entre la Chine et ses territoires autonomes, le Brexit… jusqu’ici, tout va bien. Mais dans notre bel univers quotidien de la tech, au-delà des solutions de distanciation sociale, de contact tracing ou de port du masque, quelques tendances m’ont suffisamment intéressé pour que je me décide à écrire. Pour être honnête, j’ai pensé à ce sujet dès le début d’année, fin janvier, avant que la crise Covid ne vienne amplifier le constat. Alors commençons par une petite interrogation pour vous : qu’ont en commun la 5G, le quantique, les puces pour téléphone mobile et la réalité augmentée? Vous avez 4h.

Les rôles et impacts de l'IA dans le monde professionnel

Fri, 29 Nov 2019 00:00:00 +0000

Lorsque l’on évoque le sujet des “IA” de manière générale, on entend beaucoup de banalités, pas mal d’inquiétudes. Et en fait, beaucoup de méprises et d’incompréhensions. Les cas les plus visibles sont les voitures autonomes par exemple, ou bien les tentatives de systèmes semi-autonomes dont le comportement dérive très vite. Je voudrais essayer de rendre ces problématiques un peu plus claires, en synthétisant mes lectures et recherches diverses. Tout d’abord, posons les bases. Je n’apprécie pas beaucoup le terme IA, car il est très vague. Dans l’esprit de certains, une IA est un système doué de conscience, avec des niveaux de compréhension et de raisonnement au moins similaires à un humain. Dans la réalité du quotidien, ce que l’on entend par IA s’étend depuis un système de décision automatique mais figé (comme une brosse à dents qui détecte si les dents sont assez propres) à des systèmes relativement autonomes, dans un domaine limité (comme des voitures). Mettons que l’on s’occupe de tout ce scope-ci, les systèmes autonomes, en incluant tout ce qui permet d’automatiser tout ou partie d’un processus. Ces systèmes sont la plupart du temps très loin de l’IA et ne sont souvent que des robots capables de suivre des arbres de décision pré-établis. Mais certains sont plus complets ou autonomes. Une fois l’incompréhension sur la terminologie posée, j’aime bien définir les différents cas d’utilisation de ces systèmes, dans le monde professionnel principalement. En premier on retrouve les systèmes d’assistance, déjà très répandus. Ce sont les “robots” que l’on active à notre initiative, pour effectuer une opération complexe à notre place. Par exemple nous avons les systèmes de traduction automatique de génération précédente. Ils nous permettent de vérifier une traduction ou une compréhension de manière générale, en allant bien plus vite qu’avec un dictionnaire. Le contexte n’est pas forcément pris en compte, pas plus que les double-sens et les expressions locales (géographiquement ou liées à un jargon métier). Ensuite nous avons les systèmes complémentaires. Ce sont des systèmes qui travaillent avec nous, en parallèle, et qui viennent nous proposer des suggestions pour nous aider dans notre travail. Leur capacité d’analyse est souvent assez large et profonde. Cela leur permet de suivre des opérations sur un spectre et une profondeur que nous ne pouvons souvent pas atteindre sans de très longs et couteux calculs. Dans le domaine de la surveillance vidéo, la reconnaissance faciale pour des systèmes de type CCTV permet de retrouver un individu dans des flux multiples, puis de reconstituer son parcours dans le temps et l’espace. Enfin, arrivent les systèmes que je qualifie de remplacement. Dans les plus simples on retrouve les chatbots ou callbots qui permettent de traiter de nombreuses demandes de manière automatisée, sans intervention humaine. Pour les plus complexes, nos fameuses voitures autonomes sont de bons exemples. Ce sont ces dernières qui inquiètent, pour plusieurs raisons: • La sécurité des personnes et des données, ett donc la fiabilité des systèmes. Cf les accidents de voitures autonomes, • L’emploi, si ces systèmes étaient à même de remplacer des emplois, • L’explicabilité, pour pouvoir décortiquer la chaine de décision lorsqu’une anomalie est signalée et pour détecter les biais. Je ne vais pas pouvoir entrer dans des détails avancés pour répondre à chacune de ces inquiétudes, un livre n’y suffirait pas. Je peux néanmoins donner quelques pistes de réflexion. En ce qui concerne la fiabilité des systèmes, il y a une chose qui me frappe dans toutes mes discussions au sujet des “IA” : tout le monde s’attend à ce que ces systèmes soient parfaits. Une voiture autonome ne devrait jamais avoir d’accident. Un système de prédiction ne devrait jamais se tromper. Un automate devrait toujours effectuer la bonne action. Question naïve : à quoi compare-t-on ces systèmes? Formulé autrement : • Est-ce qu’un conducteur humain est infaillible? Quelles sont les statistiques d’accidentologie des humains? Des “IA”? • Lorsque l’on demande à un système de traiter des formulaires de manière automatique, quelle est l’alternative? Si je demande à un modèle de reconnaître des écritures manuscrites pour faciliter mon travail, est-ce que je suis fiable à 100%? • Si je mets en place un système de caisses intelligentes qui reconnaissent le contenu d’un plateau repas, le système pourrait être fiable à 99% (par exemple). Connaissez-vous le taux d’erreur d’un opérateur humain? Indice : il est plus élevé que 1% :-) Petite note au sujet de la gestion des erreurs, l’idéal lors de manipulation de modèles est de bien gérer les seuils d’acceptabilité. En d’autres termes, un modèle d’IA vous indiquera toujours ce qu’il pense être la bonne information

Le cloud souverain, oui mais comment?

Mon, 25 Nov 2019 00:00:00 +0000

Si vous voulez déployer vos applications et services dans un cloud public, vers qui allez-vous vous tourner?

Très probablement vers l’un des 3 acteurs majeurs au niveau planétaire. Votre choix se fera sûrement pour des raisons politiques plus que techniques ou financières. Je dédierais sûrement un article à ces choix ultérieurement.

Le fait est que pour déployer une nouvelle application dans le cloud, le choix est finalement assez simple.

En premier vous avez la solution déjà indiquée : un des mastodontes américains. Problème, vous ne voulez pas forcément donner vos données, vos applications et votre argent à une multinationale, quelle que soit sa position vis-à-vis des questions éthiques et légales. Et dans un climat de défiance envers la globalisation, et une tendance à la relocalisation, il semble un peu hypocrite de s’appuyer sur eux.

De l'usage des datas et de l'IA

Wed, 03 Jul 2019 00:00:00 +0000

Le buzz autour de l’IA semble se cristalliser autour de deux principaux sujets : les possibilités offertes par la technologie, et les risques liés à son utilisation. La question des risques est un sujet de choix pour les détracteurs et les récalcitrants. Nombre d’articles et de livres listent les problèmes posés par l’IA et souhaiteraient nous voir jeter le bébé avec l’eau du bain, et la baignoire au passage. Ce qui me trouble beaucoup dans cette démarche, en dehors du danger que l’on fait courir aux bébés qui prennent leur bain, c’est que l’IA focalise l’attention, alors que le problème est humain avant tout. L’IA ne fait rien de nouveau ou de plus que d’autres systèmes précédents. Et même le terme IA est galvaudé, particulièrement dans ces cas-là. Prenons quelques exemples. Le plus ancien me concerne directement. Il y a une dizaine d’années, j’ai déménagé au Royaume-Uni, et j’ai voulu ouvrir un compte en banque. Nous avons choisi une banque connue et répandue. Nous avons passé quelques heures à remplir des formulaires, puis avons attendu de recevoir nos moyens de paiement. Le jour où nous les avons enfin obtenus, nous avons aussi eu un lettre nous indiquant que notre compte allait être fermé car nous n’étions pas conformes à la politique de la banque. Aucune autre information n’était donnée. Ayant noté une erreur dans le nom auquel le courrier était adressé, j’ai voulu rentrer en contact avec la banque, pour savoir quelle était la raison réelle de ce refus et vérifier s’ils n’avaient pas suivi le dossier de quelqu’un d’autre (le credit score existant dans ce pays, j’aurais pu être confondu avec une personne ayant un mauvais score). Après de multiples emails et coups de téléphone, la seule réponse que j’ai obtenu a été “le système Phoenix nous indique que nous ne pouvons pas vous octroyer un compte”. Impossible d’en savoir plus. Ce qui m’a dérangé, en bon français habitué à la CNIL, a été de me voir opposer un mur anonyme, sans avoir aucun moyen d’accéder aux données me concernant. La banque pouvait me refuser un service, sans aucune justification ni explication. Aucune IA à cette époque, quelques recherches m’ont montré que je n’étais pas le seul à avoir des problèmes avec Phoenix, et que celui-ci était un simple système de vérification qui pouvait se déclencher pour des raisons obscures. Et bien sûr impossible de faire corriger mon dossier d’application pour que le contrôle effectué corresponde bien à ma propre situation (il reste très probable que l’erreur de nom dans le courrier de refus prouve que les données de contrôle ne me concernaient pas). Pour l’épilogue, nous sommes allés dans une autre banque, avec le même dossier. Nous avons expliqué la situation, et après quelques échanges avons obtenu notre compte. Je peux utiliser d’autres exemples, comme les systèmes de logement aux US qui se basent sur des données plus ou moins publiques pour déterminer si vous êtes aptes à recevoir un logement. Je ne parle pas de système de logements sociaux, mais de sociétés privées qui fournissent des service de background check pour les bailleurs privés. L’expérience malheureuse de quelques-uns a montré que, comme dans le cas de Phoenix, il est impossible d’accéder à nos propres données, de savoir quel critère nous a rendu indésirable et encore moins de pouvoir corriger les données si jamais il y a une erreur. Ou bien pensez au système de social scoring chinois. Si vous trouvez le credit score anglo-saxon désagréable, je n’ose imaginer les dérives possibles du social scoring. Accessoirement cela peut créer des cercles vicieux, rappelez-vous l’épisode Nosedive de Black Mirror. Tant que vous êtes un blanc mouton, gentil et hypocrite, tout va bien. Au moment où un grain de sable vous fait dérailler, tout aprt de travers. Votre score se dégradant, vous vous trouvez dans des situations plus compliquées (difficultés à obtenir un prêt, un travail, un billet d’avion etc…) et le risque que votre score se dégrade augmente. Bon il s’agissait de fiction, mais finalement très proche de la réalité. Revenons au credit score américain : si votre score est mauvais, vous aurez du mal à obtenir un prêt de bonne qualité. Mais vous finirez par en obtenir un à de très mauvaises conditions, ce qui signifie souvent qu’il vous coûtera cher et que vous augmenterez le risque de défaut de paiement, même temporaire. Ce qui va dégrader votre credit score, etc. etc etc. Mais tout ceci n’est pas lié à de l’IA. Certes, parfois ce sont des algorithmes obscurs qui ne rendent pas d’explication sur leur décision. Et ce ci doit être combattu et corrigé. Mais la plupart du temps la sélection se fait sur des critères cachés mais très simples. La discrimination existe, avec ou sans IA. Ce à quoi il faut être attentif reste l’accès aux données et l’explicabilité des modèles. Pour la première, nous avons en Europe le règlement RGPD qui oblige à cette transparence (et à la protection de nos données). C’est un pas dans la bonne direction, au moins dans notre juridiction. Pour l’explicabilité des modèles, il n’existe pas encore de règle, à ma connaissance, mais cela devrait être obligatoire pour tout ce qui touche aux besoins primaires, à minima.

Test Azure Bastion

Tue, 02 Jul 2019 00:00:00 +0000

Alors oui, c’est une fonctionnalité dont nous parlions peu mais qui va simplifier beaucoup la vie quotidienne. L’annonce de la public preview est récente, mais la fonction marche déjà très bien, sous peu que vous utilisiez le portail Azure Preview (https://aka.ms/BastionHost). Le principe est très simple : vous avez des VMs connectée à des Vnet isolés du monde extérieur, et vous ne souhaitez pas ouvrir les ports d’administration (SSH/RDP) de ces VMs vers l’extérieur. Habituellement, vous montiez une VM dédiée, qui elle était configurée pour accepter les connexions extérieures, avec une stack spécifique lui permettant de servir de relais vers les VMs protégées. Bonjour la complexité : • D’administration d’une solution dédiée, et parfois bancale (si quelqu’un aime sshgw, qu’il se jette la première pierre!) • D’utilisation au quotidien. Dans certains cas un logiciel particulier permettait une connexion relativement simple, dans d’autres il fallait s’authentifier plusieurs fois et faire des tunnels SSH pour arriver à sa destination… Et là, libération avec Azure Bastion. Démonstration! Mettons que vous ayez déjà une VM déployée sur Azure. Lorsque vous utilisez le portail Azure pour vous y connecter, en principe, vous n’avez qu’à cliquer sur le petit bouton qui va bien. Dans mon cas une VM Linux :

One augmented reality use case : the remote expert

Wed, 29 May 2019 00:00:00 +0000

J’admets être venu au sujet du remote Expert par accident. Une demande client sur le sujet m’a amené à creuser quelques pistes. Une fois les quelques solutions utilisées et testées, j’avais en main de quoi effectuer simplement quelques démos, parfois de manière inopinée. J’ai été convaincu très vite du potentiel de cette solution simple à mettre en œuvre. Les quelques démos effectuées au détour d’une conférence ou d’une simple discussion montrent que les clients sont convaincus aussi. Le Remote Expert (ou Remote Assist), qu’est-ce que c’est? Imaginons que vous ayez dans votre structure une flotte d’intervenants sur site pour des tâches très variées. Ceux-ci ne peuvent pas être experts dans tous les domaines, ni connaître par avance tout ce dont ils auront besoin avant d’être appelés en dépannage. D’un autre côté, vous aurez sûrement un expert du domaine, qui maitrisera parfaitement l’intervention à effectuer. Mais celui-ci ne sera pas en mesure d’être présent sur l’ensemble des sites au cours d’une journée, les pannes ne se planifiant jamais comme cela nous arrangerait. Il faudrait donc une solution permettant à l’expert de se démultiplier. Comme le clonage humain n’est pas encore au point ni éthiquement accepté, il faut trouver autre chose. Et voici le Remote Expert. Cette solution consiste à utiliser un appareil mobile sur le site de l’intervention, pour partager l’environnement de travail avec l’expert. Et surtout de pouvoir annoter et donner des indications sur cet environnement.

