Thoughts on Logging and Monitoring

Overview:  I mainly work in the Microsoft stack, so my default for logging as Azure Monitor.  Log Analytics/Workspace and Application Insights fall under the term Azure Monitor.  

Going forward MS are storing App Insight logging data within a Log analytics instance.

There are 4 options for displaying/analysis logs in Azure:

1. Azure Dashboards
2. Power BI
3. Grafana
4. Workspaces

SIEM tools take in logs from various sources such as Azure Log Analytics, Defender, other vendors Prometheus logs or Open Telemetry.  

Grafana can be used on most SIEMS including Dynatrace, NewRelic, Microsoft Sentinel, or Azure Monitor.  Grafana supports PromQL and has fantastic dashboarding.

Azure DDoS Sentinel Overview:

Microsoft has the "Azure DDoS Sentinel" service that can help protect your network endpoints from DDoS attacks.  Common DDoS attacks all basically use hundreds of bad actors to flood traffic into you architecture to overwhelm them.  Restricting traffic from the bad actor sources is key.  Mixing the Azure DDoS Sentinel Service with Azure WAF, allows us to identify the bad actions and just block these bad attackers.

DDoS - Increasing, multiple bad actors try overwhelm your resources.  Rate limiting can help, but ideally you want to let thru valid traffic and block bad traffic.  Azure DDoS Sentinel service can be coupled with WAF to protect correctly from DDoS attacks.  Normally UDP flood attacks, also protects HTTP(s) flood and TCP Flood attacks. Covers level 3-4 layer attacks.

Two SKU's:

• DDoS network protection: used on a VNet, service will work out and protect your public nodes.  Can put this in from for Azure WAF are Azure Firewall, After Front Door.  
• Cheaper Alternative is the DDoS IP protection, has most of the features and if only specific IP, like a web traffic IP it's a good option.

More Info:

Radimaging Ltd - Paul Beck's Technical Working Notes for Microsoft Technology: WAF Options (pbeck.co.uk)

Radimaging Ltd - Paul Beck's Technical Working Notes for Microsoft Technology: Azure Application Gateway Basics (pbeck.co.uk)

Mendix Overview

Overview:  Mendix is a low code app builder that is a leader in the market.  While I predominately use the Power Platform, I think Mendix can be a good option.  

The ALM has: Version Control: this is intuitive and follows a local checkout version and commit back to a main branch (simple version control) and allows to use branches so comprehensive and flexible.  It is a good idea to check in small and often or you run the risk of large complex competing merges.  I believe it is git but from the Mendix Studio IDE it is seamless.  

Build a local Version using the Mendix Studio Pro, and deploy to the cloud.  There are several options including on-prem. the free version is basic, and has limitations but has proven to be extremely powerful.

Mendix supports sprints, boards, so you can work with User Stories in the Developer Portal for ALM.

An App Package can be stored and it is a good idea to use this as the base for all projects in your company, so basic branding and naming conventions are consistent.

Deployment anywhere such as on-prem. via Kubernetes deployment, as well as the major cloud platforms i.e. AWS, Azure, GCP, Oracle.

Market Place - templates, connectors, components to reuse. 

Domain Modelling is excellent, can chose your database when creating app, modelling is easy and exposing via OpenAPI contract and generating CRUD screens is easy.

Publishing to cloud production versions is very easy and the local version as developing is seen on localhost.

Image 1, High level overview of the logical components making up Mendix.

Pros:

1. Easy to use.
2. Basics for Low code are all included such as version control, project management, deployment/publishing.
3. Build native mobile apps.
4. Improve business process easily.
5. Supporting multiple languages is unbelievably simple and easy.

Image 2. Add multiple Languages to your app

Simple exercise: Call an key secured API and display on a Mendix page after watching this 7 minute video on API Calls.

The running example has:

1. Various pages and forms for showing and persisting database information. 
2. A REST Call to a 3rd party using OAuth key.  
3. Publishing a REST API based on a table and an associated entity.
4. Displays an Azure Chatbot

Me playing around with a Mendix App:

1. Get a REST endpoint and verify using postman (using a key for secure access)

Image3. Postman showing the REST call to be used

2. Create a new "microflow" as shown below:

3. Add a new "Action" of type "REST Call"

4. Add a JSON Structure file

5. Decide which attributes to pull out

6. Create an "Entity" in the Domain model to hold the retrieved data.

7. Map Model to the Import as shown below

...

