Episode 062: Infrastructure as Code with Ned Bellavance

Mike Pfeiffer on February, 12, 2020

In this episode I chat with fellow Pluralsight Author and MS MVP Ned Bellavance about working with Terraform, Packer, ARM Templates, Multi-Cloud, and much more.

Ned is an IT professional with almost 20 years of experience in the field. He has been a helpdesk operator, systems administrator, cloud architect, and product manager. In his newest incarnation, he is the Founder of Ned in the Cloud LLC. As a one-man-tech-juggernaut, he develops courses for Pluralsight, runs two podcasts (Day Two Cloud and Buffer Overflow), and creates original content for technology vendors.

Ned has been a Microsoft MVP since 2017 and holds a bunch of industry certifications that have no bearing on anything beyond his exceptional ability to take exams and pass them. Ned has three guiding principles: Embrace discomfort, Fail often, Be nice.

Full Transcript:

Mike Pfeiffer:
What’s up everybody? It’s Mike Pfeiffer. Welcome back to another episode of Cloud Skills FM. Super pumped for this episode. Today we’ve got Ned Bellavance, fellow Microsoft MVP, Pluralsight author, fellow podcaster and fellow cloud technologist. Ned, what’s up, man?

Ned Bellavance:
Man, it’s like we’re brothers from another mother. How about that?

Mike Pfeiffer:
Yeah, we’re definitely doing a lot of the same stuff. So how are you doing? And also maybe let everybody know your background, what you’re working on these days.

Ned Bellavance:
Oh yeah, sure. So, I’m doing great. Life is good. I’m really enjoying the winter weather up in Pennsylvania. I’ve been doing IT for almost 20 years. I started out as a CIS admin… Well, as a help desk person, then moved to CIS admin, and then bigger CIS admin roles, which then rolled me into consulting, because that’s… It seems like the natural progression that I’ve seen for lots of people. I think you had a similar trajectory there.

Mike Pfeiffer:
Yeah, yeah. I’m already… We are brothers from another mother. It’s true.

Ned Bellavance:
And then once I got sick of the consulting thing, I went into business for myself doing Pluralsight courses, writing, doing training and all that stuff. It was the next logical step, and I don’t know what the next logical step would be beyond that. No idea that this was going to be the next step. So it’s constant churn of career development, and I enjoy that. I think for some people the uncertainty of the career path for an IT person could get a little scary.

Mike Pfeiffer:
Yeah. And I really like that you touched on that because I think there’s a lot of people listening, and I know this from past experience, that they’re interested in what you’ve done, and what I’ve done and really getting out of the traditional corporate framework to go off and take your experience and do your own thing. It’s insanely… It’s just pretty liberating. Right? And it’s cool to be able to pull it off. And I guess I’m curious, number one, what made you decide to do it? Was it just personal freedom? You wanted to run your own thing, or what was the backstory on that?

Ned Bellavance:
Yeah. I think there were obviously a number of factors. One was that I started doing Pluralsight courses while I was still in consulting, as just a way to add a little income on the side. And it was something I was curious about doing. I’d watch some courses and I was like, “Oh, I think I could do something like this.” And I talked to someone at the Pluralsight booth adds in expo, and they’re like, “Totally. Yeah. Just email us and we’ll take you through the authoring process of auditioning and all that.” So I was already doing that. And then I got hooked up with the Tech Field Day crew, and started going to Cloud Field Day and met a whole bunch of other people who were doing this independence influencer writer/trainer mashup of things.

Ned Bellavance:
And I was thinking in the back of my head, I’m tired of consulting and I actually hadn’t at that point moved away from direct consulting at the keyboard, and I was now doing pre-sales and strategy of solutions and stuff like that. Which I thought would be really interesting, but a year in, I was not interested. It’s like slogging it to work every day to talk, to sit in six to eight hours worth of meetings, to talk about solutions and sales targets, and I’m sure that’s all really interesting to somebody and that person is not me. Right. Yeah. I had the pressure of not being super happy with what I was doing, and the opportunity that I saw from the example of what other people were doing that I was meeting, and I was like, “Well, I think I could do something like that, so I’ll give it a shot.” And so yeah. Last year in May I struck out on my own and so far so good.

Mike Pfeiffer:
Awesome dude. Congratulations. I think a lot of people that are in a similar boat often are worried about, is it going to play out? Dan Wallin, who’s been on this show in the past, used to always say to me, way back in the day, this is a really long time ago, maybe five or 10 years. He always used to say, “Just jump. Do the work and it’ll work out. You’ve got to trust the process and you’ve got to go and start chipping away at it.” But it’s pretty fascinating that you have a very similar path that I did. I started out in help desk as well, and I had the same thing. When I started doing more of the, not just consulting but getting paid to write, getting paid to speak, getting paid to teach, it opened up a lot of extra opportunities for me.

Mike Pfeiffer:
And so anybody that’s listening, I think that that’s already a good lesson. But, speaking of Pluralsight, looking at your author profile, what I’ll put in the show notes as well, but you’ve got 13 courses, which is a lot. And there’s a lot of Terraform in here, so I’d love to hear more about what you think about Terraform. Obviously you’re an expert in it, so there’s lots of people listening to show trying to figure it out. If we can get into that.

Ned Bellavance:
Yeah, absolutely. Yeah. Terraform, I think I’ve got three courses specifically on Terraform right now and more coming, because people have requested that I do courses specifically around Cloud providers. So I did one that’s just Azure focused, because the very first one I did was, using AWS as the example, it wasn’t specifically about AWS, but I needed a Cloud to use and that seemed to be the most popular at the time. And then all these people came out of the woodwork and were like, “But I only use Azure, so can you put together a course for me for that?” So I did. And Google Cloud is coming as well.

Ned Bellavance:
In terms of Terraform, why would you use it? Why would you use it over some of the native tooling that exists in the various Clouds? I guess that’s probably a good starting off point is, Terraform is intended to automate the deployment of infrastructure. That’s cut and dry. It’s infrastructure is code. Here’s a tool that can do it. But there’s lots of tools, right? You could script it out with PowerShell. You could use something like Ansible. You could use ARM templates and Azure. You could use Cloud Formation, forget what Google’s thing is called, but they have something similar too. Ironically Oracle Cloud, I don’t how many people know this, but Oracle Cloud uses Terraform. They don’t even have their own native thing they built.

Mike Pfeiffer:
That makes sense. They’re like, “We’re going so fast, we don’t have time to build our own. We’ll just use somebody else’s.” That makes sense.

Ned Bellavance:
Totally makes sense. And I think that gets down to why you might want to consider a tool like Terraform. Two big things is, one, it is Cloud agnostic. Basically it has providers in the form of plugins, and those providers are written and maintained by the various Cloud providers out there. So Azure and AWS help maintain those providers. And so the interaction between Terraform and the providers is only as good as what they put into those providers. But I will say that Azure and AWS especially, have kept super up to date on… Whenever a new feature gets launched in one of those two, it’ll end up in that plugin within a month.

Ned Bellavance:
So now you’ve got something that’s Cloud agnostic. You’re not learning something that’s specific only to AWS, which makes your skills a little more transferable, and you’re finding a common way of doing things. So, yes. I have to use a different provider for Azure and AWS, but I’ve got a common language that I’m learning and a common tool set and framework that I’m using for both. So if I’m stuck in that multi Cloud world, which a lot of us are now, I can use that same tool for either and anything else that comes down the road.

Ned Bellavance:
If you throw Alibaba Cloud at me in a month or something, there’s plugins for Alibaba. So now I can work with that Cloud, still sitting within Terraform and using all of the information and knowledge that I’ve built up from that tool set, but just applying it to a different Cloud. So I think that’s probably the biggest benefit behind Terraform. The second thing is that it was purpose-built exactly for this. It’s not meant to do anything else, and if you try to do other things with it, you’re going to have subpar results. So I like to draw a pretty fine line between infrastructure management and life cycle and configuration management. One is immutable. If I deploy something, that’s the thing that I’ve deployed and if I need to deploy an updated version of that thing, I will destroy whatever it is and deploy a new version of that thing.

Ned Bellavance:
Configuration management is generally dealing with mutable constructs. So I have a server and I want to update the configuration on that server. I’m not going to destroy the server and provision a new one with these updated settings. I’m going to go in and tweak whatever that setting is. I mean, generally, right? You could make an argument for immutable servers, and we probably should, but that aside, Terraform is not a configuration management, and their basic workflow is, hey, if you’ve gotten the servers set up, the networking and the storage and everything else set up with Terraform, it’s time to hand that off to some other tool, which will take that and run with it and do your configuration management. So it has direct integrations with Chef, with Ansible, with Puppet, so it can do that hand off nicely, and let those tools handle what they’re really good at, which is configuration management.

Mike Pfeiffer:
Makes a lot of sense. We see that same pattern with the other stuff too. You mentioned Cloud Formation and AWS. We have ARM templates and Azure as well that are Cloud native to those platforms. You see people using Terraform trying to do it the wrong way, like trying to wedge something in there that shouldn’t be done. To do the configuration management piece. Is that common?

Ned Bellavance:
Yeah. Yeah. Well I’ve seen it. Unfortunately, Terraform included these things called provisioners, and one of them is a remote exec provisioner. So basically, what a provisioner does is, when I create a resource, I might want something else to happen in tandem with that. Like I stand up a virtual machine. I might want to run a couple scripts, or I might want to create a local file that has settings based off of the resource I just created. I can do that well with the provisioner. The problem with remote exec provisioners is, yes. It absolutely allows you to run a remote script on that server you’ve just created, but it’s not a configuration management tool. Once that script has completed successfully, as long as it exited with a zero code, Terraform is happy. And it doesn’t care beyond that. If you update that script in your configuration, it will have to destroy that resource, that virtual machine, and recreate it to rerun that remote exec provisioner. Which is probably not what you’re looking for.

Ned Bellavance:
So yes, people have absolutely gone bonkers with that remote exec and written these complicated bash scripts to bring up their virtual machine, and install all of the applications and software. But really what you want to do with that is just bootstrap it into your configuration management solution, and stop there. And you don’t even have to use remote exec for that. Most of the Clouds support using Cloud-init, or their images. So you just put something in the custom data field for EC2, or it’s custom data for Azure now as well, and Cloud-init will pick that up and run it, rather than doing a remote exec. Because that actually requires SSH or WIN RM access to the server because Terraform is literally connecting via SSH or WIN RM to run those scripts in a shell.

Mike Pfeiffer:
Yeah. So now you’re opening up ports and you’re wedging this script in, it’s not item potent. So if it runs, once you run it again you’re going to get completely different results potentially. Yeah, it makes a lot of sense. I’m fascinated by the fact that Terraform, or at least HashiCorp I should say, is to your point earlier, able to keep up with Azure and AWS. Because in the earlier times I was like, “Oh, yeah, right. Like anybody’s going to be able to keep up with these guys because they move so fast.” It’s interesting that they actually convinced to Microsoft and AWS to contribute. That’s awesome.

