Azure Active Directory Deep Dive


We had another outstanding meeting Thursday night. with a good turnout.  Although over 70 registered for the meeting only about 20 actually made it to the meeting in person. Please be diligent in changing your status from “Your Going” to “Not Going” by the morning of the meeting if your plans change, so that we can adjust the refreshments order accordingly.

We also streamed the meeting using Skype for those who could not attend in person. That worked out well; and we will probably do it again in the future. However, there is really no substitute for attending in person and networking with your peers. Smile

If you are interested in our upcoming meeting schedule, and/or to find out more about the group, we invite you to visit the group’s Meetup site.

What follows is a summary of our August meeting:

As usual we started our meeting with ½ hour of networking and refreshments. After that we delivered a brief presentation about the group for new members.  In addition to covering the Mission and Structure of the group, the Board of Directors, and our Sponsors we also covered recent Azure announcements that we felt were most important.

The important announcements this month were:

  • Start/Stop VMs during off-hours in Azure Automation GA
  • Azure Virtual Machines Azure reserved instance size flexibility
  • Azure SQL Database, Save up to 80 percent with reserved capacity and Azure hybrid benefit
  • Linux on App Service Environment now GA
  • Azure Data Box Disk Preview
  • Azure SQL Database Managed instance business critical Preview
  • Azure Event Hubs and Service Bus VNET Service Endpoints in Public Preview

Following that, we launched into the main presentation topic, with Microsoft Cloud Solutions Architect Brett Hacker presenting an extremely comprehensive and thorough presentation on Azure Active Directory.

In this presentation Brett covered all the ins and outs of Azure Active Directory including The relationship of Azure Active Directory (AAD) to on-premises Active Directory (AD), the use of AAD by Office 365, Intune and other Microsoft cloud services as well as the Integration of AAD with thousands of other Software as a Service (SaaS) applications.

He discussed the Graph API which forms the underlying single security API that proxies multiple services and supports single sign-on to them. Next, he went into a deep discussion of exactly how hybrid authentication works where AAD is integrates with on-premises AD as well as how Active Directory Federation Services (ADFS) and AD Connect are used to support single sign-on and same sign-on using common credentials for Cloud  and Federated authentication, as well as how password hashes are used to safely integrate both authentication methods.

Following that Brett covered how AAD Business-to-Business (B2B) and Business to Consumer (B2C) authentication works to allow authenticated access by external businesses and consumers.

Bret finished up with a very comprehensive demo of an application that illustrated all of the above features of AAD. All-in-all it was the best AAD presentation that I have ever seen. Smile The slide deck can be downloaded from here. Note that Brett is using the AAD demo application that he presented in the meeting to share the slides at that link.

If you are located in the Nashville Area, or any of the surrounding areas, we invite to you become a member of the group and to attend future meetings. All are welcome, and meetings are always free.

See you next month.

Bill Zack, President, The Nashville Microsoft Azure Users Group

Posted in Microsoft Azure, Security, User Groups | Leave a comment

New to Azure?

Azure Center

As some of you may know I am a Cloud Solutions Architect specializing in Microsoft Azure here in Nashville.

That is my “day-job”. What some of you may not know is that I am also the Founder and current President of the Nashville Microsoft Azure Users Group. This group has grown from 4 members to over 900 in the space of five years. Although I would like to claim credit for that the meteoric rise of Azure has had a lot to do with it. Smile

In the group we try to mix up the technical level of our presentations, having introductory talks for those new to Azure and deep-dives for the more experienced members of the group.

In May we did an introductory Azure Platform Technical Overview.

In June we had Microsoft MVP and Pluralsight author Tim Warner presenting an Azure Networking Deep-Dive.

At the July meeting we did an updated version of the May talk titled New to Azure for those new to the platform.

In August we will have Microsoft Cloud Solution Architect Brett Hacker presenting an Azure Active Directory Deep Dive.

If you are interested in our meeting schedule, and/or to find out more about the group, we invite you to visit the group’s MeetUp site.

What follows is a summary of our July meeting: New to Azure.

As usual we started our meeting with ½ hour of networking and refreshments. After that we presented a brief presentation about the group for new members. In addition to covering the Mission and Structure of the group, the Board of Directors, and our Sponsors we next covered recent Azure announcements that we felt were extremely important. (Obviously we could not cover all of the Azure announcements since last month; since that would take the whole meeting, or more. Smile)

Those announcements were:

  • Microsoft acquiring GitHub
  • Azure Virtual WAN and Azure Firewall (Preview)
  • Soft Delete for Azure Storage Blobs (Preview)
  • Blob Storage Lifecycle (Preview)
  • Tamper-proof Azure Immutable Blob Storage services (Preview)
  • Azure Backup for SQL Server (Preview)
  • Disaster Recovery for IaaS VMs without requiring additional infrastructure (Preview)
  • Security Center protection of Azure, On-Premises and Hybrid resources
  • Azure File Sync (Preview)
  • SQL Server 2008/2008R2 Free Extended Security Updates in Azure

Following that, we launched into the main topic, presenting a fairly complete overview of Azure for new members. That presentation outline is listed in detail here and the presentation slides can be downloaded from here.

