This is a summary of the book titled “The Psychological Safety Playbook” written by Minette Norman and Karolin Helbig and self-published in 2023. Psychological safety is as much relevant to workplace as it is to relationships, terms and culture. The authors highlight five skills leaders must harness to achieve this: communication, listening, emotional regulation, managing failure, and inclusion. Each of these five skills is accompanied by five ways to implement them. Everyone needs to feel psychologically safe to reach their full potential. When they communicate, they must be able to speak up, welcome diverse viewpoints, and not insist on their own. When we improve our listening skills, others feel understood. Our emotional reactions and kneejerk behavior must be regulated, so others find it easy to open up. They must be able to take risks and fail, learn and innovate. Inclusive rituals and gathering feedback improves participation. This book is easy to read and inspiring at the same time.

Psychological safety is crucial for a team's success, as it allows individuals to ask questions, express concerns, and admit mistakes without fear of humiliation or punishment. This creates an environment where people feel safe to contribute ideas, express dissent, and challenge leaders. Leaders should set the tone, ensure everyone feels valued, and create an environment where they can model behavior such as listening, humility, trust, and openness to criticism. Courageous communication involves welcoming diverse viewpoints and embracing dissent. Leaders should invite varied viewpoints, encourage dissent, and display feelings productively. They should avoid perfectionism, admit their own inadequacies, and be funny to build connection and trust. By fostering a culture of continuous learning, leaders can foster a culture of psychological safety and high-performing cultures. By embracing these practices, leaders can foster a more inclusive and innovative work environment.

Skilled listening involves understanding others' perspectives and understanding their emotions. It requires humility and mindfulness, allowing for acceptance of different viewpoints without agreeing. Participation is key, with a focus on the conversation partner, paraphrasing and summarizing what is heard. Emotions are crucial for decision-making, but often unstated. Identifying emotions through micro-expressions, gestures, and body language is essential. Show empathy without judgment and encourage curiosity by asking for clarification and allowing for silence. By demonstrating curiosity and allowing for further engagement, you can foster a more inclusive and effective conversation.

Emotional regulation is crucial in ensuring a productive response to challenges. It involves self-awareness, emotional control, and sincere appreciation for challengers. To respond non-defensively, observe defensive reactions and pause before responding. Label emotions with logical thinking and be objective. Deconstruct blind spots by seeking alternative perspectives and examining contradictory evidence. Express grace and gratitude towards challengers, recognizing and labeling emotional and physiological responses. Move towards confrontation rather than away from it, reminding yourself of shared values and goals. Learn from new ideas by building on them, not avoiding negative reactions and treating new proposals as valuable experiments.

Leaders should embrace risk and failure to foster a culture of learning and innovation. This doesn't mean lowering performance standards or letting accountability slide. Instead, leaders should welcome failure, frame it as part of the journey towards innovation, and share stories of high performers who have overcome setbacks. Befriending uncomfortable emotions, demonstrating learning behavior, and facilitating continual learning are also essential. By embracing failure and mistakes, leaders can help employees understand why a failure occurred and how to remedy it. Regular, blame-free postmortems and "premortems" can help employees understand the learning process and encourage continuous learning. Rewarding people who identify potential flaws in a plan can also contribute to a more positive work environment.

Inclusive rituals and feedback gathering are essential for creating a diverse team culture. Appoint an "inclusion booster" at meetings to ensure everyone has a chance to speak. Establish a no-interruption rule and encourage concise speaking. Set a rule that "no one speaks twice until everyone speaks once" to foster innovation. Use visual timers and collaboration tools to keep everyone concise. Assemble post-meeting feedback to promote accountability and measure progress. Express gratitude to workers for their work, challenging ideas, and celebrating hard work. Keep all responses confidential and encourage team members to collaborate effectively.

References:

1. PreviousBookSummary.docx

2. SummarizerCodeSnippets.docx

3. DroneInformationManagement.docx

4. https://coursera.org/share/89dd61377bad7e93402c5bb3440414af

5. https://coursera.org/share/b1e019fd7028b96f54a057db4d11ea85

#codingexercise : https://1drv.ms/w/s!Ashlm-Nw-wnWhNN5MYAncYz3czQKUw?e=JHwWUU?

 This is a continuation of the articles on IaC shortcomings and resolutions. The previous articles talked about different data backup and migration strategies and provided steps to go over the variations for resource types. This article discusses what is needed for a specific case where the data transfer must span azure management hierarchy of tenants, subscriptions, resource-groups and resources. As before, we will assume that all resources have private networking enabled for security and performance reasons. In addition, each virtual network for private networking is isolated from one another. For example, the virtual network in one subscription might not have any peering with that in any other subscription. Both public and private IP connectivity is enabled for each resource that acts as source and destination for data transfer.

