Microsoft Azure Managing Users & Resources with Azure Resource Manager

Slides:



Advertisements
Similar presentations
SQL Server Primary SQL Server Secondary SLA SLA High Availability Hardware and Software Windows and Linux.
Advertisements

Power BI Sites and Mobile BI. What You Will Learn Sharing and Collaboration Introducing Power BI Exploring Power BI Features and Services Partner Opportunities.
“It’s going to take a month to get a proof of concept going.” “I know VMM, but don’t know how it works with SPF and the Portal” “I know Azure, but.
Building Android Apps with Mobile Services Speaker Name Speaker Title Speaker Company Twitter:
MANAGE CLOUD EASILY WITH AZURE RESOURCE MANAGER
20409A 7: Installing and Configuring System Center 2012 R2 Virtual Machine Manager Module 7 Installing and Configuring System Center 2012 R2 Virtual.
Enabling the Cloud OS Today  New high-density Web Sites with elastic cloud scaling and complete dev-ops experiences  New rich IaaS experience for self-service.
ALL INFORMATION PRESENTED AS WELL AS ALL SESSIONS ARE MICROSOFT CONFIDENTIAL AND UNDER YOUR NON-DISCLOSURE AGREEMENT (NDA) AND\OR TECHNOLOGY PREVIEW.
Copyright © New Signature Who we are: Focused on consistently delivering great customer experiences. What we do: We help you transform your business.
Azure ARM Templates CLD321 Aaron Saikovski
Digital Partner of Record Overview
1/27/2018 5:13 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
IT06 – HAVE YOUR OWN DYNAMICS NAV TEST ENVIRONMENT IN 90 MINUTES
Run Azure Services in your datacenter
Building ARM IaaS Application Environment
5/21/2018 9:40 PM BRK3021 Learn about modern infrastructure roles in RDS: Next generation Windows desktop & app virtualization Clark Nicholson - Principal.
Ed OMS Team 5/29/2018 1:05 PM PowerShell as a Service Managing clouds, Windows, Linux, on-premises or public with Microsoft Operations.
Developing Hybrid Apps on Microsoft Azure Stack
Jeff Hollan / Kevin Lam Program Manager / Principal Program Manager- Microsoft Bringing Logic Apps into DevOps with Visual Studio and monitoring.
Cloud Data platform (Cloud Application Development & Deployment)
Understand Hybrid Identity with Azure and Azure Stack
Logo here Module 3 Microsoft Azure Web App. Logo here Module Overview Introduction to App Service Overview of Web Apps Hosting Web Applications in Azure.
Understanding Multi-Geo Capabilities in Office 365
Azure Identity Premier Fast Start
Infrastructure Provisioning Kenon Owens Sr
Secure and deploy your mobile apps in Microsoft Azure
Windows Azure Pack : Express Installation
Design and Implement Cloud Data Platform Solutions
Azure IaaS 101.
Microsoft Build /16/2018 4:09 PM © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY,
Digital Partner of Record Overview
Excel Services Deployment and Administration
02 | Design and implement database
Release Management with Visual Studio Team Services
Microsoft Azure: Infrastructure as a Service (IaaS)
Azure Infrastructure as a Service
Microsoft Ignite NZ October 2016 SKYCITY, Auckland.
Build /21/2018 © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION.
Digital Partner of Record Overview
Microsoft Virtual Academy
Dev Test on Windows Azure Solution in a Box
"SessionTitle": "Infrastructure as Code"
Microsoft Ignite NZ October 2016 SKYCITY, Auckland.
20409A 7: Installing and Configuring System Center 2012 R2 Virtual Machine Manager Module 7 Installing and Configuring System Center 2012 R2 Virtual.
TechEd /21/2018 5:20 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered.
Microsoft Build /24/2018 2:25 PM © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY,
Microsoft Virtual Academy
Microsoft Virtual Academy
Jeff Hollan / Kevin Lam Program Manager / Principal Program Manager- Microsoft Bringing Logic Apps into DevOps with Visual Studio and monitoring.
Site scripts and Site Design
Serverless Architecture in the Cloud
TechEd /11/ :25 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered.
4/16/2019 2:13 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Microsoft Graph – Intune API’s
Service Template Creation from the Ground Up
Service Template Creation from the Ground Up
A - E Cloud Enterprise Symbols
Day 2, Session 2 Connecting System Center to the Public Cloud
Microsoft Virtual Academy
Day 1, Session 3 Preparing for Self-Service
Office 365 Development July 2014.
Microsoft Virtual Academy
Microsoft Virtual Academy
Microsoft Virtual Academy
Server & Tools Business
06 | SQL Server and the Cloud
Power BI Embedded for Fun and Profit
Presentation transcript:

