Azure Resource Manager
Gautam ThaparPrincipal Program ManagerMicrosoft Corporation
CDP-B345Charles LamannaPrincipal Engineering ManagerMicrosoft Corporation
AgendaWhy Azure Resource Manager
What has already been enabledQuestions/Feedback
Today’s ChallengeIt’s difficult to…
Deploy or update a group of resources, repeatedly
Manage permissions on a group of resources
Visualize a group of resources in a logical view, including monitoring/billing
Singletons
Deploy becomes more complex
Proper use of resources becomes more abstract
Isolation makes communication a challenge
STORAGE
6
Resource Centric Views
Introducing Resource ManagerApplication Lifecycle Container
Declarative solution for Deployment and Configuration
Consistent Management Layer
Resource Groups Tightly coupled containers of
multiple resources of similar or different types
Every resource *must* exist in one and only one resource group
Resource groups can span regions
RESOURCE GROUP
Coupling for ResourcesResource Group is a unit of management
Lifecycle: deployment, update, delete, status
Identity: resources can talk to each other
Grouping: Metering, billing, quota: applied & rolled up to group
Access Control: Scope for RBAC permissions
Resource Group LifecycleQuestion: Should these resources be in the same group or a different one?
Hint: Do they have common lifecycle and management?
Answer: Up to you.
Azure Templates can:• Ensure Idempotency
• Simplify Orchestration
• Simplify Roll-back
• Provide Cross-Resource Configuration and Update Support
Azure Templates are: • Source file, checked-in
• Specifies resources and dependencies (VMs, WebSites, DBs) and connections (config, LB sets)
• Parametized input/output
Instantiation of repeatable config.Configuration Resource Group
Power of Repeatability
SQL - A Website VirtualMachines
SQL-AWebsite[SQL CONFIG] VM (2x)
DEPENDS ON SQLDEPENDS ON SQL
SQLCONFIG
12
Add your own PowerSome resources can be extended allowing more code or data inside the resource
• AV agent inside a VM
• WordPress Webdeploy package on a Website
Allow for Scripting or Imperative configuration of resources
Extensible solution (Windows and Linux):• VMM Agent
• DSC (in-VM PowerShell)
• Chef
• Puppet
Consistent Management Layer
AZURE RESOURCE MANAGER API
So, what does this all mean…Application Lifecycle ContainerDeploy and Manage your application as you see fit
Declarative solution for Deployment and ConfigurationSingle click deployment of multiple instantiations of your application
Consistent Management LayerThe same experience of deployment and management whether you go from the Portal, Command Line,
or Tools
DemoLet’s see that work
16
Azure RM Capabilities• Centralized auditing of operations
• Simple tagging and grouping of resources
• Consistent access control (e.g. RBAC)
17
Supported Resources and Roadmap
• Websites• SQL Azure DB• Classic Compute• Classic Network• Classic Storage• Redis Cache
… all existing Azure services are coming on-line
18
Audited Management Operations
• Create / Update / Delete operations are audited
• Rich querying capabilities
• Available at subscription, resource group and resource
19
Detailed Audits• Rich information about the who, what and when
• Correlation id groups related operations (e.g. templates)
Resource Tags• Name-value pairs assigned to
resources or resource groups
• Subscription-wide taxonomy and complete for tag consistency
• Each resource can have up to 15 tags
Tagging Tips• Notes: attach notes to resources via
tags
• Creator: track who is the “owner” or responsible for a resource
• Department/Cost center: record who is responsible for paying for a resource
• Environment: group resources in production vs. pre-production vs. test
22
Organizational conceptsResource groups
• Tightly coupled to a container of resources
• Follows RBAC rules
• 1 resource group
Tags
• Loosely coupled user or system defined categorization
• Arbitrary boundaries
• 15 tags to use as needed
Resource groups and tags are the building blocks from which users define applications.
23
Access Control: RBAC• Allows secure access with granular permissions to resources
• Assignable to users, groups or service principals
• Built-in roles make it easy to get started
24
Two Key Concepts
Role Definitions
• describes the set of permissions (e.g. read actions)
• can be used in multiple assignments
Role Assignments
• associate role definitions with an identity (e.g. user/group) at a scope (e.g. resource group)
• always inherited – subscription assignments apply to all resources
Role Based Access Control
Granular Scopes
/subscriptions/{id}/resourceGroups/{name}/providers/…/sites/{site}
subscription level – grants permissions for all resources in the sub
resource group level – grants permissions for all resources in the group
resource level – grants permissions to the specific resource
DemoLet’s see that work
28
Recap
Next generation of Azure management
Templates provides predictability / efficiency
Audits, Tags, Access Control & more
Works Everywhere (public + private clouds)
29
References• MVA Azure RM session: http://aka.ms/arm-devops • API docs on MSDN: http://aka.ms/armmsdn • Template docs on MSDN: http://aka.ms/templatemsdn • Azure RM cmdlets: http://aka.ms/armpowershell
• Available on twitter: @clamanna and @gautamthapar
30
Questions/Feedback
TechEd Mobile app for session evaluations is currently offline
SUBMIT YOUR TECHED EVALUATIONSFill out an evaluation via
CommNet Station/PC: Schedule Builder
LogIn: europe.msteched.com/catalog
We value your feedback!
Resources
Learning
Microsoft Certification & Training Resources
www.microsoft.com/learning
TechNet
Resources for IT Professionals
http://microsoft.com/technet
Sessions on Demand
http://channel9.msdn.com/Events/TechEd
Developer Network
http://developer.microsoft.com
© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.