If you are located in the Nashville Area, or any of the surrounding areas, we invite to you become a member of the group and to attend future meetings. All are welcome, and meetings are always free.

Bill Zack, President

The Nashville Microsoft Azure Users Group

Posted in Microsoft Azure, User Groups | Tagged , , , , | Leave a comment

Building a Rational Microsoft Azure Network Architecture

In a previous blog post Is Azure Adoption “Too Easy? I discussed how it is very easy (perhaps too easy) to get into Azure without a well-thought-out network architecture and a good plan. We cannot fault Microsoft for making it as simple as possible, however it is very easy to do it without adequate planning. The result can be that you can paint yourself into a corner if you are not careful.

Over time, and working with many clients, we have developed a network design model that includes a single subscription with Virtual Networks (VNets) defined by environment (Development, Quality Assurance, Production, Disaster Recovery, etc.). Then each VNet is broken down, in turn, into SubNets for architectural tiers and specific purposes such as virtual network gateways.

We have developed this architectural design based upon, and extending, the Microsoft Hub and Spoke architecture recommendation.


This modular rational approach to the Microsoft Hub and Spoke network architecture that we have developed is called “Parthenon”.  We have also built a network generator application that we use to build these rational networks.

Recently we recorded a presentation on this to be delivered to Microsoft MVPs and former MVPs around the world. Microsoft has been kind enough to allow us to share this presentation with you.  During the recorded presentation we discuss, and demonstrate, the real-time creation of a Parthenon network in an Azure subscription.

Bill Zack

Stratum Technology Management

Posted in Architecture, Cloud, Cloud Computing, IaaS, PaaS, Windows Azure | Tagged , , , | 1 Comment

Azure Platform Technical Overview in Nashville


We had an excellent turnout for the May 17th meeting of the Nashville Microsoft Azure Users Group, a group that I have been leading for nearly five years.

We started this group with four members in 2013 and it now has over 840. In fact, it has doubled in size in the past year alone. (As much as I would like to claim all the credit for that the phenomenal increase in Azure adoption probably has had a lot to do with it. )

I present to the group occasionally myself, but in most cases I try to find other good Azure presenters from the local community and elsewhere. (If you are interested in presenting an Azure related topic please let us know. You can contact me at or through the Nashville Microsoft Azure User Group MeetUp site

The Presentation

At this meeting I presented an Azure Platform Technical Overview that covered all of Azure at an architectural level and discussed “What to use When”. This is a presentation that I have been evolving since before Azure was even called Azure (circa 2017). In fact, one of my standard jokes is that “it still isn’t finished!” (Of course, as Azure changes every few weeks, it most likely never will be finished.) For more about my history with Microsoft and Azure see the About Page of this Blog.

For those of you who attended the meeting (and anyone else who is interested) you can download the presentation slides from here.

Areas of Azure that we covered during the talk were:

• Why adopt Azure
• Azure Resource Management
• Compute Options
• Azure Storage
• Databases
• Business Continuity (Backup and Disaster Recovery)
• Networking
• Security
• Virtual Desktop
• IoT & Analytics
• The Future of Azure

At the meeting we also distributed 20 free Azure Pass subscriptions donated by Microsoft to our group for when we held the Nashville edition of the 2018 Global Azure Bootcamp.

Our Next Meeting

Our next meeting will be on April 21st when Tim Warner, Microsoft Azure MVP and Pluralsight author, will present a Microsoft Azure Networking Deep-Dive. If you plan to attend you can  find out more details and register at that site.  Everyone with an interest in Azure is welcome to attend. And all meetings are always free.

See you there

Bill Zack, President, The Nashville Microsoft Azure Users Group

Posted in Uncategorized | Leave a comment

Recipe for a Successful (Azure) User Group [Updated]


Back in 2015 I wrote this blog post based on over 15 years of experience running user groups. Time does not stand still and things have changed a little since then, however the basic ideas are still valid. Here is an update in case you are a user group leader or are contemplating becoming one. My notes in square brackets represent what I have learned since then.

May 29, 2015 Post [Updated]

Let me start (or rather restart) this blog series with a post that only tangentially has to do with Azure.  It does however relate to starting and running a user group (which I hope will focus on Azure. Smile)

I have been involved in one way or another with user groups for many years. I currently run the Nashville Microsoft Azure Users Group. Our group has grown from 4 members in 2013 to over 800 members today. I encourage everyone to either get involved in a local user group, if one exists in your area, or to start one if it doesn’t.

By way of motivation; because I was very active in the user group community years ago I was made a Microsoft MVP. That eventually helped lead to my working for Microsoft as an Architect Evangelist. That, in turn, led to my discovering Azure (before it was actually called Azure) internally at Microsoft. Ultimately that led me to be an Azure Specialist and to my day-job as a Cloud Technical Solutions Specialist at Stratum Technology Management in Nashville.

