Azure learnings from the ISV Innovation Days at Microsoft

Posted by Joep Weijers on February 6, 2024

Screen showing "Welcome to the NL ISV innovation days"

To stay on top of the latest developments and best practices in Azure, TOPdesk joined the ISV Innovation Days at Microsoft. During two days our Cloud Architects and Operations team worked together with Microsoft’s Cloud Solution Architects to create proof of concepts of ways that TOPdesk can better benefit from Azure.

On the first day we were introduced to the three other companies that also joined the ISV Innovation Days. Different companies in different segments with different questions. Yet putting them together provided a great learning opportunity through sharing experiences. Where TOPdesk’s focus was on how to further professionalize our SaaS hosting on Azure, another company dove for example into integrating AI in their products and workflows. This meant that during the plenary update meetings, we could also get a glimpse into the struggles and victories of the other topics. And take that along in our future plans on those topics.

Picture of all participants learning about Azure on the ISV innovation days

After the introductions, we came up with goals for four mini sprints. These goals provided a clear focus for each sprint. They also allowed the Microsoft hosts to provide the correct expertise at the right time. This really helped us to quickly implement proof of concepts to validate the sprint goals.

Goal 1: Familiarize ourselves with the available Azure services that can benefit us

Our first sprint was spent on an interactive presentation on the current Azure landscape. We had a lot of back and forth with Microsoft’s Solution Architect to sketch our current situation and craft our desired situation. This was very informative and it helped us to identify the technologies to focus on and learn about for the other three sprints.

Goal 2: Centralize our monitoring

Currently each of our 10 hosting locations has its own monitoring using Prometheus and Grafana. Using Azure’s hosted Prometheus and Grafana we got a proof of concept working of how a combined monitoring across hosting locations could look like. Setting up all Azure resources was straightforward. For example connecting the Prometheus to Grafana is one click. That is the power of combining these services through Azure. We did have to spend some more time integrating the hosted Prometheus into our current alerting stack. Which is not on Azure, so integration is harder. In the end we found a way forward that we will further investigate.

Goal 3: Integrate Azure’s Role Based Access Control for Kubernetes access

Team TOPdesk working on their Proof of Concepts with Microsoft's Cloud Solutions Architect

Credentials are needed to access a Kubernetes cluster for deployments and maintenance. Our current way of managing Kubernetes credentials involves passing around client certificates and keys. While this is a secure way of working, we identified a possibility for improvement. Azure’s Entra ID integration with Kubernetes’ authentication system means that we can give access and authorization to our Kubernetes cluster based on Active Directory entities. If you are logged into Azure and you have the proper permissions, only then may you access our Kubernetes clusters. This eliminates the need to create and configure client certificates. And it immediately solves the certificate revocation issue when for example someone moves to a different role within TOPdesk.

Goal 4: Leverage Azure Key Vault for Secret Management

Also for this topic holds: the current way we handle secrets is secure, but adding a layer of Azure’s Role Based Access Control bring us benefits. We can have more fine grained access control to secrets. It would also provide us with more automated ways to manage secrets. Which in turn could lead to less manual work for our Operations department.

We unfortunately ran out of time to complete this Proof of Concept. But here the benefits of having multiple companies attend the Innovation Days showed: one of the other companies are already using it. They walked by and gave us some very insightful information regarding the topic. We are confident that we will also be able to set this up.


Final presentation on the results of our Proof of Concepts with Azure tools.

The two Innovation Days were intensive. We learned a lot on Azure. But we also learned a lot about our current hosting setup and where we want to be. When you are working all day in your known environment, you can take a certain setup for granted. If you then have to explain your current setup to an outsider, you start to notice things where our current solution may be sub-optimal. If we combine that with the good tips and tricks we received from Microsoft’s Cloud Solution Architects, we can say we have learned a lot. I’m looking forward to the coming weeks to further explore our proof of concepts.

About the author: Joep Weijers

Joep is a Developer Experience Engineer at TOPdesk with a keen interest in delivering quality software continuously. He loves playing around with Jenkins Pipelines, GitLab CI, Selenium, Docker, Kubernetes and keeps in touch with his inner developer by educating his colleagues on testable Java code.

More Posts - Website