Ned Bellavance:
I first saw it with Microsoft actually, going to Ignite and watching the demos. There were multiple demos where someone from Microsoft was onstage using Terraform instead of an ARM template. So that let me know that it’s super popular with them as well. And so they have people on staff that are willing to put in the effort to keep the plugins up to date.

Mike Pfeiffer:
Yeah. And then it gives you confidence as an infrastructure developer that… Put all the eggs in that basket so to speak, that you’re not going to get the rug pulled out from underneath you, because the vendors themselves, Microsoft and Amazon, are involved with HashiCorp. And it seemed like Microsoft was eyeballing them before HashiCorp raised their last big round, or whatever it was, a year or year and a half ago. It seemed like [inaudible 00:12:00].

Ned Bellavance:
There were rumors flying. I may have started some of those rumors, I don’t know. But that was definitely a conversation I had at Ignite, and I had with multiple people about HashiCorp and I was like, “When is Microsoft just going to buy them?” Because they had built tooling to use Terraform, and then they had actually the image builder, or Azure uses Packer, which is another HashiCorp product. So Packer is tightly integrated with their image builder. And I feel like there was another integration that happened as well. Oh, the console software you can now deploy managed console clusters in Azure, and it’s managed by HashiCorp, but you’re purchasing it directly through the Azure portal, and it does that vignette peering thing, so you can present your console cluster to whatever vignette you want.

Ned Bellavance:
I was like, “That is a seriously tight amount of integration between those two companies.” A little too close, but so far nothing has happened and I suspect that HashiCorp wants to keep Microsoft at arms length. Because they work with so many other Clouds, they don’t want to get into that issue that if they are bought, some of the other Clouds might back off and not adopt their product set.

Mike Pfeiffer:
Got it. Yeah, makes sense. I want to talk more about Terraform, but I want to come back to it because I know that you just coauthored an AKS book, so Azure Kubernetes service, and I know that very well because I was one of the tech reviewers. I got to read it for free before anybody else. So that was an awesome release, and I would love to hear about the process of writing the book, but also AKS itself. What should people start thinking about in the field? And all that kind of stuff.

Ned Bellavance:
Sure. Kubernetes, you can’t escape it, right? Every podcast I feel like I’ve done in the last six months, someone has said the word at least, even if that wasn’t the central topic. Which is… A part of the reason I decided to write the book with two other authors. So Jonaka and Steve Buchanan, we wrote the book together, and they actually invited me on board. So Steve and Jonaka had both written books before and they were looking for a third author, because it’s a lot of work, to write a book. As I’m sure you know, because you’ve published books before.

Mike Pfeiffer:
It’s painful man. Especially those word templates. I just want to jump out the window.

Ned Bellavance:
Oh yeah.

Mike Pfeiffer:
I mean, it’s 2020, are we using Word templates still to write chapters?

Ned Bellavance:
We are.

Mike Pfeiffer:
Why are we doing that?

Ned Bellavance:
And it’s awful.

Mike Pfeiffer:
Can we use Markdown please? Markdown works. It’s awesome. But anyways, I’ll stop.

Ned Bellavance:
Yes. I can get up on that soapbox too and perhaps I will in a moment. But they invited me on and they’re like, “Look, it’s going to be nine chapters. We just need you to sign on to do three.” And the more I thought about it, I realized that throughout my consulting career, I had written small books for different clients that I’d done work for. Because a lot of the time the deliverable was not only what I just deployed for them, but a primer on how to use it. Because a lot of times they didn’t know and they weren’t willing to read the documentation online, or the documentation wasn’t great and it wasn’t specific to their universe. So instead I’d end up writing a hundred page documents that outlined, hey, here’s how you do six basic tasks in addition to the actual design that was implemented.

Ned Bellavance:
So I thought I had enough shops from a writing perspective to be able to do the three chapters. And for me it was a great experience. I handled the CICD portion, the Helm deployment portion, and the integration with container registries, in particular Azure’s container registry. So I did those three chapters. I knew something about all three of those, but in the course of writing each chapter, I learned a ton more about each of those topics, which is what generally what happens when you teach something, is you end up learning way more about that topic than then you knew. And you realized all the assumptions that you made about it. So hopefully I did a good job on those three chapters. And reading through the book, it seems like they all mesh pretty well. None of our writing styles are so distinct that you’re like, “Oh, that’s totally written by Steve, and that one’s by-”

Ned Bellavance:
So distinct that you’re like, “Oh, that’s totally written by Steve and that one’s by Ned.” It helps that we’re doing technical writing, which doesn’t lend itself quite as much to crazy personality shifts.

Mike Pfeiffer:
Yeah. I’m really glad that you brought up the point about basically starting before you’re ready, because I think that there is kind of the illusion, right, that we all know all this stuff right off the top of our head and go and record a course on it or write a book about it, but the truth is, to your point, you actually learn a ton about this stuff along the way and I think that a lot of our listeners might be interested in doing some of this stuff, but they might be waiting till they’re ready, but to your point, I’m not just going to jump into the deep end of the pool, right?

Ned Bellavance:
Yeah, absolutely. I’ve had this conversation before about, you don’t need to be an expert to teach something, you just have to be able to teach and explain well and be able to understand the concepts. And everything else is just getting that communication across to the learner. They’re expecting you to know more than they do, which, especially for a beginning course, it’s not hard or an introduction book, it’s not hard to know more than that person because they’re usually coming to that material not knowing anything. So you just have to be a few steps ahead of them. But really they want someone to break down concepts in a way that’s digestible for them and that they can go back and refer to as they learn more and more about a particular topic. So as long as you structure your book or your course or whatever in that way and make it an enjoyable experience for the reader or listener, the fact that you’re not a complete expert who wrote the software yourself or anything, that doesn’t really matter so much.

Mike Pfeiffer:
Yeah. That’s awesome. And the other thing I wanted to ask you was, obviously you had a little bit of writing experience before that, was that something that you had to, did it come natural or did you build up writing experience in the consulting business over time? Or kind of how did that play out for you?

Ned Bellavance:
I’ve always been a writer so that was definitely playing in my favor to a certain degree. It’s funny, right out of high school, I went to get a computer engineering degree and I lasted one year because computer engineering is really hard and if you’re not an engineer, you’re not of that mindset, you’re going to wash out pretty quickly. So I was like, “Oh, I love computers, I’ll be an engineer.” And after a year I was like, “I want to do something else.”

Ned Bellavance:
And I did end up going back and getting my computer science degree at a certain point, but that was like 10 years later. But while I was in that engineering course, we had to take a creative writing course, which is hysterical when you drop a bunch of engineers into a creative writing course and you hear like, “Here Heart Of Darkness, read that and write me an essay on it.” And I think it became obvious pretty quickly that I was better suited for writing an analysis of Heart Of Darkness than I was about doing complex differential equations. And my English professor at the time basically told me that. He’s like, “You are probably a writer. I know you’re doing this engineering thing, but you might want to reconsider.” And I was like, “Nah, I’m totally down. I’m totally into this.” And he was totally right.

Mike Pfeiffer:
That’s cool. Not everybody can do both because now you’re doing both. Right? So you’re kind of straddling the fence, but it’s 20 year career. So it’s not like it just happened overnight, which is another thing.

Ned Bellavance:
Yeah. Yeah. That myth of the overnight overnight success that takes 10 or 20 years, yeah, that’s 100% me. Yeah.

Mike Pfeiffer:
Yep. Same here. All right. So going back to Terraform, so a lot of people are looking at this as an alternative to things like CloudFormation and especially ARM templates because of the verbosity of infrastructure templates from the native landscape. Right? So ARM templates probably get beat up the most because of the JSON is extremely verbose. Is there merit in actually knowing that though and also dabbling in Terraform?

Ned Bellavance:
So I can say that I’ve done all three and JSON is the devil, only slightly worse than YAML, and I’ll probably get lots of hate mail about that. YAML, I just find it confusing. It doesn’t make intuitive sense to me. JSON makes sense to me but like you said, it’s so verbose that it’s impossible to read. And I feel like HashiCorp’s configuration language strikes a nice medium balance between the two. It’s not as verbose as JSON, it’s not space based like YAML, so you don’t end up with, “Oh, why doesn’t this work properly? Oh it’s because you hit space bar too many times.” I know linters tried to do what they can for that, but sometimes they miss it too.

Ned Bellavance:
But I think there’s still merit in understanding, especially on the RN template side, what’s actually going on in the background because there are occasionally features that don’t yet exist in Terraform and if you really want to take advantage of those immediately, there’s actually an ARM template resource in Terraform where you can point it at an ARM template that creates whatever that resource it is and it’ll fire off that ARM template and deploy that resource and then whenever it gets baked into Terraform, now you can switch back to using that instead. But you do have that stop gap measure. And, for me, I just think it’s good to understand how the various different tools work in case you’re thrown into a situation, especially in consulting where your customer only uses ARM templates or only uses CloudFormation. You don’t want to be caught flatfooted and say, “Well, I don’t know how to use either of those things.”

Mike Pfeiffer:
Yeah, I couldn’t agree more with that because, especially if you look at what Azure is doing with all the governance stuff, blueprints, and they’ve got a lot of stuff just in the marketplace where, and AWS too, with CloudFormation like if you’re getting into the marketplace or you’re doing blueprints or the governance stuff, then it’s kind of like, “All right, I got to play the game a little bit with ARM templates and that kind of stuff.” Me, since I grew up with JSON in an infrastructure as code paradigm, to me it’s not as bad, but I do agree with you on the YAML stuff. It’s just like one space can flip everything off.

Mike Pfeiffer:
I mean, at least with, I don’t know. I mean they’re both kind of interesting. I do agree 100000% that the HashiCorp language syntax is way easier to just look at and understand that there’s a no brainer there. But what do you think in terms of Microsoft’s going to do with things like blueprints and stuff that’s kind of tightly coupled right now with ARM templates? Do you think they’re going to help us with that and point to Terraform at some point?

Ned Bellavance:
Yeah, that’s interesting. I recently did a course for Pluralsight that was about security policy and it covered sort of the view of governance and compliance, and Azure policy and Azure blueprints were all part of that, so I got the dive into that a little bit and actually mess around with blueprints. I think blueprints are what was missing from ARM templates at the beginning because an ARM template, once you deploy it, that’s pretty much it. You can kind of iterate on it, but it’s a little bit difficult. It doesn’t have an idea of a state file or anything like that, so it’s difficult to maintain it. As opposed to like CloudFormation, you have stacks and those stacks can be updated and you can see what the change is going to be before you apply it and same thing with Terraform. Azure didn’t really have something quite like that, which I think might be why they clombed onto Terraform so quickly.