Devops Transfo - step 2

Fri, 22 Feb 2019 00:00:00 +0000

This is a second post in what might become a series regarding DevOps, and DevOps transformation. Unfortunately for you, I speak my mind when I feel like it, so there is no master plan behind my ranting. First post was about choosing a strategy when transforming a managed services team towards DevOps. This second step may not come necessarily after that first step :) You get to choose. In a way, I have the feeling that DevOps is close to what ITIL is : a toolbox where you can select which parts you would like to apply, and the way to implement them. So new topic : how to target or build the team which will start the DevOps initiative in your organization? There are several indicators that you can use to make this selection. None is an absolute, once again, these are pointers to which team would better succeed in applying DevOps principles. There is no sure shot, no magic finger method :) The obvious criteria is to pick a team, of future team members that are already aware of DevOps, and willing to make the move. Of course these would be the people that will help you succeed in the first move, and show the rest of the world that it can be done, and bring very positive outcomes. The second flag that should be raised is tied to one of the main outcome of DevOps : software delivery. If you have a team that is already struggling to get a reliable software delivery in place, and is willing to put the effort into building the organization and tools to get there, then you have a probable winner :) On the opposite, if you try to convince a team that they need to move to DevOps when they are convinced their software is delivered efficiently and reliably, you’re going to hit a wall. Basically it would come down to convincing them that they are doing a poor job and are not even aware of that. Maybe not the right target for your first DevOps project. The last one brings us to my favorite topic, outside of tech stuff : business outcome! Of course, the aim of a transformation within your organization should always be mindful of the business outcome. Imagine you pick a team that is working on a neglected piece of software that no one cares about, and of which customers are just happy of the current situation. I do not think you would get the visibility and traction, not to mention willingness if you try to initiate your DevOps transformation in there. On the other hand, if you manage to get a team working on a new flagship product, that gets the attention of the CxOs, and has a need to show modern and reliable software delivery… you have a winner! Once you’ve chosen your dream team, and start working, remember that DevOps, as always, is about people, not just tools. The key thing to take away stems from common sense, and has been given by someone who did try and implement multiple Agile/DevOps organizations: “if you start with bad people and give them a smart way to work together, they won’t become smart by themselves”. Alright, I must admit the original quote was much harsher, but I cannot write it here :) PS : I tend to keep these article short, and do not dive into each topic. This is done on purpose, not just by laziness. If you need to go deeper in each topic, just ask, or get a good read :)

DevOps transformation for Managed Services

Fri, 08 Feb 2019 00:00:00 +0000

I know, DevOps is still a buzzword. IT is often used to rebrand an old team or practice, and give more sexiness to a marketing slideset. I have seen it used to describe what is essentially an automation team within an Ops team. Good start, but missing the point. Anyway, having been a major actor in a devops transformation, and witness to many, I wanted to give some advice to anyone out there patient enough to listen to me. I think most of what I am going to say will seem trivial, but it would help a few of us to put some words on what is happening to good ol’ outsourcing. I am talking right now about DevOps transformation, but specifically when it happens to a Managed Services team, as in an outsourcing company, or an MSP. This is a difficult spot, as such teams should be able to provide support for DevOps organizations form their customers, and even help them. I will skip the contract and SLA part, as it is a very tricky subject, at least for now. I have seen two ways of approach the subject. First is full ahead transformation, no quarters, no mercy. The second is building a new team dedicated to DevOps, in parallel of the existing one. I have only experienced the second first hand. It was an opportunity as we were bringing a new set of skills and customers into an existing managed services org. I chose to break from the past, and build a new set of tools and processes almost outside of the existing system. This creates the possibility to create and prove the viability of these new ways of working and interacting with your customers. The difficult part is where you have to merge with the existing tools and processes. For example, we had to start with the monitoring tools we had, as we could not ask our 24*7 monitoring team to have multiple dashboards and tools. The fact that we were successful with the other tools and habits we developped allowed us to push for a new monitoring solution a few months after the initial move. And we kept the momentum after that :) The other way I have witnessed, to transform the whole team at once, is challenging and cannot be carried by anyone on the team. I would advise that you start this path if you have a sufficient executive weight, or support from the executive team, because it will be a disruptive path. This is good, but the cost might be high, both in terms of people inside the team being disgruntled and maybe leaving, and in terms of your existing customers (and prospects) who might not understand what you are undetaking. The uptake is that you avoid having two different teams working with different mindsets and toolsets. Obviously I would recommend reading the Devops Handbook, and the Phoenix Project, to get a basic understanding of what you are getting yourself into :) Next up, I will try and help you target which team and/or customer would be a best fit to start your devops journey, stay tuned! Je sais, tout le monde parle de DevOps, à tort et à travers, mais parfois à raison. C’est un terme souvent utilisé pour redorer une image d’équipe ou de practice, et donner une touche sexy sur un jeu de diapositives. Je le vois souvent utilisé pour décrire ce qui n’est essentiellement que de l’automatisation dans une équipe Ops/infrastructure. C’est un bon début, mais ce n’est qu’un début, pas le voyage complet. Néanmoins, ayant été acteur, parfois majeur, et témoin de plusieurs de ces transformations vers le DevOps, je voulais donner mon avis, à qui veut bien l’entendre. Ce que je vais dire va sûrement paraître trivial à certains d’entre vous, mais pourrait donner quelques indices à ceux qui se demandent où va le métier d’infogéreur. Je parle de transformation DevOps, spécifiquement lorsque cette transformation touche une équipe de Managed Services/infogérance. C’est un sujet difficile dans ce contexte, car ces équipes doivent fournir un support moderne à leur client, qui sont parfois déjà organisés en mode DevOps, et même les aider à vivre cette transformation. Je ne vais pas entrer dans les sujets contractuels et SLA, c’est un point très sensible et complexe. En tout cas, pas aujourd’hui. J’ai pu observer deux façons d’approcher ce sujet. La première est une transformation complète et radicale de l’existant, pas de quartiers. La seconde est de construire une nouvelle équipe dédiée DevOps, en parallèle de l’existant. J’ai seulement vécu la seconde méthode personnellement. Il s’agissait d’une opportunité car nous amenions tout un panel de nouvelles technologies et de clients dans une équipe d’infogérance existante. J’ai pu faire le choix de repartir d’une feuille blanche et de bâtir un ensemble d’outils et de méthodes pour desservir des nouveaux clients dans un

Le retour des chercheurs

Mon, 26 Nov 2018 00:00:00 +0000

Ce qui suit est une opinion personnelle, un ressenti de mon expérience, et peut ne pas refléter la réalité ou même le ressenti de l’ensemble de mes camardes, merci de ne pas leur en tenir rigueur :) Lorsque j’ai débuté mon parcours professionnel, voire depuis mes études, nous avions une image assez négative des chercheurs en informatique. Ils étaient certes très intelligents, et avaient des connaissances approfondies, mais inutiles pour le quotidien. Savoir comment fonctionne un compilateur pouvait être passionnant, et servir dans quelques cas d’optimisation. De là à dire que c’était ce qui allait nous servir au quotidien… Durant les 15 premières années de ce siècle, la tendance a perduré. Ce que j’ai pu observer autour de moi n’était pas très glorieux pour les chercheurs et universitaires. Nous les trouvions déconnectés de la réalité, perdus dans des théories ou sur des problématiques très éloignées des nôtres. Quelques frémissements se sont fait sentir dans certains domaines avec la montée en puissance des grands acteurs actuels, Google en tête. Les questions d’analyse sémantique et de volumétrie de données à traiter ont amené ces acteurs à travailler directement avec la recherche scientifique, car aucun produit sur étagère n’était prévu pour ce genre de cas. Vu de mon fauteuil, cela aura été le début discret du changement que nous pouvons observer aujourd’hui. Les chercheurs sont sollicités, approchés, séduits. Nous avons besoin de leur vision en pointe, voire en avance sur la pointe, pour résoudre des problématiques spécifiques. Ce qui a changé, selon moi, est l’état d’esprit, probablement poussé par les start-ups et la digitalisation massive. Nous sommes passés d’une approche “produit” (qu’est-ce que je peux faire avec ce que je connais) à une approche “solution métier” (que faut-il pour résoudre le problème posé par le business). Et cela change tout. Là où nous nous limitions à utiliser les capacités de quelques produits et à les mettre en service pour des fonctions prédéfinies, désormais nous sommes en mesure de creuser la problématique métier, qui n’a souvent rien à voir avec un problème IT. Cette problématique, nous la traduisons ensuite en critères techniques, et nous allons à la recherche du meilleur compromis pour résoudre ladite problématique. Et s’il le faut nous nous tournons vers les chercheurs. Du côté des laboratoires, encore une fois selon moi, ce qui a changé en France est que ces équipes doivent maintenant aller chercher la plus grande part de leur budget dans des financements extérieurs. Et l’issue positive est que nous nous sommes rapprochés. Comme dans une belle histoire Disney de Noël (c’est de saison !), chacun a fait un pas vers l’autre et ensemble nous sommes plus forts. ;) Le marché privé se rend compte que le mode de fonctionnement et de financement de la recherche publique est particulier. Le privé est capable d’entendre cela et de s’y adapter, car cela permet de créer des nouvelles solutions, avec l’appui des meilleurs cerveaux et technologies, même si elles n’existent pas encore. Et la recherche publique a admis qu’elle devait travailler avec des projets peut-être plus précis, en termes de planning et d’objectifs, et surtout de ROI.

La fin des POCs

Thu, 22 Nov 2018 00:00:00 +0000

Pour avoir passé quelques années au sein d’une équipe dédiée à ce genre d’activité, il m’a été difficile d’accepter la réalité. Cependant, les faits sont là : les POCs sont mourants. Petit retour en arrière : un POC, ou proof of concept, est souvent le point de départ d’un projet de grande envergure. Son objectif est de prouver la faisabilité technique du projet, y compris la maîtrise par les divers acteurs dudit projet. Cet outil a été souvent utilisé par les constructeurs et revendeurs, afin de convaincre un client sur une nouvelle technologie. Hélas, le vent a tourné. Aujourd’hui les constructeurs, et les éditeurs, commencent à refuser les POCs. Selon moi, la cause est assez simple. Le POC était souvent financé quasi-exclusivement par le fournisseur et ses partenaires. Le but avoué, comme dit ci-dessus : valider la technologie. Sauf que quelques grains de sables sont venus perturber ce petit monde. En premier, certains clients et utilisateurs ont abusé du POC pour pouvoir s’amuser avec une nouvelle technologie, aux frais d’autrui. Et souvent sans aucun projet réel. Il s’agissait parfois de se faire mousser en interne, ou d’occuper son temps… En second, et c’est particulièrement valable sur l’IoT ou l’IA, les fournisseurs eux-mêmes avaient un objectif primaire différent du client : créer un cas client afin de pouvoir communiquer, et prouver au monde qu’ils avaient la capacité technique de délivrer cette technologie. Si on couple les deux problèmes, on voit nettement approcher la situation, vécue par beaucoup de grands comptes. Des POCs innombrables, sur les mêmes technologies, mais gérés par des entités internes et des fournisseurs différents. Cherchez un peu, en choisissant une grande entreprise au hasard, et regardez combien de POCs ont été fournis sur la même technologie, par des acteurs différents… La tendance a donc basculé, et il devient beaucoup plus difficile, avec des acteurs clairvoyants en tout cas, de réaliser des POCs. Tout n’est pas totalement bloqué, il existe des cas où le POC possède une vraie valeur. Il est même parfois nommé Proof of Value, car on étend son objectif à prouver la valeur et le ROI d’un projet, au-delà de la simple faisabilité technique. Et souvent, le financement du POC se fait de manière conjointe par l’ensemble des acteurs, y compris le client. Cela assure un intérêt réel et commun pour le projet dans sa globalité. Donc oui, la récréation est finie. Nous pouvons toutefois encore jouer un peu, avec sérieux :D Having worked in a team dedicated to them, it feels hard to admit that truth. However, the facts are here : POCs are dying. Let’s step back a little : a POC, or proof of concept, was often the starting poitn for a large project. Its point was to prove the technical feasability of the project, including the ability of the actors to deliver. This tool has often been used by vendors and providers, to convince a customer regarding e new piece of tech. Halas, winds have changed. Today vendors are pulling the plug on POCs. According to my own eminence, the cause is pretty simple. A POC is often paid almost-exclusiveley by the vendor and its partners. The acknowledged purpose, as stated before : validate the technology. But there has been a few hiccups on a smooth ride. First, a few customers or users, have abused the concept of a POC, in order to get some play material and time. They were able to get their hands on some shiny new hardware or software, and brag about it, without having any intention of deploying it for real. Second, ad this is particularly valid for IoT or AI topics, the vendors themselves had a different purpose for the POC : create some customer cases, to communicate about and prove to the world that they have the technical know-how to deliver that tech. If you search a little, choosing a large company, for communiques and testimonies about IoT for example, you will find that there are many firms that have delivered THE IoT platform for a customer, with a glowing testimony from some team from the customer. Which raises the question : how many unique and mind blowing IoT platforms does this customer need? Are they all for real? How many IoT preferred partners can a company have? The wheel has turned then, and it becomes more difficult, with clear minded actors anyway, to deliver a POC. All is not completely blocked, there are some cases where the POC has a real value. It is even known as a POV (proof of value), because its purpose is extended to prove the value and ROI of the whole project, beyond just technical feasability.

