Singapore, 2015

Platinum Sponsors

Singapore, 2015 Building

infrastructure with Azure Resource Manager using

PowerShell K.Mohamed Faizal,

Azure MVP, Singapore

Singapore, 2015Singapore, 2015

AgendaOverview

2 Azure Resource Manager Tools

3 Customizing Templates

4 Role Based Access Control (RBAC)

5 Q&A

1

Singapore, 2015 Areas of Focus

Deploy Organize Control

Singapore, 2015Singapore, 2015

Singletons

STORAGE

Singapore, 2015Singapore, 2015

Challenges Set Permissions Monitor and alerting rules Billing Deployment Communication

?

Singapore, 2015Singapore, 2015

Azure – SharePoint Architecture

Virtual Network

Microsoft Azure

Cloud Service

Availability Set

Active Directory & DNS

Cloud Service Cloud Service

Availability Set

Search Server

Availability Set

Web Front End

Availability Set

Apps Servers

Availability Set

Database

Gatewaysubnet

Active VPN

Availability Set

Distributed Cache

Availability Set

Office Web Apps

Singapore, 2015

Platinum Sponsors

Singapore, 2015

DemoAzure Portal – Overview

Singapore, 2015Singapore, 2015

Consistent Management Layer

AZURE RESOURCE MANAGER API

What is Azure Resource Manager?

Singapore, 2015Singapore, 2015

Resource Groupcontainer for multiple resources resources exist in one* resource group resource groups can span regions resource groups can span services RESOURCE GROUP

*and only one

Singapore, 2015 Resource Group Lifecycle

Question: Should these resources be in the same group or a different one?Hint: Do they have common lifecycle and management?

Answer: Up to you.

Singapore, 2015

IT

DEV

Infrastructure & Configuration as Code

Value• Deployment Optimization• Accelerate Delivery

Measure• Deployment Rate• MTTR

CODE

STAGE

PRODUCTION

Singapore, 2015 Supported Resources

• Websites• SQL-A DB• MySQL DB• VS Online• Application Insights• Classic Compute*• Classic Network*• Classic Storage*• BizTalk Services• Scheduler• Search• Cache• …..• All Existing RP’s will move over into the new stack.• https://management.azure.com/subscriptions/{{subscriptionId}}/providers?api-version=2014-04-01-preview

* Only supported via the Preview Portal

Singapore, 2015Singapore, 2015

Install Azure PowerShell Tool • Install the Azure

PowerShell modules• Microsoft Web Platform I

nstaller• (OR) Go To Github and

Install • https://github.com/

Azure/azure-powershell/releases

Singapore, 2015Singapore, 2015

Command Line Tools

Singapore, 2015Singapore, 2015

Windows PowerShell

Singapore, 2015Singapore, 2015

Add Azure Subscription

Singapore, 2015Singapore, 2015

Rest API / Postman

Singapore, 2015

Visual Studio Azure RM Tools

http://www.microsoft.com/en-us/download/details.aspx?id=43740

Singapore, 2015Singapore, 2015

Deployment tracks template executioncreated within a resource groupallows nested deployments

RESOURCE GROUP

Singapore, 2015Singapore, 2015

"resources": [ { "name": “myStorageAccount", "type": "Microsoft.Storage/storageAccounts", "location": “westus", "apiVersion": "2015-05-01-preview", "properties": {"accountType": “Standard_LRS"} } ]

Declarative -> Imperative ???

Singapore, 2015Singapore, 2015

"resources": [ { "name": “myStorageAccount", "type": "Microsoft.Storage/storageAccounts", "location": “westus", "apiVersion": "2015-05-01-preview", "properties": {"accountType": “Standard_LRS"} } ]

PUT /subscriptions/{subId}/resourceGroups/{rgName}/providers/Microsoft.Storage/storageAccounts/myStorageAccount?api-version=2015-05-01-preview

{“location”: “westus”,"properties": {"accountType": “Standard_LRS"}

}

Declarative -> Imperative ???

implied

Singapore, 2015Singapore, 2015

• Resource Extensions• VM → DSC / Chef / Puppet / Custom script / etc.• AppService → WebDeploy• SQL DB → BACPAC

• Copies + length (like PB+J!)• Nested Templates• NewOrExisting Patterns

Advanced Template Scenarios

Singapore, 2015Singapore, 2015

• Resource Groups• Linked Resources• Tags

Organising with Azure Resource Manager

Singapore, 2015Singapore, 2015

Resource Group

App-Centric Resource Groups and Templates

My3 Tier

Template

SQL DB AppService

VirtualMachine

reference()

Singapore, 2015Singapore, 2015 App-centric Resource Groups and Tier-centric

Templates

MyDB Tier

Template

MyWeb TierTemplate

MyVM Tier

Template

Resource Group

SQL DB AppService

VirtualMachine

reference()

Singapore, 2015Singapore, 2015 App-centric Resource Groups and Nested

TemplatesPa

rent

Te

mpl

ate My Nested

DB TierTemplate

My NestedWeb TierTemplate

My NestedVM Tier

Template

Resource Group

SQL DB AppService

VirtualMachine

reference()

My3 Tier

Template

Singapore, 2015Singapore, 2015

Tier-centric Resource Groups and Templates

MyDB Tier

Template

MyWeb TierTemplate

MyVM Tier

Template

Resource Group

SQL DB AppService

VirtualMachine

reference()Linked Resource

Resource Group Resource Group

Singapore, 2015Singapore, 2015

Resource TagsName-value pairs assigned to resources or resource groupsSubscription-wide taxonomyEach resource can have up to 15 tagsTag by Environment, e.g. dev/test/prodTag by Role, e.g. web/cache/DBTag by Department, e.g. finance/legalTag by Responsible party, e.g. Bob

Tagging Tips

Singapore, 2015Singapore, 2015

Role-Based Access Control• Allows secure access with granular permissions• Assignable to users, groups, or service principals• Built-in roles make it easy to get started

Singapore, 2015Singapore, 2015

Two Key ConceptsRole Definitions

Describes the set of permissions (e.g. read actions)

Can be used in multiple assignments

Role Assignments

Associate role definitions with an identity (e.g. user/group) at a scope (e.g. resource group)

Always inherited – subscription assignments apply to all resources

Singapore, 2015Singapore, 2015

Role-Based Access Control

Singapore, 2015Singapore, 2015

Granular Scopes/subscriptions/{id}/resourceGroups/{name}/providers/…/

sites/{site} subscription level – grants permissions to all resources in the sub

resource group level – grants permissions to all resources in the group resource level – grants

permissions to the specific resource

Singapore, 2015Singapore, 2015

Many IaaS examples available https://github.com/Azure/azure-quickstart-templates

More language examples available https://github.com/rjmax/ArmExamples https://github.com/olaskoog/

Documentation availablehttp://azure.microsoft.com/en-us/documentation/articles/resource-group-overview/

Deploy a template today!

Singapore, 2015

Don’t Forget!• Fill in your survey – it’s how we do better!• Don’t lose you badge! You need it for the Social Events• Grab the Speakers for a chat – they all have time for you!• Let everyone know what they are missing on Social Media

#PowerShell#PSConfAsia

Tweets (preferably with Pictures) win Prizes!!!!Photos of Marina Bay Credit: Alvin Lau