Mendix Series

1.  Overview of Mendix (this post)

2. Mendix - Part 2 - Diving deeper

Dynamics & Power Platform browser extensions and tools

Key Tools and Browser Extensions for Dynamics and  Power platform Developers:

• Level up for Dynamics (extension)
• Dynamics 365 Power Pane (extension)
• Microsoft power automate Desktop (extension)

Microsoft Azure Artificial Intelligence (AI) - AZ-900 Notes

1. Artificial Intelligence (AI) 

• AI making PC behave like human intelligence.  
• Teach PC to do task for us.  
• PC predicts using patterns and can act.  And good at looking for anomalies.
• PC uses camera/photos to look for patterns.
• Engage in useful conversations, use multiple sources of knowledge.

2. Machine Learning (ML)

• Train PC's to see patterns and see patterns, and look for anomalies.
• Example. predict stock prices by looking at factors that affect stock price.
• Anomaly Detection - Detects unusual patterns e.g. CC used in Asia when normally in Europe, but transactions 10 min apart.  Therefore likely to be fraudulent.  Sort rubbish.
• Predictive models by finding relationships.  Give model data and train the model.  
• Example: flowers have features/characteristics e.g. colour, size, no petals, ...
• Using data to teach machine
• Supervise ML - need quality data including labels.  Avg humidity, hrs sunshine, rainfall, temp, month of year (features), ice creams sold(label/class), so we feed in temp is Regression ML.  Patient has features (weight, sex, age, bmi,...) give value btwn 0-1 of the person developing diabetes.  is Classification ML
• Unsupervised ML - data is not labelled.  Just feature provided, will group into clusters.  Pulls data out and figures out it's own criteria is Clustering ML.  Useful for fraud detection.
• Training - good data based on a training set and a validation set.  Train model, with most data, then check with remaining - allows us to see how close to what happened.  Service tries to figure out relationships.  Model is used by test data - see how close/useful model is.

3. Compute Vision 

• Self driving cars, sorting. Sort rubbish.
• Facial recognition, object recognition,..
• How do computers see?  picture is cut up into pixels, data is pulled and used to find possible ans. 
• Some types on Azure:  object detection i.e. car, bike, car, bus.  Image classification i.e horse, car.  Semantic segmentation i.e. Teams blur background.   Image analysis contect by bring various tougher.  Face detection.  OCR - read image and converts to text.

4. Natural Language Processing (NLP) 

•     interpret e.g grammerly, spam check, Alexia, 
•     Knowledge Mining - Extract info from knowledge and gain insights e.g. social media marketing.

Principals:

1. Fairness - ensure bias is excluded e.g based on gender.
2. Reliable & Safety - need high confidence and in certain systems cannot fail e.g. health systems, autonomous cars.
3. Privacy & Security - Ensure data is protected and not giving away sensitive data.
4. Inclusiveness - should be fair i.e. VI users
5. Transparency - what is the model based on, what could be an issue.
6. Accountability - who is liable for AI decisions

Azure:

1. Scalability & Reliability
2. AI Resources: sit in an Azure Resource Group

AI Services in Azure:

1. Azure Machine Learning - Developers to train, test and deploy ML models.  Within a subscription, create a Azure ML Workspace (consists of: compute, data, jobs, models) can then publish as a service.  Azure ML Designer, used for creating ML pipeline, data in to train model.  Automated Machine Learning user only needs to provide the data and select the model to use, service figures it out. 
2. Cognitive Services - vision, speak, language, decision.  Rest API endpoints - have already been trained, choose the model.  Can deploy multiple parts individually or together.

    3. Azure Bot Service - develop & managing intelligent bots like chat-bots
    4. Azure Cognitive Search - Data extraction, & enrichment for indexing.  Makes data searchable.

Anomaly detector resource - wizard to setup - Add Keys and endpoints to allow access.

Create a new Azure Machine Learning Service, will create a Workspace.  Use multiple azure services such as key-vault, AI, storage accounts.   

• Launch Studio
• Add Compute Cluster
• Add Data (csv, spreadsheets, nearly any form,...)
• AutomateML (figure it out without me) and run job
• Will show trends
• Deploy the model (i.e. to a web service)
• Shows "Endpoints" - get url and a test rig.

Notes for running Agile Power Platform Projects including DevOps

Overview:  General overview notes on setting up Power Platform projects/programs.  Before I get into the mechanics, my overriding goal is to have high functioning teams, and be a member of high functioning teams.  "Create an environment where team members can do there best work".  for instance, I visit and work with a lot of businesses and I many teams that are in an "Artificial Harmony" state (pretend all is well with the world). Everyone says it's wonderful but it's a snake-pit with relationships and fear.  Teams members need to be happy, open to conversations, accept risk and aware mistakes are going to happen.  Basically, these teams need to be identified and trust build, this often involves an adjustment to a particular mid-level manager.  The worst offenders tend to be offshore teams, and there are amazing teams and people so this definitely is a generalization. The teams tend to be hierarchical as opposed to flat or matrix. it's terrible for software projects.  Look out for Technical leads, ISV Project managers, Deliver Leads, they can breed the wrong tone/attitude across multiple team members and teams.  Check out Amy Edmondson's book the Right kind of wrong: the Science of failing well.  Anyway, rant over.   