Des nouvelles fraîches

Fri, 16 Nov 2018 00:00:00 +0000

Et voilà, un nouveau post pour inaugurer des changements! Premièrement, vous l’aurez noté, j’écris désormais aussi en français. Le but est de pouvoir toucher aussi mes camarades français, et de pouvoir partager des informations qui parfois ne sont qu’en français, et aussi de satisfaire quelques râleurs français ayant du mal avec la langue de Freddie Mercury. Dans la mesure du possible, je ferais les deux versions de mes articles, mais ce ne sera pas systématique :) Pour le détail, j’ai créé deux tags qui permettront de trier les articles. http://cloudinthealps.mandin.net/tag/english/ http://cloudinthealps.mandin.net/tag/francais/ Ensuite, j’inaugure le français pour pouvoir m’excuser de ne pas écrire grand-chose cette semaine, mais plutôt de partager des articles déjà publiés ailleurs. Les deux premiers traitent de la vulgarisation de l’IA, et ont été écrits par Frédéric Wickert : Sway

Brainwave, Tensorflow : AI at the edge

Fri, 02 Nov 2018 00:00:00 +0000

About two years ago, Google announced the availability of TensorFlow processing units in its cloud. They are dedicated microcontrollers built for training and running Machine Learning models. TPU are available within Gcloud as an execution platform for ML (of course, optimized for TensorFlow). During the summer, they unveiled the edge equivalent of these TPU, which are named… Edge-TPU :) These are very specific ASIC designed to execute ML models on an edge device, i.e. a small device close to the sensors gathering the data. This allows for a fast decision, without the need to send a truckload of data back up to the cloud. But wait for it… Microsoft did just uncover a device called DataBox Edge. I know, the main purpose of this device is to provide a storage gateway to help you use Azure storage locally, and move the data between the device and Azure, hence the name. Bear with me, the path is a bit convoluted, and I would like you to enjoy every turn of it. Databox Edge is also equipped with what has been called IoT Edge. This nifty piece of technology will enable you to run Azure-based workloads on an edge device, such as Azure Functions, Azure ML, Azure Stream Analytics etc. IoT Edge has been out in the open for about a year now, to be deployed onto compatible devices. And, and that’s where we hit the Edge-TPU spot, also included in Databox Edge is a shiny new Microsoft hardware, called Brainwave. The name kind of gives away the purpose, especially after I guided you through the maze. Anyway, this chip is designed to run AI models on an edge device, and do it with impressive performance and efficiency. I know, at this point, you would point out at the fact that it might again be a case of “We did it first!” from Google. I’d like to focus a big difference between the two approaches. For once, I could not say which would win in the long term. In theory I prefer the approach from Microsoft, but that does not mean it will prevail (or that they would not change tactics and build something more like Edge-TPU). The difference is that Google built an ASIC, whereas Microsoft used Intel FPGA to deploy its Brainwave architecture. OK, this needs some explaining. First the names : ASIC means Application Specific Integrated Circuit. FPGA means Field Programmable Gate Array. You see where this is going? An ASIC is a very specific chip, designed to do only one thing, but optimized to its core. I should be able to execute one kind of job, but do it perfectly. One the other hand, an FPGA is reprogrammable after its deployment, to be able to adapt to future needs. Its performance is close to an ASIC, but not quite equal. To complete the panorama, going from specific to general use, we would then add GPU (Graphical Processing Units, as in your graphics cards) and then CPUs (ye good ol’ Pentium). Microsoft took the path of versatility, whereas Google focused on a particular use. As I mentioned, I’m not sure who has the best strategy, and whether there will even be a fight, but I am very curious to see both chips in the wild!

Testing out Hololens

Mon, 01 Oct 2018 00:00:00 +0000

During the summer I had the chance to visit the Porsche Museum in Stuttgart. And specifically, to try out two technologies I had never experienced myself before. First we had a tour through the original Porsche workshop, and built some components of the 356. Of course, that was using VR glasses. I could not find the maker of the set, glasses and controllers, but they looked a lot like HTC’s Vive. Anyway, the VR experience is really immersive and you have to be careful not to try to run around with the headset on. The motion control needs some adaptation period, but after the first tries, you usually get very comfortable grabbing a hammer and forming the body parts of the 356, or holding the spray gun to paint your very own Porsche in your favorite color. Overall, a good experience, the only limitation I see would be how to interact with the real world, or rather how to avoid bumping into the objects around you. And of course, it is a fully immersive VR, so you cannot see your body inside, apart from your arms, as you handle the motion controllers. I can see some uses where you could have enough empty space around you to walk around and see a future building before the furniture and all the fittings are in. I was definitely more impressed by the Hololens, mostly because the mixed reality opens up a lot more usages. In that case the point was to be able to see inside an hybrid Panamera, and understand all the components and moving parts involved with the hybrid technology. I had seen a lot a demos using Hololens before, but I was really curious about the level of interaction, and the finesse of the controls using specific gestures. I have to admit the design is slick and the experience, although a bit disturbing, is both impressive and immersive. I say disturbing, as the fact that some of the real world in your vision is overlaid by a virtual object can feel a little strange at first. You quickly get used to it, but it might be an adoption issue when deploying this technology into a daily worker toolset. Nevertheless, I was able to quickly navigate around the car, see the insides and get some information and advice. The controls are pretty obvious and do not get in the way. And you are able to avoid anyone (or any wall) getting in your way while you tour the car. There are so many businesses and industries where this tech could be used : • Any maintenance team for very specific hardware and high complexity tooling in the industry : airplane engines, industry automatons, remote stations where you could send any technicians that would be guided by a remote expert etc. • Training for the same hardware, for your own maintenance team • Anything involving 3D design : architecture, fitting and refitting of stores and offices, in store merchandising to ensure the right placement of all the items and furniture • You could create guided tours, using augmented reality, to provide detailed information for the visitors Argh, so many ideas!!!

Finding my way in the AI world

Mon, 24 Sep 2018 00:00:00 +0000

Wow, it has already been almost a month since I started! My new playground covers IoT and AI, and I am supposed to have a broad understanding of both. Regarding IoT, my recent background helped me grow a solid groundwork for that. I am fairly comfortable with the concepts, and with the involved technologies. Moreover, I have a colleague whose sole purpose is to understand and build IoT solutions, so my bases are well covered. When it comes to Artificial Intelligence, the coast is less clear. First, it is not a domain where I have any background, neither in the theory (math, bio science…) nor practical (any implementation of AI). Second, AI is the 2018 version of the Cloud in 2014 : everyone wants to do it, but not one has a clear definition of what we are talking about. Last but not least, the very term AI covers almost anything, from a chatbot to augmented reality to self-driving cars. My process has been a bit convoluted so far. First thing I have tried was to register for e-learning (MOOC or otherwise) sessions on the topic. I have tried several, from OpenEDX to Microsoft AI school, to Google and Tensorflow. The content ranged from very high level, which was mostly too high for me, to algebra (which was a bit too deep for me). Then I tried to read about the market. So I read a lot of whitepapers, from Microsoft, from DataIKU, from Forrester etc. This was rather useful, as it gave me basic understanding of where the situation was. I recommend Dataiku Machine Learning Demystified : https://pages.dataiku.com/machine-learning-basics-illustrated-guidebook But still, I felt I was stuck in the theory and could not find the practical applications. After some discussions with my usual suspect, Microsoft, I did have a look at their business uses cases and testimonies. I have to admit, some of them were pretty interesting… however there is absolutely no information about the architecture or implementation of the solution, which left me wanting. I finally found two Microsoft websites who did a good job of describing architectural templates, along with potential uses cases. https://azure.microsoft.com/en-us/solutions/architecture/?solution=big-data https://docs.microsoft.com/en-us/azure/architecture This is where I started digging, and it made my mind spin with all the possibilities. You will have to wait a bit for the outcomes, and follow what SCC will be doing on this market in the coming weeks ;) Last note, one of the smartest guy I have met at Microsoft, Frederic Wickert has started an AI business, and is writing, in French, to help debunk AI for us. I definitely recommend reading his posts!

Blameless post-mortem

Tue, 11 Sep 2018 00:00:00 +0000

Nope, my new position is not dead yet, thank you very much. What I mean by this title is usually a meeting in any IT service, after a major incident has been resolved, where all the team members who have worked on the incident gather and discuss what went wrong, and how to improve tools and processes to do better next time. I specify blameless, as it is a very good practice to avoid finger pointing, generally and particularly in these meetings. If you want people to be honest and share their best insights, you have to keep in mind that these post-mortems have to cultivate an atmosphere of trust. The aim is really to find out how the events have unfolded, which information had been gathered, what went wrong, what steps were smart, which ones did not work properly etc. For more information about that, I recommend some DevOps sessions and talks, like this one from @Jasonhand from VictorOps : It’s Not Your Fault - Blameless Post-mortems

IoT Challenges

Fri, 24 Aug 2018 00:00:00 +0000

After a long summer break, getting back to writing is a bit difficult, so here is a first post for a new era. I’ll be switching jobs early September, so there might a slight variation in the subjects I’ll write about. As highlighted in Gartner 2018 Cycle of Hype study, IoT is now a mature tech and we will see more and more large scale projects being deployed in the wild. I would like to expand a bit about what it entails to start an IoT initiative, whether it be to design a new product to sell, or to gain some insight and improve your own processes. The steps are familiar to anyone who has ever come close to a project in his/her life: 1. 2. 3. 4. 5. 6.

Managed Kubernetes and security

Fri, 06 Jul 2018 00:00:00 +0000

Almost a sponsored post today, or better : a shared announcement. You probably know that I am following Kubernetes rather closely, especially managed Kubernetes services (AKS, EKS or Openshift for example). One domain where these offerings have been lacking is network and security. It is still a very sensitive subject for our customers, for containers related project, and still for public cloud projects. Security and networking teams have trouble adapting to the public cloud paradigms and architectures. There some fear of loss of control, some base fear of the unknown, and some real worry about how to handle networking and security. Kubernetes (and the other orchestrators) adds another abstraction layer on top of the existing public cloud platforms, which does nothing to alleviate fear, to say nothing about complexity and transparency. There are some very good solutions out there to manage network overlays into Kubernetes. My favourite is Calico, but you may like any of those. I’ll stick with Calico for a simple reason, which you will see below. Microsoft and AWS are both working hard to provide a network overlay into their managed Kubernetes offering. They each chose their own path, but we will get to approximately the same point in a short time. Thanks to Jean Poizat, we have the two announcements.

Designing your own job

Tue, 05 Jun 2018 00:00:00 +0000

Depending on how you consider things, it is the third time that it happens to me. Being able to design, under certain limits, your own job, is an amazing opportunity. I will not go into too many details as some of it is work in progress, but the process was amazingly energizing and I wanted to share a bit of that energy. For my current job, I met my future boss on the recommendation of a former colleague. We discussed many things, from ITIL to Managed Services, and also public cloud and the need to get dev and ops team closer. We went through those kind of talks several times, at least four if memory serves. We went from a job which look like an Ops engineer/ITIL practitioner, to something closer to an Azure tech lead. In my previous position I also had the opportunity to be offered a promotion, and been able to discuss some of the content and responsibilities of the future role. I was also able to step down when time came for me to admit that it was not an ideal position, for me or for the company. Which was really appreciated, at least on my part. And once again a few weeks ago, I was called out of the blue by a colleague’s boss. He started to discuss his own future and what he was trying to design. He wanted to build something new, and was searching for a partner to build that together. And in that scheme, he discussed a position very similar to my dream job, and offered it to me. I almost fell off my chair. At that point I was ready to accept, without having any more details about the exact role and responsibilities, or even the salary. That’s where my future boss started to ask me what I would include or exclude from that job description, and how I could make it my own. My mind just froze. It took some time for me to recover and start thinking again. After some lame jokes, we discussed the position, and what we would like to build together. It took us several meetings and calls to see through the fog, as we are really going to build something new together, and we cannot rely much on what exists around us. The last funny thing to happen was that my next interview was with the CEO of the company, who was convinced by the both of us in less than 35 minutes. I could not believe my luck in getting there. Anyway, that’s it for the bragging post. I really needed to write that down to make it real (even if I signed and will start by the end of the summer :) )

Going back to my (our) roots

Fri, 18 May 2018 00:00:00 +0000

Yes, another post with an obscure reference for a title. After some time discussing tech subjects, I was of a mind of going back to something that has often been misread in the past by IT teams and IT management. And by that I mean : business. Yes, again. Do not misunderstand me, I am still a technologist, and I love learning about technology, finding out the limits and possibilities of any enw tech that is coming out. I am not a sales person, nor a marketing person. However I have been exposed to many well crafted presentations and talks over the years, and what often came out of even the most interesting ones was that : “our tech is fantastic, buy it!” All right, I love that tech. Be it virtualisation, SAN, VSAN, public cloud, containers, CI/CD, DevOps… choose whatever you like. But technology is not an end to itself in our day to day world. Whatever matters is what you will do with it for your company or customers. I will take an example. An easy shot at someone I admire. Mark Russinovich, CTO of Azure, and longtime Windows expert (I would use a stronger term if I knew one :) ). A few months ago, during a conference, he had a demo running where he could spin up thousands of container instances in a few seconds, with a simple command. First reaction : “Wow!” Second reaction : “Wooooooowwww!” Third reaction : “How can we do the same?” Fourth reaction (probably the sanest one) : “Wait, what’s the point?” And there we go. What was the point. For me, Mark’s point was to show how good Azure tech is. Which is his job, and this demo made that very clear. But Mark did go further, as he usually does, during his speech and encouraged everyone to think about the usages. Unfortunately, most of the people I have discussed with seem to miss the point. They see the Wow effect, and want to share it. But few of us decide to sit down and think about what the use case could be. And that is the difficult, and probably multi-million dollar question : how to turn amazing technology into a business benefit. Never forget that, apart from some very lucky people, we are part of a company that is trying to make money, and our role is to participate to that goal. We should always think about our customers, internal or external, and how we can help them. If doing that involves playing with some cool toys and be able to brag about it, go for it! But that is not the other way around. PS : to give one answer to how we could use Azure Container instances for the real world, especially the kubelet version of ACI, try and think about batch computing, where you would periodically need to spin up dozens or hundreds of container instances for a very short time. Does that ring any bell for you? PPS : I could not find the exact session from Mark I am describing here, but there is an almost identical session from Corey Sander and Rick Claus there : Azure Container Instances: Get containers up and running in seconds

Autonomous versus autonomic systems

Wed, 16 May 2018 00:00:00 +0000

This is a difficult topic. I have to admit I am still not completely comfortable with all the concepts and functions. However, the thinking is amazingly interesting, and I will take some time to ingest everything. First things first, I will use this post to summarize what I have learned so far. How did I end up reading that kind of work, you ask? Weeeellll, that’s easy :) Brendan Burns, in one of Ignite ‘17 sessions, used the comparison “autonomous vs autonomic” to discuss Kubernetes. This got me thinking on the actual comparison, and aided with our trusted friend, Google, I found a NASA paper about that (https://www.researchgate.net/publication/265111077 _Autonomous_and_Autonomic_Systems_with_Applications_to_NASA_Intelligent_Spacecraft_Operations_and_Exploration_Systems) I started to read it, but it was a bit obscure for me, and scientific English, applied to space research, was a bit too hard for an introduction to that topic of autonomic systems. Some more research, helped by me beloved wife, led to a research thesis, in French, by Rémi Sharrock (https://www.linkedin.com/in/tichadok/). The thesis is available right there : https://tel.archives-ouvertes.fr/tel-00578735/document. This one relates to the same topic, but applied to distributed software and infrastructure, which ends up being way more familiar to me :) The point where I am right now is just over getting the definitions and concepts right. I will try to describe what I understand here about automated, autonomous and autonomic systems. There is some progression from the first to the second, and from the second to the third concept. Let’s start with automated. An automated system is just like an automaton in the old world : something that will execute a series of commands, on the order of a human (or another system). For example, you have a thermostat at home that send the temperature from inside and outside your home to the heater controller.

