2-659: Azure Resource Manager

In this session, we’ll dive into how Azure Resource Manager CMS simplifies deploying, organizing and securing applications in the cloud.

1.0x

2-659: Azure Resource Manager

Created 2 years ago

Duration 0:00:00
lesson view count 211
In this session, we’ll dive into how Azure Resource Manager CMS simplifies deploying, organizing and securing applications in the cloud.
Select the file type you wish to download
Slide Content
  1. Ryan Jones

    Slide 1 - Ryan Jones

    • Program Manager
    • Azure Resource Manager
    • Azure Resource Manager
    • 2-659
    • //build/ content is being presented by Microsoft Office Mix The video for this session will be available shortly
  2. Slide 2

    • Consistent Management Layer
    • Azure Resource Manager API
  3. Areas of Focus

    Slide 3 - Areas of Focus

    • Deploy
    • Organize
    • Control
  4. template-driven

    Slide 4 - template-driven

    • declarative
    • idempotent
    • multi-service
    • multi-region
    • extensible
    • Deploying with Azure Resource Manager
  5. Resource Group

    Slide 5 - Resource Group

    • container for multiple resources
    • resources exist in one* resource group
    • resource groups can span regions
    • resource groups can span services
    • RESOU
    • R
    • CE G
    • R
    • OUP
    • *and only one
  6. imperative ordeclarative

    Slide 6 - imperative ordeclarative

    • You decide
    • New-AzureVM –VM $myVM
    • New-AzureStorageAccount –StorageAccountName $acct
    • Set-AzureVNetConfig –ConfigurationPath -Path
    • {
    • "$schema": "https://../deploymentTemplate.json#",
    • "contentVersion": "1.0.0.0",
    • "parameters": {},
    • "variables": {},
    • "resources": [],
    • "outputs": {}
    • }
  7. Deployment

    Slide 7 - Deployment

    • tracks template execution
    • created within a resource group
    • allows nested deployments
    • RESOU
    • R
    • CE G
    • R
    • OUP
  8. Demo: Powershell + Hello World

    Slide 8 - Demo: Powershell + Hello World

  9. Demo: AzureCLI + Storage Account

    Slide 9 - Demo: AzureCLI + Storage Account

  10. base64encode(‘stringtoencode’)

    Slide 10 - base64encode(‘stringtoencode’)

    • concat(‘string’,’to’,’encode’)
    • copyIndex(offset)
    • listKeys(storageAccountResourceId, apiVersion)
    • padLeft(stringToPad,targetLength,paddingCharacter)
    • parameters(‘parameterName’)
    • providers(namespace, resourceType)
    • reference(resourceId,apiVersion)
    • resourceGroup()
    • resourceId(‘namespace/resourceType', ‘resourceName’)
    • subscription()
    • variables(‘variables’)
    • @ a glance - template language expressions*
    • *Looking for examples? See these in action @ https://github.com/rjmax/ArmExamples
  11. Resource Extensions

    Slide 11 - Resource Extensions

    • VM+DSC/Chef/Puppet/CustomScript/etc.
    • AppService + WebDeploy
    • SQL DB + BACPAC
    • Copies
    • Nested Templates
    • NewOrExisting Patterns
    • Advanced Template Scenarios
  12. Slide 12

    • https://github.com/Azure/azure-quickstart-templates/tree/master/elasticsearch
    • Special thanks to trent@fullscale180.com!
    • Demo: ElasticSearch w/ copies + nested deployment
  13. resource groups

    Slide 13 - resource groups

    • linked resources
    • tags
    • Organizing with Azure Resource Manager
  14. Resource Group

    Slide 14 - Resource Group

    • App-centric Resource Groups and Templates
    • SQL DB
    • App
    • Service
    • Virtual
    • Machine
    • My
    • 3 Tier
    • Template
    • reference()
  15. Resource Group

    Slide 15 - Resource Group

    • App-centric Resource Groups and Tier-centric Templates
    • SQL DB
    • App
    • Service
    • Virtual
    • Machine
    • My
    • DB Tier
    • Template
    • My
    • Web Tier
    • Template
    • My
    • VM Tier
    • Template
    • reference()
  16. Resource Group

    Slide 16 - Resource Group

    • App-centric Resource Groups and Nested Templates
    • SQL DB
    • App
    • Service
    • Virtual
    • Machine
    • My Nested
    • DB Tier
    • Template
    • My Nested
    • Web Tier
    • Template
    • My Nested
    • VM Tier
    • Template
    • Parent Template
    • reference()
  17. Resource Group