Ned Bellavance:
As your blueprints brings that into the fold a little bit because you can rev your ARM templates, you can deploy a new version of it, you can kind of see what the changes are going to be before you apply it through the blueprints. So that’s pretty cool. And then you can also tie in Azure RBAC and policy into that blueprint. So now, not only am I deploying resources using this blueprint, I’m also setting up the proper security compliance and policies to go along with that infrastructure. So I know that I’m closer to whatever that requirement is, whether it’s PCI, DSS, or I’m doing something with the government and it needs to be fed ramp or something like that. I think it’s a really interesting product and I’m excited to see it more baked. I think it’s still in preview. It’s in public preview, but I think it’s still a preview feature.

Mike Pfeiffer:
It’s still super early for blueprints. The other thing that I just thought of when you were talking about that is that Azure policy itself is JSON, if you get into custom policies and all that kind of stuff, you’re writing JSON there too. So it’s like right now on Azure, get comfortable with JSON as kind of the big takeaway if you’re getting into blueprints and stuff. But with Terraform, number one, well let’s talk about Terraform and their certifications because that might be an edge for a lot of folks out there that are already maybe messing with Terraform, but might not know that their certs… You’re the one that actually told me about this like right before the end of the year last year. What’s going on with the Terraform certification?

Ned Bellavance:
Yeah, so as HashiCorp matures as an organization, they do acknowledge that people like to get certifications and Terraform has reached the point where they want to have a certification specific to it. So they started developing one last year, they announced it, they’ve been doing beta testing of the questions. I don’t know exactly when it’s going to become generally available, but it’s definitely going to be at some point this year, probably the first half of this year. So it’s going to be the Terraform certified associate will be the first certification they have and I’m sure they’re going to have a professional level or some higher level certification after that. So that is coming.

Ned Bellavance:
In order to prepare for it, they’ve published a list of objectives and sub objectives of what’s going to be in that certification and it’s not meant to be like an NCSC level certification, this is more of like an AZ-900 or something a little higher than that where you should have played around with it on a dev box a little bit, you should have read the documentation, you should be comfortable with the basic workflow of Terraform, but the more advanced concepts and weird situations that you would only get into working in teams and doing massive deployments, it’s not going to test on that kind of stuff. So it really is like core functionality, do you understand Terraform, what it’s meant to do? To that end, I’ve started writing a certification guide with Steve Buchanan and [Aiden Irmi 00:25:45] centered around being able to at least prepare for the certification and we based it off the published objectives and our collective knowledge on Terraform. That should be coming out, oh, I don’t want to say dates, but relatively soon we’re going to publish it through Leanpub.

Ned Bellavance:
So to kind of circle back to our whole conversation about Word templates versus Markdown, we published the AKS book through Apress and the experience with Apress was great. They’re great people, I have no complaints about them, yes, they, like many other publishing companies still use Word templates as their de facto standard for writing, which Word is difficult and fonts can be tricky and the formatting could bite you. As anyone who’s worked on a complex Word document that’s been through several revisions knows, you format it and it doesn’t format right and there’s no way of telling why because it’s not exposed to you. Markdown is so much simpler to write in. You know when you do something, how it’s going to render, it’s easy to preview that render. None of the formatting stuff is abstracted away from you so you feel like you’re in charge a little bit more and you don’t have to fire up Microsoft Word to do it. So…

Mike Pfeiffer:
If I was ever going to write another book, it would be like that in Markdown, probably through Leanpub because to your point, man, it’s just insanely painful. If we’re talking about devil, like the format of JSON being a devil then so is Word for writing books.

Ned Bellavance:
Yeah. At least JSON, you have a linter to tell you where you got it wrong. Word’s just like, “No, I’m not going to do that for you. Whatever.”

Mike Pfeiffer:
So maddening, if I had hair, I would have ripped it out by now with some of the fighting with Word templates and stuff. But in terms of all of your other Pluralsight courses, I also noticed that you had a HashiCorp Vault. A lot of people listening may not even be familiar with that service, but I’ll let you kind of get into that. But one of the common questions I always get is, “Vault or Azure Key Vault. What should I do? Is there a pros and cons?” So maybe we can get into that?

Ned Bellavance:
Yeah, sure. I’d love to. So, that’s probably the most app comparison, if your listeners are familiar with Key Vault or they’ve used KMS on AWS, those would be the two services that most closely align to what HashiCorp’s Vault product does. It’s essentially a secret’s life cycle management. So they kind of have this, use Terraform to build it, use Vault to secure it, and then they have the Console product and Nomad product are their other two big ones that we don’t have to get into. But those are other aspects of application life cycle management.

Ned Bellavance:
So Vault is meant to basically handle secrets, be able to store them securely, provide authentication mechanisms for anything that wants to get access to a service, as well as encryption on demand. So I want to encrypt this thing before I send it to somebody else and then they can decrypt it. You can do that all through Vault. All this sounds very similar to what you might do with Key Vault. Again, some of the reasons you might use it are similar to Terraform. It’s cloud agnostic, you can deploy Vault wherever you want and pretty much on whatever you want. It runs on Windows, it runs on Linux because it’s a go binary. So it’ll just run wherever you need it to run. And it also can run in containers. There’s a helm chart for deploying Vault.

Ned Bellavance:
So if you want to spin up a Vault cluster that has best practices already baked in, just use the helm chart and you’re already ahead of the game to a certain degree. So, I thought it was a really interesting project and because of my experience with Terraform, I thought “Hmm, Vault seems like a really good add on to that and I want to get deeper into it.” So once again, without knowing a ton about Vault, I signed on to do a getting started course. Over the course of developing it, I learned a ton about Vault and how it works and basing off of my experience with other similar solutions, I was able to create what I think is a pretty good getting started course. There’s also HashiCorp in addition to working on a Terraform certification is also working on a Vault certification at the same time and they’ll probably launch around the same time as well.

Ned Bellavance:
So if you’re interested in products and getting certified and maybe want to get a leg up, Terraform Vault are probably great places to start. There’s some interesting integrations between Vault and Key Vault, especially with the way that Vault gets sealed and unsealed. The concept of sealed is basically Vault is always encrypted and when you shut it down, it gets encrypted using a seal key that can either be composed of any number of fragment keys that get put together to form the full key that gets the Vault decrypted. So think of a situation where you have three key holders that are separate people and when Vault gets shut down, if you want to bring it back up, all three of those people have to individually connect to Vault and submit their key. And once all three keys have been submitted, now Vault is unsealed again and ready for use. That makes it super secure. Also, if you have to restart Vault, that’s a huge pain in the butt.

Mike Pfeiffer:
It kind of reminds me of all the 80s movies where they’re in the White House and it’s time to fire up the nukes and you got to have all the different keys to like say, “Yes, let’s go.” It kind of reminds me of that.

Ned Bellavance:
“Turn on three. One, two…” Yeah. So it’s sort of like that. That’s difficult to constantly arrange. So what they did is they added this auto unseal feature that can use Key Vault or KMS or an on premises HSM to provide that unseal capability. So it has to be launched in Azure and have access to… Well it doesn’t have to be launched in it, but it has to have access to Key Vault to be able to go and get that key and unseal the Vault. If it can’t get to that, because someone stole your Vault data and is trying to fire it up on some rogue machine, that rogue machine can’t get to Key Vault to grab the keys and do the unseal process. So it’s still secure, but if you reboot Vault, it auto-unseals itself when it comes up. So you don’t have that difficulty of, “Hey, we’re going to do this so everybody get online and get ready to enter your keys.” It’s a little more straight forward. So there is some interaction there. But yeah, you can use either solution for your secret’s management, and if you’re planning on doing things the…

Ned Bellavance:
[inaudible 00:32:00] solution for secret’s management, and if you’re planning on doing things that are outside the world of just Azure, it might make a lot of sense to explore Vault and you know it works well with Kubernetes. So there you go. There’s nice tie in there.

Mike Pfeiffer:
Yeah, definitely. It’s a good integration point. And then it’s really interesting, this concept of these key vaults because I think it’s a new thing for a lot of people. I think a lot of people have traditionally not really thought about centralized secret and key management. So I think the integration key vaults in all of the different Azure services is really cool. Like the references from app service and Azure dev ops and things like that.

Mike Pfeiffer:
And so maybe we’ll get some hooks with Vault at some point. We’ll see what happens, I guess. But one of the things I would love to ask you about is obviously you’re covering multiple clouds. That’s not easy to do. Is that something that people should start thinking about more, that are out in the field? Obviously you’re now looking at lots of stuff. You mentioned Google, but you’re obviously very on top of AWS and Azure. Is that what other people should start to maybe do as well to kind of leave themselves less vulnerable in the job marketplace?

Ned Bellavance:
I would say if your plan is to be a cloud infrastructure person, yes. You know, if you’re in Azure today, I’m not saying you have to become an AWS expert or a GCP expert, that would be extremely difficult and potentially impossible to be an expert in all three because there’s so much information. But having a general knowledge of how each one works and what the analogous thing is in Azure to AWS for instance, you know, “Okay, I want to run RDS in AWS. Okay, I got my SQL database. This is awesome. What’s the version of that in Azure?”

Ned Bellavance:
Well, you might say Azure SQL and that’s kind of true, but there are some distinct differences. So understanding that, here’s the analogy between the two clouds and here’s some of the key differences. Even if you’ve haven’t deployed it yourself or worked directly with it, just understanding that will help you in architecture discussions and determining workload placement and those types of things. So I think it’s good to have a beginner level knowledge in all three.

Ned Bellavance:
So if you can get the associate level cert in all three or just the beginner level cert, that’s going to serve you really well. And then really invest your time in learning one of them really well, the one that makes sense for whatever you’re doing at work. So if you’re at a company that is very focused on Azure, that’s probably where you should invest your time.

Ned Bellavance:
If you’ve just joined a startup that’s fully integrated with AWS, yeah, that’s probably where you should focus as well. But knowing that you have this other knowledge to fall back on, so say you’re at that AWS startup and as they grow, Microsoft comes along and they’re like, “Hey, you know, if you came over to Azure, we got some startup money we could kick to you.” And they’re like, “All right, move everything to Azure.” You want to be not caught completely off guard by that. You want to at least have some idea of how that might work and then you can learn as you go.

Mike Pfeiffer:
Yeah, I really agree with that. I think that it’s important for people to pay attention to the other stuff that’s happening in industry even if you’re not using it. We always used to tell people that back in the early days when we were trying to get people interested in PowerShell, because it was such a big deal in the Windows world, and it’s like even if you’re not using things like PowerShell DSC, you should still kind of pay attention to it. And I think now 10 years later or whatever it is, six, seven years later or something like that, I think the same way man. It’s like you’ve got to pay attention to what the other folks are doing and then like you said, once you get good with one, it’s easy to pick the other one up or easier to pick the other one up.

