Azure Resource Manager

Gautam ThaparPrincipal Program ManagerMicrosoft Corporation

CDP-B345Charles LamannaPrincipal Engineering ManagerMicrosoft Corporation

AgendaWhy Azure Resource Manager

What has already been enabledQuestions/Feedback

Today’s ChallengeIt’s difficult to…

Deploy or update a group of resources, repeatedly

Manage permissions on a group of resources

Visualize a group of resources in a logical view, including monitoring/billing

Singletons

Deploy becomes more complex

Proper use of resources becomes more abstract

Isolation makes communication a challenge

STORAGE

6

Resource Centric Views

Introducing Resource ManagerApplication Lifecycle Container

Declarative solution for Deployment and Configuration

Consistent Management Layer

Resource Groups Tightly coupled containers of

multiple resources of similar or different types

Every resource *must* exist in one and only one resource group

Resource groups can span regions

RESOURCE GROUP

Coupling for ResourcesResource Group is a unit of management

Lifecycle: deployment, update, delete, status

Identity: resources can talk to each other

Grouping: Metering, billing, quota: applied & rolled up to group

Access Control: Scope for RBAC permissions

Resource Group LifecycleQuestion: Should these resources be in the same group or a different one?

Hint: Do they have common lifecycle and management?

Answer: Up to you.

Azure Templates can:• Ensure Idempotency

• Simplify Orchestration

• Simplify Roll-back

• Provide Cross-Resource Configuration and Update Support

Azure Templates are: • Source file, checked-in

• Specifies resources and dependencies (VMs, WebSites, DBs) and connections (config, LB sets)

• Parametized input/output

Instantiation of repeatable config.Configuration Resource Group

Power of Repeatability

SQL - A Website VirtualMachines

SQL-AWebsite[SQL CONFIG] VM (2x)

DEPENDS ON SQLDEPENDS ON SQL

SQLCONFIG

12

Add your own PowerSome resources can be extended allowing more code or data inside the resource

• AV agent inside a VM

• WordPress Webdeploy package on a Website

Allow for Scripting or Imperative configuration of resources

Extensible solution (Windows and Linux):• VMM Agent

• DSC (in-VM PowerShell)

• Chef

• Puppet

Consistent Management Layer

AZURE RESOURCE MANAGER API

So, what does this all mean…Application Lifecycle ContainerDeploy and Manage your application as you see fit

Declarative solution for Deployment and ConfigurationSingle click deployment of multiple instantiations of your application

Consistent Management LayerThe same experience of deployment and management whether you go from the Portal, Command Line,

or Tools

DemoLet’s see that work

16

Azure RM Capabilities• Centralized auditing of operations

• Simple tagging and grouping of resources

• Consistent access control (e.g. RBAC)

17

Supported Resources and Roadmap

• Websites• SQL Azure DB• Classic Compute• Classic Network• Classic Storage• Redis Cache

… all existing Azure services are coming on-line

18

Audited Management Operations

• Create / Update / Delete operations are audited

• Rich querying capabilities

• Available at subscription, resource group and resource

19

Detailed Audits• Rich information about the who, what and when

• Correlation id groups related operations (e.g. templates)

Resource Tags• Name-value pairs assigned to

resources or resource groups

• Subscription-wide taxonomy and complete for tag consistency

• Each resource can have up to 15 tags

Tagging Tips• Notes: attach notes to resources via

tags

• Creator: track who is the “owner” or responsible for a resource

• Department/Cost center: record who is responsible for paying for a resource

• Environment: group resources in production vs. pre-production vs. test

22

Organizational conceptsResource groups

• Tightly coupled to a container of resources

• Follows RBAC rules

• 1 resource group

Tags

• Loosely coupled user or system defined categorization

• Arbitrary boundaries

• 15 tags to use as needed

Resource groups and tags are the building blocks from which users define applications.

23

Access Control: RBAC• Allows secure access with granular permissions to resources

• Assignable to users, groups or service principals

• Built-in roles make it easy to get started

24

Two Key Concepts

Role Definitions

• describes the set of permissions (e.g. read actions)

• can be used in multiple assignments

Role Assignments

• associate role definitions with an identity (e.g. user/group) at a scope (e.g. resource group)

• always inherited – subscription assignments apply to all resources

Role Based Access Control

Granular Scopes

/subscriptions/{id}/resourceGroups/{name}/providers/…/sites/{site}

subscription level – grants permissions for all resources in the sub

resource group level – grants permissions for all resources in the group

resource level – grants permissions to the specific resource

DemoLet’s see that work

28

Recap

Next generation of Azure management

Templates provides predictability / efficiency

Audits, Tags, Access Control & more

Works Everywhere (public + private clouds)

29

References• MVA Azure RM session: http://aka.ms/arm-devops • API docs on MSDN: http://aka.ms/armmsdn • Template docs on MSDN: http://aka.ms/templatemsdn • Azure RM cmdlets: http://aka.ms/armpowershell

• Available on twitter: @clamanna and @gautamthapar

30

Questions/Feedback

TechEd Mobile app for session evaluations is currently offline

SUBMIT YOUR TECHED EVALUATIONSFill out an evaluation via

CommNet Station/PC: Schedule Builder

LogIn: europe.msteched.com/catalog

We value your feedback!

Resources

Learning

Microsoft Certification & Training Resources

www.microsoft.com/learning

TechNet

Resources for IT Professionals

http://microsoft.com/technet

Sessions on Demand

http://channel9.msdn.com/Events/TechEd

Developer Network

http://developer.microsoft.com

© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.