Given such a scenario, the traditional way to allow cross virtual network access for use of resources in the said networks has been the use of private connections by virtue of private endpoints. Consequently, any destination for data transfer can request a private endpoint to be added where the data is saved on the source virtual network. Each virtual network can safely assume that typical options of name resolution to private IP assigned to these private connections is enabled with the help of private domain name resolution service. When the destination can connect to the remote source via the private IP connectivity thus established, the destination will be able to pull the data from the source. This works well for paired servers of the same resource type with the help of continuous replication that is supported by the resource types such as Azure managed instances of MySQL flexible servers and Azure managed instances for Apache Cassandra. However, it does not work that easily for cases where a third resource type or automation is involved to perform the transfers by way of pulling from the source and pushing to the destination. The involvement of a resource type, such as a Database Migration Service or an automation requires networking to be available to both source and the destination, so more connections need to be established than earlier and from both source and destination. These connections are always on the private IP connectivity plane, but it is also possible to keep the traffic over the public if the size of the data transfers is small and the encryption for data in transit is supported. In such cases, IP addresses for the entity performing the data transfers must be supported between the source and the destination. Any firewall or firewall polices must also support the allow listing of IP addresses. If the entity is an Azure resource and receives a public IP address from Azure, then it is not necessary to add allowlists for Microsoft IP addresses because such resources can be allowed traffic with the “Bypass trusted Azure services” option that is available under the network settings of the source and the destination. With the help of this option, it is easy to keep the public IP access restrictions light and simple. All traffic between Azure resources with public IP addresses from Azure will in such a case, flow over the Azure networking backbone. This prevents the Azure services from going over the public internet and provides very low latency of less than ten milliseconds as opposed to a hundred to two hundred milliseconds. In addition, to networking, authentication must be setup for each of the entity performing the data transfers. This again is required only in the case where continuous replication is not involved. An application identity can be dedicated for data backup/migration purposes. A role that honors the principle of least privilege must be assigned to this identity at both the source and the destination.

#codingexercise

https://1drv.ms/w/s!Ashlm-Nw-wnWhNIeZZhspIpNfjqURg?e=pymL9w

 Database migration between Cassandra servers

This section describes the way to transfer data between the Azure Managed Instances of Apache Cassandra. This is done with the help of “nodetool” and “sstableloader” commands via the Azure CLI using the steps outlined below. For more information on the DBA commands for this instance, please visit https://learn.microsoft.com/en-us/azure/maaged-instance-apache-cassandra/dba-commands. Ensure that your automation identity has the necessary permission to run azcopy and az cli.

1. The first step involves creating a snapshot of the data. This is done with:

# Create a snapshot

az managed-cassandra cluster invoke-command \

  --resource-group <resource-group> \

  --cluster-name <cluster-name> \

  --host <host-ip> \

  --command-name nodetool \

  --arguments "snapshot <keyspace> -t <snapshot-name>"

# Download the snapshot files using azcopy

azcopy copy "https://<storage-account>.blob.core.windows.net/<container>/<path-to-snapshot>/*" "<local-directory>"

2. The second step involves uploading the snapshot to another instance. This is done with:

# Upload the snapshot files using azcopy

azcopy copy "<local-directory>/*" "https://<storage-account>.blob.core.windows.net/<container>/<path-to-upload>"

# Load the data using sstableloader

az managed-cassandra cluster invoke-command \

  --resource-group <resource-group> \

  --cluster-name <cluster-name> \

  --host <host-ip> \

  --command-name sstableloader \

  --arguments "-d <data-directory> <keyspace> <table>"

3. Finally, test that the data are similar.

Data Backup/Restore or Migration are usually considered last resort as most resources in Azure allow continuous replication across paired servers. But when they become inevitable, these steps make the task easier.

 Why are Enterprise Application registrations and Service principals’ creation excluded from IaC?

When we create an Azure App Registration, it results in the creation of both an Application Object and a Service Principal Object. The application object is the representation of the application in the home tenant and acts as a template or blueprint for creating service principals. It contains information about how the application can issue tokens, the resources it can access and the actions it can perform. One can configure API permissions, client secrets, branding, and App roles within this object definition.

A service principal aka Enterprise Application is a concrete instance of the application object within a specific tenant. It represents the application’s identity and comes with a unique object identifier that can be used for non-interactive automations. Each tenant where the application is used will have its own service principal. Most role-based access control assignments for the application are made using this object identifier.

It is possible to register the application using IaC but there are several drawbacks due to which they are not popular. For example, there are special permissions needed for the identity used with the pipeline to deploy such a registration in the Azure Entra aka Active Directory. Such permissions are usually difficult to distribute and must remain within the exclusive control of a centralized entity within the organization which is usually named the Identity and Access Management team. When the permissions are not sufficient, the idempotency of the resource creation and deletion is lost. At this point, the syntax and semantics of app registration appear to be broken and for this reason, it is difficult for anyone to create application registrations from code deploying to their subscriptions. All such registrations will end up in the same global active directory.

Another reason is that the provider registrations and the Active directory must remain up to date otherwise version discrepancies affect the IaC. Since the resource is global and not specific to the azure subscription-resource-group-and-resource tri-level hierarchy, the provider can change the syntax and semantics for the global entity that do not get captured with the IaC that once worked and does not later. For this reason, it is important that azure Active Directory resources not be treated the same as resources that instantiate services from Azure’s service portfolio

Previous article: https://1drv.ms/w/s!Ashlm-Nw-wnWhPVXO5Lemyhk5z34HA?e=8e2jVb