As part of my user group involvement I published a white paper years before the original blog post on how to run a successful user group. (I am the original author; however, a lot of other user group leaders have contributed to it along the way.)  Hopefully it will help anyone who wants to start a group of their own. Here it is:

The Recipe

Having been involved with user groups, for computer industry professionals for many years, I’d like to offer some recommendations.  If you’re thinking of starting a user group for computer industry professionals or are running one now, please contemplate these lessons, drawn from my experience. You might want to consider reviewing the list from time to time to keep you true to your mission.

1. You need a Web page [or a Meetup page]

You might be able to get by with a Meetup Group on  They have some good services for posting meetings and notifying member as well as discussion groups and forums. But in any case, having a separate web site (in addition to the Meetup group) adds a degree of professionalism. [Note: Despite this advice written in 2013 this is clearly a case off “Do as I say and not do as I do” Smile I do not have a separate web site. I use MeetUp for everything. I do have a custom domain name, but more about that later.]

If you have a web site keep it simple and clean.  This will allow members and potential members to find the information they are looking for quickly. Let your members and potential members know when and where meetings are located prominently on the home page.  Make it obvious.

2. Your own web server or a web hosting service?

Use a web hosting service, here’s why.  Web hosting services can be had for $5-$10 a month.  You can’t even power a server for that much a month.  Think about it. Your volunteer web server maintainer has to provide, 24X7 up-time, server monitoring, back-ups, software updates and hardware upgrades.  Using a web hosting company, they are responsible, not one of your volunteers, and issues over hardware ownership are non-existent.

You might consider finding a company offering to donate web hosting.  I would strongly advise against it.  While it may appear appealing, in the long run it’s not worth the trouble.  I have tried it, and these are the issues I have run in to.  You are a low priority, if a priority at all.  If the company ever retracts the offer, you will have the hassle of moving the web site, and then making sure all the pages and links work on the new site.  You will then have to change the DNS and wait for the new DNS info to be updated while your site is unavailable.

For less than $100 you are better off focusing on other issues than your web site.

3. Your Web page needs a findable URL.

The usual URL isn’t any good. You want people who know no more than the group’s name to find you easily. For that, is ideal in the USA — and similar names for groups elsewhere. For instance, my Azure meetup group can be reached by its MeetUp group URL or at

You should choose a user group name whose Internet domain isn’t taken.  You can check at   Do not type the potential name into your browser, as some companies will immediately place a 30 day hold on the name and then offer to sell it to you. Sad smile

4. You need a regular meeting location.

Changing meeting locations will cause your group to lose attendees.  Why?  It’s too hard for people to remember where the meeting is from month to month.  The other reason is because it’s a strain on people.  They have to find out how to get there, where to park, whether the neighborhood’s OK to walk in, etc. You can tell them, email them, and they’ll still wind up at the wrong location.  Once that happens the word will get out that the group has folded, and then it’s too late. 

The location doesn’t have to be impressive: member company conference rooms, college cafeterias, library meeting rooms, a coffee shop, pizza parlor or community center are a few ideas.  See what’s available in your area. Sometimes restaurants will have a meeting room that you can use if your members are going to buy food and drink during the meeting. Others will want to charge for its use. (I have got to mention here that I have been running user groups for over 15 years without a bank account and without charging anything for memberships and events. Sometimes those things are unavoidable. In most cases you can find sponsors willing to provide refreshments and even meeting space without getting involved in the finances. Incorporating as a non-profit is a hassle involving lawyers and financial reporting.)

5. You need a regular meeting time.

“Regular” usually means same day of the week or month and keep it that way.  Most groups meet once a month; first Wednesday at 7:00 or third Thursday at 6:00.  (Give people time to get there from work.) Make it easy to remember and easy to enter in people’s smartphones and PC calendars as a reoccurring event. Don’t get fancy with things like “every other Thursday”. Avoid Monday’s and Fridays if you can. You should also avoid having meetings near 3-day weekends. Make it so anyone with a calendar can easily figure out when the next meeting will be.

6. You need to avoid meeting-time conflicts.

Check out the schedules for nearby events: other user groups, sporting events or other events your audience is likely to attend. 

7. You need to make sure that meetings happen as advertised, without fail.

Show up to have a meeting rain or shine, locked meeting room or not.  Have a few members show up early to avoid potential problems.  If there is a problem, let people know by posting a sign or flyers apologizing and letting them know when the next meeting will be occurring.

If you need to cancel or reschedule an event that you’ve already been advertising as “upcoming”, don’t simply remove the original listing on your Web pages: Continue to list it, prominently marked as cancelled or rescheduled.

[7A. Meeting coverage

You need someone who can back you up and run the meeting if for any reason you have to be out of town on business on the day of the meeting.]

[7B. Have help running the group

Better yet have a board of directors that can help with running the group. (I jokingly refer to myself as my group’s “Benevolent Dictator. But I do not recommend that because that is a lot of work. And some things that we could be doing better do suffer.) ]

You may want to have a Program Chairman, A Sponsorship Director, A Publicity and Outreach Director to help. Ideally you need help focusing on things like dealing with sponsors, soliciting SWAG for meeting raffles, outreach to local colleges, etc.

