MANAGE CLOUD EASILY WITH AZURE RESOURCE MANAGER THE NEXT BIG THING IN MICROSOFT AZURE AUGUST 6, 2015

SERGII KRYSHTOP SOFTWARE ENGINEERING MANAGER MEMBER OF CLOUD CC / AZURE

Agenda Why businesses move to Cloud? 1 Azure Resource Management Concepts 2 IaaS+ 3 Tags 4 Role Based Access Control 5 Automation and Scheduler 6

SAVING ON INFRASTRUCTURE FAST SELF-PROVISIONING WHY BUSINESSES MOVE TO CLOUD OPERATION COST SAVING SAVING ON INFRASTRUCTURE ELASTIC SCALABILITY FAST SELF-PROVISIONING USER ACCESS CONTROL MARKETPLACE

OPERATION COST SAVING Less efforts on infrastructure and OS maintenance. Less complexity for building infrastructure. Self-management service for Administrators, DevOps and Development Teams.

FAST SELF-PROVISIONING Provisioning new resources is matter of hours and minutes rather than days. Development team can manage their environments w/o external dependencies on IT department. Fast spin-in and spin-out allows to save compute time on non-working hours and days.

ACCESS CONTROL Control who has access and to which environments. Granular access control to each development environment: Development, QA, Staging and Production.

AZURE RESOURCE MANAGEMENT (ARM) API CONCEPTS Resource Group – logically grouped collection of entities that usually share a common lifecycle Resource Manager Template - declarative JSON file that defines the goal state of a deployment Deployment - operation which tracks execution of a Resource Manager template Parameters - values provided by the user executing the deployment to customize deployed resources API Version – used for versioning and backward compatibility You can clarify billing for your organization by viewing the rolled-up costs for the entire group. https://azure.microsoft.com/en-gb/documentation/articles/role-based-access-control-configure/#known-issues-when-using-role-based-access-control Azure Resource Manager enables you to work with the resources in your application as a group. You can deploy, update or delete all of the resources for your application in a single, coordinated operation. You use a template for deployment and that template can work for different environments such as testing, staging and production. You can clarify billing for your organization by viewing the rolled-up costs for the entire group.

AZURE RESOURCE MANAGEMENT (ARM) API CLOUD SERVICES AS REST RESOURCE Resources can be organized in a Resource Group, a logical container. Resource can belong to only one Resource Group. Nested resource groups are not supported. All Azure Services belongs to certain Resource Type. Resource has common fields and provider specific properties. Work with Azure Services as with REST Web Services Resources (CRUD). https://azure.microsoft.com/en-gb/documentation/articles/role-based-access-control-configure/#known-issues-when-using-role-based-access-control Azure Resource Manager enables you to work with the resources in your application as a group. You can deploy, update or delete all of the resources for your application in a single, coordinated operation. You use a template for deployment and that template can work for different environments such as testing, staging and production. You can clarify billing for your organization by viewing the rolled-up costs for the entire group.

Application Resources RESOURCE GROUP PATTERNS - APPLICATION Backend Resource Group Frontend Resource Group Resource Group as Container for Application Resources Backend Server 01 Backend Server 02 Frontend Server 01 Frontend Server 02 VHD VHD VHD VHD Frontend Subnet https://azure.microsoft.com/en-gb/documentation/articles/role-based-access-control-configure/#known-issues-when-using-role-based-access-control Azure Resource Manager enables you to work with the resources in your application as a group. You can deploy, update or delete all of the resources for your application in a single, coordinated operation. You use a template for deployment and that template can work for different environments such as testing, staging and production. You can clarify billing for your organization by viewing the rolled-up costs for the entire group. Backend Subnet

RESOURCE GROUP PATTERNS - ENVIRONMENT Development Environment QA Environment Backend Servers Frontend Servers Resource Group as Container for System Environment Backend Servers Frontend Servers VHD VHD VHD VHD Virtual Network https://azure.microsoft.com/en-gb/documentation/articles/role-based-access-control-configure/#known-issues-when-using-role-based-access-control Azure Resource Manager enables you to work with the resources in your application as a group. You can deploy, update or delete all of the resources for your application in a single, coordinated operation. You use a template for deployment and that template can work for different environments such as testing, staging and production. You can clarify billing for your organization by viewing the rolled-up costs for the entire group. Virtual Network

RESOURCE TEMPLATE FORMAT { "$schema": "http://schema.management.azure.com/schemas /2015-01-01/deploymentTemplate.json#", "contentVersion": "", "parameters": { }, "variables": { }, "resources": [ ], "outputs": { } }

EASY PROVISIONING - RESOURCE TEMPLATE Element Required Description $schema Yes Location of the JSON schema file. contentVersion Version of the template. parameters No Values provided during deployment execution. variables Internal variables resources Azure services deployed or updated in a resource group outputs Values that are returned after deployment

TEMPLATE EXPRESSION AND FUNCTIONS - STRINGS Syntax concat concat (arg1, arg2, arg3, ...) replace replace(originalString, oldCharacter, newCharacter) base64 base64 (inputString) padLeft padLeft(stringToPad, totalLength, paddingCharacter) toLower toLower(stringToChange) toUpper toUpper(stringToChange) https://azure.microsoft.com/en-us/documentation/articles/resource-group-template-functions/