Learn from mistakes, simple mistakes, remove them ASAP, strategically think automation, if we learn mistakes ensure they don't happen on the next project or sooner.  Encourage transparency, and open communication.

Here are my notes for setting up ADO and guidance for Agile PP projects....

Agile Artifact Hierarchy:

Epics > User Stories (max 5 days work) > Tasks 

                                                                  > Bugs

Epics > Spike

Guide:

• User Stories mush be written in the format: As the <role> , I want to <feature> so that <benefit>., and have 1 to many Acceptance Criteria using Gherkin 
• Ability to add a release note to User Story, Spike, Task or Bug.
• Automate pipelines from unmanaged to UAT Managed.
• Min three env (Dev-unmanaged), and UAT/Prod-both managed), use ADO pipelines or Power platform pipelines
• Adding annotated images is great for improved communication.  Recorded voice narrated mp4 walk thrus are also great for proofs, and explaining issues.
• US, bug, Task, Spike artifact items, each has a Release note tab.  So if a User Story needs more than 1 solution package changed, use child tasks and add the release notes to the User Story.

Flow of bugs and User Stories:

1. New (Anyone)
2. Approved (Product Owner (PO)) 
3. Ready - (PO)
4. Committed - (Team Member/dev)
5. Dev - In Progress (dev)
6. Dev - Complete (dev)
7. Dev - Show QA (dev & QA)
8. UAT - Ready to Deploy in UAT (dev)
9. UAT - Deployed Ready for Testing (QA)
10. UAT - In Tested Manaual (QA & PO)
11. UAT - Complete Ready for Deployment to Prd (QA)
12. PRD - Deployed
13. PRD - Sanity Check (can include automate smoke testing)
14. PRD - Done

Example Status's

Other states:

• Removed
• Duplicate
• Not Applicable

Release Notes for Power Platform packages need to include the following fields in ADO against artefacts:

1. Package Name (dropdownlist), 
2. Current Package Version, 
3. New Package Version (Default TBC), 
4. Change Note,  
5. Deployed Status (dropdown list: NA, UAT, PRD), 
6. Pre deployment steps, 
7. Post Deployment steps

Example of ADO Release Notes assigned against tasks, bugs, and user stories.

Quick fixes/urgent bugs/Emergency changes:

• Try make release cycles as short as possible, and only do emergency changes if absolutely required.
• Take a snapshot copy of dev/label, for each proposed production deployment - unmanaged env - part of ADO pipeline, this allows us to build Dev, and UAT env for the specific emergency change.
• Take a snapshot of UAT - managed env - part of ADO pipeline
• Deploy to PRD from Emergency UAT.
• Developer integrates emergency change into Dev from the Dev Copy.  And follows the full path.

Team/Teams:

• Try keep teams as small as possible.  I prefer 1 team to multiple scrum teams unless their is a clear distinction/break.
• Product Owner (PO) needs to be available all the time and answer immediately.  To me they act as the business and the traditional BA role, and are responsible for the product backlog.
• Scrum masters.  Your job is to ensure the team members are happy and confident to take risks and work, Scrum ceremonies are merely a way to help out.
• Team members are mainly pro and citizen developers, if I use dedicated QA testers in the scrum team, they need to be responsible for the AC with the PO.  They tend to be analyst/developers.
• Automate, automate, automate.  there are fantastic tools including low code test tools, use them.  Ensure you have automate smoke tests, regression tests, and performance tests for each DTAP env.
• Have short coding standards and naming conventions, error handling patterns and enforce them, have a defined ADO process, have a pipeline for deployments, automate tests and continuously update.  Have a Monitoring strategy i.e. Azure Monitor, log via AppInsights on a Log Analytics workspace.  Each env logs to it's own Azure Log Analytics.  Does each Log analytics belong to their own workspace?  I pref Non-prod, and prod workspaces. 
• Teams/Slack, okay just Microsoft Teams, remote work make happier team members and gives people more time, use it.  But encourage camera to be on, email is not a defence (ever), people must IM/chat/ping and call each other.  
• Encourage meeting up, join with social inclusive events at once a month to once a week.  Encourage people to work together online including peer programming.  

Extend Power Automate Logging

1. Power Automate has a Connector to query other Power Automate environments to list, update flows,...
2. PowerShell to examine Flow/Power automate

https://www.cloudsecuritea.com/2019/09/generate-an-overview-of-all-microsoft-flows-with-powershell/

Use postman to Interact with an API - get the bearer token first.