8. You need a core of several experts.

You will need a couple of experts who are energetic and willing to share their knowledge with your members.  A users group should be neutral territory for community interaction; Vendors should not be allowed to sell their services during a meeting.

9. Your core volunteers need out-of-band methods of communication

By that, I mean outside your user group’s regular electronic means of communication.  Use a list server or email provides a mailing service, as do most web site user group CMS packages such as Kentico. [Today use of collaboration tools abound; such as Slack, Yammer, Microsoft Teams, etc.]

10. Place your meeting time and location prominently on your web site’s Home page.

Make it overly obvious when and where your meetings are.  If you don’t, people will find your email address and ask. A lot. Sad smile

11. Include a maps and directions to your meetings.

Be helpful to your members, include a map and clear step by step directions.  Offer suggestions for parking, and public transit if available.  Give as much detail as you can.

12. Emphasize on your main page what your group is all about, and the dues or fees or if meetings are free of charge and open to the public.

Make it clear before people arrive.  If there is a fee let people know in advance.

13. Use a list server or mailing list program to send out info to your group.

I have found a closed list server is the way to go.  It’s easier to maintain than a mail group, and you will not receive all of the “I’m out of the Office” or bounced message replies. For a small group you can use BCC or Meetup mailings. [Note: When I wrote this List Servers were in vogue. Today I don’t even know if they exist Again I use Meetup for this, and have for years. ]

Some commercial services let you set up “free” mailing lists on their servers, where their gain lies in revenues from mandatory ads auto-appended to all posts, plus of course the ability to sell your subscription list to other advertisers. Beware that you may find yourself not the “owner” of your own list, in the event of a dispute over its management.  In my opinion, this is a bad idea. (See comments above.)

It is very important that you should own your mailing list and keep it private.  Make every message you send out important, so members will read them.  If not, your mail will quickly be linked to spam. Do not share it with vendors or sponsors. Most members will want their mailing addresses kept private anyway.

14. You don’t need to be in the Internet Service Provider business.

Leave the ISP business to the professionals.   Some groups have tried to offer this as a service to their members.  Don’t!  Same goes for email accounts.  You are a user group, not an ISP.  Leave that up to the professionals.

15. Don’t go into any other business, either.

Some user groups get sucked into the strangest, business schemes.  Don’t!  You are not a Web design firm, a technical support firm, a network design consulting firm, or a LAN cabling contractor or any other business. Not even if you’re told it’s for a wonderful charitable cause.

Along the same lines, remember that you are not a convenience for job recruiters: If allowed, they will spam your mailing lists and abuse every possible means of communication with your members. Nor are you a source of computers for the underprivileged, a repair service for random people’s broken PCs, or a help desk. I have been pestered by all of the above.  As much as you would like to help, leave it to the professional in you group.

The following checklist may be useful for your group, once established:

1. Web page:

a. Meetings:

[ ] Current meeting info?  Is it prominent?
[ ] Day of the week?  Beginning time?  Ending time?
[ ] Double-check day/date matches against a calendar and conflicting events.
(E.g., is the “Friday, March 28” you listed an error, because the 28th is a Thursday?)
[ ] Location?
[ ] Include a link to a map
[ ] Directions (car, public transit)?  Parking tips?
[ ] Information on upcoming meetings
[ ] Is an RSVP mail required to attend meetings?
[ ] Note that meetings are free and open to the public (if they are)?
[ ] If there’s a special fee, is it disclosed next to the event listing?
[ ] If location / time / date formula has changed recently, is this noted prominently?
[ ] Have you checked for event conflicts with other nearby groups, or with holidays?

b. General:

[ ] Includes event date-formulas (e.g., 4th Tuesdays)? Prominently?
c. Periodically (maybe every quarter):
[ ] Checked all links on your site for dead links?
[ ] Checked your Web server’s logs for pages requested but not found? (You’ll want to put a referral page at that URL.)
[ ] Read all your Web content attentively for outdated content?

c. Other, periodically:

[ ] Review and update all user group lists that have entries concerning your group.  Are they correct and up to date?
[ ] Reviewed all sites that link to yours? Advised their webmasters of needed corrections?

Best of luck with your group Smile

Bill Zack

Posted in Microsoft Azure, User Groups | Leave a comment

The Nashvill 2018 Global Azure Bootcamp is History


On Saturday April 21st we held the Nashville Edition of the 2018 Global Azure Bootcamp. The event was held at Microsoft in Nashville and we had approximately 60 attendees.

As you can see from the agenda (above) we had 17 sessions in two parallel tracks covering a wide variety of Azure subjects. We also had a raffle at the end of the day where several prizes were given away by local and global sponsors. The grand prize was a drone contributed by Cardinal Solutions.


No event like this can go on without the efforts and contribution of the may presenters, volunteers and sponsors that helped to make it happen.

To all our presenters from Microsoft, local partners and the local industry we thank you for all the knowledge that you have imparted and for giving up a beautiful Saturday to work with us.

