Build and maintain applications with Azure Resource Manager Microsoft 2016 11/22/2018 2:30 AM BRK3202 Build and maintain applications with Azure Resource Manager Ryan Jones Principal PM Manager @rjmax © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Agenda: Automate Build + Deployment Secure Secrets 11/22/2018 2:30 AM Agenda: Automate Build + Deployment Configure Continuous Deployment Secure Secrets Store passwords/certificates in KeyVault Govern + Protect Assets Resource Policy Resource Locks Leverage Patterns and Practices New Template Language Expressions/Functions Reference Architectures Building Blocks © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Why are people deploying to production? 11/22/2018 2:30 AM Why are people deploying to production? © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Continuous Deployment
Continuous Deployment Pipeline Source Control Build Test Approve Deploy Continuous Deployment Pipeline
Demo Configuring Continuous Deployment Microsoft 2016 11/22/2018 2:30 AM Demo Configuring Continuous Deployment © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Why are credentials in source control? 11/22/2018 2:30 AM Why are credentials in source control? © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
KeyVault + ARM
Demo KeyVault + ARM Microsoft 2016 11/22/2018 2:30 AM © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
What if I could enforce compliance? 11/22/2018 2:30 AM What if I could enforce compliance? © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Resource Policies: Scenarios Chargeback: Require departmental tags Geo Compliance: Ensure resource locations Service Curation: Select your service catalog Convention: Enforce naming Bringing Control to the Cloud
Resource Policies: Key Concepts Polices are a default allow system Policies are described via Policy Definitions Policies are applied via Policy Assignments
Policy Definition Language: Basic Structure { "if": { <condition> | <logical operator> }, "then": { "effect": "deny | audit | append" } Policy Definition Language: Basic Structure { "if": { <condition> | <logical operator> }, "then": { "effect": "deny | audit | append" }
Policy Definition Language: Logical Operators Not "not": {<condition>} And "allOf": [ {<condition>}, {<condition>} ] Or "anyOf": [
Policy Definition Language: Conditions equals "equals": "<value>" like "like": "<value*>" contains "contains": "<value>" in "in": [ "<value1>", "<value2>" ] containsKey "containsKey": "<keyName>"
Facets Governed by Policy Name Type Location Tags Tag Values Kind Virtual Machine Size Virtual Machine Image Web ServerFarm SKU Storage Account SKU Scheduler SKU DocDB SKU CDN SKU Redis (Cache) SKU Redis (Cache) SSL Config Redis (Cache) Shard Count SQL Server Version SQL Server DB SLO SQL Server Edition SQL Server Elastic Pool SQL Server Pool DTU SQL Server Pool Edition …more coming soon
Demo Creating a Location Policy Microsoft 2016 11/22/2018 2:30 AM © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
How did someone delete my data?
Resource Locks Accidents happen. Resource locks help prevent them :) Resource locks allow administrators to create policies which prevent accidental changes or deletion.
Key Concepts Resource lock Lock level Scope: Policy which enforces a "lock level" at a particular scope Lock level Type of enforcement; currently supports CanNotDelete and ReadOnly Scope: The realm to which the lock level is applied. Expressed as a URI; can be set at the resource group, or resource scope.
Demo Resource Locks Microsoft 2016 11/22/2018 2:30 AM © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
How do I … ?