Mike Pfeiffer:
Do you see, since you are teaching so much, common patterns with people getting stuck on stuff? Is there any consistent themes of people running into like a common roadblock that you’re finding yourself constantly helping people get past?

Ned Bellavance:
I think sometimes it’s some of the basics that they’re not up on that are outside the realm of what we’re learning, but they just don’t know it. So one of the most common roadblocks that people run into is they’re a Windows person and they’re starting to work with some of the Linux stuff that’s in my courses and they immediately get roadblocked on, “I don’t know how to SSH into this thing. I don’t know how to configure a service on Linux. I don’t know how to create keys.” And yeah, there’s a bunch of tutorials out there, but that’s the first thing that they get stuck on is just the basic skill sets around a couple of different operating systems and they don’t have that base level knowledge because they’ve only ever played with Windows or they’ve only ever played with Linux in and playing on Windows, windows is very different.

Ned Bellavance:
So I’ve seen it kind of cut both ways. So in the same way that you asked like should they know a bit about each cloud? I think they should know a bit about both operating systems and how they function. Again, you don’t have to be an expert, you don’t have to have the red hat expert level certification, but just knowing how to navigate around an operating system and check on the status of services, look at what processes are running, knowing how to install an application using a package manager, like those are all things that everyone should probably understand if you’re going to be in any kind of ops or infrastructure role. And then if you need to go beyond that, there’s usually someone at work or an online resource you can tap to take you further.

Ned Bellavance:
But I feel like if you didn’t study the fundamentals, then you’re going to get stuck on a lot of trainings that assume you know those fundamentals.

Mike Pfeiffer:
Yeah. It’s one of those things where I’ve done lots of Linux demos or at least had Linux in demos and I’ve seen the fear on people’s faces because they’re Windows focused, right? But there’s been stories online where it’s like over 60% of Azure VMs are Linux, and then you’ve got the Azure SQL team basically saying, “We’re not going to build this stuff for Windows anymore.” It’s kind of like Windows is being de-emphasized.

Mike Pfeiffer:
It was even interesting when Server 2019 came out. There used to be a big party when a new Windows operating system came out. I didn’t hear anything about 2019. So it kind of seems like that’s the direction this is all going, right?

Mike Pfeiffer:
We were talking about cloud and knits, cloud and knit at the beginning of the call. That’s a Linux thing, right? So a lot of the Windows folks that are only looking at Windows are probably like, “What does that even mean?”

Ned Bellavance:
Mm-hmm(affirmative).

Mike Pfeiffer:
It’s time to start ramping up a little bit on Linux, it sounds like.

Ned Bellavance:
And just to put it in context there, I did not start out on Linux by any shape of the imagination. I started out using Windows in my career from NT35 all the way up to the current version. That was my primary focus. That’s what I did as a CIS admin for years, was working with VMware and Microsoft. And so Linux was not something I was even introduced to until probably 10 years into my career.

Ned Bellavance:
And it was because I went to a larger organization that had a dedicated Linux team and I needed to interact with them. And one of the gentlemen there was really nice and took me under his wing and started me out with some basic stuff like, “Okay, here’s how you look at the directory structure, here’s Vim, learn how to use Vim.”

Ned Bellavance:
And I was like, “This is arcane and bizarre.” And he’s like, “I know, but it’s going to be on every system that you ever log into. So it behooves you to at least know how to navigate around it.” And just all those little things that you pick up along the way. So I was lucky enough to have someone who took me under their wing and sort of showed me the ropes on how to use this. And even though it wasn’t my daily driver, I at least gained some knowledge. So it wasn’t completely terrifying.

Ned Bellavance:
But even now, like if someone tells me I need to do it on Linux, a little bit of me is like, “Oh God, I don’t know what I’m doing.” And I have to take a step back and go, “No, okay, you’ve figured this out. You’re at a point where you should be almost as comfortable doing something on Linux as you are on Windows.”

Ned Bellavance:
I don’t know if I’ll ever get to that point, but in the back of my mind, I try to cheerlead myself on. So if other Windows admins are feeling that way, don’t worry, you’re not alone. We all kind of feel that way. But the reality, like you said, is some 60% or something of workstations or VMs are running Linux in Azure. I’m sure the percentage is even higher in AWS. That’s just the reality of the world that we live in. And you need to be able to use both.

Mike Pfeiffer:
It’s funny because I started with Windows as well, Windows only and I’m starting to get rusty with it I’ve found because on a client side, I’ve been using a Mac for the last couple of years and I’ve been doing less and less Windows server work over the last six years because I’ve been doing so much cloud stuff and more code focused projects and things like that.

Mike Pfeiffer:
I’m getting rusty on Windows now. I noticed a couple of weeks ago I was doing some demos on there and I’m like, “I can’t find anything I’m looking for here on Windows Three 2019” so it’s kind of going the other direction now, which is kind of funny.

Ned Bellavance:
Yeah, I don’t think I had spun up a Server 2019 box until November of last year, even though it had been out for a year. There had just been no call because all of my coursework and a lot of my personal projects have all been Linux-based recently. So I’m becoming much more proficient on Ubuntu than I am on Windows Server and when I need to find something, it’s not where I left it back in, you know Server 2016 which was the last one I was really baked into.

Ned Bellavance:
So I have to go search around 2019, “Where’s this thing again? What? Oh okay. All right. It’s there now. That’s fine.”

Mike Pfeiffer:
I’m in the same boat. The other day I actually spun up a server 2012 on accident because I’d launched an arm template and then I realized, “Oh the thing was hard coded for 2012” but I was amazed at how much faster it was like RDP didn’t do it and it’s just like snappy. And it’s so much different than 2016 and 2019. It’s like you click on stop and it’s just like it takes a minute for it to come up. And part of that is like maybe I didn’t pick the right VM size, but you know what I mean? It’s just … I’m not bashing Windows. I’m just saying that I think the era of Windows Server operating system reigning IT is obviously gone out the window. So anybody listening that’s just Windows Server focused only because there’s still a lot of that out there, it’s not panic, don’t panic, right?

Mike Pfeiffer:
But it’s like start doing what Ned is talking about. Start paying attention to some of the other things that are out there.

Ned Bellavance:
And I think part of what accelerates that is that Microsoft’s health is no longer directly tied to the Windows operating system.

Mike Pfeiffer:
That’s a great point.

Ned Bellavance:
Because they’ve become a services company, they need to sell Azure, they need to sell Office 365 and that’s pretty much it. Like yes, they still need to sell … The Windows desktop client is still super important to them. But I think like you said, Windows Server, when 2019 launched, you barely knew there. Was no giant party with balloons and confetti cannons and you know all that kind of jazz. It was maybe like a hot dog party in the back of someone’s office like, “Hey, we could only afford dill relish. That’s all we got.”

Mike Pfeiffer:
Right.

Ned Bellavance:
So yeah, it was very anticlimactic and I think that’s fine. Ah, they’re focused on what Windows Server can do for them within Azure basically. So all of Azure runs on HyperV so and Storage Spaces Direct. So their primary focuses are not on client facing stuff in Server. It’s how can we make HyperV better and more efficient? How can we make sports Storage Spaces and Storage Spaces Direct more efficient and how can we improve the networking stack because that is what the majority of our servers are running and doing in Azure? And that’s the thing we really need to concern ourselves with.

Ned Bellavance:
So if you look at all the major improvements in 2019, those are the three and it’s because of Azure.

Mike Pfeiffer:
I just want to ask you one last question and then we’ll wrap it up. What’s the best career advice you’ve ever gotten?

Ned Bellavance:
Oh, the best career advice I ever got. Wow, okay. So there’s probably two. One and I’m quoting it is, “What the hell are you doing here?”

Ned Bellavance:
And that was … so I mentioned that I went into computer engineering and dropped out because it hard and I was working in retail part-time and ended up working in retail full time and I was a store manager at a retail store. And one of my part-time sales associates, he was 17, senior in high school getting ready to graduate, looks at me and goes, “What are you doing here?”

Ned Bellavance:
And I was taken aback by this young upstart kid. Asked, “What do you mean what am I doing here? I’m running the store.” But then I thought about it and I was like, “Oh God, what am I doing here? I need to get out.”

Mike Pfeiffer:
That’s hilarious.

Ned Bellavance:
That was the best career advice I got from him. And I guess the other big piece, I don’t know if there’s a specific person that told me this or if I just kind of learned it over time, was “Find someone who’s doing what you might want to do and interact with them.”

Ned Bellavance:
And with Twitter and all the other ways that you can interact with people, it is not hard to just reach out and talk to somebody. Like I loved some of the stuff that Keith Townsend, the CTO advisor, I loved what he was doing and I just reached out on Twitter with like a DM and I was like, “Hey, I have some questions.” And he was so gracious and so helpful and kind of of giving me direction and pushing me in the right ways. I found that as more the rule and not the exception when it comes to talking to different people in IT, is so many people want to share and be helpful and they’re excited to help mentor someone.

Ned Bellavance:
So if you’re in … if you’re looking to advance your career, find someone who’s doing what you might want to do and just reach out to them. The worst they can say is, “I’m too busy” or “No thanks.”

Mike Pfeiffer:
It’s good advice man, because a lot of us are isolated in this IT job. A lot of us work from home too, so it’s easy to get stuck in your own head. So I love that advice. So coming out of the show, where should we be looking at for the stuff you’re building? You’ve got a website, you’ve got a podcast, you’re doing Pluralsite stuff, what do we need to focus on to keep up with you?

Ned Bellavance:
So you can always find out what I’m doing on my website. It’s nedinthecloud.com so that should be pretty easy to remember. On Twitter. I’m Ned1313, so if you want to follow me, my DMS are open. If you have questions, you know, getting back to the … I want to give back as much as people have helped me.

Ned Bellavance:
And then the podcast is DayTwoCloud. The website for that is daytwocloud.io, two is spelled out, T-W-O, and we deal with, you know what happens when cloud stops being polite and starts getting real and look for that. You know I got the AKS book out and the certification guide for Terraform, maybe like a month or two, I should have that out as well. So a lot of interesting stuff going on and I’m happy to talk to anyone about any of those things.

Mike Pfeiffer:
You’re a busy man, Ned.

Ned Bellavance:
Too busy.

Mike Pfeiffer:
I’ll link up all that stuff in the show notes. I really appreciate you my friend. Thanks for being on the show and maybe we’ll see you again on another episode later this year.

Ned Bellavance:
Yeah man, you bet. Thanks for having me.