To our volunteers: Ukela Alred, Scott Schreier and Roger Dahlman who handled everything from registering the attendees, taking pictures of the event, proctoring and timing the presentations to setting up and monitoring lunch and breaks. Special thanks to Scott for making up the giant Agenda boards outside of the meeting rooms. We could not have done it without of you.

To our local sponsors: Microsoft for providing the meeting space. (as they have done for the last 5 years for our Azure group), Provisions group for providing refreshments for the morning break, Vaco (Our eternal refreshments sponsor) for providing ice-cream sandwiches for the afternoon break, Cardinal Solutions for the drone and Stratum Technology Management for providing coffee cups, pens and many hours of my time working on planning and executing the event. Smile

Thanks also to our Global sponsors: Cerebrata, Opsgility, CloudMonix, Jet Brains, and Sevicebus360 for the SWAG and raffle prizes, and especially to Microsoft (again, this time on a global basis) for providing lunch for all attendees.

A major Microsoft sponsorship contribution was also an Azure Pass subscription for every attendee. These entitled every attendee to $100 per month of Azure every month for a three month period.

What we learned

This is the 4th annual Global Azure Bootcamp that we have sponsored. I seem to remember that we had only 20 attendees at the first one, last year we had 40 and this year we had approximately 60. The group itself in turn has grown from its original four members to over 800. (We may have to find a larger venue for the next one.)

Adding an Ask the Experts Panel was a last-minute decision motivated by the cancellation of one of our speakers at the 11th hour. I moderated the panel and it was staffed with most of the Microsoft presenters and other Microsoft folks at the event. That worked very well, and we will definitely plan to have another one at future Bootcamps.

We are looking forward to another successful year of Nashville Azure Group meetings and Bootcamps. If you are located in the Nashville area please remember that we meet every third Thursday of the month in the evening at Microsoft in Nashville. If you are not a member you can register at  to receive future meeting notifications.

See you at the next meeting Smile


Posted in Application Development, Architecture, Buisness Continuity, Cloud, Cloud Computing, Disaster Recovery, Event, IaaS, Microsoft Azure, Microsoft Azure WebApps, PaaS, Security, User Groups, Windows Azure, Windows Azure Web Sites | 2 Comments

Is Azure Adoption “Too Easy”?


Those of you who know me know that I have been focusing on the adoption of Microsoft Azure since before it was actually called Azure (Circa 2008) when I originally stumbled upon it while working as an Architect for Microsoft. Since I had previously worked as a consultant to Bell Labs on the ill-fated AT&T NET1000 Cloud project as documented in The Slingshot Syndrome: Why America’s Leading Technology Firms Fail at Innovation) I immediately recognized its potential.

Since then we have seen a lot of companies adopt Azure and have helped many of them make the jump. Recently our focus has also skewed towards helping companies that may have jumped into Azure without adequate planning to remediate their architecture and their implementation.

Our experience is that it is very easy (perhaps too easy) to get into Azure without a well-thought-out architecture and a good plan. We cannot fault Microsoft for making it as simple as possible, however it is very easy to do it without adequate planning. In our InfoQ article The SaaS Development Lifecycle we outlined how a company should approach their first Azure project. Although published in 2011 IMHO it is still valid today.

At some point you will realize that you may have created what Grady Booch has called an “Accidental Architecture” or what Eric Evans and Brian Foote have called “A Big Ball of Mud”.  Smile

Azure Accounts

Note that there are typically two ways to experiment with Azure. Recently Azure introduced a simplified Free Trial model that give you access to a limited number of Azure resources over a 12 month period, some free resources indefinitely and a limited amount of Azure resources that burn-down against a 30 day allocation of metered usage.

The other way is to have an MSDN subscription which includes a monthly amount of free Azure resources as part of that subscription.  Since the Free Trial only presents a very limited set of options compared to an MSDN subscription, and since we want to discuss not only experimentation but real infrastructure and applications in Azure, we will use an MSDN subscription in this post.

You should also note that there are other non-Trial and non-Free pricing plans such as Pay-As-You-Go and Enterprise Agreements that are more relevant to production architectures.

The “Easy” path

As an example, let’s take the easy-path scenario.

You sign up for a free trial using your personal credit card and telephone number. (Just needed for identity verification, of course.)

Next you create a VM in Azure taking most of the default values presented during the creation process. You are amazed at how easy this is to do. Smile


Naming conventions are important.

You would never think of creating a physical or virtual machine on-premises without paying some consideration to a sensible naming convention. Take the same care here. The naming convention should take into consideration the type of resource (VM) as well as additional characters that serve to define the purpose and (perhaps) location of the VM. (The challenge here is to do this within the VM resource naming limitation of 15 characters.)

By the way, note that the VM here defaults to SSD (Solid State disk!). If you are just experimenting you should quickly change that to HDD to save money (or reduce free trial resource consumption).

Resource Groups are important.