My very first public presentation - feedback

Sun, 15 Apr 2018 00:00:00 +0000

There we are, I have finally given my talk about Kubernetes and Azure. It was both more and less than I expected. It was more easy, once I got there, into the position of a speaker than I expected. My fellow speakers were very kind and supportive, which helped with the pre-stage flutters :) It was also easier because the room was of a reasonable size, and I was not on stage in front of 500 people. And it was less deep dive than I expected, which also allowed me to relax a bit. I could get a feeling about the audience before going there, which let me into the dark regarding their needs and expectations. Let’s set the stage. The event took place at Microsoft’s Building 20, which is a Reactor (https://developer.microsoft.com/en-us/reactor/). So the building is definitely designed to host events comfortably. That helped a lot, as we even had someone from the A/V team to help us and ensure all the screens and microphones would be working correctly. And yes, the free coffee might also have been a huge help :) The room was large, without any raised platform for the speaker, but with multiple repeat screens all around. I was the third speaker, so I definitely had some time to review my slides and demo setup a few times. I did setup the demo environment the night before, to avoid any deployment issue at the last minute (which did happen 2 days before while I was practicing). Once again, having a scripted demo ensured that I would not forget any step, or mess up some command line options. I did have a few issues during the talk. First the mike did stop working at some point, failed battery. I kept on speaking without it, as the room was small enough to let me speak louder for a short time and still be heard. The support guy came shortly to replace the battery, so no big issue there. My remote clicker did work perfectly, but not the pointer part. That’s a shame, because it made it more difficult to point out at a precise section of a slide or demo. Afterwards I found out why, and I should be able to avoid that particular issue in the future. I did not get as much interaction as I hoped I would. I thing that it was mostly due to my anxiety, which prevented me to behave like my normal self and be engaging. What I would change for the future. First, for a set event like this one, I would practice in front of a camera, or a mirror, to actually see and listen to my speech. That would probably ensure that I would keep the correct pace and articulation. And also make sure that the flow of slides is comprehensible. Second, I would work more to know the expectations of the public. It turns out that my talk was way too technical and fast it should have been. While discussing with the attendees afterwards, I realized that I did not get many of the points through, probably because I went too fast over those. This brings me back to the interactions point above : would I have been more comfortable and interactive, I could have grasped that during the session and corrected it. Third, I should probably think about learning a bit more about controlling my voice and projecting it. I realized that during the week leading to the event, as I had to speak in a loud environment, and present/discuss the same kind of subjects. Labs A word on the hands-on labs we had in the afternoon. I just was glad to have stayed for that part. First because I had never been on the proctor side before, and it’s really fascinating to see a problem through the eye of someone with a different mindset and culture. I really learned a lot, and realized a lot during these 2 hours. Second, because it showed me the areas where my presentation had been lacking, and how much I had not been clear enough to be understood by everyone. I think these discussions with the attendees were the deeper feedback and improvement tips that I could get. For the record, the container labs we used are there : https://github.com/Azure/blackbelt-aks-hackfest/ That’s it for now. This first talk has unlocked something and made me realize that I should talk at every occasion I can, and that I love it, at least when it’s done ;)

My very first public presentation - preparation

Sun, 15 Apr 2018 00:00:00 +0000

I’m writing this a bit ahead of time, as I plan to write a follow-up to compare what is planned against what will have happened. As the title suggests, I will be hosting my very first public session on the 21st of April. I am taking part in Global Azure Bootcamp https://global.azurebootcamp.net, a worldwide community event where experts from around the world gather locally to share their experience and knowledge on Azure. I would probably have preferred to be involved in an event in France, however I am in Seattle that week, so my event of choice will be directly @Microsoft in Redmond. This will an occasion for multiple first times for me : first time on my own as a public speaker, first participation in Global Azure Bootcamp, first time presenting fully in English, and first time presenting in Redmond of course :) So, big step far out of my comfort zone. The aim of this post, as stated above, is to record what I did to prepare for the event, and afterwards, write down what have gone right and wrong, and how I can progress and do better. I have chosen the topic of containers & Kubernetes on Azure for two reasons : first I am rather comfortable with the subject, and second a colleague, Jean Poizat, https://www.linkedin.com/in/jean-poizat-0a97bb/, did already build a slidedeck and demo which I could expand from. Obvious first then : I have a chosen familiar grounds and existing material, to limit the amount of work needed. This however presented a challenger : start from slides which I did not write, and get familiar with those, before rearranging & completing those to my purpose and comfort. A word on how I got out of my comfort zone : a nice kick in the back end! I saw on some social networks few friends and colleagues getting ready for GAB in France, which prompted me to start collaborating, at least to give a hand. Once I realized I would be in Seattle at that time, I contacted the local event owner Manesh Raveendran, https://www.linkedin.com/in/maneshraveendran/, to offer my help, in broad terms. It took me a while to be able to suggest the session I will be presenting, and I almost chickened out a few times. But once Manesh wrote me in, that was it, I had to make this work! The next step was to get very familiar with the presentation and with the associated demos. I started presenting to myself, but out loud and standing. This allowed me to work my speech, content and speed, and fine tune the slides. I also quickly incorporated the demos, to work out how to time things, and how to work around a failing demo. I started 10 days before the set date, with the slides & demo mostly ready. I allowed a minimum of a deck run every two days, that I would then adjust depending on my comfort and accuracy. During these dry run, I would keep a piece of paper next to me, to write down whatever thoughts/questions or clarifications were needed. These would affect either the speech or the slides, and even the demo. In between these runs, I would review the slides as much as I could every day. I did not spend as much time reviewing the demo, as Jean had provided me with a solid script that would mostly run by itself, on my cue. The few manuals demos were quite simple, and worked every time. I was also lucky enough to meet with several architects during that time, who were kind enough to give me their feedback on my slides, and even to let me rehearse in front of them, and give me their impressions and advice. That was a big help, and a great comfort as showtime loomed closer :) I am now a few hours from the actual session, I will submit this post and start writing the follow-up right after the session. Stay tuned! PS : the program for the Redmond event is there : https://www.azurecommunityevents.com/#/event?181C8806AFB7-4142-B0D3-B1858E9E8956

Microsoft Tech Summit France

Thu, 15 Mar 2018 00:00:00 +0000

As the summit has just closed its doors, I would like to share my feedback on this first Tech Summit to happen in France. As far as I know there are already Tech Summits in several other countries around the world. From what I have heard, they are supposed to be “local Ignite” events. For honesty’s sake, I have to say that I have not attended Ignite so far, only Tech-Ed Europe a few years ago, so I will not compare too much the two events. However according to the community website (http://aka.ms/community/techsummit) the sessions were exactly the same as the ones played at Ignite. I did not see any numbers published, so far, but it was a rather small event. Attendance to the first keynote on Microsoft 365 was not really high, however the Azure keynote attracted more people and the room was almost full. I had the feeling that Azure was more exciting than Microsoft 365, but maybe 9:30 was too early for most :) Or maybe I am biased toward Azure ;) The conference took place in one Hall from Paris Expo, on one level. And we were far from crowding it. As it was a free event, right in Paris, it seems that a lot of people came and went, just for a session or two, rather than stay for the whole two days. Which is rather smart, as it lets local people continue running their business, while being able to attend some sessions. And it lent a quiet feeling to the event itself. For once, I managed to attend a few sessions, and they were very interesting, very focused on a tight subject. I was never deceived by a catchy title enticing me to a session that had nothing to do with what I could expect. The speakers were a mix of Microsoft Corp and Microsoft France, most sessions were in English and we could interact easily with every speaker afterwards. Overall the sessions raise some good ideas for me to pitch, and subjects to talk about with my customers. I would have liked more technical sessions, but I think deep dives need a specific environment and public to be able to run properly. In conclusion, I liked the event overall, but I do not see it as attractive as Experiences. And it was much smaller! Also Experiences had been criticized has being less technical than the previous event it replaced, Tech Days. From my point of view, Tech Summit is on the same level as Experiences, just smaller and 6 months later (or earlier depending on how you look at it :) ) As usual, the strategy is a bit difficult to read, but the local speakers and content providers were present and accessible, which is almost always my first reason to come :) One final word about the technical levels used to sort the sessions : levels are standard, from 100 to 400, with 100 being introductory and 400 being expert. My advice would be to change the description as the level describes mostly the current knowledge you need to have about the product (Azure for example) than the depth of the session. 400 does not mean you will see live coding and the inners of the platform. It means that you know already where you’re going, and have probably already used the product.

Azure SLAs

Tue, 27 Feb 2018 00:00:00 +0000

Another quite short post today, but for a complex topic. I had the discussion several times with our customers, and more recently with several Microsoftees and MS partners. The discussion boils down to “SLAs for Azure are complex, and you might not get what you think”. And I’ll add “you might get better or worse than you are used to on-premises”. Quick reminder, the official SLA website is here : https://azure.microsoft.com/en-us/support/legal/sla/ They are adapted quite frequently and what I write today might be proven wrong very soon. Yes, it happens, sometimes I am right for a long time :) Back to our SLAs. I will focus on one service, but the idea can be expanded to almost all services. Some services SLA are quite easy to figure out. Take Virtual Machines (Azure or not) for example. You just have to decide what metric proves that a VM is alive (ping reply for example), and measure that. Do some computation at the end of the month, and you’re done. With backups, the official SLA (https://azure.microsoft.com/en-us/support/legal/sla/backup/v1_0/) is a monthly uptime percentage. Which does not mean much for me, speaking of backups. Luckily, there is a definition of “downtime” : “Downtime” is the total accumulated Deployment Minutes across all Protected Items scheduled for Backup by Customer in a given Microsoft Azure subscription during which the Backup Service is unavailable for the Protected Item. The Backup Service is considered unavailable for a given Protected Item from the first Failure to Back Up or Restore the Protected Item until the initiation of a successful Backup or Recovery of a Protected Item, provided that retries are continually attempted no less frequently than once every thirty minutes. Meaning basically that the “backup service” has to be available at all time, whether you try to backup or restore. But, and there are actually two buts, there is not hard commitment there. Microsoft will give you back a service credit if the service is not provided, to the limit of a 25% credit. Eventually, you could get no service at all for a month, and you would get a 25% service credit. And the second, more important, but, there is absolutely nothing about a guarantee on your data. You could lose all of your data, and at most get a 25% service credit. Some people would then point you to the storage SLA, stating that once the backup is stored, the SLA that applies is the one from storage. Another but here, as we are in the same situation : no commitment about your data. One note : I never looked closely at the SaaS services SLAs (Office365 for example), but I remember someone from Microsoft IT saying that it was too difficult, and expensive, even for them, to build the infrastructure and services to compete with what Office365 offers. So yes, you might dig into their SLAs, and find that they have a light hand… but think hard on what you can do yourself, and how much it would cost you :) Do not get me wrong, Microsoft does a quite good job with its SLAs, and from my experience, a way better job that most companies can do internally or for their customers. I worked for a hosting company, and I can assure you that we could write down an SLA about backups, and even commit to it. We could pray that we would be right, and prepare the compensations in case we were at fault, but that was it. There was no way for us to economically handle a complete guarantee.

GDPR, my love

Tue, 27 Feb 2018 00:00:00 +0000

The original title was supposed to be “in bed with GDPR”, but it might have been a little too clickbait :) Anyway, short post today, but an important one, I think. To be honest, I feel like screaming everytime I see/read/hear someone telling me that “we need to have a GDPR offer/business/thing”. Alright, it is a buzzword, and I have to live with that. I have made my peace with AI, Blockchain, Big Data, IoT , Cloud, etc. But I still struggle with GDPR. Here is why. First this policy is a very important one in Europe, and will impact every business that comes anywhere close to us. You cannot ignore it. And every company has to look into it and find out what is needed to be compliant. Second, the deadline is looming, but the national law for France is not yet in application. There is a text that is discussed (https://www.legifrance.gouv.fr/affichLoiPreparation.do;jsessionid=?idDocument=JORFDOLE000036195293 &type=contenu&id=2&typeLoi=proj&legislature=15) but there might still be many changes before the law is applied in France. That means that we should hurry to wait, but be prepared… tough one. Last, and most important, and the main reason of my screaming : it is mostly a question of law, for lawyers. Sure IT has to get ready to comply, but most of the consulting and debating and discussing has to be managed by law experts, which will be the right people to understand what it will mean to be compliant. Sure an IT company can get some services in place, offer some broad suggestions and consulting. But without a lawyer, trained for that (and a proper written and voted law…) our job is almost meaningless.