Microsoft Azure Managing Users & Resources with Azure Resource Manager

Module Overview Overview of Microsoft Azure Managing Users in Azure 4/5/2019 6:45 PM Module Overview Overview of Microsoft Azure Managing Users in Azure Provisioning Resources ARM Tools & Resources Azure ARM Templates © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Overview of Microsoft Azure

Understanding Azure Resources Azure resources are usage-based Office 365 is license based Azure subscription Account within Azure for a customer that can contain resources Once a subscription exists, resources can be provisioned within that subscription

Organizing Resources Resource Groups Tags Organize multiple resources Commonly used for projects Ex: Corporate website might include website, database, storage, CDN & an AAD tenant Useful for billing Tags Name-value pair Can be applied to resources Max 15 tags per resource Viewing resources by tag will span across all resource groups Useful for billing or management

Understanding Azure Billing All Azure resources are consumption based Pay for what you use Resources may have different rates for different usage and different regions Example: blob storage EAST US region: $0.0240/GB for first 1TB $0.0236/GB for next 49TB BRAZIL SOUTH region: $0.0326/GB for first 1TB $0.0320/GB for next 49TB

Resource Management: ASM & ARM Azure Service Management (ASM) Classic model New resources added to Azure do not support this model https://manage.windowsazure.com Azure Resource Management (ARM) Current management model Enables templated provisioning of resources https://portal.azure.com Both have REST APIs you can call… Directly using REST or Indirectly using web portals, PowerShell or the CLI

Managing Users in Azure

Role Based Access Control (RBAC) Enables fine-grained access management Users & groups within a subscription’s AAD can be added to roles Roles can be applied at various levels: Subscriptions Resource Groups Resource (websites / virtual machines / etc) Built-in roles Owner: full access & can manage delegated access & membership to other roles Contributor: create & manage all types of resources, but not manage role membership Reader: can view resources, but not make any changes

Understanding Users in Microsoft Azure Users within a customer’s AAD tenant must be explicitly granted permissions to manage Azure resources When partners create Azure subscriptions for customers, partner Admin Agents group assigned Azure subscription owner role for customer’s Azure subscription Partner Admin Agents can manage resources in the customer’s Azure subscription Partner can grant users in customer AAD tenant to a Azure tenant

CSP User Management in Microsoft Azure CSP Subscription Role | Contributor Role | Owner Role | Reader Azure Resources Direct Subscription Azure AD Tenant Admins by default do not have managements over Azure subscriptions in their tenant. X Role | Tenant Admin X Azure AD Tenant for Contoso Subscriptions belonging to Contoso in Microsoft Azure Legend Is member of Can manage Is partner of

CSP User Management in Microsoft Azure CSP Subscription Role | Contributor Role | Owner Role | Reader Azure Resources Direct Subscription Role | Tenant Admin User must be assigned role for a subscription before he/she can manage that subscription. Azure AD Tenant for Contoso Subscriptions belonging to Contoso in Microsoft Azure Legend Is member of Can manage Is partner of

CSP User Management in Microsoft Azure CSP Subscription Role | Contributor Role | Owner Role | Reader Azure Resources Direct Subscription When a CSP partner creates an Azure subscription for a customer tenant, the partner Admin Agents group is automatically assigned subscription owner role. Group | Admin Agents Role | Tenant Admin Azure AD Tenant for Wingtip (CSP Partner) Azure AD Tenant for Contoso Subscriptions belonging to Contoso in Microsoft Azure Legend Is member of Can manage Is partner of

CSP User Management in Microsoft Azure CSP Subscription Role | Contributor Role | Owner Role | Reader Azure Resources Direct Subscription Therefore, the partner Admin Agents group is able to manage resources in that subscription. Group | Admin Agents Role | Tenant Admin Azure AD Tenant for Wingtip (CSP Partner) Azure AD Tenant for Contoso Subscriptions belonging to Contoso in Microsoft Azure Legend Is member of Can manage Is partner of