TEMPLATE EXPRESSION AND FUNCTIONS - OTHER Description Syntax listKeys Returns the keys of a storage account. listKeys (resourceName or resourceIdentifier, [apiVersion]) reference Used in depends on section of resource reference (resourceName or resourceIdentifier, [apiVersion]) resourceGroup Returns current resource group resourceGroup() resourceId Returns the unique identifier of a resource resourceId ([resourceGroupName], resourceType, resourceName1, [resourceName2]...) subscription Returns subscription details subscription() https://azure.microsoft.com/en-us/documentation/articles/resource-group-template-functions/

ADVANCED TEMPLATE FEATURES Description copy Enables iterate a specified number of times when deploying a resource. Nested template Used in depends on section of resource https://azure.microsoft.com/en-us/documentation/articles/resource-group-template-functions/

DEMO Provisioning using Azure Resource Deployment Template

RESOURCE PROVIDERS Microsoft.ClassicStorage/storageAccounts Microsoft.Storage/storageAccounts Microsoft.ClassicCompute/virtualMachines Microsoft.Compute/virtualMachines Microsoft.ClassicCompute/domainNames Microsoft.ClassicNetworking/virtualNetworks Microsoft.Networking/virtualNetworks Microsoft.Web/webSites Microsoft.Sql/servers

IAAS+ vs. CLASSIC RESOURCES Storage Accounts, Networks and Virtual Machines Classic corresponds to the current resources in Production. Classic visible and manageable from both portals. Limited in functionality. Last version of the API 2014-06-01 (June 01 2014). No template gallery. REGULAR (IAAS+) RESOURCES Storage Accounts, Networks, Virtual Machines, Network Interfaces Integration with GitHub Public Repository. Growing template gallery. Not compatible with Classic, uses different Cmdlets. In Preview. No release date so far. In active development. New features on monthly basis. Breaking changes happens.

RESOURCE TEMPLATE REPOSITORY https://github.com/Azure/azure-quickstart-templates http://azure.microsoft.com/en-us/documentation/templates/

ARM API (POWERSHELL) SWITCH TO ARM MODE PS C:\> Switch-AzureMode -Name AzureResourceManager CREATE RESOURCE GROUP FROM TEMPLATE PS C:\> New-AzureResourceGroup ADD RESOURCE TO GROUP PS C:\> New-AzureResource MODIFY EXISTING RESOURCE GROUP PS C:\> New-AzureResourceGroupDeployment GET RESOURCE LIST OR DETAILS PS C:\> Get-AzureResource

Making Changes into VM Using ARM Template DEMO

TAGS Tags are key/value pairs assigned to the Azure Resources. Most all Azure resource support tagging, except Classic resources. Tags extends the taxonomy and allows group resources across subscription. Tags can be used for grouping billing data. Update affects all collection, must supply the full list http://azure.microsoft.com/en-us/updates/organize-your-azure-resources-with-tags/ In the full Azure portal, subscriptions are the only way to organize and group resources. In the Azure Preview portal, Resource groups allow you to manage related resources as a single unit, which became even more valuable with role-based access control. Now, you can tag resources with name/value pairs to categorize and view resources across resource groups and, within the portal, across subscriptions.

Filtering Resources by Resource Group Name and Tags DEMO

ROLE BASES ACCESS CONTROL (RBAC) FINE GRAINED CONTROL Users Groups Permissions Subscription Level Resource Group Level Resource Level

RBAC BUILT IN ROLES Role name Permissions Owner Full management rights CORE ROLES Role name Permissions Owner Full management rights Contributor Full management rights except for user management Reader View resources and their settings None Does not see resources RESOURCE TYPE SPECIFIC ROLES Role name Permissions *** Contributor Full management rights except for user management on specific types of resources. Examples: Virtual Machine Contributor, SQL DB Contributor http://blogs.msdn.com/b/cloud_solution_architect/archive/2015/03/17/rbac-and-the-azure-resource-manager.aspx

JOB SCHEDULE OPTIONS Service Capabilities Azure Automation Run PowerShell Workbooks on schedule. Scheduler is very basic. Azure Scheduler Cron-like reach scheduler functionality. Can make HTTP request or push message into the Storage Queue Web Jobs The part of the Application Services

AZURE AUTOMATION Provides the interface to upload PowerShell Runbooks. Configure Runbook parameters (assets). Upload standard and custom modules. Debug. History and detailed logs. Optimal solution for regular maintenance jobs: start/stop environments

Provisioning and De-provisioning Environment DEMO

WRAP UP Azure Resource Manager concept significantly simplifies provisioning and configuration of cloud environment using declarative desired state approach. Knowledge of JSON and understanding REST principles are enough to effectively work with ARM API. Resource Groups allows grouping cloud services into development environments (dev, qa, staging, production) Tags allows grouping cloud services by key/value pairs. Resource Groups and Tags helps to track costs of cloud environments. Azure RBAC helps configure fine grained permissions for each environment. Azure Automation Runbooks helps to build cost-effective solutions and release development resources when they are not in use.

thank you

CONTACT ME KEEP LEARNING AZURE sergii_kryshtop@epam.com skryshtop Preview Portal - http://portal.azure.com Azure Friday - http://azure.microsoft.com/en-us/documentation/videos/azure-friday/