Archive for April, 2016

Why you must not use Azure if you want to keep your sanity

I’ve been working with Azure for about a month, maybe 20-30 hours directly spent on it in total, but it is clear I don’t need to waste any more time on it to make this conclusion:

Azure is shit.

Azure is the worst sysadmin nightmare come true.

Azure is like a bad marriage where there’s no love to begin with, but there’s an accidental pregnancy, and you’re both from religious families, so you have no choice but marry, and then you hate your life forever.

Allow me to explain with some technical details.

The main problem that Azure has is that it suffers from a multitude of limitations that are badly documented or not documented at all, so they bite you after you’ve done 80% of your work only to find that you now have to wipe it all and start from scratch, but now with one little thing done differently in the beginning of the process. Just two examples:

  • If you create a VM with a single NIC, you can’t add more. If you create a VM with several NICs, you can’t remove them so you’d have less than two. You built something, spent time customizing it, then want the second NIC? Delete the VM, start from scratch. Microsoft doesn’t give a fuck about your time.
  • Static VPN can’t have overlapping networks on the two sides of the tunnel. Cisco can do it. Juniper can do it. AWS basically requires you to do it (local side of an AWS IPSEC tunnel is 0/0). Try doing this in Azure – it will fail. Moreover, it will fail with no useful diagnostics whatsoever, if you’re setting up the VPN using the Azure portal (thankfully, someone at Microsoft created a decent CLI that produces error messages – the only good thing about working with Azure). And since there’s either a bug or a misfeature that doesn’t allow modifying the set of subnets assigned to the local peer, you have to delete the VPN connection, delete the local peer, create a new one with a different set of subnets, create the VPN connection again.

Then there are general ecosystem issues (or actually just one basic philosophical one):

  • Azure documentation is worthless, for two reasons. First, they haven’t bothered to spend enough time on it. Everything is barebones. Some features and behaviors are not explained at all. Second, Microsoft writes documentation for losers. Their target is people who have no ability to think whatsoever. A typical document does not explain the feature and show you how it works and what can be done with it. It is a walkthrough: do this and only this, don’t think, just follow our directions. You get stuck? Open a support case. Just don’t think.
  • Another aspect of the same problem: there are no good discussions or blogs on Azure that would help to solve problems or do deep dives to help you understand how things work. Microsoft is your only help. Don’t think, just go ask them.
  • They believe all you need for interoperability are sample configuration files (this one is a more specific issue encountered with VPN setup). Don’t expect any explanation why the configuration is exactly like that. You have samples, use them. Don’t think.
  • Did I mention you’re not supposed to think when working in Azure?

When I started using AWS, my most pronounced thought was “holy shit, I’ll never learn to use everything this thing can do.” With Azure, after just a few weeks, I feel like I’m running through a tiny little maze with no exit, designed by an evil clown.

Oh, and that unwanted pregnancy? Microsoft Office and parent company choice. No way out of this marriage.

Categories: Uncategorized