In this episode I chat with fellow Pluralsight Author and MS MVP Ned Bellavance about working with Terraform, Packer, ARM Templates, Multi-Cloud, and much more.

Ned is an IT professional with almost 20 years of experience in the field. He has been a helpdesk operator, systems administrator, cloud architect, and product manager. In his newest incarnation, he is the Founder of Ned in the Cloud LLC. As a one-man-tech-juggernaut, he develops courses for Pluralsight, runs two podcasts (Day Two Cloud and Buffer Overflow), and creates original content for technology vendors.

Ned has been a Microsoft MVP since 2017 and holds a bunch of industry certifications that have no bearing on anything beyond his exceptional ability to take exams and pass them. Ned has three guiding principles: Embrace discomfort, Fail often, Be nice.

Full Transcript:

Mike Pfeiffer:
What’s up everybody? It’s Mike Pfeiffer. Welcome back to another episode of Cloud Skills FM. Super pumped for this episode. Today we’ve got Ned Bellavance, fellow Microsoft MVP, Pluralsight author, fellow podcaster and fellow cloud technologist. Ned, what’s up, man?

Ned Bellavance:
Man, it’s like we’re brothers from another mother. How about that?

Mike Pfeiffer:
Yeah, we’re definitely doing a lot of the same stuff. So how are you doing? And also maybe let everybody know your background, what you’re working on these days.

Ned Bellavance:
Oh yeah, sure. So, I’m doing great. Life is good. I’m really enjoying the winter weather up in Pennsylvania. I’ve been doing IT for almost 20 years. I started out as a CIS admin… Well, as a help desk person, then moved to CIS admin, and then bigger CIS admin roles, which then rolled me into consulting, because that’s… It seems like the natural progression that I’ve seen for lots of people. I think you had a similar trajectory there.

Mike Pfeiffer:
Yeah, yeah. I’m already… We are brothers from another mother. It’s true.

Ned Bellavance:
And then once I got sick of the consulting thing, I went into business for myself doing Pluralsight courses, writing, doing training and all that stuff. It was the next logical step, and I don’t know what the next logical step would be beyond that. No idea that this was going to be the next step. So it’s constant churn of career development, and I enjoy that. I think for some people the uncertainty of the career path for an IT person could get a little scary.

Mike Pfeiffer:
Yeah. And I really like that you touched on that because I think there’s a lot of people listening, and I know this from past experience, that they’re interested in what you’ve done, and what I’ve done and really getting out of the traditional corporate framework to go off and take your experience and do your own thing. It’s insanely… It’s just pretty liberating. Right? And it’s cool to be able to pull it off. And I guess I’m curious, number one, what made you decide to do it? Was it just personal freedom? You wanted to run your own thing, or what was the backstory on that?

Ned Bellavance:
Yeah. I think there were obviously a number of factors. One was that I started doing Pluralsight courses while I was still in consulting, as just a way to add a little income on the side. And it was something I was curious about doing. I’d watch some courses and I was like, “Oh, I think I could do something like this.” And I talked to someone at the Pluralsight booth adds in expo, and they’re like, “Totally. Yeah. Just email us and we’ll take you through the authoring process of auditioning and all that.” So I was already doing that. And then I got hooked up with the Tech Field Day crew, and started going to Cloud Field Day and met a whole bunch of other people who were doing this independence influencer writer/trainer mashup of things.

Ned Bellavance:
And I was thinking in the back of my head, I’m tired of consulting and I actually hadn’t at that point moved away from direct consulting at the keyboard, and I was now doing pre-sales and strategy of solutions and stuff like that. Which I thought would be really interesting, but a year in, I was not interested. It’s like slogging it to work every day to talk, to sit in six to eight hours worth of meetings, to talk about solutions and sales targets, and I’m sure that’s all really interesting to somebody and that person is not me. Right. Yeah. I had the pressure of not being super happy with what I was doing, and the opportunity that I saw from the example of what other people were doing that I was meeting, and I was like, “Well, I think I could do something like that, so I’ll give it a shot.” And so yeah. Last year in May I struck out on my own and so far so good.

Mike Pfeiffer:
Awesome dude. Congratulations. I think a lot of people that are in a similar boat often are worried about, is it going to play out? Dan Wallin, who’s been on this show in the past, used to always say to me, way back in the day, this is a really long time ago, maybe five or 10 years. He always used to say, “Just jump. Do the work and it’ll work out. You’ve got to trust the process and you’ve got to go and start chipping away at it.” But it’s pretty fascinating that you have a very similar path that I did. I started out in help desk as well, and I had the same thing. When I started doing more of the, not just consulting but getting paid to write, getting paid to speak, getting paid to teach, it opened up a lot of extra opportunities for me.

Mike Pfeiffer:
And so anybody that’s listening, I think that that’s already a good lesson. But, speaking of Pluralsight, looking at your author profile, what I’ll put in the show notes as well, but you’ve got 13 courses, which is a lot. And there’s a lot of Terraform in here, so I’d love to hear more about what you think about Terraform. Obviously you’re an expert in it, so there’s lots of people listening to show trying to figure it out. If we can get into that.

Ned Bellavance:
Yeah, absolutely. Yeah. Terraform, I think I’ve got three courses specifically on Terraform right now and more coming, because people have requested that I do courses specifically around Cloud providers. So I did one that’s just Azure focused, because the very first one I did was, using AWS as the example, it wasn’t specifically about AWS, but I needed a Cloud to use and that seemed to be the most popular at the time. And then all these people came out of the woodwork and were like, “But I only use Azure, so can you put together a course for me for that?” So I did. And Google Cloud is coming as well.

Ned Bellavance:
In terms of Terraform, why would you use it? Why would you use it over some of the native tooling that exists in the various Clouds? I guess that’s probably a good starting off point is, Terraform is intended to automate the deployment of infrastructure. That’s cut and dry. It’s infrastructure is code. Here’s a tool that can do it. But there’s lots of tools, right? You could script it out with PowerShell. You could use something like Ansible. You could use ARM templates and Azure. You could use Cloud Formation, forget what Google’s thing is called, but they have something similar too. Ironically Oracle Cloud, I don’t how many people know this, but Oracle Cloud uses Terraform. They don’t even have their own native thing they built.

Mike Pfeiffer:
That makes sense. They’re like, “We’re going so fast, we don’t have time to build our own. We’ll just use somebody else’s.” That makes sense.

Ned Bellavance:
Totally makes sense. And I think that gets down to why you might want to consider a tool like Terraform. Two big things is, one, it is Cloud agnostic. Basically it has providers in the form of plugins, and those providers are written and maintained by the various Cloud providers out there. So Azure and AWS help maintain those providers. And so the interaction between Terraform and the providers is only as good as what they put into those providers. But I will say that Azure and AWS especially, have kept super up to date on… Whenever a new feature gets launched in one of those two, it’ll end up in that plugin within a month.

Ned Bellavance:
So now you’ve got something that’s Cloud agnostic. You’re not learning something that’s specific only to AWS, which makes your skills a little more transferable, and you’re finding a common way of doing things. So, yes. I have to use a different provider for Azure and AWS, but I’ve got a common language that I’m learning and a common tool set and framework that I’m using for both. So if I’m stuck in that multi Cloud world, which a lot of us are now, I can use that same tool for either and anything else that comes down the road.

Ned Bellavance:
If you throw Alibaba Cloud at me in a month or something, there’s plugins for Alibaba. So now I can work with that Cloud, still sitting within Terraform and using all of the information and knowledge that I’ve built up from that tool set, but just applying it to a different Cloud. So I think that’s probably the biggest benefit behind Terraform. The second thing is that it was purpose-built exactly for this. It’s not meant to do anything else, and if you try to do other things with it, you’re going to have subpar results. So I like to draw a pretty fine line between infrastructure management and life cycle and configuration management. One is immutable. If I deploy something, that’s the thing that I’ve deployed and if I need to deploy an updated version of that thing, I will destroy whatever it is and deploy a new version of that thing.

Ned Bellavance:
Configuration management is generally dealing with mutable constructs. So I have a server and I want to update the configuration on that server. I’m not going to destroy the server and provision a new one with these updated settings. I’m going to go in and tweak whatever that setting is. I mean, generally, right? You could make an argument for immutable servers, and we probably should, but that aside, Terraform is not a configuration management, and their basic workflow is, hey, if you’ve gotten the servers set up, the networking and the storage and everything else set up with Terraform, it’s time to hand that off to some other tool, which will take that and run with it and do your configuration management. So it has direct integrations with Chef, with Ansible, with Puppet, so it can do that hand off nicely, and let those tools handle what they’re really good at, which is configuration management.

Mike Pfeiffer:
Makes a lot of sense. We see that same pattern with the other stuff too. You mentioned Cloud Formation and AWS. We have ARM templates and Azure as well that are Cloud native to those platforms. You see people using Terraform trying to do it the wrong way, like trying to wedge something in there that shouldn’t be done. To do the configuration management piece. Is that common?

Ned Bellavance:
Yeah. Yeah. Well I’ve seen it. Unfortunately, Terraform included these things called provisioners, and one of them is a remote exec provisioner. So basically, what a provisioner does is, when I create a resource, I might want something else to happen in tandem with that. Like I stand up a virtual machine. I might want to run a couple scripts, or I might want to create a local file that has settings based off of the resource I just created. I can do that well with the provisioner. The problem with remote exec provisioners is, yes. It absolutely allows you to run a remote script on that server you’ve just created, but it’s not a configuration management tool. Once that script has completed successfully, as long as it exited with a zero code, Terraform is happy. And it doesn’t care beyond that. If you update that script in your configuration, it will have to destroy that resource, that virtual machine, and recreate it to rerun that remote exec provisioner. Which is probably not what you’re looking for.

Ned Bellavance:
So yes, people have absolutely gone bonkers with that remote exec and written these complicated bash scripts to bring up their virtual machine, and install all of the applications and software. But really what you want to do with that is just bootstrap it into your configuration management solution, and stop there. And you don’t even have to use remote exec for that. Most of the Clouds support using Cloud-init, or their images. So you just put something in the custom data field for EC2, or it’s custom data for Azure now as well, and Cloud-init will pick that up and run it, rather than doing a remote exec. Because that actually requires SSH or WIN RM access to the server because Terraform is literally connecting via SSH or WIN RM to run those scripts in a shell.

Mike Pfeiffer:
Yeah. So now you’re opening up ports and you’re wedging this script in, it’s not item potent. So if it runs, once you run it again you’re going to get completely different results potentially. Yeah, it makes a lot of sense. I’m fascinated by the fact that Terraform, or at least HashiCorp I should say, is to your point earlier, able to keep up with Azure and AWS. Because in the earlier times I was like, “Oh, yeah, right. Like anybody’s going to be able to keep up with these guys because they move so fast.” It’s interesting that they actually convinced to Microsoft and AWS to contribute. That’s awesome.