IoT everywhere, for everyone

Tue, 27 Feb 2018 00:00:00 +0000

Today is another tentative to explain part of the Microsoft Azure catalog of solutions. As I did write about the different flavors of containers in Azure, I feel that it’s time for a little explanation about the different ways of running you IoT solution in Azure. There are three major ways of running an IoT platform in Azure : build your own, Azure IoT Suite and IoT Central. There are some sub-versions of those, that I will mention as I go along but these are the main players. I have listed those in a specific order, on purpose :

The risk of innovation burnout

Thu, 22 Feb 2018 00:00:00 +0000

Catchy title, isn’t it? It could have been copied from a Management magazine, or CIO Monthly. Note to self : check before getting a copyright infringement lawsuit. What I wanted to write about is mostly how to deal with the fast pace of innovation in the IT cloud business. And mostly, how I deal with it, in my specific role, and how I dealt with it before. As IT pros, we need to always keep an eye on the market, to check emerging technologies, to check where the existing ones are going and which ones are dying. This serves two purposes : • Keep our company and infrastructure up to date • Keep our own profile up to date, or at least on the track for the future In french we have an expression for that : “veille technologique”, which would roughly translate to “technological watch”. In some french schools this subject is taught. It mostly describe how to identify the proper source of information to track, and how to track those. The sources are mostly tech websites and influencers. The tools are more diverse : RSS feed, Linkedin, Twitter, Facebook, Reddit… In my previous position, as an infrastructure consultant & architect, I had to keep up with a limited set of technologies, mostly around databases and virtualization. My watch was purely technical, and dealt with detailed evolution of some component : which new feature was available in the latest version of Vsphere ESX, what capabilities was expected in the future release of Oracle DB etc. In that scenario, using RSS feeds, and attending some virtual events from the software editor was enough. I could keep up with the innovation pace by investing something along the line of one day per month of my time. Today, if I consider my CTO-like role, the job is more complex. The scope I have to watch is much broader. If you consider only Microsoft Azure and the services it may provide, it is already almost impossible to keep up. For example, if you use the blog posts “Last week in Azure” which only relate to official news from the Azure blog, you get around 30 news per week (https://azure.microsoft.com/en-us/blog/last-week-in-azure-week-of-2018-02-12/). If you want to dig into each announce, and find out how it might affect you, this will take more time than you have in a week :) And that does not count anything outside of official Azure news. If you add some specific content creators, from Microsoft or not, which post also every week, and then also add news and tendencies around DevOps… you get the point. I forgot the podcasts, and videos… The main risk, as the title stated, is innovation burnout, or innovation overload. From what I have seen with colleagues, partners and customers, most of them do not want to keep up with that mass of information. Fortunately, I love learning new stuff, and I love information. Here is how I am currently working to get the most relevant information in my mind, and keep up with the news stream. I have separate tools for separate needs, and most important I do not use them at the same pace :

Bring your containers to the cloud

Wed, 10 Jan 2018 00:00:00 +0000

Cloud and containers, two buzzwords of the IT world put together. What can go wrong? This post is a refresh on a previous one (https://cloudinthealps.mandin.net/2017/03/24/containers-azure-and-servicefabric/) with a focus on containers, rather than the other micro-services architectures. As usual, I’ll speak mainly of the solutions provided by Microsoft Azure, but they usually have an equivalent within Google Cloud Platform or Amazon Web Services, and probably other more boutique providers. And let’s be more specific, considering what happened in the container orchestrator world in the recent weeks. I am of the general opinion that this war is already over, and Kubernetes has won. Let’s focus on how to run/use/execute a Kubernetes cluster. First step : you want to try out Kubernetes on your own. The ideal starter pack would be called Minikube ( https://github.com/kubernetes/minikube) . I already wrote about it, the good thing about it is that you can run a Kubernetes installation on your laptop, in a few minutes. No need to worry about setting up any cluster and configurations you do not understand at all. You might want to play out a bit with Kubernetes the hard way, in order to be able to understand the underlying components. But that is not necessary if you only want to focus on the running pods themselves. Now you are ready to run a production workload Kubernetes Cluster. And you would like to handle everything on your own. There are many ways to get there. First, you want to deploy your own cluster, not manually but on your own terms. There is a solution, kubeadm (https://kubernetes.io/docs/setup/independent/create-cluster-kubeadm/), that will help you along the way, without having to do everything by hand. This is a solution that is compatible with any underlying hardware, cloud, virtual or physical. On Azure specifically, there are two concurrent solutions to build your Kubernetes cluster : ACS (https://azure.microsoft.com/en-us/services/container-service/) & ACS-engine ( https://github.com/Azure/acs-engine). ACS (Azure Container Service) is mostly a deployment assistant, that will ask you the relevant questions on your K8s deployment, and then create and launch the corresponding ARM template. After that, you’re on your own. And you may download the template, edit it and re-use it anytime you want! ACS-Engine is a command line customizable version of ACS, with more power to it :) I feel that both are Azure dedicated versions of Kubeadm, but they do not add value to your production. They still are good ways to quickly deploy your tailored cluster! BTW, if you go to the official webpage for ACS, it now just speaks about AKS, and you’ll have to dig a bit deeper to find out about the other orchestrators ;) What if you could have your K8s cluster, be able to run your containers, and just have to manage the clustering and workload details? There is a brilliant solution called AKS (https://azure.microsoft.com/en-us/services/containerservice/) , and no it does not stand for Azure K8S Service… It actually means Azure Container Service. Don’t ask. With that solution you just have to take care of your worker nodes, and the running workloads. Azure will manage the control plane for you. Nothing to do on the etcd & control nodes. Cherry on the top : you only pay for the IaaS cost of the worker nodes, the rest is free! In my opinion, it’s the best solution today, it offers you a wide flexibility and control on your cluster, at a very low cost, and lets you focus on what is important : running your containers. One last contestant to join the ring : Azure Container Instances (https://azure.microsoft.com/en-us/services/containerinstances/). This solution is still in Preview, but might become a strong player soon. The idea is that you just care about running your container, and nothing else. For now it is a plugin for an actual K8S cluster, that will present itself as a dedicated worker node, where you can force a pod to run. I did not have time to fully test the solution and see where the limits and constraints are, but we’ll probably hear from this team again soon.

DevOps is the new black

Mon, 08 Jan 2018 00:00:00 +0000

Yes, DevOps is the new black. I might not be the first to use the phrase, but it’s so obviously true. I am currently working on building some kind of offer around DevOps, so you’ll probably see more posts on the topic. But two things struck me recently and I decided I would make a post out of those. Both items are related to the people side of DevOps. The first is the importance of the people involved in your DevOps transformation or organization. The second, corollary to the first, is the recruitment of these people. People matter People are important, that’s obvious. However a customer experience has lately surfaced the importance for a successful DevOps transformation. I may not be able to go into many details but the broad outline is quite simple. The organization is a software team, within a large company. It delivers its own product, to be used by other business units. It has decided to run its own operations. Perfect candidate for DevOps, right? Using a custom approach, based on industry standards, an Agile/DevOps organization is designed and implemented. Fast forward one year. The transformation is quite successful, the stability and quality of the product have improved. The only thing that prevented the team to be outstanding seems to come from the people. Don’t misunderstand me, I am not judging this team and its members. But for an Agile/DevOps transformation to be successful you need the right people, with the right mindset. And not everyone fits the bill. Like some people are more comfortable in an open-space and some prefer a closed-off office. It has been the same with Agile practices, which could not apply to every situation and team. We need to pay extra attention to the people we include in these transformation projects, if we want them to succeed. Recruitment is crucial As a follow-up of the above assessment, recruitment of people for your team is important. Yes, I know, it has always been important. However, take a second look at the title of this post. Done? Alright. Now have a look at the job offers in IT. See any pattern? DevOps is written everywhere. It is somehow justified, as DevOps encompasses many modern practices that we have or would like to implement. Take automation, continuous delivery, continuous deployment, testing, QA etc. The issue is that not every job offer is for a DevOps team or project. Most of the offers are for traditional sysadmins or developers with a hint of DevOps. Which is a good trend, but not a good fit for a full devops profile. So, people matter in DevOps environments, so take care of your profile :) Note : this post was inspired by a LinkedIN post that I cannot find, in french, regarding the abusive use of DevOps in job postings in France. If anyone can find it, I’d love to thank and credit its author!

Cloud is for poor companies

Thu, 21 Dec 2017 00:00:00 +0000

I heard that statement from Greg Ferro (@etherealmind https://twitter.com/etherealmind) in a podcast a few weeks back. I have to admit, I was a bit surprised and had a look at Greg’s tweets and posts, while finishing up the podcast. Of course, the catchphrase is aimed at shocking, but it is quite well defended, and I have to agree, to some point with Greg on that. Let me try to explain Greg’s point, as far as I have understood it. The IaaS/PaaS platforms, and some of the SaaS ones, are aimed at providing you with on the shelf functionalities and apps, to develop your product quicker. And also to let you focus on your own business, rather than building every expertise needed out there to support your business. However, there are some underlying truths, and even drawbacks :

Velocity London '17 - content

Wed, 29 Nov 2017 00:00:00 +0000

I already posted about this event a few weeks ago, with a focus around my experience and the organization : https://cloudinthealps.mandin.net/2017/11/03/velocity-london-2017/ This time, I would like to share a short summary of what I have learned during these 4 days. The first two days were a Kubernetes training, so nothing very specific here. I learnt a lot about Kubernetes, which is to be expected :) During the two conference days, I attended the keynotes, and several sessions. The keynotes are difficult to sum up, as they were very different, and each was a succession of short talks. I attended several large-scale conferences in the past, and that was the first time that I felt that the speakers were really on the edge of research and technology. They were not specifically here to sell us their new product, but to share where their work was headed, what the outcomes could be etc. They broached subjects ranging from bio-software to chaos engineering, from blockchain to edge computing. Some talks were really oriented toward IT & DevOps, and some were bringing a completely different view on our world. Overall, it felt energizing to hear some many brilliant minds talk about what is mostly our future! The sessions were a bit more down to earth and provided with data, content and feedbacks that would bring us some changes back home. I was surprised to have most sessions concentrate on general information and feedback, and not so much on specific tools and solutions. I expected more sessions from the toolchains for DevOps (Chef, Puppet, Gitlab, Sensu and so on). Actually, even when the session were presented by these software companies (Datadog, Yahoo, Bitly, Puppet, PagerDuty) they never sold their product. However they used their experience and data to provide very useful insights and feedbacks. What I brought back could be split into two categories : short term improvements/decisions that could be implemented as soon as I got back (which I did partly), and trends that would have to be thought about and analyzed, and then maybe crafted into a new offer or approach. In the first category : • Blameless post-mortems. A lot of data analyzed, with one takeout for us : keep the story focused and short. If you do not have anything to add apart from the basic timeline… maybe you’re not the right team to handle the postmortem :) • Solving overmonitoring and alert fatigue. This talk was a gamechanger for me. What Kishore Jalleda (https://twitter.com/KishoreJalleda) stated was this : you may stop monitoring applications and services that are not respectful. For example, if you get more than X alerts everyday from an application, you may go to the owner of the application and say “as you are generating too much noise, we will disable monitoring for a moment, until the situation comes back to something that is manageable by the 24*7 team” Of course you have to help the product team get back on track and identify what is monitoring and what is alerting (https://cloudinthealps.mandin.net/2017/05/12/monitoring-and-alerting/). And you need top management support before you go and apply that :) • On the same topic, a session about monitoring containers came down to the same issue : how do you monitor the health of your application? Track the data :) The second group covered mostly higher level topics, on how to organize your teams and company for successful DevOps transformation. I noted an ever spreading use of the term “SRE”, which I would qualify of misused most of the time. At least SRE seems now to qualify any team/engineer in charge of running your infrastructure. Another trend, in terms of organization, was the model based on this famous SRE team, to provide tooling and best practices for each DevOps/Feature/Product team. I’ll probably post at length sometime later.

Velocity London

Thu, 19 Oct 2017 00:00:00 +0000

This October I had the opportunity to go at the Velovity conference in London (https://conferences.oreilly.com/velocity/vl-eu). The exact title of the conference is “Build and maintain complex distributed systems”. That’s an ambitious subject. The event had been suggested by a customer who went to one of the US editions and found that it was a brilliant event, both in terms of DevOps subjects covered and in terms the attendees & networking. So here I am, back in London, for 4 days of DevOps and cloud talks. [logo conf] I have started the conference with a special 2-days training on Kubernetes, by Sebastien Goasgen (@sebgoa) [logo k8s] The training was really intense, as Sebastien described many standard objects and tools of the platform, as well as a few custom options that we can use. We played with Minikube on our laptops, which is a really great way to have the experience of a Kubernetes cluster, in a small box. It was really packed, and we had to rush to keep up with Sebastien’s tests and labs, even with his Github repo containing most of the scripts and K8s manifests. I came out of those days a bit tired by all the things I had learned and tested, and a long list of new functions and tools to try, new ideas to explore etc, it was immensely fun, thank Sebastien! The conference itself was rather overwhelming, and a big surprise for me. I am used to large conferences like Vmworld or Tech-Ed where you get the good word for the year to come from an editor and its ecosystem. Most of the sessions in those are obviously diving into the products and how to use them. At Velocity, almost all the keynote speakers were somehow working in research, or such bleeding edge domain that it might not even exist yet. I loved being presented with what might be happening, and by people who are scientists at heart, not just marketing infused with a light touch of technology. Moreover the sessions themselves were mostly feedback on the speakers own experience on a specific domain/issue/subject. Usually they are not into a particular tool or software suite, but rather on how to make things work with DevOps and large distributed systems. Overall, I I really enjoyed this conference, because it very well organized, and small enough to be a human experience. As we have four days with the same group of around 400 people (227 to this day according to the attendee directory), in a rather small area, you cross path often with the same people, and it makes it easy to start conversations. Also they came up with a lot of ribbons that you can attach to your badge, to let other know what you are here for : [photo des ribbons] I was used to much larger conferences, where I always found the networking a bit difficult, if you did not know a few people beforehand. In Velocity’s case, it is so easy, you have only a handful of attendees and speakers, and you can meet everyone informally, during lunch breaks or just by asking. It came as a surprise for me to able just to chat with some of the speakers that have impressed me, like [juergen & Gremlin] just by going and sit with them at a lunch table.

