Insight Tech APAC Blog Logo

Microsoft Dev Box for Self-Service Developer Environments

stephentulp
December 16, 2024

8 minutes to read

Tags: azureiacPlatformEngineeringGitHub
Azure Platform Engineering Advent Calendar 2024


Architecture Overview

Earlier in the month we briefly touched on the Developer environment capabilities that Platform Engineering teams can provide to reduce the time to onboard developer teams.


Azure Platform Engineering Advent Calendar 2024


As part of this deployment we are going to provision a new Microsoft Dev Center and Project that enables the provisioning of self-service dev box machines, the IaC is in the Azure Developer Environment repo.

The diagram below outlines how all the pieces relate to each other. Note: The items with Red circles don’t exist and will be implemented in the future.


Azure Platform Engineering Advent Calendar 2024


Dev Centers

A dev center is a collection of Projects that require similar settings. Dev centers enable platform engineering teams to:

  • Use catalogs to manage infrastructure as code (IaC) templates that are available to the projects.
  • Use environment types to configure the types of environments that development teams can create.

Projects

In Azure Deployment Environments, a project signifies a team or business function within the organisation. Each project connects to one dev center and all settings inherit from the dev center to the project. The Platform engineering team configures the project by defining suitable environment types for the development team and enable Project Admins to make specific environment definitions available to a development team by attaching a catalog to the project.

Each project allows for both Deployment Environments and Microsoft Dev Box resources within the same dev center.

Environments

An environment is a collection of Azure resources that make up the application. An example of this would be a web application, that includes a Azure App Service, Azure Key Vault, Azure Cosmos DB, and a storage account. An environment could consist of both Azure platform as a service (PaaS) and infrastructure as a service (IaaS) resources.

Managed Identity

Managed identities provide elevation-of-privilege capabilities to help provide self-serve capabilities to the development teams without giving them access to the target subscriptions where the deployment occurs. The managed identity attached to the dev center or project needs to be granted appropriate access to connect to the catalogs so that the Azure Deployment Environment service can perform the deployment on behalf of the developer.

Dev Center Environment Types

You can define the types of environments that development teams can create, including Development, Test, Sandbox or production. configuration settings for the environment types are based on the specific needs of the development teams.

Project Environment Types

Project environment types are a subset of dev Center environment types and help pre-configure the types of environments that specific development teams can create. You can configure the target subscription and define where the resources will be hosted. Project environment types allow you to automatically apply the right set of policies on environments and help abstract the Azure governance-related concepts from your development teams, you can also pre-configure;

  • A managed identity used to perform the deployment of the infrastructure.
  • The access levels that the development teams will receive after creation of the environment.

Catalogs

Catalogs help provide a set of curated IaC templates for development teams to create environments. Catalogs attach to either a dev center environment or project to provide environment definitions to that specific project. Microsoft provides a quick start catalog that contains a set of sample environment definitions. You can also attach your own catalog as either a GitHub repository or an Azure DevOps Services repository which scans the specified folder of the repository to find environment definitions. Those environment definitions are available to all the projects associated with the dev center.

Environment Definitions

An environment definition is a combination of an IaC template and an environment file that acts as a manifest. The template defines the environment, and the environment file provides metadata about the template. Your development teams use the items that you provide in the catalog to create environments in Azure. An example of a Container App Environment and associated Container Apps are in the Dev Center Catalog

Built-in Roles

Azure Deployment Environments supports three built-in roles, these roles should align to Entra security groups to control access to the solution.

  • Dev Center Project Admin: Enables creation of environments and manages the environment types for a project.
  • Deployment Environments User: Creates environments based on appropriate access.
  • Deployment Environments Reader: Reads environments that other users created.

Platform Engineering Experience

We are going to provision the IaC and associated resources required to enable the development teams to create dev box resources, the repo will deploy the following resources;

  • A Microsoft Dev Center environment using Microsoft managed networking, automated provisioning of the Azure Monitor agent and per project catalogs.
  • A Dev Center Catalog that publishes the Quick start environment definitions repo.
  • Three (3) Dev Box Definitions for;
    • Windows 11 vanilla image
    • Windows 11 image with M365 configured
    • Windows 11 image with Visual Studio and VS Code configured
  • A Sandbox Environment Type
  • A single Project that enables the definitions, 2 x Dev Box machines per user and a system managed identity
  • A Dev Box Pool using the Windows 11 with Visual Studio and VS Code image
  • Associated Azure Role Permissions to ensure each persona has the right permissions

The Bicep visualiser and deployment configuration looks like the following.

Azure Platform Engineering Advent Calendar 2024


Once the deployment is complete we will have the Dev Center, Project, 3 x Dev Box Definitions and the Dev Box Pool within a single Resource Group.

Azure Platform Engineering Advent Calendar 2024


Developer Experience

The Developer Portal provides the self-service capabilities that assigns developers to a project and then enable them to provision;

  • Dev Boxes providing ready-to-code project-specific workstations in the cloud.
  • Environments providing the resources needed to deploy and run applications.


Azure Platform Engineering Advent Calendar 2024


We are able to provision a new Dev Box machine, entering the dev box name and choosing the dev box pool image. The landing page will now say creating and depending on customisations and configuration this could take up to 30 minutes.


Azure Platform Engineering Advent Calendar 2024 Azure Platform Engineering Advent Calendar 2024


While the machine is provisioning we can setup the Microsoft Remote Desktop app to add the workspace to the app. The screen below is from the Mac client.


Azure Platform Engineering Advent Calendar 2024


Once provisioning is complete we can login to the machine and see the any customisations or applications that we define as part of the provisioning process.


Azure Platform Engineering Advent Calendar 2024


Conclusion

Microsoft Dev Center, Azure Developer Environments and Microsoft Dev Box provide a powerful trio of capabilities for standardising the developer experience with self-service deployments. There’re extensive customisations and approaches available and will all depend on internal processes, requirements and how developers work.

Further reading below to extend on what we have gone through today.