Azure Platform Engineering Tools & Capabilities - Part 1

Stephen Tulp
December 5, 2024

16 minutes to read

Tags: azureiacPlatformEngineering

The DevOps methodology emerged to bridge the gap between development and operations, fostering a collaborative culture that emphasises automation, continuous feedback, and iterative improvement. The DevOps infinity loop is a widely recognised symbol of this process, representing the seamless integration between development and operations in a continuous, self-sustaining cycle.

To understand shift left and shift right, consider the software development cycle as a continuum, or infinity loop, from left to right. On the left side of the loop, teams plan, develop, and test software in pre-production. The main concern in pre-production on the left side of the loop is building software that meets design criteria. When teams release software into production on the right side of the loop, they make it available to users. The concern in production is maintaining software that meets business goals and reliability criteria.

As we covered yesterday, the diagram above aligns with 2/3 Platform Engineering motions that Microsoft have focused on.

• ‘Start Right:’ Focuses on equipping developers with self-service tools, enabling them to kickstart their projects while adhering to an organisations best practices defined through templates and policies.
• ‘Stay Right:’ Maintain compliance as projects grow and ensuring that developers continue to follow those best practices via continuous automation and monitoring.

Start Right Templates & Shift-Left Notification

Infrastructure as Code (IaC) templates are one of the core building blocks of platform engineering. They help developers start right with fewer errors and promote standardisation across deployments. To build on the use of IaC templates, shift left notifications identify potential vulnerabilities during the development phase of software. The goal of shift left is to find and fix issues early in the development process to improve the quality of the software and reduce costs.

Engineering Systems & Platform Orchestration

Engineering systems and Platform Orchestrators are mature and sophisticated tools that automate the coordination, management, and provisioning of software development infrastructure.

Examples of capabilities in this pillar include:

• GitHub Repos and Actions
• Azure DevOps repos and Pipelines
• Azure Dev Center and Deployment Environments
• Azure API Center and API Management
• GitOps via Flux CD

GitHub Repos and Actions

GitHub repositories (repos) are essential for managing and storing code, documentation, and other project-related files. They provide a centralised location where developers can collaborate, track changes, and manage versions of their codebase. Each repository can host multiple branches, allowing teams to work on different features or fixes simultaneously without interfering with the main codebase. GitHub repos also support integrations, such as issue tracking, project management tools, and continuous integration/continuous deployment (CI/CD) pipelines, making them a comprehensive solution for software development.

GitHub Actions, is a powerful automation tool integrated directly into GitHub repositories. It allows developers to create custom workflows that automate tasks such as building, testing, and deploying code. These workflows use YAML files and can be triggered by events, like push events, pull requests, or scheduled times. GitHub Actions supports a wide range of actions available in the GitHub Marketplace, enabling developers to leverage pre-built actions or create their own. This flexibility helps streamline the development process, improve code quality, and accelerate delivery cycles. By integrating GitHub Actions with repositories, teams can ensure consistent and reliable automation across their projects.

One question I do hear since the GitHub acquisition is “What is happening to Azure DevOps?”, originally I think a lot of people saw the investment in GitHub and advanced features like GitHub Advanced Security and thought that Azure DevOps would eventually be sunset. Then came Defender for DevOps and a similar features within the Azure DevOps product. The best observation that I have heard came from a fellow teammate.

• GitHub is mainly targeted at Engineering teams,
• Azure DevOps is mainly targeted at Business Users

At Insight we recommend GitHub when there is no use of either within the organisation, however, if a customer already has Azure DevOps and area comfortable with that then there is no reason to change.

Further reading on GitHub Repos and Actions below;

• About GitHub Repos - Learn the basics of GitHub Repos
• Understanding GitHub Actions - Learn the basics of GitHub Actions

Azure Dev Center and Deployment Environments

Azure Dev Center is a top-level resource within Azure Deployment Environments designed to streamline and manage development projects. It serves as a centralized hub where development teams can configure and deploy their code efficiently.