New Template Expressions length() split() add() sub() mul() div() mod() string() int() uniquestring() trim() uri() substring() take() skip()
Reference Architectures + Building Blocks Telmo Sampaio Senior Program Manager AzureCAT
Reference Architecture Goals Proven by AzureCAT customers Golden path per each scenario with recommendations and considerations ARM templates to provision recommended architecture
Reference Architectures Identity: Extending Active Directory to Azure Implementing a secure hybrid network architecture with federated identities in Azure Web applications (PaaS): Basic web application Improving scalability in a web application Web application with high availability Running virtual machines on Azure: Running a Windows VM on Azure Running a Linux VM on Azure Running multiple VMs for scalability and availability Running VMs for an N-tier architecture Adding reliability to an N-tier architecture (Windows) Adding reliability to an N-tier architecture (Linux) Running VMs in multiple regions for high availability (Windows) Running VMs in multiple regions for high availability (Linux) Hybrid network architectures: Implementing a hybrid network architecture with Azure and on-premises VPN Implementing a hybrid network architecture with Azure ExpressRoute Implementing a highly available hybrid network architecture Implementing a DMZ between Azure and your on-premises datacenter Implementing a DMZ between Azure and the Internet
From Reference Architectures to Building Blocks
Sample - VMs Windows VM recommendations Parameter files Script Premium storage for vhds Standard storage for logging No more than 20 VMs per storage account
Questions?
Related content All assets @ https://github.com/rjmax/TechReady23 Tech Ready 15 11/22/2018 Related content All assets @ https://github.com/rjmax/TechReady23 Service Principals @ https://azure.microsoft.com/en-us/documentation/articles/resource-group-authenticate-service-principal/ Resource Policy @ https://azure.microsoft.com/en-us/documentation/articles/resource-manager-policy/ VSTS + ARM @ https://blogs.msdn.microsoft.com/visualstudioalm/2015/10/04/automating-azure-resource-group-deployment-using-a-service-principal-in-visual-studio-online-buildrelease-management/ Template Deployment @ https://azure.microsoft.com/en-us/documentation/articles/resource-group-template-deploy/ KeyVault + ARM @ https://azure.microsoft.com/en-us/documentation/articles/resource-manager-keyvault-parameter/ Audit Logs @ https://azure.microsoft.com/en-us/documentation/articles/resource-group-audit/ Deployment Operations @ https://azure.microsoft.com/en-us/documentation/articles/resource-manager-troubleshoot-deployments-powershell/ Locks @ https://azure.microsoft.com/en-us/documentation/articles/resource-manager-keyvault-parameter/ © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Free IT Pro resources To advance your career in cloud technology Microsoft Ignite 2016 11/22/2018 2:30 AM Free IT Pro resources To advance your career in cloud technology Plan your career path IT Pro Career Center http://www.microsoft.com/itprocareercenter Get started with Azure IT Pro Cloud Essentials https://www.microsoft.com/itprocloudessentials Demos and how-to videos Microsoft Mechanics https://www.microsoft.com/mechanics Connect with peers and experts Ask questions, get answers, exchange ideas https://techcommunity.microsoft.com Azure Solutions Get started with Azure Solutions today http://azure.com/solutions Azure monthly webinar series Join live or watch on-demand http://aka.ms/AzureMonthlyWebinar © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Free IT Pro resources To advance your career in cloud technology Microsoft Ignite 2016 11/22/2018 2:30 AM Free IT Pro resources To advance your career in cloud technology Plan your career path Microsoft IT Pro Career Center www.microsoft.com/itprocareercenter Cloud role mapping Expert advice on skills needed Self-paced curriculum by cloud role $300 Azure credits and extended trials Pluralsight 3 month subscription (10 courses) Phone support incident Weekly short videos and insights from Microsoft’s leaders and engineers Connect with community of peers and Microsoft experts Get started with Azure Microsoft IT Pro Cloud Essentials www.microsoft.com/itprocloudessentials Demos and how-to videos Microsoft Mechanics www.microsoft.com/mechanics Connect with peers and experts Microsoft Tech Community https://techcommunity.microsoft.com © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Please evaluate this session 11/22/2018 2:30 AM Please evaluate this session Your feedback is important to us! From your PC or Tablet visit MyIgnite at http://myignite.microsoft.com From your phone download and use the Ignite Mobile App by scanning the QR code above or visiting https://aka.ms/ignite.mobileapp © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
11/22/2018 2:30 AM © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.