By now you’ve probably seen the news related to how Microsoft is prioritizing Azure capacity. When Microsoft issues an Azure Pass, they have pre-paid the value of that subscription for you, and are allowing you to spend up to the value of that Azure Pass (i.e. $100) for any Azure activity you want, for the duration of the pass (i.e. 3 months). This is free money. Over the years there have been endless cases of Azure Pass theft, abuse such as bitcoin mining and much more.
Several years ago, we launched “Cloud Slice.” Put simply, this is a set of technologies and a framework that can be applied to any cloud provider we support, enabling short term, focused access for the purpose of learning. The three primary goals of Cloud Slice are:
- Reduce the friction for the learner, make the experience as simple as possible.
- Enable the learner to access what they need, when they need it and broadly minimize the use of resources in the cloud.
- Create a simple authoring experience, enabling hands-on cloud experiences to be authored quickly with a keen eye to security and fraud prevention.
To date, we have launched half a million labs using Cloud Slice across Amazon AWS and Azure.
How it Works
There are two variants of Azure Cloud Slice: Cloud Slice Resource Group (CSR) and Cloud Slice Subscription (CSS). These fundamentally work the same way but vary in scope.
Cloud Slice Resource Group leverages a pool of distributed Azure subscriptions to load balance lab sessions. Each lab session creates one or more resource groups and within each resource group, deploys one or more ARM templates to pre-create any resources needed for the lab. For each lab you are assigned a user account (or in some cases multiple accounts), each with the permissions required to access the resource groups. For resources that cannot be deployed with ARM templates, our internal automation engine (called “life cycle actions”) can automatically run a script that performs additional configuration.
Cloud Slice Subscription has the exact same model, with the exception that instead of provisioning the resource group in a pool of Azure subscriptions, it dynamically creates a new subscription and grants permissions to the user account(s) at a higher level, enabling many functions that are otherwise unavailable.
For example, courses AZ-103 and AZ-104 (and many other MOC courses) rely heavily on subscription level activities and Cloud Slice to be effective.
For more information on Microsoft training courses affected by the withdrawal of Azure Passes, click here.
A critical element of providing managed subscriptions for learning is fraud protection. One slip in this area, one rushed class, one irresponsible decision, and you can find yourself with consumption bills in the thousands, or even hundreds of thousands of dollars. For smaller lab providers or learning partners that try to build home-grown solutions, a slip here can put them out of business overnight.
Cloud Slice offers protection on several levels. All labs are subject to role and permission restrictions that limit resource usage to specific objects in the specific quantities required to complete the lab. These policies go through a manual security review and audit before being published and after any change that relates to the Cloud Slice configuration. These processes are automated and cannot be bypassed.
Additionally, there are separate and isolated services that monitor all managed subscriptions to identify objects that are not specifically tagged within a lab and remove them. A team monitors usage 24/7 for automated alerts and errors and can manually interject when needed. Finally, every single lab launched is subject to a cost baseline analysis which alert when the spending associated with a given lab is exceeding what is projected for that lab.
Our Strategy for MOC Conversion and Azure Learning
Our MOC labs support not just our learning partners, but many other learning programs.
Cloud Slice offers the same subscription level managed access, and perhaps most importantly, vastly reduces the resource footprint of learning.
The publication process for a course looks like this:
1. The course is reviewed with an Instructor to determine the state of the course, including:
- Which labs have dependencies that can be automated?
- Which labs require subscription level access?
- Which labs require only resource group level access?
- What additional configurations are required to ensure labs remain functional as written?
- Are there any labs that cannot run inside this model?
2. An initial version of the lab is built and the lab instructions are sent to QA.
3. A security review is conducted to ensure the lab has:
- Access to all required resources, but only those resources.
- The lightest possible impact on Azure resource consumption, while meeting the learning objectives of the module.
4. A final QA is completed to ensure the final version of the lab works as intended.
5. The lab is published.
In addition to MOC enhancements, we are including new features in our TMS to help Instructors control the way students consume labs and enrich the overall delivery experience:
1. Zoom Integration – Starting April 10, customers with Zoom accounts can register those accounts with the TMS and the system will automatically manage your Zoom meetings for you. Meetings are tied to your class schedule, automatically scheduled, distributed to students and cleaned up when classes end. This is in addition to our generic meeting provider integration which can be used with Microsoft Teams and our existing deep integration with Adobe Connect.
2. Instructor Controls for Lab Visibility – Starting April 10, Instructors in classes can manually disable and enable individual labs for all students in the class. If you don’t want a student launching a lab until you complete a module, you can disable the lab and then enable it when you are ready to allow the students to begin. This is particularly important when students have a limited number of attempts to complete the lab.
The End Product
Our product will be a cleaner, lighter, more focused version of MOC, providing the right level of access for each lab. Where subscriptions are needed, they are provided; where they are not, resource groups are used. Instructors have greater control over how students access labs, and customers can be assured that the labs have been carefully and methodically tested to ensure they function, while protecting both the cloud and the underlying platform ensuring the long-term viability of our approach.
To see which MOC courses have been updated to use Cloud Slice, click here.
Interested in Learning More?
Click here to contact us.