On prem infrastructure to cloud - Career advise

[Guest2]

Similar to many other companies, we have a cloud infrastructure strategy. Microsoft Azure & Intune.

Over the next 2 to 3 years there are plans to shift all services into cloud (or just decommission unneeded sevices when there’s a cloud service to replace it)

For people like me who have been building, managing and maintaining on premise infrastructure for many years, does this spell the end? - no more on prem technicals skills required to manage servers, appliances, VMs and firewalls.

Instead back end tech is all looked after by Microsoft and everyone becomes a glorified button presser in the Azure portal console.

When every service is fully cloud hosted, what next for the teams that manage servers, VM & networks. Even technical architects, what’s there to design if all services are in public cloud?

I have worked with security teams in the past so cybersecurity may ne a good area to move into. That being said, if all services are public cloud in theory they will be updated regulaly and require no team to monitor threats.

I have taken the Azure fundementals course and Azure admin courses and have access to both consoles so have been running testing and carrying out some basic tasks

What’s everyones opinion of cloud services and there career paths?

 

[Guest2]

Thanks both. @Quartz I have seen a roadmap for our company and there are plans to have some small on site IT rooms but no data centre like now.
I imagine any critical services that need to be kept (or cannot be moved to Azure) will stay in these broom cupboards

@Worthy Yes, the Azure administration course did prove to me that its still a big beast to build the foundations and manage the networks, resource groups, storage and everything else in there. It was totally foreign to me, but interesting all the same.

It did sound like it could get expensive and very fast in terms of running VMs with large amounts of storage. Terraform is what our company will be using (apparently)

At the moment I only really have access to Intune, Azure AD and some policies. I don't have access to conditional access, networks, vms or other areas. Would it be worth my looking into the conditional access side of things do you think?

I may drop you a message if thats ok, thanks

 

[Guest2]

What Worthy said. If someone thinks that cloud is going to replace the requirement for traditional skillets completely, they don't understand cloud. Just because MS have binned their on-prem certifications, it doesn't mean no one needs to know about it anymore. Also, it's on-premises, on not on-premise (despite the fact that industry have at times used it in their documentation); personal peeve of mine

If I were you I'd be hitting up the AZ-104 curriculum.

Good to know my current skillset won’t be completely wasted. I suppose at the end of the day there will be many companies still with on-premises ( ) hardware that are staying that way or migrating to cloud infrastructure.
The AZ-104 was the course I sat around a month ago. Very interesting but some of it went straight over my head.
It felt like trying to compress 10 years of tech knowledge into 4 days

 

[Guest2]

Ah, I am bad for skimming OPs! What courses did you do, as in who ran them and how were they delivered if you ain't mind me asking?

Azure fundementals and Azure admin az-104 courses. Ran by Microsoft, delivered remotely. We had to register a learning account within Azure

 

[Guest2]

Just to throw a curve ball here too - in-house Infrastructure also isn't going anywhere for everyone. Where I work we've just pulled a significant chunk out of AWS to save a huge swathe of cash on OPEX spend, it was cheaper to deploy Private "Cloud" Infrastructure for us, and we're a massive eCommerce company. Cloud is fantastic as long as you know what you're doing and what to expect, but it's not for everything still, especially not in bigger companies. I agree with others though, start thinking of infrastructure as Cattle, everything should be done via code/runbooks etc, we heavily utilise vRO/vRA/Ansible/Terraform/Jenkins and even more in the various disparate departments. We've also stopped buying expensive chassis/blades like Cisco UCS and gone with cheap tin because we capacity plan properly and just replace as and when a failure occurs because we have high FT.

It very much depends on the workload too, we're still invested in various Cloud Platforms, AAD, 365 etc is king, but not necessarily everything.

I feel like shifting every service in our company to cloud (which seems to be the strategy) is going to bite people in the arse big time. The annual / monthly cost will probably end up costing way more than keeping services on premises.
It will be interesting in 3 years time what pans out. Some of the services in our company require huge amounts of storage - not including mailboxes & shared mailboxes

 

[Guest2]

Hmm, they're not cheap either! I found the fundamentals one really good, with no real cloud background I did it and the cert exam in a single day. I did happen to do it in person at Microsoft HQ, so perhaps that makes a difference There's also aan absolute shed load of information in the admin course, I imagine they can't have been able to timetable in the appropriate amount of time to do practical lab exercises. I was going to recommend the online self-paced learning path for az-104, but you'll have received that party line enough time from the MS delivered course no doubt

The admin course was quite expensive, around £4500 I think for the 4 day course.
Lab exercises we would do a couple then the tutor would leave us to do one or two others in our own time. I did feel a bit like i was completing the exercise steps parrot fashion. At the end of a long day not all that info was going in. Others said the same

 

[Guest2]

This. You start writing IAC and transform in to DevOps.

Infrastructure as code doesnt sound like a new thing. Provisioning services you can use powershell to administer os images and im sure you can do similar in machine creation sevices. Netscalers and probably other load balancers, everything can be built in CLI. A few lines of code and you have VIPs, servers and services created.