Next you will be asked to specify the name of an existing or new resource group. Here a naming convention is also important and you should lay out your resource groups based on a naming convention that takes into consideration the purposes of resource groups. 

Over time there have been three purposes for Azure resource groups identified:

  1. As a LifeCycle container for resources that have the same life-cycle; which means that they contain resources that are normally created and/or destroyed together.
  2. For Role Based Access Control in the case where different departments in a company need to exercise control over a subset of all resources. An example might be a Network Management group that needs to “own” all network related resources in Azure.
  3. For Billing and Charge-back purposes; although the need for this has been largely supplanted due to the use of Resource Tagging as a Billing and Charge-back mechanism.

Save money with Hybrid Use Benefits

If you have on-premises licenses for Windows Server you may be able to take advantage of a substantial discount (up to 40%) by applying your Hybrid Use Benefits (HUB). See the “Save Money” section above.

Choose a VM size

Next you get to choose the VM specs that you want to allocate. If you neglected to change SSD to HDD you can do it  here.

Although Azure only presents you with a few choices here you can see them all by clicking on the “View all” link. There are a lot! Pick one.


The next page is very important.


Availability Sets

Creating an Availability Set in Azure in order to maximize your service level and avoid downtime is a great feature of Azure. If you are just experimenting it is OK to leave High Availability set to None. In a production environment you will want at least two VMs in an Availability Set to maximize availability.

Managed Disks

Managed Disks great option. In most cases you should let Azure manage the storage for the VHDS that back the VMs that you create.

Network Considerations

Network Considerations are extremely important. In a production architecture you need to be explicit about your subscription (or subscriptions) as well as the environments that you want to support. Over time we have come to adopt a model that has a single subscription with VNets defined by environment (Dev, QA, Prod, DR, etc.).  Then each VNet is broken down, in turn, into SubNets for architectural tiers and specific purposes such as network gateways. You should give some detailed thought to this design.

All other items on this page should be given specific names rather than taking the defaults.

Before moving on pay particular attention to the Auto-shutdown feature. As you can see in the example the VM will be automatically shut down by Azure at 7PM. This is great feature to prevent burning through resources that you forgot you allocated. Turn it off if you don’t want that to happen. (It will not be restarted automatically the next day.)

At the end you will see an excellent summary of what you are about to create. Until you click on Create you haven’t created the VM.


What’s next?

Based on the above experience you start migrating servers and applications to Azure. You don’t spend much time thinking about things like naming conventions or other architectural considerations such as organizing resources into well managed resource groups.

At some point you will run out of your free resources  and change it to either a pay-as-you-go subscription or one of the other subscription types such as an Enterprise Agreement.

At this point you may not even be worrying about cost. That is until you get hit with the first bill from Microsoft that demonstrates the penalty for sloppy planning and careless resource utilization. Sad smile  (BTW: In Azure, unlike on-premises, you can  save money by shutting down VMs when they are not needed.  In one case we were able to save a company 40% of their Azure spend by identifying resources that could be shut down when not in use and automating that shutdown.)


As a consultant I can’t complain too much about this state of affairs, since we are often asked to come in, assess a client’s Azure architecture and make recommendations on how to remediate it. Sometimes the restructuring can be minor. In other cases, major surgery is required.

In subsequent blog posts we will discuss the better way to Adopt Azure or to remediate what you already have in Azure.  We will discuss how to perform a Current-state Assessment of your infrastructure and applications, develop a Migration/Remediation plan, as well as how to assess whether to retire, replace, migrate or reconfigure your current infrastructure and application resources.

Until then.

Bill Zack

Posted in Uncategorized | 1 Comment

Azure 2018 Global Bootcamp Event in Nashville

>>>> EVENT UPDATE  <<<<

We are looking forward to a great Bootcamp event this Saturday.

There have been some recent Agenda changes. (See below.)

Please arrive on time as Microsoft has informed us that the elevator will be locked on Saturday and we will have to send someone down to get you into the building from the parking garage. In an emergency you can contact my cell phone: 203 545-2339.

And please park on Level 2 of the parking garage (P2).

See you soon


As many of you know my “night job” Open-mouthed smile is to run the Nashville Microsoft Azure Users Group, a group that I founded with three other Azure enthusiasts five years ago. The group has now grown to over 760 members here in Nashville.

This year we will be hosting the Nashville edition of the 2018 Global Azure Bootcamp. It will be held on Saturday, April 21st, 2018 for an entire day, with food, raffle items, and more. Lots of fun, lots of learning.

For those unfamiliar, this is a global event with simultaneous local activities happening around the world. This will be our third year hosting the event in Nashville.

We have a full lineup of speakers that will be presenting in two parallel tracks over a full day.

In addition, the Microsoft Store will be setting up a Device Bar at the event to demonstrate an assortment of hardware devices.

We have the following local sponsors for the event:

  • Microsoft
  • Stratum Technology
  • Vaco
  • Provisions Group
  • Cardinal Solutions

Cardinal Solutions will be raffling off a Drone at the event.

Microsoft will be providing a free three-month Azure Pass Subscription for every Attendee.