Ned Bellavance:
I first saw it with Microsoft actually, going to Ignite and watching the demos. There were multiple demos where someone from Microsoft was onstage using Terraform instead of an ARM template. So that let me know that it’s super popular with them as well. And so they have people on staff that are willing to put in the effort to keep the plugins up to date.

Mike Pfeiffer:
Yeah. And then it gives you confidence as an infrastructure developer that… Put all the eggs in that basket so to speak, that you’re not going to get the rug pulled out from underneath you, because the vendors themselves, Microsoft and Amazon, are involved with HashiCorp. And it seemed like Microsoft was eyeballing them before HashiCorp raised their last big round, or whatever it was, a year or year and a half ago. It seemed like [inaudible 00:12:00].

Ned Bellavance:
There were rumors flying. I may have started some of those rumors, I don’t know. But that was definitely a conversation I had at Ignite, and I had with multiple people about HashiCorp and I was like, “When is Microsoft just going to buy them?” Because they had built tooling to use Terraform, and then they had actually the image builder, or Azure uses Packer, which is another HashiCorp product. So Packer is tightly integrated with their image builder. And I feel like there was another integration that happened as well. Oh, the console software you can now deploy managed console clusters in Azure, and it’s managed by HashiCorp, but you’re purchasing it directly through the Azure portal, and it does that vignette peering thing, so you can present your console cluster to whatever vignette you want.

Ned Bellavance:
I was like, “That is a seriously tight amount of integration between those two companies.” A little too close, but so far nothing has happened and I suspect that HashiCorp wants to keep Microsoft at arms length. Because they work with so many other Clouds, they don’t want to get into that issue that if they are bought, some of the other Clouds might back off and not adopt their product set.

Mike Pfeiffer:
Got it. Yeah, makes sense. I want to talk more about Terraform, but I want to come back to it because I know that you just coauthored an AKS book, so Azure Kubernetes service, and I know that very well because I was one of the tech reviewers. I got to read it for free before anybody else. So that was an awesome release, and I would love to hear about the process of writing the book, but also AKS itself. What should people start thinking about in the field? And all that kind of stuff.

Ned Bellavance:
Sure. Kubernetes, you can’t escape it, right? Every podcast I feel like I’ve done in the last six months, someone has said the word at least, even if that wasn’t the central topic. Which is… A part of the reason I decided to write the book with two other authors. So Jonaka and Steve Buchanan, we wrote the book together, and they actually invited me on board. So Steve and Jonaka had both written books before and they were looking for a third author, because it’s a lot of work, to write a book. As I’m sure you know, because you’ve published books before.

Mike Pfeiffer:
It’s painful man. Especially those word templates. I just want to jump out the window.

Ned Bellavance:
Oh yeah.

Mike Pfeiffer:
I mean, it’s 2020, are we using Word templates still to write chapters?

Ned Bellavance:
We are.

Mike Pfeiffer:
Why are we doing that?

Ned Bellavance:
And it’s awful.

Mike Pfeiffer:
Can we use Markdown please? Markdown works. It’s awesome. But anyways, I’ll stop.

Ned Bellavance:
Yes. I can get up on that soapbox too and perhaps I will in a moment. But they invited me on and they’re like, “Look, it’s going to be nine chapters. We just need you to sign on to do three.” And the more I thought about it, I realized that throughout my consulting career, I had written small books for different clients that I’d done work for. Because a lot of the time the deliverable was not only what I just deployed for them, but a primer on how to use it. Because a lot of times they didn’t know and they weren’t willing to read the documentation online, or the documentation wasn’t great and it wasn’t specific to their universe. So instead I’d end up writing a hundred page documents that outlined, hey, here’s how you do six basic tasks in addition to the actual design that was implemented.

Ned Bellavance:
So I thought I had enough shops from a writing perspective to be able to do the three chapters. And for me it was a great experience. I handled the CICD portion, the Helm deployment portion, and the integration with container registries, in particular Azure’s container registry. So I did those three chapters. I knew something about all three of those, but in the course of writing each chapter, I learned a ton more about each of those topics, which is what generally what happens when you teach something, is you end up learning way more about that topic than then you knew. And you realized all the assumptions that you made about it. So hopefully I did a good job on those three chapters. And reading through the book, it seems like they all mesh pretty well. None of our writing styles are so distinct that you’re like, “Oh, that’s totally written by Steve, and that one’s by-”

Ned Bellavance:
So distinct that you’re like, “Oh, that’s totally written by Steve and that one’s by Ned.” It helps that we’re doing technical writing, which doesn’t lend itself quite as much to crazy personality shifts.

Mike Pfeiffer:
Yeah. I’m really glad that you brought up the point about basically starting before you’re ready, because I think that there is kind of the illusion, right, that we all know all this stuff right off the top of our head and go and record a course on it or write a book about it, but the truth is, to your point, you actually learn a ton about this stuff along the way and I think that a lot of our listeners might be interested in doing some of this stuff, but they might be waiting till they’re ready, but to your point, I’m not just going to jump into the deep end of the pool, right?

Ned Bellavance:
Yeah, absolutely. I’ve had this conversation before about, you don’t need to be an expert to teach something, you just have to be able to teach and explain well and be able to understand the concepts. And everything else is just getting that communication across to the learner. They’re expecting you to know more than they do, which, especially for a beginning course, it’s not hard or an introduction book, it’s not hard to know more than that person because they’re usually coming to that material not knowing anything. So you just have to be a few steps ahead of them. But really they want someone to break down concepts in a way that’s digestible for them and that they can go back and refer to as they learn more and more about a particular topic. So as long as you structure your book or your course or whatever in that way and make it an enjoyable experience for the reader or listener, the fact that you’re not a complete expert who wrote the software yourself or anything, that doesn’t really matter so much.

Mike Pfeiffer:
Yeah. That’s awesome. And the other thing I wanted to ask you was, obviously you had a little bit of writing experience before that, was that something that you had to, did it come natural or did you build up writing experience in the consulting business over time? Or kind of how did that play out for you?

Ned Bellavance:
I’ve always been a writer so that was definitely playing in my favor to a certain degree. It’s funny, right out of high school, I went to get a computer engineering degree and I lasted one year because computer engineering is really hard and if you’re not an engineer, you’re not of that mindset, you’re going to wash out pretty quickly. So I was like, “Oh, I love computers, I’ll be an engineer.” And after a year I was like, “I want to do something else.”

Ned Bellavance:
And I did end up going back and getting my computer science degree at a certain point, but that was like 10 years later. But while I was in that engineering course, we had to take a creative writing course, which is hysterical when you drop a bunch of engineers into a creative writing course and you hear like, “Here Heart Of Darkness, read that and write me an essay on it.” And I think it became obvious pretty quickly that I was better suited for writing an analysis of Heart Of Darkness than I was about doing complex differential equations. And my English professor at the time basically told me that. He’s like, “You are probably a writer. I know you’re doing this engineering thing, but you might want to reconsider.” And I was like, “Nah, I’m totally down. I’m totally into this.” And he was totally right.

Mike Pfeiffer:
That’s cool. Not everybody can do both because now you’re doing both. Right? So you’re kind of straddling the fence, but it’s 20 year career. So it’s not like it just happened overnight, which is another thing.

Ned Bellavance:
Yeah. Yeah. That myth of the overnight overnight success that takes 10 or 20 years, yeah, that’s 100% me. Yeah.

Mike Pfeiffer:
Yep. Same here. All right. So going back to Terraform, so a lot of people are looking at this as an alternative to things like CloudFormation and especially ARM templates because of the verbosity of infrastructure templates from the native landscape. Right? So ARM templates probably get beat up the most because of the JSON is extremely verbose. Is there merit in actually knowing that though and also dabbling in Terraform?

Ned Bellavance:
So I can say that I’ve done all three and JSON is the devil, only slightly worse than YAML, and I’ll probably get lots of hate mail about that. YAML, I just find it confusing. It doesn’t make intuitive sense to me. JSON makes sense to me but like you said, it’s so verbose that it’s impossible to read. And I feel like HashiCorp’s configuration language strikes a nice medium balance between the two. It’s not as verbose as JSON, it’s not space based like YAML, so you don’t end up with, “Oh, why doesn’t this work properly? Oh it’s because you hit space bar too many times.” I know linters tried to do what they can for that, but sometimes they miss it too.

Ned Bellavance:
But I think there’s still merit in understanding, especially on the RN template side, what’s actually going on in the background because there are occasionally features that don’t yet exist in Terraform and if you really want to take advantage of those immediately, there’s actually an ARM template resource in Terraform where you can point it at an ARM template that creates whatever that resource it is and it’ll fire off that ARM template and deploy that resource and then whenever it gets baked into Terraform, now you can switch back to using that instead. But you do have that stop gap measure. And, for me, I just think it’s good to understand how the various different tools work in case you’re thrown into a situation, especially in consulting where your customer only uses ARM templates or only uses CloudFormation. You don’t want to be caught flatfooted and say, “Well, I don’t know how to use either of those things.”

Mike Pfeiffer:
Yeah, I couldn’t agree more with that because, especially if you look at what Azure is doing with all the governance stuff, blueprints, and they’ve got a lot of stuff just in the marketplace where, and AWS too, with CloudFormation like if you’re getting into the marketplace or you’re doing blueprints or the governance stuff, then it’s kind of like, “All right, I got to play the game a little bit with ARM templates and that kind of stuff.” Me, since I grew up with JSON in an infrastructure as code paradigm, to me it’s not as bad, but I do agree with you on the YAML stuff. It’s just like one space can flip everything off.

Mike Pfeiffer:
I mean, at least with, I don’t know. I mean they’re both kind of interesting. I do agree 100000% that the HashiCorp language syntax is way easier to just look at and understand that there’s a no brainer there. But what do you think in terms of Microsoft’s going to do with things like blueprints and stuff that’s kind of tightly coupled right now with ARM templates? Do you think they’re going to help us with that and point to Terraform at some point?

Ned Bellavance:
Yeah, that’s interesting. I recently did a course for Pluralsight that was about security policy and it covered sort of the view of governance and compliance, and Azure policy and Azure blueprints were all part of that, so I got the dive into that a little bit and actually mess around with blueprints. I think blueprints are what was missing from ARM templates at the beginning because an ARM template, once you deploy it, that’s pretty much it. You can kind of iterate on it, but it’s a little bit difficult. It doesn’t have an idea of a state file or anything like that, so it’s difficult to maintain it. As opposed to like CloudFormation, you have stacks and those stacks can be updated and you can see what the change is going to be before you apply it and same thing with Terraform. Azure didn’t really have something quite like that, which I think might be why they clombed onto Terraform so quickly.