Why is IAC any different to coding on appliances and servers? (Other than the code being different i guess)

 

[Guest2]

Because it's not ad hoc scripts any more and the servers your using in the cloud are not physically in front of you. They are just virtual concepts in a cloud provider that you code against using your IAC tool of choice. Your infrastructure is defined as code. You can version control it. Use CI/CD pipelines to deploy it etc.. etc...

I get what your saying. I'm not trying to diminish your skill set. But I think it's just that times have moved on and the convenience and elasticity of the cloud is pushing more company to migrate on prem to cloud services.

Your skill set is still valid. You will just have to add some new ones to the tool belt.

Interesting, so the servers exist in cloud, managed by the cloud provider but anyone (who pays for them) can choose an IAC tool of choice to manage them?
There must be some underlying tin in very large datacenters, that needs mananging by Microosft / Amazon / Google. Still trying to get my head around the "your infrastructure is defined as code" comment.
Version control - perfect, it's great having version control on things like our gold images. If all infrastructure can be version controlled then yes, very useful indeed.

Our company does have a data centre team who will take over the VMs and storage side of things and a networks team who I presume have build the underlying Azure network for everything. It seems I need to slot into an area that looked after some of the remote services and/or security side of things. Conditional access could be an area of thought

 

[Guest2]

Yes, the servers (hypervisors) exist in massive data centres all over the world managed by the cloud provider.

You are just for example using IAC to define virtual instances, data bases etc in code.

As it's code you can treat it like any other piece of code and version control it and use CI/CD pipelines to deploy it.

It sounds like you need to catch up a bit on how the cloud works. As I said an azure course wouldn't be a bad thing. Better yet if you can get work to pay for it.

The other benefit of IAC is repeatability. You codify your infrastructure in code so that it is a repeatable process. You can run it again and again and get the exact same results.

I suppose you have to decide what you want to do. Go and work with the cloud team or go and work with the on pre team.

But in terms of future career security and progression the cloud is the way to go.

This is just the beginning.

Thanks, all useful stuff. I have been on the Azure fundamentals and Azure admin az-104 courses, work did pay - they sent everyone on them. What's the 'pre' team, as in pre cloud?

 

[Guest2]

Progress - I now have access to CBT nuggets, Microsoft learning hub and have reader rights on our company tenant. I'm going over some fundamentals videos again as have no idea where my notes are from last year

 

[Guest2]

Do AZ900 and CCSK (Certificate of Cloud Security Knowledge) to start with, as these are basic cloud certificates. AZ900 is more Azure specific of course, but CCSK is a general cloud security certificate which doesn't expire so is good to start with.

Thanks. I’ll check out the CCSK after the fundamentals.
As I’m going through more and more modules/videos and navigate around the M365 and Azure consoles things are starting to click. There’s certainly lots to learn but it’s interesting so just need to stick at it

 

[Guest2]

It's interesting re-visiting this thread 2-3 years later.
We do still have on premises services running but in my area over 200 servers have been decommissioned.

A year or so ago I moved teams and therefore had time to use the portal more and more and start looking at other areas including terraform.
I started out with some basics and adjusting/adding to existing code and getting familiar with the CI/CD process and the whole new world of Git/Gitlab. We build an Azure Virtual Desktop PoC environment in the GUI and are now building this out in code (very early stages)

Other areas im learning are AKS and Azure firewall, multiple changes have been carried on firewalls and AKS. Log Analytics Workspace, monitoring in general, AI and HCP Vault have also be touched on and recently created a new LAW specifically for AKS in IaC.
I've also been pulling recommendations from Advisor to improve security, system stability and reduce cost as things are starting to add up!

I now see it's not a 'glorified button presser' at all after working with network engineers who run some DevOps sessions. There is still very much a need for design and engineers to design and implement solutions.

Treating infrastructure like cattle instead of pets (and AKS like insects!) I now understand someones comment too
Course / qualification wise, i've not bothered really but have been going through an online AKS course, though its not really hands and prefer looking at what we have and making improvements where necessary. I have read The Pheonix project, recommended for anyone in IT.

The journey will be long, but it's certainly interesting.

 

[Guest2]

The problem I have with phoenix project book is that mostly everyone in it, eventually comes around to the right way of doing things, and that's not what happens in real life.

While we saved money moving to the cloud, the costs of being in the cloud are rising. I can see at some point we'll be back to where we started on costs. But we'll be far more entrenched in our cloud providers.

The other side is due to things like increasing data protection, and a return to the office, increasing lockdown of what the staff can do, will mean we are not leveraging the cloud as intended. The cloud also requires an lift in everyone's skillset especially the end users. I think we've fallen short with that. It's not a gap that can be bridged by buying in staff due to a shortage of skilled people, and restricted budgets.

Yep, but i did think as i was reading "are yes, thats x person where i work"
100% costs are only going to go up skyrocket and the reason we are already looking to switch cloud providers even though we're only about 60% migrated into cloud.

Big changes for end users too, espcially in terms of MFA but most of ours are smart and everyone is becoming more and more tech savvy as the years go on. General age of end user is now ~35 so have grown up with tech in general. It's not like it was 15-20 years ago when the average user just about open MS Word and browse the web, most have now been using smart phones and MFA for social media and other apps for at least a few years.