We are also working on lining up additional sponsors for the event and the end-of-day raffle. Stay tuned for more details.

There will also be SWAG and raffle prizes donated by global partners arranged for by the Global Bootcamp committee. More details will follow soon.

If you have not registered yet unfortunately registration is now closed.

Bill Zack

Posted in Event, Microsoft Azure, User Groups | Leave a comment

Azure: What to use When?


On August 17, 2017 I presented on the topic of Azure: What to use When? To the Nashville Microsoft Azure Users Group. For those of you who know me you know that I founded this group four years ago with four members and, as of today, we are at 621.  You also may know that I  have been working with Azure since before it was called Azure. Although I would like to claim all of the credit for this recent growth I do have to credit the tremendous success of Azure over that time. Smile

In any case, this is a blog post about that presentation.

In IT things are clearly moving from a CapEx to an OpEx model where the focus is shifting from internal data center and hosted applications into the Cloud with its consumption based pricing model. The lure of pay-as-you go pricing is attractive; but it does carry with it some risk. If you choose the wrong applications to move into the cloud it could wind up costing you more than running them locally or at a hosting provider. It also requires increased discipline related to allocation and deallocation of Cloud resources.

In the presentation, we started off with a discussion of these considerations, and then explored the features supported by Microsoft Azure.

The presentation included an architectural overview of the Azure platform, its features and services. Since Azure is a very broad offering, we focused on the question of what the Azure Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) features are, and when they should be used to solve specific business and technical problems.

This presentation was targeted at new Azure user as well as existing users that might not be conversant with all of its recent enhancements. We covered the entire platform with a comprehensive overview, not too deep but deep enough, to understand what to use when.

• What is Azure?
• Why adopt it?
• Azure Resource Management
• Compute Options
• Azure Storage
• Databases
• Business Continuity (Backup and Disaster Recovery)
• Networking
• Security
• Virtual Desktop
• IoT & Analytics
• The Future of Azure

Bill Zack August 22nd, 2017

Posted in Architecture, Cloud, Cloud Computing, Governance, IaaS, Linux, Microsoft Azure, Microsoft Azure WebApps, Microsoft Azure WebJobs, PaaS, SaaS, Security, SQL Azure, User Groups, Windows Azure, Windows Azure Web Sites | Tagged | Leave a comment

What is your Azure Maturity Level?


Figure 1 – The Azure Maturity Model

The Azure Maturity Model is based on the Cloud Maturity Model developed by the Open Data Center Alliance. Its purpose is to help you determine where you stand in your ability to adopt the cloud successfully.

We have adopted it and adapted it to be an Azure Maturity Model for guiding companies that are at various stages in their adoption of Azure. We have also used it to structure our Azure service offerings to match what is needed by companies at various levels of maturity.

The Azure Maturity Model

The Azure Maturity Model levels are shown in Figure 1.

Azure Watchers are organizations that are developing cloud strategies and plans but have not yet deployed applications or workloads into Azure. Azure Watchers want to evaluate available cloud options and determine which applications or workloads to implement in the cloud.

Azure Starters are new to cloud computing and are working on proof-of-concepts or initial Azure cloud projects. Azure Starters want to gain experience with cloud in order to determine future projects.

Azure Explorers have multiple applications or workloads already deployed in Azure. Azure Explorers are focused on improving and expanding their use of cloud resources.

Azure Focused companies are already heavily using Azure and are looking to optimize their Azure cloud operations and costs.

How to tell where you are.

To determine your maturity level, you must be honest with yourself and do a self-evaluation based on the above criteria. Or you could hire an experienced consultant to come in and help you do it . Smile

How to get to the next level (and why you want to)

Regardless of the level of Azure maturity that you are at you will need to look at your existing applications and workloads in terms of factors such as

  • Competitive pressures forcing you to the cloud
  • The shift from Capex to OpEx and Cost Control
  • Your desire for agility in capacity
  • The need for a hybrid architecture leveraging the cloud and on-premises resources with each other.

Workloads that cry out to be moved to the cloud

One of the primary reasons for moving to Azure has to do with Capacity Planning and Scalability. Capacity Planning in the data center is often a linear process. An IT director must make an estimate of the company’s capacity requirements over time, in most cases on a yearly basis. Then it is their job to make sure that those requirements are met. Ideally there should be no time during which capacity is wasted and no time during which the capability needed by the business is not available.

Unfortunately, reality is messy, and the capacity needs of the business are never represented by a straight line. (See the curved line in Figure 2 for a typical example.)

Adding to the difficulty of matching capacity to requirements is the server quantum effect. You cannot normally buy and bring in servers of the exact size and timing to match the real demand curve. So, you have to buy servers in relatively large chunks as shown in the step-function in Figure 2




Figure 2 – Data Center Capacity

Contrast that with Figure 3 which shows that in Azure it is possible to match capacity requirements to available capacity because of the ability to scale up and scale down as needed to match demand.