Azure Dev Center provides:

• Centralised Management: It allows platform engineering teams to set up and manage development environments, including attaching catalogs with application templates and defining environment types.
• Scalability and Flexibility: Dev Center supports various configurations and can be tailored to meet the specific needs of different projects and teams.
• Self-Service Deployment: Development teams can use the Azure portal, Azure CLI, or Azure Developer CLI to create and manage environments, making it easier to deploy applications.
• Integration with Azure Services: It integrates seamlessly with other Azure services, providing a comprehensive development and deployment ecosystem.

Azure Developer Environments (ADE) allows developers to self-serve application infrastructure through standardised, project-specific Infrastructure-as-Code templates set by platform engineers. Developers simply choose the appropriate template for their testing and create a new environment, and platform engineers can configure enterprise settings to ensure that the resources created are compliant, secure, and complementary to the framework you’ve put in place.

When you visualise Azure Dev Center, Azure Deployment Environments and Microsoft Dev Box, you bring together all the self-service capabilities as referenced below.

Further reading on Azure Dev Center and Azure Deployment Environments below;

• Azure Deployment Environments Overview - Official overview of Azure Deployment Environments
• Create and Configure Azure Dev Center - Microsoft Learn Quickstart for Azure Dev Center

Dev Tooling & Coding Environments

Dev tooling and coding environments for platform engineering provide robust frameworks and integrated tools that streamline development, enhance collaboration, and ensure efficient deployment and management of scalable software solutions.

Examples of capabilities in this pillar include:

• GitHub Codespaces
• GitHub Copilot
• Visual Studio
• VS Code and vscode.dev
• Microsoft Dev Box

VS Code and vscode.dev

Visual Studio Code (VS Code) is a highly versatile and powerful source code editor developed by Microsoft. It’s widely appreciated for its lightweight design, speed, and extensive range of features that cater to developers of all levels. VS Code supports a multitude of programming languages and comes with built-in Git integration, making version control seamless. One of its standout features is the library of extensions available through the Visual Studio Code Marketplace, allowing users to customise their development environment to suit their specific needs.

The VS Code IntelliSense feature provides smart code completions based on variable types, function definitions, and imported modules, enhancing productivity. Whether you’re working on web development, data science, or any other coding project, VS Code offers a robust and flexible platform to streamline your workflow.

>

vscode.dev is a browser-based version of Visual Studio Code, designed to provide a lightweight, zero-install coding experience directly in your web browser. There are some drawbacks and limitations from VS Code

• No Terminal or Debugger: The browser environment doesn’t support running or debugging code, so for full development capabilities, you may need to switch to the desktop version.
• Performance: Some features may be slower or less responsive compared to the desktop version due to browser limitations.

Despite its limitations, I find it incredibly useful. Whenever I don’t have access to my primary machine, I can get started right away by using it in the browser at vscode.dev

GitHub Copilot

GitHub Copilot is an AI coding assistant that helps you write code faster and with less effort, allowing you to focus more energy on problem solving and collaboration. GitHub Copilot helps increase developer productivity and accelerate software development.

GitHub Copilot includes features such as;

• Getting code suggestions as you type in the IDE.
• Chat with Copilot to ask for help with code.
• Ask Copilot for help using the command line.
• Generate a description of the changes in a pull request (Copilot Enterprise).

I have been using GitHub Copilot for a while now and it has helped me with documentation, IaC, scripts and general coding, I use GitHub Copilot daily when creating and developing solutions and when you don’t have it I do find that I am less productive and miss it.

Further reading on GitHub Copilot below;

• GitHub Copilot Overview - Overview of GitHub Copilot.
• GitHub Co-pilot Getting Started - Getting Started Guide

Microsoft Dev Box

Microsoft Dev Box is a cloud-based service that provides developers with self-service access to ready-to-code, pre-configured workstations. For platform engineering, Dev Box is a game-changer as it allows platform engineers to create and manage pools of dev boxes tailored to specific projects and workloads. This ensures that developers have the necessary tools, source code, and binaries right from the start, reducing setup time and increasing productivity. Dev Box integrates with Microsoft Intune for centralised management, enabling platform engineers to enforce security policies, manage updates, and control costs through features like auto-stop schedules. By streamlining the provisioning and management of development environments, Microsoft Dev Box enhances the efficiency and agility of platform engineering teams.

Microsoft Dev Box also compliments Dev Center and Azure Development Environments to provide some great capabilities for the Developer Experience, we will deep dive into this later in the month.