Ned Bellavance:
As your blueprints brings that into the fold a little bit because you can rev your ARM templates, you can deploy a new version of it, you can kind of see what the changes are going to be before you apply it through the blueprints. So that’s pretty cool. And then you can also tie in Azure RBAC and policy into that blueprint. So now, not only am I deploying resources using this blueprint, I’m also setting up the proper security compliance and policies to go along with that infrastructure. So I know that I’m closer to whatever that requirement is, whether it’s PCI, DSS, or I’m doing something with the government and it needs to be fed ramp or something like that. I think it’s a really interesting product and I’m excited to see it more baked. I think it’s still in preview. It’s in public preview, but I think it’s still a preview feature.

Mike Pfeiffer:
It’s still super early for blueprints. The other thing that I just thought of when you were talking about that is that Azure policy itself is JSON, if you get into custom policies and all that kind of stuff, you’re writing JSON there too. So it’s like right now on Azure, get comfortable with JSON as kind of the big takeaway if you’re getting into blueprints and stuff. But with Terraform, number one, well let’s talk about Terraform and their certifications because that might be an edge for a lot of folks out there that are already maybe messing with Terraform, but might not know that their certs… You’re the one that actually told me about this like right before the end of the year last year. What’s going on with the Terraform certification?

Ned Bellavance:
Yeah, so as HashiCorp matures as an organization, they do acknowledge that people like to get certifications and Terraform has reached the point where they want to have a certification specific to it. So they started developing one last year, they announced it, they’ve been doing beta testing of the questions. I don’t know exactly when it’s going to become generally available, but it’s definitely going to be at some point this year, probably the first half of this year. So it’s going to be the Terraform certified associate will be the first certification they have and I’m sure they’re going to have a professional level or some higher level certification after that. So that is coming.

Ned Bellavance:
In order to prepare for it, they’ve published a list of objectives and sub objectives of what’s going to be in that certification and it’s not meant to be like an NCSC level certification, this is more of like an AZ-900 or something a little higher than that where you should have played around with it on a dev box a little bit, you should have read the documentation, you should be comfortable with the basic workflow of Terraform, but the more advanced concepts and weird situations that you would only get into working in teams and doing massive deployments, it’s not going to test on that kind of stuff. So it really is like core functionality, do you understand Terraform, what it’s meant to do? To that end, I’ve started writing a certification guide with Steve Buchanan and [Aiden Irmi 00:25:45] centered around being able to at least prepare for the certification and we based it off the published objectives and our collective knowledge on Terraform. That should be coming out, oh, I don’t want to say dates, but relatively soon we’re going to publish it through Leanpub.

Ned Bellavance:
So to kind of circle back to our whole conversation about Word templates versus Markdown, we published the AKS book through Apress and the experience with Apress was great. They’re great people, I have no complaints about them, yes, they, like many other publishing companies still use Word templates as their de facto standard for writing, which Word is difficult and fonts can be tricky and the formatting could bite you. As anyone who’s worked on a complex Word document that’s been through several revisions knows, you format it and it doesn’t format right and there’s no way of telling why because it’s not exposed to you. Markdown is so much simpler to write in. You know when you do something, how it’s going to render, it’s easy to preview that render. None of the formatting stuff is abstracted away from you so you feel like you’re in charge a little bit more and you don’t have to fire up Microsoft Word to do it. So…

Mike Pfeiffer:
If I was ever going to write another book, it would be like that in Markdown, probably through Leanpub because to your point, man, it’s just insanely painful. If we’re talking about devil, like the format of JSON being a devil then so is Word for writing books.

Ned Bellavance:
Yeah. At least JSON, you have a linter to tell you where you got it wrong. Word’s just like, “No, I’m not going to do that for you. Whatever.”

Mike Pfeiffer:
So maddening, if I had hair, I would have ripped it out by now with some of the fighting with Word templates and stuff. But in terms of all of your other Pluralsight courses, I also noticed that you had a HashiCorp Vault. A lot of people listening may not even be familiar with that service, but I’ll let you kind of get into that. But one of the common questions I always get is, “Vault or Azure Key Vault. What should I do? Is there a pros and cons?” So maybe we can get into that?

Ned Bellavance:
Yeah, sure. I’d love to. So, that’s probably the most app comparison, if your listeners are familiar with Key Vault or they’ve used KMS on AWS, those would be the two services that most closely align to what HashiCorp’s Vault product does. It’s essentially a secret’s life cycle management. So they kind of have this, use Terraform to build it, use Vault to secure it, and then they have the Console product and Nomad product are their other two big ones that we don’t have to get into. But those are other aspects of application life cycle management.

Ned Bellavance:
So Vault is meant to basically handle secrets, be able to store them securely, provide authentication mechanisms for anything that wants to get access to a service, as well as encryption on demand. So I want to encrypt this thing before I send it to somebody else and then they can decrypt it. You can do that all through Vault. All this sounds very similar to what you might do with Key Vault. Again, some of the reasons you might use it are similar to Terraform. It’s cloud agnostic, you can deploy Vault wherever you want and pretty much on whatever you want. It runs on Windows, it runs on Linux because it’s a go binary. So it’ll just run wherever you need it to run. And it also can run in containers. There’s a helm chart for deploying Vault.

Ned Bellavance:
So if you want to spin up a Vault cluster that has best practices already baked in, just use the helm chart and you’re already ahead of the game to a certain degree. So, I thought it was a really interesting project and because of my experience with Terraform, I thought “Hmm, Vault seems like a really good add on to that and I want to get deeper into it.” So once again, without knowing a ton about Vault, I signed on to do a getting started course. Over the course of developing it, I learned a ton about Vault and how it works and basing off of my experience with other similar solutions, I was able to create what I think is a pretty good getting started course. There’s also HashiCorp in addition to working on a Terraform certification is also working on a Vault certification at the same time and they’ll probably launch around the same time as well.

Ned Bellavance:
So if you’re interested in products and getting certified and maybe want to get a leg up, Terraform Vault are probably great places to start. There’s some interesting integrations between Vault and Key Vault, especially with the way that Vault gets sealed and unsealed. The concept of sealed is basically Vault is always encrypted and when you shut it down, it gets encrypted using a seal key that can either be composed of any number of fragment keys that get put together to form the full key that gets the Vault decrypted. So think of a situation where you have three key holders that are separate people and when Vault gets shut down, if you want to bring it back up, all three of those people have to individually connect to Vault and submit their key. And once all three keys have been submitted, now Vault is unsealed again and ready for use. That makes it super secure. Also, if you have to restart Vault, that’s a huge pain in the butt.

Mike Pfeiffer:
It kind of reminds me of all the 80s movies where they’re in the White House and it’s time to fire up the nukes and you got to have all the different keys to like say, “Yes, let’s go.” It kind of reminds me of that.

Ned Bellavance:
“Turn on three. One, two…” Yeah. So it’s sort of like that. That’s difficult to constantly arrange. So what they did is they added this auto unseal feature that can use Key Vault or KMS or an on premises HSM to provide that unseal capability. So it has to be launched in Azure and have access to… Well it doesn’t have to be launched in it, but it has to have access to Key Vault to be able to go and get that key and unseal the Vault. If it can’t get to that, because someone stole your Vault data and is trying to fire it up on some rogue machine, that rogue machine can’t get to Key Vault to grab the keys and do the unseal process. So it’s still secure, but if you reboot Vault, it auto-unseals itself when it comes up. So you don’t have that difficulty of, “Hey, we’re going to do this so everybody get online and get ready to enter your keys.” It’s a little more straight forward. So there is some interaction there. But yeah, you can use either solution for your secret’s management, and if you’re planning on doing things the…

Ned Bellavance:
[inaudible 00:32:00] solution for secret’s management, and if you’re planning on doing things that are outside the world of just Azure, it might make a lot of sense to explore Vault and you know it works well with Kubernetes. So there you go. There’s nice tie in there.

Mike Pfeiffer:
Yeah, definitely. It’s a good integration point. And then it’s really interesting, this concept of these key vaults because I think it’s a new thing for a lot of people. I think a lot of people have traditionally not really thought about centralized secret and key management. So I think the integration key vaults in all of the different Azure services is really cool. Like the references from app service and Azure dev ops and things like that.

Mike Pfeiffer:
And so maybe we’ll get some hooks with Vault at some point. We’ll see what happens, I guess. But one of the things I would love to ask you about is obviously you’re covering multiple clouds. That’s not easy to do. Is that something that people should start thinking about more, that are out in the field? Obviously you’re now looking at lots of stuff. You mentioned Google, but you’re obviously very on top of AWS and Azure. Is that what other people should start to maybe do as well to kind of leave themselves less vulnerable in the job marketplace?

Ned Bellavance:
I would say if your plan is to be a cloud infrastructure person, yes. You know, if you’re in Azure today, I’m not saying you have to become an AWS expert or a GCP expert, that would be extremely difficult and potentially impossible to be an expert in all three because there’s so much information. But having a general knowledge of how each one works and what the analogous thing is in Azure to AWS for instance, you know, “Okay, I want to run RDS in AWS. Okay, I got my SQL database. This is awesome. What’s the version of that in Azure?”

Ned Bellavance:
Well, you might say Azure SQL and that’s kind of true, but there are some distinct differences. So understanding that, here’s the analogy between the two clouds and here’s some of the key differences. Even if you’ve haven’t deployed it yourself or worked directly with it, just understanding that will help you in architecture discussions and determining workload placement and those types of things. So I think it’s good to have a beginner level knowledge in all three.

Ned Bellavance:
So if you can get the associate level cert in all three or just the beginner level cert, that’s going to serve you really well. And then really invest your time in learning one of them really well, the one that makes sense for whatever you’re doing at work. So if you’re at a company that is very focused on Azure, that’s probably where you should invest your time.

Ned Bellavance:
If you’ve just joined a startup that’s fully integrated with AWS, yeah, that’s probably where you should focus as well. But knowing that you have this other knowledge to fall back on, so say you’re at that AWS startup and as they grow, Microsoft comes along and they’re like, “Hey, you know, if you came over to Azure, we got some startup money we could kick to you.” And they’re like, “All right, move everything to Azure.” You want to be not caught completely off guard by that. You want to at least have some idea of how that might work and then you can learn as you go.

Mike Pfeiffer:
Yeah, I really agree with that. I think that it’s important for people to pay attention to the other stuff that’s happening in industry even if you’re not using it. We always used to tell people that back in the early days when we were trying to get people interested in PowerShell, because it was such a big deal in the Windows world, and it’s like even if you’re not using things like PowerShell DSC, you should still kind of pay attention to it. And I think now 10 years later or whatever it is, six, seven years later or something like that, I think the same way man. It’s like you’ve got to pay attention to what the other folks are doing and then like you said, once you get good with one, it’s easy to pick the other one up or easier to pick the other one up.