    Slide 17 - Resource Group

    • Resource Group
    • Resource Group
    • Tier-centric Resource Groups and Templates
    • SQL DB
    • App
    • Service
    • Virtual
    • Machine
    • My
    • DB Tier
    • Template
    • My
    • Web Tier
    • Template
    • My
    • VM Tier
    • Template
    • Linked Resource
  18. Resource Tags

    Slide 18 - Resource Tags

    • Name-value pairs assigned to resources or resource groups
    • Subscription-wide taxonomy
    • Each resource can have up to 15 tags
    • x
    • 15
  19. Tagging Tips

    Slide 19 - Tagging Tips

    • Tag by environment, e.g. dev/test/prod
    • Tag by role, e.g. web/cache/db
    • Tag by department, e.g. finance/retail/legal
    • Tag by responsible party, e.g. Bob
    • x
    • 15
  20. Demo: AzureCLI and tags

    Slide 20 - Demo: AzureCLI and tags

  21. role based access control

    Slide 21 - role based access control

    • audit logs
    • resource locks
    • Control with Azure Resource Manager
  22. Role Based Access Control

    Slide 22 - Role Based Access Control

    • Allows secure access with granular permissions
    • Assignable to users, groups, or service principals
    • Built-in roles make it easy to get started
  23. Two Key Concepts

    Slide 23 - Two Key Concepts

    • Role Definitions
    • describes the set of permissions (e.g. read actions)
    • can be used in multiple assignments
    • Role Assignments
    • associate role definitions with an identity (e.g. user/group) at a scope (e.g. resource group)
    • always inherited – subscription assignments apply to all resources
  24. Slide 24

    • Role Based Access Control
  25. Granular Scopes

    Slide 25 - Granular Scopes

    • /subscriptions/{id}/resourceGroups/{name}/providers/…/sites/{site}
    • subscription level – grants permissions to all resources in the sub
    • resource group level – grants permissions to all resources in the group
    • resource level – grants permissions to the specific resource
  26. Demo: Role Based Access Control

    Slide 26 - Demo: Role Based Access Control

  27. Audit Logs

    Slide 27 - Audit Logs

    • journals all write/delete/actions
    • central location
    • common format
  28. Demo: Audit Logs

    Slide 28 - Demo: Audit Logs

  29. Resource Locks

    Slide 29 - Resource Locks

    • Accidents happen. Resource locks help prevent them :)
    • Resource locks allow administrators to create policies which prevent write actions or prevent accidental deletion.
  30. Key Concepts

    Slide 30 - Key Concepts

    • Resource lock
    • Policy which enforces a "lock level" at a particular scope
    • Lock level
    • Type of enforcement; current values include CanNotDelete and ReadOnly
    • Scope:
    • The realm to which the lock level is applied. Expressed as a URI; can be set at the resource group, or resource scope.
  31. Demo: Resource Locks

    Slide 31 - Demo: Resource Locks

  32. Many examples available @ https://github.com/Azure/azure-quickstart-templates

    Slide 32 - Many examples available @ https://github.com/Azure/azure-quickstart-templates

    • More examples available @ https://github.com/rjmax/ArmExamples
    • Documentation available @ http://azure.microsoft.com/en-us/documentation/articles/resource-group-overview/
    • Deploy a template today!
  33. Getting Started

    Slide 33 - Getting Started

    • Azure Resource Manager Overview
    • Using Windows PowerShell with Resource Manager
    • Using the Azure Cross-Platform Command-Line Interface with the Resource Manager
    • Using the Azure Portal to manage your Azure resources
    • Creating and Deploying Applications
    • Authoring Azure Resource Manager Templates
    • Deploy an application with Azure Resource Manager template
    • Troubleshooting Resource Group Deployments in Azure
    • Azure Resource Manager Template Functions
    • Advanced Template Operations
    • Organizing Resources
    •  Using tags to organize your Azure resources
    • Managing and Auditing Access
    •  Managing and Auditing Access to Resources
    • Authenticating a Service Principal with Azure Resource Manager
    • Create a new Azure Service Principal using the Azure classic portal
    • Next Steps
  34. Improve your skills by enrolling in our free cloud development courses at the Microsoft Virtual Academy.

    Slide 34 - Improve your skills by enrolling in our free cloud development courses at the Microsoft Virtual Academy.

    • Try Microsoft Azure for free and deploy your first cloud solution in under 5 minutes!
    • Easily build web and mobile apps for any platform with AzureAppService for free.
    • Resources