View
778
Download
0
Category
Preview:
Citation preview
Singapore, 2015
Platinum Sponsors
Singapore, 2015 Building
infrastructure with Azure Resource Manager using
PowerShell K.Mohamed Faizal,
Azure MVP, Singapore
Singapore, 2015Singapore, 2015
AgendaOverview
2 Azure Resource Manager Tools
3 Customizing Templates
4 Role Based Access Control (RBAC)
5 Q&A
1
Singapore, 2015 Areas of Focus
Deploy Organize Control
Singapore, 2015Singapore, 2015
Singletons
STORAGE
Singapore, 2015Singapore, 2015
Challenges Set Permissions Monitor and alerting rules Billing Deployment Communication
?
Singapore, 2015Singapore, 2015
Azure – SharePoint Architecture
Virtual Network
Microsoft Azure
Cloud Service
Availability Set
Active Directory & DNS
Cloud Service Cloud Service
Availability Set
Search Server
Availability Set
Web Front End
Availability Set
Apps Servers
Availability Set
Database
Gatewaysubnet
Active VPN
Availability Set
Distributed Cache
Availability Set
Office Web Apps
Singapore, 2015
Platinum Sponsors
Singapore, 2015
DemoAzure Portal – Overview
Singapore, 2015Singapore, 2015
Consistent Management Layer
AZURE RESOURCE MANAGER API
What is Azure Resource Manager?
Singapore, 2015Singapore, 2015
Resource Groupcontainer for multiple resources resources exist in one* resource group resource groups can span regions resource groups can span services RESOURCE GROUP
*and only one
Singapore, 2015 Resource Group Lifecycle
Question: Should these resources be in the same group or a different one?Hint: Do they have common lifecycle and management?
Answer: Up to you.
Singapore, 2015
IT
DEV
Infrastructure & Configuration as Code
Value• Deployment Optimization• Accelerate Delivery
Measure• Deployment Rate• MTTR
CODE
STAGE
PRODUCTION
Singapore, 2015 Supported Resources
• Websites• SQL-A DB• MySQL DB• VS Online• Application Insights• Classic Compute*• Classic Network*• Classic Storage*• BizTalk Services• Scheduler• Search• Cache• …..• All Existing RP’s will move over into the new stack.• https://management.azure.com/subscriptions/{{subscriptionId}}/providers?api-version=2014-04-01-preview
* Only supported via the Preview Portal
Singapore, 2015Singapore, 2015
Install Azure PowerShell Tool • Install the Azure
PowerShell modules• Microsoft Web Platform I
nstaller• (OR) Go To Github and
Install • https://github.com/
Azure/azure-powershell/releases
Singapore, 2015Singapore, 2015
Command Line Tools
Singapore, 2015Singapore, 2015
Windows PowerShell
Singapore, 2015Singapore, 2015
Add Azure Subscription
Singapore, 2015Singapore, 2015
Rest API / Postman
Singapore, 2015
Visual Studio Azure RM Tools
http://www.microsoft.com/en-us/download/details.aspx?id=43740
Singapore, 2015Singapore, 2015
Deployment tracks template executioncreated within a resource groupallows nested deployments
RESOURCE GROUP
Singapore, 2015Singapore, 2015
"resources": [ { "name": “myStorageAccount", "type": "Microsoft.Storage/storageAccounts", "location": “westus", "apiVersion": "2015-05-01-preview", "properties": {"accountType": “Standard_LRS"} } ]
Declarative -> Imperative ???
Singapore, 2015Singapore, 2015
"resources": [ { "name": “myStorageAccount", "type": "Microsoft.Storage/storageAccounts", "location": “westus", "apiVersion": "2015-05-01-preview", "properties": {"accountType": “Standard_LRS"} } ]
PUT /subscriptions/{subId}/resourceGroups/{rgName}/providers/Microsoft.Storage/storageAccounts/myStorageAccount?api-version=2015-05-01-preview
{“location”: “westus”,"properties": {"accountType": “Standard_LRS"}
}
Declarative -> Imperative ???
implied
Singapore, 2015Singapore, 2015
• Resource Extensions• VM → DSC / Chef / Puppet / Custom script / etc.• AppService → WebDeploy• SQL DB → BACPAC
• Copies + length (like PB+J!)• Nested Templates• NewOrExisting Patterns
Advanced Template Scenarios
Singapore, 2015Singapore, 2015
• Resource Groups• Linked Resources• Tags
Organising with Azure Resource Manager
Singapore, 2015Singapore, 2015
Resource Group
App-Centric Resource Groups and Templates
My3 Tier
Template
SQL DB AppService
VirtualMachine
reference()
Singapore, 2015Singapore, 2015 App-centric Resource Groups and Tier-centric
Templates
MyDB Tier
Template
MyWeb TierTemplate
MyVM Tier
Template
Resource Group
SQL DB AppService
VirtualMachine
reference()
Singapore, 2015Singapore, 2015 App-centric Resource Groups and Nested
TemplatesPa
rent
Te
mpl
ate My Nested
DB TierTemplate
My NestedWeb TierTemplate
My NestedVM Tier
Template
Resource Group
SQL DB AppService
VirtualMachine
reference()
My3 Tier
Template
Singapore, 2015Singapore, 2015
Tier-centric Resource Groups and Templates
MyDB Tier
Template
MyWeb TierTemplate
MyVM Tier
Template
Resource Group
SQL DB AppService
VirtualMachine
reference()Linked Resource
Resource Group Resource Group
Singapore, 2015Singapore, 2015
Resource TagsName-value pairs assigned to resources or resource groupsSubscription-wide taxonomyEach resource can have up to 15 tagsTag by Environment, e.g. dev/test/prodTag by Role, e.g. web/cache/DBTag by Department, e.g. finance/legalTag by Responsible party, e.g. Bob
Tagging Tips
Singapore, 2015Singapore, 2015
Role-Based Access Control• Allows secure access with granular permissions• Assignable to users, groups, or service principals• Built-in roles make it easy to get started
Singapore, 2015Singapore, 2015
Two Key ConceptsRole Definitions
Describes the set of permissions (e.g. read actions)
Can be used in multiple assignments
Role Assignments
Associate role definitions with an identity (e.g. user/group) at a scope (e.g. resource group)
Always inherited – subscription assignments apply to all resources
Singapore, 2015Singapore, 2015
Role-Based Access Control
Singapore, 2015Singapore, 2015
Granular Scopes/subscriptions/{id}/resourceGroups/{name}/providers/…/
sites/{site} subscription level – grants permissions to all resources in the sub
resource group level – grants permissions to all resources in the group resource level – grants
permissions to the specific resource
Singapore, 2015Singapore, 2015
Many IaaS examples available https://github.com/Azure/azure-quickstart-templates
More language examples available https://github.com/rjmax/ArmExamples https://github.com/olaskoog/
Documentation availablehttp://azure.microsoft.com/en-us/documentation/articles/resource-group-overview/
Deploy a template today!
Singapore, 2015
Don’t Forget!• Fill in your survey – it’s how we do better!• Don’t lose you badge! You need it for the Social Events• Grab the Speakers for a chat – they all have time for you!• Let everyone know what they are missing on Social Media
#PowerShell#PSConfAsia
Tweets (preferably with Pictures) win Prizes!!!!Photos of Marina Bay Credit: Alvin Lau
Recommended