Testing days

Wed, 11 Oct 2017 00:00:00 +0000

As I was getting ready for Velocity conference (https://conferences.oreilly.com/velocity/vl-eu) and the Kubernetes training by Sebastien Goasguen, I happened to be captured by a spiral of testing. First, I needed to have a K8s cluster running for said training. Sebastien suggested Minikube, which is a nifty way of having a local K8s cluster on your workstation and play with it. As it was too easy, I went through my K8s the hard way (http://cloudinthealps.mandin.net/2017/09/14/kubernetes-the-hard-way-revival/) on Azure again to be able to work on the real stuff, and use kubectl from my Linux env (embedded in windows 10). And I realized that I might have internet issues during the conference and would be happy to have Minikube running. So back to square one and to setting up minikube and kubectl properly on Windows. I tried the easy way, which was to download Minikube for Windows and run it. It obviously failed, and I could not find out why. After some try and fails, I just updated Virtualbox, which I was already using for personnal stuff. I just had then to rest the minkube setup that I had, with “minikube delete” and then start fresh : “minikube start” and voilà, I had a brand new Minikube+kubectl setup fully on Windows 10 (and a backup on Linux and Azure). But as I was working on that, I stumbled on a news there about Azure Stack (https://social.msdn.microsoft.com/Forums/azure/en-US/131985bd-bc56-4c35-bde8-640ac7a44299/microsoft-azurestack-development-kit-201709283-now-available-released-10102017?forum=AzureStack) and specifically the AS SDK, which allows for a one node setup of Azure Stack. This tickled my curiosity gene. A quick Google to find if there was any tutorials or advice on running nested Azure Stack on Azure, and here am I, setting up just that. Keep in mind that the required VM (E16s-V3) is just above 1€/hour, which means 800€ monthly, so do not forget the auto-shutdown if you need to control your costs :) The guide I followed is there : https://azurestack.blog/2017/07/deploy-azure-stack-development-kit-on-an-azure-vm/ I did almost everything using the Azure portal, maybe it might be useful to build a script to do that more quickly. Note that the email with the download link takes some time to be sent, so you might start with that. Or you can use the direct link : https://aka.ms/azurestackdevkitdownloader And this first test did not work out the way I expected. There were many differences between the article, the official doc, and what I encountered while deploying. Back again to first step, I redeployed the VM, redownloaded the SDK, and started from scratch, following the official doc (https://docs.microsoft.com/en-us/azure/azure-stack/azure-stackdeploy), I just added the tweak to skip the Physical host check, in order for the installation to continue even though it was running on a VM. After a few hours, Voilà I had a fully running Azure Stack, within an Azure VM! Now I just have to read the manual and play with it. This’ll be the subject of a future post, keep checking!

New security paradigms

Mon, 09 Oct 2017 00:00:00 +0000

Obviously you have heard a lot of talk around security, recently and less recently. I have been in the tech/IT trade for about 15 years, and every time I have met with a new vendor/startup, they would start by saying that we did security wrong and they could help us built Next Gen security. I am here to help you move to the Next Gen :) All right, I am not. I wanted to share a short synthesis of what I have seen and heard over the past months around security in general, and in the public cloud in particular. There are few statements I did find interesting : • Perimetric lockdown, AKA perimeter firewalls, is over. • No more need for IDS/IPS, in public cloud, you just need clean code (and maybe a Web Application Firewall) • Public cloud PaaS services are moving to an hybrid mode delivery Of course, these sentences are not very clear, so let me dig into those. First, perimeter security. The “old” security model was built lake a medieval castle, with a strong outer wall, and some heavily defended entry points (Firewalls) There were some secret passages (VPNs), and some corrupted guards (Open ACLs :) ). https://commons.wikimedia.org/wiki/File:Herstmonceux_Castle_with_moat.jpg This design has lived and is not relevant any more. It is way too difficult to manage and maintain thousands of access lists, VPNs, exceptions and parallel Internet accesses, not mentioning the hundreds of connected devices that we have floating around. A more modern design, for enterprise networking, often relies on device security and identity management. You will still need some firewalling around your network, just to make sure that some dumb threat cannot go in by accident. But the core of your protection, networking-wise, will be based on a very stringent device policy that will allow only safe devices to connect to your resources. This solution will also require that you have a good identity management, ideally with some advanced threat detection in place. Something that can tell you when some accounts should be deactivated/expired, or when you have abnormal behavior : for example, two connections attempts for the same account, from places thousands of kilometers apart. For those who have already setup 802.1X authentication and Network Access Control on the physical network for workstations know that it requires good discipline and organization to work properly and not hamper actual work. To complete the setup, you will need to secure your data itself, ideally using a solution that manages the various levels of confidentiality, and can also track the usage and distribution of the documents. As I said No more need for IPS/IDS. Actually, I think that I have never seen a real implementation that was used in production. Rather there was almost always an IPS/IDS somewhere on the network, to comply with the CSO’s office requirement, but nothing was done with it, mostly because of all the generated noise. Do not misunderstand me, there are surely many true deployments in use that are perfectly valid! But for a cloud application, it is strange to want to get down to that level where your cloud provider is in charge of the lower infrastructure levels. The “official” approach is to write clean code, to make sure that your data entry points are protected and then to trust the defenses in place from your provider. However, as many of us do not feel comfortable enough to skip the WAF (Web Application Firewall) step, at least Microsoft has heard the clamor and will add the possibility to connect a WAF in front of your App Service shortly. Note here : it is already possible to insert a firewall in front of an Azure App Service, but this requires a Premium service plan, which will come at a ahem premium price. And that was my third point : PaaS services coming to a hybrid delivery mode. Usually when you look at PaaS services in the public cloud, they tend to have public endpoints. You may secure these endpoints with ACLs (or NSG for Azure), but this might not be very easy to do, for example if you do not have a precise IP range for your consumers. This point had been discussed and worked on for a while, at least at Microsoft, and we are now seeing the first announcements for PaaS services that are usable through a Vnet, and thus private IP. This leads to a new model, where you may use these services, Azure SQL for example, for your internal applications, through a Site-To-Site VPN.

Certifications

Wed, 04 Oct 2017 00:00:00 +0000

I have been pushing my team to get certified on Azure technologies for the past 24 months, with various degrees of success. I am quite lucky to have a team who does not discuss the value of the certification, however much they discuss the relevance of the questions. But, as I am now going over almost 15 years of certifications in IT, I feel quite entitled to share my views and opinion. Keep in mind that I work in infrastructure/Operations, and in France, which will probably give some bias to my analysis :) I will start with some general comments on the value of certifications, from a career perspective, and dive into some specifics for each vendor I have certified with over the years. Some of my exams are a bit dated, so please be nice. I will conclude with my general tips to preparing for an exam. As I said, it’s been almost 15 years since my first cert, and I started that one before even being employed, that gives me some insight about the relevance of such investment in my career. I took my first dip into the certification world during a recruitment process with a consulting company. We were two candidates, I was the young guy and the other one was already holding his Microsoft MCP. I felt, at that time, that I could benefit from one myself, and compensate some of my lack of experience with it. As I registered for my first MCP exam, for Windows 2000 (!), I was contacted to get into a kickstart program to get my certification level up to Microsoft MCSE, everything started from there. After a few months, I passed the final MCSE exam (out of 7 at that time) and was recruited, to work on Cisco networking, which had nothing to do with my skills, by the very same company that had interviewed me when I discovered the MCP. I still think that the fact that I went through the certification path did a lot to convince my boss to be of my motivation and ability to work hard. Over the years I refreshed my MCSE with each version of Windows (from 2000 to 2016) and added a few new ones, depending on what I worked on at my positions : Cisco, RedHat, Vmware and Prince2. Even though it was not obvious in my first job, the following ones were pretty clear cases where my certifications held some value to my employer. We discussed the fact during some of the interviews rather openly. And I was in a recruiter’s shoes myself a few times, and here is why I feel is useful regarding the certifications. First it show that you can focus on sometimes gruesome work, for a while. Passing these kind of exams almost always forces you to learn tons of new information, on software or devices that you maybe never handle. Then it show dedication to maintain them over time, when they have at least some value to your current position. And, let’s be candid, it show you can take one for the team, because almost every vendor partnership requires some level of certification. And, as I said, I know for a fact that I had been recruited, at least partly, twice thanks to my certs. On the salary part, I am not definite on the impact of certifications. I do not feel that the cert plays a part there, but I cannot prove or disprove it. That being said, when you take one of these exams, you will experience very different things depending on the vendor, and sometimes on the level of certification. Let’s take a closer look. We’ll start with my longest running candidate : Microsoft. Apart from one beta test ten years ago, I always had some kind of MCQ with them. You may have some variation around that : drag and drop, point and click etc. But, by and large nothing close to a simulator or designer. This had led to a bad reputation a while ago, when you may have had an MCSE (which was like the Holy Grail of Microsoft certification) while having absolutely no hands-on experience with Windows. They have kept the same format for Azure exams, and are taking some heat also, because the exams are deprecated almost as they go out. I am wondering whether they are working on some other way to certify. Cisco had a router/switch simulator for a long time, which had brought some rather interesting exams, for the lowest levels. I only took the CCNA 15 years ago, so I do not know how it goes for higher levels. The only caveat, from my perspective, was that the simulator did not allow for inline help and auto-completion, which you still have in real life. RedHat, for the RHCE exams, had the most interesting experience in my view. The exam was completely in a lab, split in two sections. First you had to repair a broken RHEL server, three times. Then you were given a list of objectives that you had to meet with a RHEL server. You could choose whichever configuration you would prefer, as long as the requirements were met (with SELinux enforced, obviously :) ). You had a fully functional RHEL, with the man pages and documentation, but without an internet access. I still feel to that day that this way let you prove that you really were knowledgeable and had the necessary skills to design and implement a Linux infrastructure. And the trainers were always fun and very skilled. I also certified on Vmware Vsphere for a while and that brought me to a whole new level of pain. The basic VCP level is fine, just along the same lines as an MCP. But when I started to study for the next level, VCAP-DCD (which stands for Vmware Certified Advanced Professionnal-DataCenter Design), I had to find some new ways of preparing and learning. You see, where a usual exam requires you to learn some basic stuff by heart (like the default OSPF timers, or the minimum Windows 2000 workstation hardware requirements) it was still a limited scope. For this exam, you had to be able to completely design a Vsphere infrastructure, along the official Vmware guidelines, form all of the perspective

Experiences'17

Wed, 04 Oct 2017 00:00:00 +0000

It has been a long two-days event for Microsoft France. I wanted to summarize this event and what happened during those two days. I will not be extensive about all the announcements and sessions that were offered. This will just be my experience (pun intended) of the event. This year I did not present a session, mainly because the process to submit one was very unclear, and I did not want to fight against smoke. And last precision, it was only my second Experiences, and I never attended its predecessor, Techdays. As I said, it is a two-days event, split between a business day and a technical day. I attended both, as my role is also split between the two aspects. I found that the distinction was very visible regarding the content of the various sessions, apart from the keynotes (and Partner Back to School session). Overall the technical level is rather low, but most of MS staff is onsite and you can have very interesting discussions with them, as well with the other attendees. A word on the attendees : there are very different groups in there. I have met with numerous Psellers and MVPs, as well as Microsoftees. Obviously, there are many customers and partners around, some of them just for show, some with a very specific project/problem in mind. And there are people that I am not accustomed to see in business events, but who bring a refreshing variety to the general attendee population. These are both students from multiple schools (engineering, but not only), and employees who managed to get their managers to approve because the event is free. I am not sure whether it is the case in other countries, but in France we usually have difficulties getting approval to travel abroad and pay for a conference. It is not always true with every company, but it has been widespread enough that some European-wide events are replicated to a smaller scale in France to allow French techies to get the content as well. Back to the event itself, the rhythm was rather intense this year and I missed many sessions, to be able to meet and discuss with everyone I wanted to. As it is with all event, the quality of a session is very dependent on the quality of the speaker. The ones I attended were very good and made a lot of effort to stay focused on their topic and keep everyone on board. About the keynotes, well they were of the expected quality, on par with Inspire, with several videos, demos, interviews etc. As was the case with Ignite, some talks were highly specific (to AI or Quantum computing) and made me believe that Satya Nadella is taking some moves from Elon Musk. It was very different from the Tech’Ed days were we were shown the new interface for System Center, or a new tablet. The buzzword this year at Experiences was AI (it was Blockchain last year). I have to admit that the AI Hackademy included some very interesting ideas and startups. I did not manage to visit them all but I was pretty impressed to see so many startups working on the subject, and bringing fresh ideas and concepts to our world. All right, everything was very positive, I am convinced. I will share one mildly negative thought though : AI was sometimes thinly stretched over a piece of software or idea. I’ve seen some interesting uses of statistics, or even good programming and algorithms, but to say these were truly AI was going a bit far. At least that’s my opinion, but we may not all have the same definition… as for what is a cloud :)

Kubernetes the hard way, revival

Wed, 13 Sep 2017 00:00:00 +0000

This week, I had my first troubles with GitHub while trying to push all the updates I did to “Kubernetes, the hard way” to use Azure. Long story short, I did have to ditch everything I did write for the new guide, and start over, as there were too many new commits from Kelsey’s guide. This misadventure pushed me to do several things :

Create and maintain my own fork of Kelsey’s guide : https://github.com/frederimandin/kubernetes-the-hard-way
Rewrite this guide, and make it work on Azure
Use Visual Studio Code, with the GitHub and Markdown plugins. As it was also a first… some pain was involved.
Go several steps beyond, in order to play a bit more with K8S The first two steps are done and commited, as you may see on GitHub. It did take a smaller amount of work than expected, as most of the commands I wrote for the previous guide were still usable. I did have to redeploy the test K8S cluster to confirm that everything was fine. Please, if you have some spare time, do not hesitate to use this guide, and give me some feedback! Then I tried several test, in addition to the ones included in the guide. First I deployed a container from the Docker public Registry : https://hub.docker.com/r/apurvajo/mariohtml5/ This went quite well, and I had the infinite mario running for several hours, and accessible from the outside world on its own port. At that point I got lost… I started to update this blog, and realized that the website was not using HTTPS. I figured now would be good time to do it, and I thought about using Let’s Encrypt (https://letsencrypt.org). As it was my first time, it took me a while to find out what to do exactly. Actually, the easiest way was to just activate the extension for the web app on Azure, and follow the guide. We are now securely discussing on https://cloudinthealps.mandin.net :) That was fun, but I still have not started to play with Helm (https://www.helm.sh), which was the original idea. Ill have to postpone that activity and blog about it later!