Mike Pfeiffer:
Do you see, since you are teaching so much, common patterns with people getting stuck on stuff? Is there any consistent themes of people running into like a common roadblock that you’re finding yourself constantly helping people get past?

Ned Bellavance:
I think sometimes it’s some of the basics that they’re not up on that are outside the realm of what we’re learning, but they just don’t know it. So one of the most common roadblocks that people run into is they’re a Windows person and they’re starting to work with some of the Linux stuff that’s in my courses and they immediately get roadblocked on, “I don’t know how to SSH into this thing. I don’t know how to configure a service on Linux. I don’t know how to create keys.” And yeah, there’s a bunch of tutorials out there, but that’s the first thing that they get stuck on is just the basic skill sets around a couple of different operating systems and they don’t have that base level knowledge because they’ve only ever played with Windows or they’ve only ever played with Linux in and playing on Windows, windows is very different.

Ned Bellavance:
So I’ve seen it kind of cut both ways. So in the same way that you asked like should they know a bit about each cloud? I think they should know a bit about both operating systems and how they function. Again, you don’t have to be an expert, you don’t have to have the red hat expert level certification, but just knowing how to navigate around an operating system and check on the status of services, look at what processes are running, knowing how to install an application using a package manager, like those are all things that everyone should probably understand if you’re going to be in any kind of ops or infrastructure role. And then if you need to go beyond that, there’s usually someone at work or an online resource you can tap to take you further.

Ned Bellavance:
But I feel like if you didn’t study the fundamentals, then you’re going to get stuck on a lot of trainings that assume you know those fundamentals.

Mike Pfeiffer:
Yeah. It’s one of those things where I’ve done lots of Linux demos or at least had Linux in demos and I’ve seen the fear on people’s faces because they’re Windows focused, right? But there’s been stories online where it’s like over 60% of Azure VMs are Linux, and then you’ve got the Azure SQL team basically saying, “We’re not going to build this stuff for Windows anymore.” It’s kind of like Windows is being de-emphasized.

Mike Pfeiffer:
It was even interesting when Server 2019 came out. There used to be a big party when a new Windows operating system came out. I didn’t hear anything about 2019. So it kind of seems like that’s the direction this is all going, right?

Mike Pfeiffer:
We were talking about cloud and knits, cloud and knit at the beginning of the call. That’s a Linux thing, right? So a lot of the Windows folks that are only looking at Windows are probably like, “What does that even mean?”

Ned Bellavance:
Mm-hmm(affirmative).

Mike Pfeiffer:
It’s time to start ramping up a little bit on Linux, it sounds like.

Ned Bellavance:
And just to put it in context there, I did not start out on Linux by any shape of the imagination. I started out using Windows in my career from NT35 all the way up to the current version. That was my primary focus. That’s what I did as a CIS admin for years, was working with VMware and Microsoft. And so Linux was not something I was even introduced to until probably 10 years into my career.

Ned Bellavance:
And it was because I went to a larger organization that had a dedicated Linux team and I needed to interact with them. And one of the gentlemen there was really nice and took me under his wing and started me out with some basic stuff like, “Okay, here’s how you look at the directory structure, here’s Vim, learn how to use Vim.”

Ned Bellavance:
And I was like, “This is arcane and bizarre.” And he’s like, “I know, but it’s going to be on every system that you ever log into. So it behooves you to at least know how to navigate around it.” And just all those little things that you pick up along the way. So I was lucky enough to have someone who took me under their wing and sort of showed me the ropes on how to use this. And even though it wasn’t my daily driver, I at least gained some knowledge. So it wasn’t completely terrifying.

Ned Bellavance:
But even now, like if someone tells me I need to do it on Linux, a little bit of me is like, “Oh God, I don’t know what I’m doing.” And I have to take a step back and go, “No, okay, you’ve figured this out. You’re at a point where you should be almost as comfortable doing something on Linux as you are on Windows.”

Ned Bellavance:
I don’t know if I’ll ever get to that point, but in the back of my mind, I try to cheerlead myself on. So if other Windows admins are feeling that way, don’t worry, you’re not alone. We all kind of feel that way. But the reality, like you said, is some 60% or something of workstations or VMs are running Linux in Azure. I’m sure the percentage is even higher in AWS. That’s just the reality of the world that we live in. And you need to be able to use both.

Mike Pfeiffer:
It’s funny because I started with Windows as well, Windows only and I’m starting to get rusty with it I’ve found because on a client side, I’ve been using a Mac for the last couple of years and I’ve been doing less and less Windows server work over the last six years because I’ve been doing so much cloud stuff and more code focused projects and things like that.

Mike Pfeiffer:
I’m getting rusty on Windows now. I noticed a couple of weeks ago I was doing some demos on there and I’m like, “I can’t find anything I’m looking for here on Windows Three 2019” so it’s kind of going the other direction now, which is kind of funny.

Ned Bellavance:
Yeah, I don’t think I had spun up a Server 2019 box until November of last year, even though it had been out for a year. There had just been no call because all of my coursework and a lot of my personal projects have all been Linux-based recently. So I’m becoming much more proficient on Ubuntu than I am on Windows Server and when I need to find something, it’s not where I left it back in, you know Server 2016 which was the last one I was really baked into.

Ned Bellavance:
So I have to go search around 2019, “Where’s this thing again? What? Oh okay. All right. It’s there now. That’s fine.”

Mike Pfeiffer:
I’m in the same boat. The other day I actually spun up a server 2012 on accident because I’d launched an arm template and then I realized, “Oh the thing was hard coded for 2012” but I was amazed at how much faster it was like RDP didn’t do it and it’s just like snappy. And it’s so much different than 2016 and 2019. It’s like you click on stop and it’s just like it takes a minute for it to come up. And part of that is like maybe I didn’t pick the right VM size, but you know what I mean? It’s just … I’m not bashing Windows. I’m just saying that I think the era of Windows Server operating system reigning IT is obviously gone out the window. So anybody listening that’s just Windows Server focused only because there’s still a lot of that out there, it’s not panic, don’t panic, right?

Mike Pfeiffer:
But it’s like start doing what Ned is talking about. Start paying attention to some of the other things that are out there.

Ned Bellavance:
And I think part of what accelerates that is that Microsoft’s health is no longer directly tied to the Windows operating system.

Mike Pfeiffer:
That’s a great point.

Ned Bellavance:
Because they’ve become a services company, they need to sell Azure, they need to sell Office 365 and that’s pretty much it. Like yes, they still need to sell … The Windows desktop client is still super important to them. But I think like you said, Windows Server, when 2019 launched, you barely knew there. Was no giant party with balloons and confetti cannons and you know all that kind of jazz. It was maybe like a hot dog party in the back of someone’s office like, “Hey, we could only afford dill relish. That’s all we got.”

Mike Pfeiffer:
Right.

Ned Bellavance:
So yeah, it was very anticlimactic and I think that’s fine. Ah, they’re focused on what Windows Server can do for them within Azure basically. So all of Azure runs on HyperV so and Storage Spaces Direct. So their primary focuses are not on client facing stuff in Server. It’s how can we make HyperV better and more efficient? How can we make sports Storage Spaces and Storage Spaces Direct more efficient and how can we improve the networking stack because that is what the majority of our servers are running and doing in Azure? And that’s the thing we really need to concern ourselves with.

Ned Bellavance:
So if you look at all the major improvements in 2019, those are the three and it’s because of Azure.

Mike Pfeiffer:
I just want to ask you one last question and then we’ll wrap it up. What’s the best career advice you’ve ever gotten?

Ned Bellavance:
Oh, the best career advice I ever got. Wow, okay. So there’s probably two. One and I’m quoting it is, “What the hell are you doing here?”

Ned Bellavance:
And that was … so I mentioned that I went into computer engineering and dropped out because it hard and I was working in retail part-time and ended up working in retail full time and I was a store manager at a retail store. And one of my part-time sales associates, he was 17, senior in high school getting ready to graduate, looks at me and goes, “What are you doing here?”

Ned Bellavance:
And I was taken aback by this young upstart kid. Asked, “What do you mean what am I doing here? I’m running the store.” But then I thought about it and I was like, “Oh God, what am I doing here? I need to get out.”

Mike Pfeiffer:
That’s hilarious.

Ned Bellavance:
That was the best career advice I got from him. And I guess the other big piece, I don’t know if there’s a specific person that told me this or if I just kind of learned it over time, was “Find someone who’s doing what you might want to do and interact with them.”

Ned Bellavance:
And with Twitter and all the other ways that you can interact with people, it is not hard to just reach out and talk to somebody. Like I loved some of the stuff that Keith Townsend, the CTO advisor, I loved what he was doing and I just reached out on Twitter with like a DM and I was like, “Hey, I have some questions.” And he was so gracious and so helpful and kind of of giving me direction and pushing me in the right ways. I found that as more the rule and not the exception when it comes to talking to different people in IT, is so many people want to share and be helpful and they’re excited to help mentor someone.

Ned Bellavance:
So if you’re in … if you’re looking to advance your career, find someone who’s doing what you might want to do and just reach out to them. The worst they can say is, “I’m too busy” or “No thanks.”

Mike Pfeiffer:
It’s good advice man, because a lot of us are isolated in this IT job. A lot of us work from home too, so it’s easy to get stuck in your own head. So I love that advice. So coming out of the show, where should we be looking at for the stuff you’re building? You’ve got a website, you’ve got a podcast, you’re doing Pluralsite stuff, what do we need to focus on to keep up with you?

Ned Bellavance:
So you can always find out what I’m doing on my website. It’s nedinthecloud.com so that should be pretty easy to remember. On Twitter. I’m Ned1313, so if you want to follow me, my DMS are open. If you have questions, you know, getting back to the … I want to give back as much as people have helped me.

Ned Bellavance:
And then the podcast is DayTwoCloud. The website for that is daytwocloud.io, two is spelled out, T-W-O, and we deal with, you know what happens when cloud stops being polite and starts getting real and look for that. You know I got the AKS book out and the certification guide for Terraform, maybe like a month or two, I should have that out as well. So a lot of interesting stuff going on and I’m happy to talk to anyone about any of those things.

Mike Pfeiffer:
You’re a busy man, Ned.

Ned Bellavance:
Too busy.

Mike Pfeiffer:
I’ll link up all that stuff in the show notes. I really appreciate you my friend. Thanks for being on the show and maybe we’ll see you again on another episode later this year.

Ned Bellavance:
Yeah man, you bet. Thanks for having me.

Subscribe to the CloudSkills Weekly Newletter

Get exclusive access to special trainings, updates on industry trends, and tips on how to advance your career in the tech industry.