Further reading on Microsoft Dev Box below;

• Microsoft Dev Box Overview - Overview of Microsoft Dev Box.
• Microsoft Dev Box Architecture - Architecture overview of Microsoft Dev Box

Infrastructure as Code

Infrastructure as Code (IaC) automates infrastructure management using code instead of manual processes and enables version control and replication, streamlining infrastructure creation and maintenance for platform engineers and development teams.

Examples of capabilities in this pillar include:

• Terraform
• Bicep
• Azure Resource Manager
• Dev Center Catalogs

Azure Resource Manager

Azure Resource Manager templates are JSON files that define the infrastructure and configuration for Azure deployments, enabling you to deploy, manage, and organise resources consistently and efficiently.

Azure Resource Manager (ARM) templates, while powerful, come with several complexities including syntax and structure, debugging and error handling, dependencies and ordering, modularity and reusability and the learning curve when you starting trying to use linked templates.

Most people either are using Terraform or have migrated to Bicep, which is backwards compatible anyway as shown in the in the diagram below.

Bicep

Azure Bicep is a domain-specific language (DSL) that allows users to deploy Azure resources in a declarative manner. Bicep is designed to simplify the authoring experience and improve readability and maintainability. It provides a more concise and readable syntax compared to traditional JSON-based Azure Resource Manager (ARM) templates and was created to address the complexities and verbosity associated with ARM templates, making it easier for developers and IT professionals to define and manage infrastructure as code.

Core capabilities of Bicep include;

• Support for all resource types and API versions: Bicep supports all preview and GA versions for Azure services. As soon as a resource provider introduces new resource types and API versions, to use in a Bicep file.
• Simple syntax: When compared to a JSON template, Bicep files are more concise and easier to read. Bicep doesn’t require prior knowledge of programming languages. Bicep syntax is declarative and specifies which resources and resource properties you want to deploy.
• Authoring experience: The Bicep Extension for VS Code provides a first-class authoring experience. The editor provides rich type-safety, IntelliSense, and syntax validation.
• Orchestration: Resource Manager orchestrates the deployment of interdependent resources so that they’re created in the correct order. When possible, Resource Manager deploys resources in parallel, which helps deployments to finish faster than serial deployments.
• Modularity: Modules help to segment Bicep code into manageable parts and enable the reuse of code and simplify development.
• Preview changes: Use the what-if operation to preview changes before deploying the Bicep file. The what-if operation shows which resources will be created, updated, or deleted and any resource properties that will change.
• No state or state files to manage: There is no external state file and Azure manages the state between the IaC and what can be seen from the portal.
• No cost and open source: Bicep is free and fully supported by Microsoft.

Bicep is my preferred IaC language in Azure, so check out last years Bicep Advent Calendar for a whole month of content from the basic, right through to more advanced topics.

Further reading on Bicep below;

• Bicep Overview - Official documentation on Bicep
• Bicep GitHub - Official Bicep GitHub Repo.
• Bicep AVM Modules - Bicep AVM Modules

Terraform

Terraform is an open-source infrastructure as code (IaC) tool developed by HashiCorp that allows platform engineers to define and provision data center infrastructure using a high-level configuration language. In platform engineering, Terraform is instrumental in automating the creation, modification, and versioning of infrastructure across various cloud providers and on-premises environments. By using Terraform, platform engineers can create reusable and modular configurations, known as Terraform modules, which encapsulate complex setups into manageable components.

This standardisation simplifies the deployment process, ensures consistency, and enhances collaboration among teams. Terraform also has the ability to integrate with policy as code tools, such as Sentinel or Open Policy Agent (OPA), helps enforce compliance and security policies, making it a robust solution for managing the lifecycle of infrastructure efficiently.

Further reading on Terraform below;

• Terraform on Azure - Overview of Terraform on Azure
• Terraform Documentation - Official Terraform documentation.
• Terraform AVM Modules - Terraform AVM Modules

Conclusion

This concludes part one of Platform Engineering tools and products, in the second part of this series we will look at the right side of the infinity loop and the remaining tools and products.

Share on Twitter (X) Share on LinkedIn RSS Feed