Kubernetes and Azure Container Instances

Thu, 24 Aug 2017 00:00:00 +0000

Following my recent ventures in the Kubernetes world (http://cloudinthealps.mandin.net/2017/08/23/kubernetes-thehard-way-azcli-style/), I now had a functional Kubernetes cluster, on Azure, built with my own sweat and brain. But that was not the original goal. The original goal was to try and play with Azure Container Instances, and its Kubernetes connector https://azure.microsoft.com/fr-fr/resources/videos/using-kubernetes-with-azure-containerinstances/ Following the guide on GitHub was relatively straightforward and painless (https://github.com/Azure/aci-connectork8s), but I encountered two small issues. One was that I am not completely comfortable yet with all things K8s, and I had to read a bit about taints, to understand why the current ACI connector is not used by the K8s scheduler by default. Not a big deal, and a good way to get to know more about K8s. The second one was maybe due to the fact that I had never used ACI before, maybe not. I logged it into the GitHub project as an issue (https://github.com/Azure/aci-connector-k8s/issues/33) to make sure that it is taken into consideration. Short story was that I was missing a registered Provider in my subscription. However the error message did not pop up in kubectl output, but only on the Activity log in Azure portal. Another good occasion to learn an dig into some tools.

Kubernetes, the hard way, AZCLI style

Wed, 23 Aug 2017 00:00:00 +0000

Finally a tech post! I have been busy this week, on command lines and Kubernetes. The starting point was the recent announce for Azure Container Instances and the related Kubernetes conenctor : https://github.com/azure/aci-connector-k8s I admit I did try what Corey Sanders showed in his show : https://channel9.msdn.com/Shows/Tuesdays-WithCorey/Tuesdays-with-Corey-Azure-Container-Instances-with-WINDOWS-containers. However what I found interesting and wanted to try was the ACI connecter to Kubernetes, and how we would work with that. Of course we have a test Kubernetes cluster here, that someone from our tema built, but it felt too easy just to add the connector. Also I am not comfortable yet with Kubernetes and I wanted to get my hands dirty and know more about the inner workings of a k8s cluster. I remembered a quote from the Geek Whisperers’ show featuring Kelsey Hightower. He said that he wrote a guide to build a K8s cluster from the ground up, without any shortcuts. The guide is found there : https://github.com/kelseyhightower/kubernetes-the-hard-way The downside is that the guide is aimed at Google Cloud Platform, and I am an Azure guy. And there was my pet project for this week : adapt the guide for Azure, using only Azure CLI commands! There was one final trick for me to learn : store and share all that on GitHub. As I never had to work with Git by myself, it was also a good way to learn the moves. So, lots of new stuff learnt : • Create a K8s cluster from scratch • GitHub, and Git • Making progress on Azure CLI • A good refresh and Azure infrastructure The project is hosted there : https://github.com/frederimandin/Kubernetes-the-azcli-way There are many following steps to work on : • Integrating properly with Kelsey’s guide • Testing my own guide again • Adding ACI connector to my cluster and play with it (and write about it of course!) I’ll keep you posted, of course!

Inspire '17

Fri, 11 Aug 2017 00:00:00 +0000

We are almost halfway of the first quarter for Microsoft Financial year, a month after the partner convention, which has been rebranded “Inspire”. Now that I am not a newbie any more, I can step back a bit and see past the awe of the first event. The setting this year was in Washington DC, which is great place for these kind of events. There are many hotels nearby, the city center is small enough to walk around, and there are many chic places for the evenings. This is not a travel blog, so I will not go further into the tourism information. This year we had decided, with our PSE, to have a lighter Microsoft agenda, and to be able to attend more sessions and impromptu meetings. I have to say that it was a wise choice. It allowed us to make new connections, to network quietly and to enjoy the Expo and the other partners. Note that I found it way easier to network this time, as our company was better known in the ecosystem, and we also had a better knowledge of the various people, names and acronyms used throughout Microsoft. This year I was able to attend several sessions, with different format : roundtables, breakout, demo theater, workshop and of course keynotes. The content was really good, though it is definitely not a technical event. The best way to have a technical discussion is to go to the Microsoft pods with a specific subject in mind and ask for an expert on that matter. Also these pods provide good help and advice on how to build or develop your business along the current track or toward a brand new scope (yes GDPR was a recurrent topic, I’ll write separately about that later on). I have met many amazing partners and vendors, through the social events, or on their booths and we have started to build new relationships that will hopefully help develop all our business and knowledge. Once again, it is an event where you have to be prepared, and be prepared to change your plans. First you need to have an idea of your goal beforehand. Do you want to find new partners within the ecosystem? Would you rather gian some traction or visibility in that ecosystem, both from Microsoft and from the other partners? Are you open to new business opportunities? Are you here to listen to the keynote and get a feeling of what is coming for the near future? Then, you need to build your agenda around that goal : sessions, meetings, events etc. But do remember to leave some room to be able to continue a discussion with an unexpected partner, or be ready to not attend a session live and see the recording, because something else popped up. And mostly, have fun :)

Choosing between IaaS, PaaS and SaaS (maybe containers?)

Fri, 07 Jul 2017 00:00:00 +0000

I know, there are tons of materials and training that will explain you how to select between SaaS and custom software. I’ll summarize their usual points, but I wanted to add some details on how you might have to look at the full scope of cloud services : from Iaas, through PaaS, to Saas, and a detour through containers. First the usual discussion, that have seen unfurl dozens of times : why choose SaaS over a custom/on-premises solution? You know the drill, right? On one side, you have full control and can customize the solution. This means the software will be tailored to your exact needs, and you will control exactly what is done with it, how is updated, where data is stored, accessed, replicated, backed-up etc. You will know the exact setup of the deployment, which layer is connected to which other layer, how, where traffic goes, how each layer is protected, and replicated. You will handle failover, high-availability etc. In a few words : you will be the master in your own kingdom. Problem with that path : you are, mostly, on your own. All of these domains I just listed are your responsibility, and you have to have knowledge and skills to handle those. You might need to expand those skills to cover 24*7. You’ll need a strong IT team, in addition to a trained software team. On the other side, you have SaaS : bright new, quick and easy. You set that up in a flash, connect the solution to your other enterprise software, create user accounts and voilà! No administrative overhead, the only skill you have to master is the configuration of the solution. You’ve seen the downside coming : you have absolutely no control over the software, its release cycle, the mechanisms in place to provide high-availability. Sometimes you have some control over your data, but it’s not obvious. In the end it’s your call to choose the balance you need. The cloud has integrated the same choices and solutions. You will have to decide whether you want to use IaaS, PaaS or SaaS. The basic triggers are the same, you choose the right balance between control, freedom and responsibility. Read here a good explanation : https://docs.microsoft.com/fr-fr/azure/app-service-web/choose-web-site-cloud-servicevm I would like to add something to that horizon, something spicier, which could probably give you the best of each solution, provided you are ready to learn some new skills. We had the same discussion several times with our customers, revolving around the limitations of Azure App Service for some Java applications, its lack of control, and how moving from that to a full-blown IaaS virtual machines felt like dropping out of the cloud. Here what we built with some of those customers. We wanted to provide them with the flexibility and ease of use of Azure App Service, tailored to their needs, without adding much IT admin overhead. We had already been running a Kubernetes cluster for our own internal needs for a while, and it was an easy leap to suggest that solution. Kubernetes is becoming the leader in container orchestration, but you could choose any other solution (DCOS, Swarm etc.) Here is a short list of the benefits the customer gained in that solution : • Flexibility of the deployment and settings of the application, down to every Java VM option • Scalability of an enterprise-ready container orchestration, based on a cloud platform that is reliable • Ease of deployment : these are containers after all! The only thing you have to keep in mind here is that someone has to learn and master containers and the orchestration layer for those. Kubernetes might not be the most accessible solution here, but it is, in my mind, the most mature and powerful. One last word, for you sceptics who still believe that Microsoft and Open-source are still far from each other : try to make a new build of your software for containers using Visual Studio : https://blogs.msdn.microsoft.com/jcorioland/2016/08/19/build-push-and-run-docker-images-with-visual-studio-teamservices/

My journey to the cloud

Fri, 07 Jul 2017 00:00:00 +0000

I may have skimmed that subject a few times before, but as I get to the end of the (Microsoft) year, and begin a new one, it feels right to reflect for a while on what got me where I am now. The short version is : I got enough of cabling, servers, storage and operating systems, and wanted to move to something else, however related. Okay, that is VERY short. Allow me to develop that further. I started working in IT about 15 years ago. I did my duties in user support, moved to network engineering and implementation. At the same time, I discovered the wonderful world of Microsoft training and certification, and got my first cert around 2003, quickly followed by an MCSE (yes, on Windows 2000!). I switched back and forth between networking and systems engineering for several customers. I collected some knowledge along the way, mainly about hardware installation, cabling, storage and servers, but also about virtualization, networking, SAN. I continued my cert trip in parallel, maintaining my MCSE up to Windows 2016 and Azure. I also collected a few other certs : ITIL, Redhat RHCE (6 & 7), Vmware VCP & VCAP-DCD, Prince2 etc. I will say more about certification in a later article, keep in touch! To complete the brush-up, I tried my hand at project management, as well as people management. Let’s get to the point where it gets interesting. First time I heard about public cloud was at Tech-Ed Europe, probably in 2010. It was mostly limited to SQL server databases with many limitations. It was not really a hit for me. The subject kept reappearing : public cloud, private cloud, elastic computing, you’ve heard the talk. There were actually two triggers to my “Frederi, meet Cloud” moment. The first one was rather a long term evolution of my area of interest. After years spent working with the same company, and on the same software, I got to the point where I could understand the business side of my actions and responsibilities for our customers. It was a slow shift to a more end-user/application centric approach. This is where I try to push today : the major focus and metric is the end-user. If this user is not happy about his experience, then we (the whole team behind the software, from IT infrastructure to developers and designers) have failed. This is why I tend to ask the question early in the discussions : how is the application used? By who? The second trigger was more of a “a-ha” moment, specifically about public cloud. In a previous job, I was in an outsourcing team, focused on infrastructure. We had a whole Services department, whose job was to design build and deliver custom software. We almost never had a project in common. Until once we had a developer on the phone, and we had the most common conversation between dev and ops : Dev : “we have built a php application for that customer, and he wants to know if we can host and operate it, and what the cost would be” Ops (me) : “OK, tell me your exact need : OS, VM size, which web server, which version, how much disk space, a public IP etc?” Dev : “I do not know that” Ops : “in that case, I cannot give you an estimate. We can operate, but we need to know what” Follow a few days of emails trying to get those details ironed out and try to write a proposal. Two weeks later, we had the same dev on the phone : “Drop it, the customer has already deployed in Azure by himself”. That is when I realized that we, ops and infra, could not stay on the defense line and ask for what we knew best. We had to ask about the application itself, and we had to get into that “Azure” stuff. And that’s how I ended up in Azure, and mostly PaaS oriented ;)

Voice control and security

Mon, 26 Jun 2017 00:00:00 +0000

I will assume that I am definitely not the first one to write about that, but I feel the need to write anyway. We saw during a few recent events that our new beloved always listening devices can interpret an ordre form almost anyone (Someone ordered a Whopper? Burger King: OK Google!)

It seems trivial and a bit childish, but when you start integrating many services into a system like that, you may have to think about security. This goes at different levels : from limiting commands to voice-print recognition.

PaaS and Managed Services

Sat, 20 May 2017 00:00:00 +0000

If you know me, or have read some of my previous articles, you will know that I am a big fan of PaaS services. They provide an easy way for architects and developers to design and build complex applications, without having to spend a lot of time and resources on components that may be used out of the box. And it relieves us IT admins of having to manage lower levels components and irrelevant questions. These questions are the ones that lead me to switch my focus into cloud platforms a few years ago. One day I’ll write an article on my personal journey :) Anyway, my subject today concerns the later stages of the application lifecycle. Let’s say we have designed and built a truly modern app, using only PaaS services. To be concrete, here is a possible design.

Sharding your data, and protecting it

Wed, 17 May 2017 00:00:00 +0000

I am quite certain that there are many articles, posts and even books already written on that subject. To be honest, I did not search for any of those. For some reason, I had to figure out sharding almost by myself building a customer design. So this post will just be my way of walking through the process, and confirm that I can explain it again. If someone finds this useful, I will be happy :) Here is the information I started with. We want to build an application that uses a database. In our case, we chose DocumentDB, but the technology itself is irrelevant. The pain point was that we wanted to be able to expand the application worldwide, but also to keep a single data set for all the users, wherever they were living, connecting from. That meant finding a way of having a local copy of the data, writable, in every location we needed. Having a readable replica of a database is quite standard. You may even be able to get multiple replicas of this kind. Having a writable replica is not very standard, and certainly not a simple operation to setup. Having multiple writable replicas… let’s say that even with reading the official guide from Microsoft (https://docs.microsoft.com/fr-fr/azure/cosmos-db/multi-region-writers) it took us a while to fully understand. As I said, we chose to use DocumentDB, which already provides the creation a readable replica with a few clicks. This is not enough, as we need to have a locally writable database. But we also need to be able to read data that is written from the other locations. What we can start with is to create a multiple ways replica set. We could have a writable database in our three locations, with a readable copy in each of the other two regions : Dessin

WPC 2016

Sat, 15 Apr 2017 00:00:00 +0000

It has almost been a year since my first Worldwide Partner Convention organized by Microsoft in Toronto. At the time, I wanted to share some insights, and some tips to survive the week. Before WPC, I attended multiple Tech-Ed Europe and VMworld Europe, in several locations over the years. WPC is slightly different as it is a partner-dedicated event, without any customers or end users. It gives a very different tone to the sessions and discussions, as well as a very good opportunity to meet with Microsoft Execs. As it was my first time, I signed up for the FTA (First Time Attendee) program, which gave me access to a mentor (someone who had already attended at least once) and a few dedicated sessions to help us get the most out of the conference. The buildup weeks In the months preceding the event, Microsoft will be pushing to get you registered. They are quite right to do so, for two reasons. First the registration fee is significantly lower when you register early. So if you are certain to attend, save yourself a few hundred dollars and register as soon as you can. Note that you may even register during the event for the next one. Second, the hotels fill up very quickly, and if you want to be in a decent area, or even in the same place as your country delegation, be quick! A few weeks before the event, I had a phone call with my mentor, who gave me some advice and opinion, as well as pointers on how to survive the packed 5 days. This helped me focus on the meetings with potential partners, and meetings with microsoftees, rather than on the sessions themselves. More on that subject later. During that period, you are also given the opportunity to complete your online WPC profile, which may help get in touch with other partners, and organize some meetings ahead of time. You also get the sessions schedule, which let you organize your coming days, and see what the focus is. I had the surprise, a few days before the event, to learn that we had “graduated” in the Microsoft partner program, from remotely managed to fully managed. So we had a new PSE (Microsoft representative handling us as a partner) which was very helpful and set up a lot of meetings with everyone we needed to meet from Microsoft France. This helped, for a first-timer, to be guided by someone who knew the drill. I was very excited to get there, and a bit anxious as we were scheduled to meet a lot of people, in addition to my original agenda with many sessions planned.