Figure 3 – The Azure View

Applications and Workloads fit for Azure

Of course, Scalability is important, but it is not the whole story. You also have to look carefully at the applications and workloads that you have in your data center that you may want to move to Azure. You need to consider their “fitness” for the cloud. Figure 4 (from the dawn of Azure) seeks to define the characteristics of application (and workload) types that are “Fit for the Cloud”.


Figure 4 – Workload Patterns

Predictable Bursting

This is the pattern that started the Cloud revolution. We do have to give Amazon credit for this. Having a lot of capacity during the Christmas season that remained idle most of the year they decided to sell that idle capacity.

Examples of Predictable Bursting are the Christmas Rush I retail (the Amazon pattern), Tax Season in CPA firms, etc.


Given the ability to scale up and down in Azure a prime target are those applications and workloads that do not have to be always on. Examples might be processing that is only done at month-end, at end-of day or as otherwise required.

This is, by the way, a very significant pattern and one that can save a company a lot of money. One recent Migration Assessment that we performed for a client showed that they could save 35% of their entire compute costs by simply automating the shutdown and startup of Virtual Machines in Azure to match this pattern.

Growing Fast

I call this the “Grow-Fast” “Fail Fast” pattern. This is an application or workload that is new and may require a high level of resources. Or not. Only time will tell. No point in buying a lot of server capacity only to have it sit around idle if the expected demand does not materialize. An example might be a new web site that just might be the next Facebook. Or not.

Unpredictable Bursting

This one is a bit hard to distinguish form the predictable bursting case. This is the case where a lot of traffic hits your web site because Microsoft or Slashdot tells the world about it.  Initially there is heavy traffic to it, but it may not last. Again, no need to buy capacity that may not be needed in the long run.

Who is responsible for what in Azure?

There are multiple ways to move applications and workloads to Azure. They are: Infrastructure as a Service (IaaS) and Platform as a Service (PaaS). A third method Software as a Service (SaaS) is not actually a method supported by Azure as discussed below. These approaches differ primarily in who is responsible for the various levels of the hardware/software stack. The diagram below (also from the dawn of Azure) illustrates the typical on-premises hardware and software stack and contrasts it with your complete responsivity for everything in the data center to your more limited responsibilities in Azure.


Figure 5 – Cloud Services – Shared responsibility

Everything in black letters represents your responsibilities. The items in blue are handled by the cloud vendor, in our case by Microsoft Azure.


No issue here. You are responsible for everything. (Unless you contract out management of your infrastructure to a Managed Service provider that acts like you own IT staff).


In IaaS, the vendor (Microsoft) is responsible for everything up to 1/2 of the OS layer. Why 1/2? Because, although Microsoft takes responsibility of most to the OS layer you are still responsible for performing maintenance such as patching the OS when fixes come out.


PaaS was actually the first Azure service delivered back in 2010. IaaS was added after that to accommodate all the clients that wanted to get into the cloud quickly using a “Lift and Shift” approach to move applications and workloads to Azure. In PaaS, you have no responsibility for the non-application and data parts of the stack. You just bring your applicants and data to the stack and process it there. It should be mentioned that in many cases you can move applications to the cloud unmodified, however in some case they require modification (called “Modernization”) to make the transition successful and more cost effective.


A discussion of SaaS is somewhat misplaced in a discussion of Azure, but it needs to be contrasted with IaaS and PaaS. In SaaS, the vendor has complete responsibility for the entire stack. You just use the service provided by the SaaS vendor. Of course, you do need to bring your data but the application processing is provided by them. Good examples of SaaS would be Microsoft’s Office 365 and (from the dawn of computing) ADP Payroll processing and QuickBooks. (Which are not often recognized as pioneers in the SaaS space, but they are.)


Making the decision to take a Lift and Shift approach with IaaS, to take a Modernization approach with PaaS or to take a provided service approach such as SaaS can be hard decision to make. When we help our clients make that decision through a process we call “Migration Assessment” we evaluate all the criteria above. Not to over-simplify but figure 6 illustrates the thought process of deciding between SaaS, PaaS and IaaS.


Figure 6 – When to Use What?

Clearly if you can find a SaaS solution that does the job for the right price adopt it.

If the application or workload is amenable to Modernization that might be the right choice. Effort expended in modifying it to run better in Azure might result in lower costs and fewer maintenance headaches.

If neither of those approaches are appropriate then you can always take the Lift and Shift approach provided by IaaS to get the application or workload into Azure quickly. Accountants think in terms of Return on Investment (ROI) and Total Cost of Operation (TCO). In a world where business needs change rapidly and it is difficult to predict the future Time to Value (TTV) can often be a more important determinant of what to move to the cloud first.

And yes, I know that we haven’t discussed the Hybrid approach (blending cloud and on-premises resources together) in this post. Microsoft is the number one cloud provider in the Hybrid space, but that will have to be saved for another post on another day. As Mark Twain once said, “Sorry for the length of this letter, I did not have time to make it shorter”  Smile

Bill Zack

August 2017

Posted in Cloud, Cloud Computing, Governance, Microsoft Azure, Windows Azure | Tagged , , , | 2 Comments