CSP User Management in Microsoft Azure CSP Subscription Role | Contributor Role | Owner Role | Reader Azure Resources Direct Subscription Partner can grant customer access to the Azure subscription by assigning customer a role to the subscription. Group | Admin Agents Role | Tenant Admin Azure AD Tenant for Wingtip (CSP Partner) Azure AD Tenant for Contoso Subscriptions belonging to Contoso in Microsoft Azure Legend Is member of Can manage Is partner of

DEMO Managing Users

Provisioning Azure Resources

Provisioning Azure Resources All Azure offerings are referred to as resources Virtual Machine Storage Website Database Some resources have dependencies SQL databases need a SQL server Virtual machine needs a virtual disk in a storage account, virtual network, IP, etc Unique billing per resource, per unit & per region Resources are added to resource groups

ARM Tools & Resources

Azure Resource Explorer https://resources.azure.com Discover the ARM APIs Get API documentation Make actual API calls directly in your own subscriptions

DEMO Azure Resource Explorer

Azure CLI with ARM https://azure.microsoft.com/documentation/articles/xplat-cli-azure-resource-manager/ Command-line interface Works on Windows & cross platform Scriptable with batch script (*.bat | *.cmd) or shell script (*.sh) files

DEMO Azure CLI and Azure Resource Manager

Azure PowerShell with ARM https://azure.microsoft.com/documentation/articles/powershell-azure-resource-manager/ Windows PowerShell interface Scriptable with script (*.ps1) files

DEMO Azure PowerShell and Azure Resource Manager

Azure ARM Templates

Azure ARM Templates Azure based applications commonly require combination of resources Database server & database Web server, storage, etc ARM templates enables provisioned deployment in a single, coordinated operation Greatly simplifies provisioning

Creating Azure ARM Templates Templates are JSON files <1MB Specify resources needed for the deployment Specify input parameters to define variability Visual Studio provides tools to assist template authoring

ARM Template Schema { "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", "contentVersion": "", "parameters": { }, "variables": { }, "resources": [ ], "outputs": { } } https://azure.microsoft.com/documentation/articles /resource-group-authoring-templates

Provisioning Templates with PowerShell // config variables $deployName = "Test Deployment" $RGName = "Contoso Corp Dev VM" $locname = "East US" $templateURI = "https:/…/template.json" // create a new resource group & provision a virtual // machine with dependencies New-AzureRmResourceGroup –Name $RGName –Location $locName New-AzureRmResourceGroupDeployment -Name $deployName -ResourceGroupName $RGName -TemplateUri $templateURI

Provisioning Templates with Azure CLI // config variables $deployName = "Test Deployment" $RGName = "Contoso Corp Dev VM" $locname = "East US" $templateURI = "https:/…/template.json" // create a new resource group & provision a virtual // machine with dependencies azure group create –n $RGName –l $locName azure group deployment create –n $deployName -g $RGName -f $templateURI

Provisioning Templates with REST API: Request HTTP PUT https://management.azure.com /subscriptions/{subscription-id} /resourcegroups/{resource-group-name} /providers/microsoft.resources /deployments/{deployment-name} ?api-version={api-version} HTTP REQUEST BODY: Includes either link to template / actual template

Provisioning Templates with REST API: Payload { "properties": { "templateLink": { "uri": "[..]/template.json", "contentVersion": "1.0.0.0", }, "mode": "Incremental", "parametersLink": { "uri": "http://[..]/parameters.json", }

Provisioning Templates with REST API: Payload { "properties": { "template": { // entire contents of a ARM template }

Get Status of Template Deployment Operations HTTP GET https://management.azure.com /subscriptions/{subscription-id} /resourcegroups/{resource-group-name} /providers/microsoft.resources /deployments/{deployment-name} /operations ?api-version={api-version}

Azure ARM Quickstart Templates Microsoft & community created templates Provision resources by changing input parameters & deploying template straight from the GitHub repo Public GitHub repository with searchable index on the Microsoft Azure site: https://azure.microsoft.com/documentation/templates

DEMO Provisioning Azure Resources with ARM Templates

Module Summary Overview of Microsoft Azure Managing Users in Azure 4/5/2019 6:45 PM Module Summary Overview of Microsoft Azure Managing Users in Azure Provisioning Resources ARM Tools & Resources Azure ARM Templates © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4/5/2019 6:45 PM © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.