The first steps of your cloud trip

Tue, 14 Mar 2017 00:00:00 +0000

When I talk to customers who are already knowledgeable about the cloud, but still have not started their trip, the main subject we discuss about is : what is the first step to take to move into the cloud? Usually at that point we all know about the cloud and its various flavors, on a personal level. I have touched already the subject on how to start playing with the cloud as a person :http://cloudinthealps.mandin.net/wp-admin/post.php?post= 60&action=edit. But it’s not that easy to translate a personal journey and knowledge to a corporate view and strategy. There are two major ways to plan that journey. The first is : move everything, then transform. The second is : pick the best target for each application, transform and migrate if needed. Lift and shift I will touch quickly on the first path. It’s quite a simple planning, if difficult to implement. The aim is to perform a full migration of your datacenter into the cloud, lift-and-shift style. This can be done one-shot or with multiple steps. But in the end you will have moved all of your infrastructure, mostly as it is, into the cloud. Then you start transforming your applications and workload to take advantage of the capabilities offered by the cloud, in terms of IaaS, PaaS or SaaS offerings. The difficulty in there, for me, is that not all workloads or applications are a good fit for the cloud. Identify you application portfolio Enters the second solution : tailor the migration to your applications. Because the application is what matters in the end, along with the impact and use of this application for the business. The question of how you virtualize, or which storage vendor to choose is not relevant to your business. In that case you will have to identify all of your application portfolio, and split that into for categories :

Monitoring and alerting

Sun, 12 Mar 2017 00:00:00 +0000

Today is another rant day, or, to put it politely a clarification that needs to be made. As you probably know by now, I’m an infra/Ops guy. So monitoring has always been our core interest and tooling. There are many tools out there, some dating back to pre-cloud era, some brand new and cloud oriented, some focused on the application, some on the infrastructure. And with some tuning, you can always find the right one for you. But beware of a fundamental misunderstanding, that is very common : monitoring is not alerting, and vice-versa. Let me explain a bit. Monitoring is the action of gathering some information about the value of a probe. This probe can measure anything, from CPU load to an application return code. Monitoring will then store this data and give you the ability to graph/query/display/export that. Alerting is one of the possible actions taken when a probe reaches a defined value. The alert can be an email sent to your Ops team when a certain CPU reaches 80%, or it could be a notification on your IPhone when your spouse get within 50m of your home. Of course, most tools have both abilities, but that does not mean that you need to mix them and setup alerting for any probe that you have setup.

Containers, Azure and Service Fabric

Wed, 15 Feb 2017 00:00:00 +0000

Today I will try to gather some explanations about containers, how they are implemented or used on Azure, and how this all relates to micro-services and Azure Service Fabric. First let’s share some basic knowledge and definitions. Containers in a nutshell To make a very long story short, a container is a higher level virtual machine. You just pack your application and its dependencies in it, and let it run. The good thing about those is that you do not have to pack the whole underlying OS in there. This gives us lightweight packages, which could be around 50MB for a web server for example. Originally, containers were designed to be stateless. You were supposed to keep permanent data out of those, and be able to spin out as many instances of your applications to run in parallel, without having to bother about data. This is not completely true about most deployments. Today many containers are used as lightweight virtual machines, to run multiple identical services, each with its instance. For example, if you need a monitoring poller for each new customer you have, you might package this in a container and run one instance for each client, where you just have to configure the specifics for this client. It’s simple, modular and quick. The stateless versus stateful containers is a long standing one, see [link to statefull vs stateless] Orchestration Just like in virtualization, the case is mostly not about the container technology and limits, but rather about the tools to orchestrate that. Vmware vCenter versus Microsoft SCVMM anyone? You may run containers manually above Linux or Windows, with some limitations, but the point is not to have a single OS instance running several services. The point is to have a framework where you can integrate that container and instantiate it without having to tinker with all the details : high-availability, load-balancing, registration into a catalog/registry etc. The video below is very good at explaining that : The Illustrated Children’s Guide to Kubernetes

Why I love working on IT & the cloud

Wed, 15 Feb 2017 00:00:00 +0000

I remember when I started working full time in IT, all the young professionals were employed by large contractors and consulting firms. The word then was “please help me find a job with a customer/end-user!”. When I recruit today, mostly people a bit younger than me, the word has shifted to “I love working for a contractor, as it does not enclose me in one function”. OK, I did think about that early today, and wanted to write it somewhere, so I used it as an intro, to show my deep thinking in the wee hours of the morning. However what I wanted to write about more extensively was about how I love working in IT today, and particularly on Cloud solutions, and how it is gratifying, compared to what we experienced a few years back. Technology centric and support functions Not so long ago, IT was a support function, and was supposed to keep the hassle of computers to a bare minimum. When interacting with our customers and users, the main issues and questions were about how we kept printers running, and emails flowing. If you worked on ERP or any management system, same thing : please keep that running so that we can do our job. For years, we had team members who loved technology, who delve deep into configuration and setups so that we could congratulate ourselves in building shiny new infrastructures, to try to keep up with users' demand. I will keep the example to my own situation. I went through technological phases, from Windows 2000 Active Directory, to Cisco networking, to virtualization, to SAN storage and blade servers, to end up on hyper-converged systems. For years I would generally not talk shop with friends, family or even friends from school (I went to a mix business/engineering school, so that could explain things). I did not see the point on digging into technical points with people from outside my “technological comfort zone”. Don’t misunderstand the situation, I was aware IT department trying to shift their role from support function to help the business, but it was a bit far-fetched for me. Then came public cloud… Business centric, and solution provider At first we had a simplistic and limited public cloud (Hello 2010!), and a private cloud which was just virtualization with a layer of self-service and automation. I could begin to see the point, but still… it was a technologist dream of being able to remove a large portion of our day to day routine. Situation evolved to a point where we had real PaaS and SaaS offerings that could solve complex technical solutions with a few clicks (or command lines, don’t throw your penguin at me!). And I started to talk with my customers on how we could help them build new solutions for their business, give them better quality of service, and have them understand me! Of course some of that is linked to my experience, and the fact that am not in the same role as I was 10 years ago, but still. I now enjoy discussing with my former schoolmates and help them figure out a solution to a business issue, being able to help some friend’s business grow and expand. IT can now be a real solutions provider. We have to work at gaining sufficient knowledge on all the cloud bricks to be able to build the house our business does not know they need.

DevOps, NoOps and No Future

Fri, 20 Jan 2017 00:00:00 +0000

In the wake of the recent MongoDB happy hour debacle, there have been a few mentions of DevOps and NoOps. The pieces were mostly about the fact that this incident proved that the IT business is not really in full DevOps mode, not to mention NoOps. I am not confident that NoOps will be the future for a vast majority of shops. Being from the Ops side of things, I am obviously biased toward anyone stating that NoOps is the future. Because that would mean no job left for me and my comrades in arms. But let me explain :) I would like to be a bit more thorough than usual and explain what I see there, in terms of practices and trends. Definitions First let me set the stage and define what I mean by DevOps, and NoOps. https://en.wikipedia.org/wiki/DevOps http://www.realgenekim.me/devops-cookbook/ At its most simple definition, DevOps means that Dev teams and Ops team have to cooperate daily to ensure that they both get what they are responsible for : functionalities for Dev, and stability for Ops. A quick reminder though : business is the main driver, above all. This implies that both teams have to work together and define processes and tooling that enables fast and controlled deployment, accurate testing and monitoring. We could go deeper into DevOps, but that is not the point here. Of course, Ops team should learn a thing or two from Scrum or any agile methodology. On the other hand, Dev teams should at least grasp the bare minimum of ITIL or ITSM. What I could imagine in NoOps would be the next steps of DevOps, where the dev team is able to design, deploy and run the application, without the need of an Ops team. I do not feel that realistic for now, but I’ll come back to this point later. How are DevOps, and the cloud, influencing our processes and organizations I have worked in several managed services contexts and environments in my few years of experience, where sometimes Dev and Ops were very close, sometimes completely walled of. The main driver for DevOps, usually linked to cloud technologies adoption, on the Ops side, is automation. Nothing new here, you’ve read about it already. But there are several kinds of automation, and the main ones are automated deployment and automated incident recovery. The second kind has a deep impact, in the long term, on how I’ve seen IT support organization and their processes evolve. Most of the time, when you ask your support desk to handle an incident, they have to follow a written procedure, step by step. The logical progress is to automate these steps, either by scripting them, or using any IT automation tool (Rundeck, Azure Automation, Powershell etc.). You may want to keep the decision to apply the procedure human-based, but it’s not always the case. Many incidents may be resolved automatically by applying directly a correctly written script. If you associate that to the expanding use of PaaS services, which removes most of the monitoring and management tasks, you will get a new trend that has already be partly identified in a study : https://azure.microsoft.com/en-us/resources/total-economic-impact-of-microsoft-azure-paas/

How to Embrace Azure

Tue, 22 Nov 2016 00:00:00 +0000

For the last year, I have been meeting with customers and partners inside and outside the Microsoft ecosystem. I have talked with friends that are involved, at different levels, with IT whether Dev or Ops. I have been trying to explain what the public Cloud is, especially Azure, to many different people. Of course, I have been using the same evolution charts we all seen everywhere to illustrate my speech and explain where I believe we are headed.

I know Kung-Fu

Tue, 22 Nov 2016 00:00:00 +0000

Almost everyone who has seen the Matrix movie remembers that scene. Neo, played by Keanu Reeves, has just spent the day learning martial arts, by some brain writing sci-fi process. His mentor comes in at the end of one of these “lessons”, Neo opens his eyes and says “I know Kung-Fu”. Of course, learning is not that easy in real life, it takes a certain amount of time, long hours of work and practice. And it probably never ends. Take my current favorite subject, the cloud. To be precise I should say public cloud services on Azure. The scope of what those services cover is extremely wide, and some of them are so specific, they need a specialist to deep dive into. I can be overwhelming. If you work in this field, or a similar one, you may already have had that feeling when you feel you will never get to the bottom of things, when you have the impression that you can never master the domain, because it keeps evolving. To be honest, it is probably true. There are probably thousands of people working to broaden and deepen cloud services every day, and there is, probably, only one of you (or me). For the last 15 months, I have been trying to learn as much as possible about Azure services, in any field possible, from IaaS networking to Machine Learning, from Service Bus Relay to Logic Apps. And after all that time and numerous talks, webcasts, seminars and data camps, I almost always ended up thinking “OK, I think I understand how these services work. I probably could do a demo similar to what I have just watched. But how can I use these in real-life scenario?” And last week, thanks to a very dedicated person, I finally found some insight. Allow me to set the stage. We were invited to an Azure Data Camp by Microsoft. The aim of these 3 days was to teach us as much as possible on Azure Data Services (Cortana Intelligence Suite). The team was amazing, knowledgeable and open, the organization perfect, the attendees very curious and full of questions and scenarios that we could relate to. Overall these 3 days were amazing. However, the technical scope was so wide and deep, that we covered some very complex components in under an hour, which, even with the help of night-time labs, was too fast to process and absorb. It left me with the usual feeling. I probably would be able to talk a bit about these components or areas, but my knowledge felt far for operational, and even business presales level. And I am supposed to be an architect, to have all this knowledge and be able to create and design Azure solutions to solve business needs. So, after two days, that was the stage. Then came in one of the trainers/specialists. I will tell you a bit more about him later on, just do not call him a data scientist. His area of expertise, as far as we are concerned, covers the whole Cortana Suite with an angle that I would qualify as Data Analysis. He had already taken the stage earlier, to explain us what the methodology to handle data was, and how every step related to Cortana Suite services. He even had this speech on multiple occasions. Every time we heard and read it, it made sense, it was useful and relevant. So, Chris started his part by showing us the same diagram, and asking us “Are you comfortable with that?” Followed by a deep, uneasy silence. My own feelings were that I did understand the process, but did not feel able to apply it or even explain it. I see several reasons for that. The first is that data analysis is far from my comfort zone. I am an IT infrastructure guy, I know virtualization, SAN, networking. I have touched Azure PaaS services around these topics, and extended to some IoT matters. The second was that we did not have time to let the acquired knowledge settle and be absorbed that week. Admittedly, I could have spent more hours in the evening rehearsing what we learned during the day, but we were in London, and I couldn’t miss that. And the last is that I feel we are getting so used to having talks and presentations about subjects we just float on the surface of, that we are numb and we do not dive to deeply into those, probably out of fear. Fear of realizing that we are out of our depths. Impostor’s syndrome, anyone? Enter the “I know kung-Fu!” moment.