2-659: Azure Resource Manager

In this session, we’ll dive into how Azure Resource Manager CMS simplifies deploying, organizing and securing applications in the cloud.

1.0x

2-659: Azure Resource Manager

Created 2 years ago

Duration 0:58:17
lesson view count 1564
In this session, we’ll dive into how Azure Resource Manager CMS simplifies deploying, organizing and securing applications in the cloud.
Select the file type you wish to download
Slide Content
  1. Ryan Jones

    Slide 1 - Ryan Jones

    • Program Manager
    • Azure Resource Manager
    • Azure Resource Manager
    • 2-659
  2. Ryan Jones

    Slide 2 - Ryan Jones

    • Program Manager
    • Azure Resource Manager
    • Azure Resource Manager
    • 2-659
  3. Slide 3

    • Consistent Management Layer
    • Azure Resource Manager API
  4. Areas of Focus

    Slide 4 - Areas of Focus

    • Deploy
    • Organize
    • Control
  5. template-driven

    Slide 5 - template-driven

    • declarative
    • idempotent
    • multi-service
    • multi-region
    • extensible
    • Deploying with Azure Resource Manager
  6. Resource Group

    Slide 6 - Resource Group

    • container for multiple resources
    • resources exist in one* resource group
    • resource groups can span regions
    • resource groups can span services
    • RESOU
    • R
    • CE G
    • R
    • OUP
    • *and only one
  7. imperative ordeclarative

    Slide 7 - imperative ordeclarative

    • You decide
    • New-AzureVM –VM $myVM
    • New-AzureStorageAccount –StorageAccountName $acct
    • Set-AzureVNetConfig –ConfigurationPath -Path
    • {
    • "$schema": "https://../deploymentTemplate.json#",
    • "contentVersion": "1.0.0.0",
    • "parameters": {},
    • "variables": {},
    • "resources": [],
    • "outputs": {}
    • }
  8. Deployment

    Slide 8 - Deployment

    • tracks template execution
    • created within a resource group
    • allows nested deployments
    • RESOU
    • R
    • CE G
    • R
    • OUP
  9. Demo: Powershell + Hello World

    Slide 9 - Demo: Powershell + Hello World

  10. Demo: Powershell + Hello World

    Slide 10 - Demo: Powershell + Hello World

  11. base64encode(‘stringtoencode’)

    Slide 11 - base64encode(‘stringtoencode’)

    • concat(‘string’,’to’,’encode’)
    • copyIndex(offset)
    • listKeys(storageAccountResourceId, apiVersion)
    • padLeft(stringToPad,targetLength,paddingCharacter)
    • parameters(‘parameterName’)
    • providers(namespace, resourceType)
    • reference(resourceId,apiVersion)
    • resourceGroup()
    • resourceId(‘namespace/resourceType', ‘resourceName’)
    • subscription()
    • variables(‘variables’)
    • @ a glance - template language expressions*
    • *Looking for examples? See these in action @ https://github.com/rjmax/ArmExamples
  12. Resource Extensions

    Slide 12 - Resource Extensions

    • VM+DSC/Chef/Puppet/CustomScript/etc.
    • AppService + WebDeploy
    • SQL DB + BACPAC
    • Copies
    • Nested Templates
    • NewOrExisting Patterns
    • Advanced Template Scenarios
  13. Slide 13

    • https://github.com/Azure/azure-quickstart-templates/tree/master/elasticsearch
    • Special thanks to trent@fullscale180.com!
    • Demo: ElasticSearch w/ copies + nested deployment
  14. Slide 14

    • https://github.com/Azure/azure-quickstart-templates/tree/master/elasticsearch
    • Special thanks to trent@fullscale180.com!
    • Demo: ElasticSearch w/ copies + nested deployment
  15. resource groups

    Slide 15 - resource groups

    • linked resources
    • tags
    • Organizing with Azure Resource Manager
  16. Resource Group

    Slide 16 - Resource Group

    • App-centric Resource Groups and Templates
    • SQL DB
    • App
    • Service
    • Virtual
    • Machine
    • My
    • 3 Tier
    • Template
    • reference()
  17. Resource Group

    Slide 17 - Resource Group

    • App-centric Resource Groups and Tier-centric Templates
    • SQL DB
    • App
    • Service
    • Virtual
    • Machine
    • My
    • DB Tier
    • Template
    • My
    • Web Tier
    • Template
    • My
    • VM Tier
    • Template
    • reference()
  18. Resource Group

    Slide 18 - Resource Group

    • App-centric Resource Groups and Nested Templates
    • SQL DB
    • App
    • Service
    • Virtual
    • Machine
    • My Nested
    • DB Tier
    • Template
    • My Nested
    • Web Tier
    • Template
    • My Nested
    • VM Tier
    • Template
    • Parent Template
    • reference()
  19. Resource Group

    Slide 19 - Resource Group

    • Resource Group
    • Resource Group
    • Tier-centric Resource Groups and Templates
    • SQL DB
    • App
    • Service
    • Virtual
    • Machine
    • My
    • DB Tier
    • Template
    • My
    • Web Tier
    • Template
    • My
    • VM Tier
    • Template
    • Linked Resource
  20. Resource Tags

    Slide 20 - Resource Tags

    • Name-value pairs assigned to resources or resource groups
    • Subscription-wide taxonomy
    • Each resource can have up to 15 tags
    • x
    • 15
  21. Tagging Tips

    Slide 21 - Tagging Tips

    • Tag by environment, e.g. dev/test/prod
    • Tag by role, e.g. web/cache/db
    • Tag by department, e.g. finance/retail/legal
    • Tag by responsible party, e.g. Bob
    • x
    • 15
  22. Demo: AzureCLI and tags

    Slide 22 - Demo: AzureCLI and tags

  23. Demo: AzureCLI and tags

    Slide 23 - Demo: AzureCLI and tags

  24. role based access control

    Slide 24 - role based access control

    • audit logs
    • resource locks
    • Control with Azure Resource Manager
  25. Role Based Access Control

    Slide 25 - Role Based Access Control

    • Allows secure access with granular permissions
    • Assignable to users, groups, or service principals
    • Built-in roles make it easy to get started
  26. Two Key Concepts

    Slide 26 - Two Key Concepts

    • Role Definitions
    • describes the set of permissions (e.g. read actions)
    • can be used in multiple assignments
    • Role Assignments
    • associate role definitions with an identity (e.g. user/group) at a scope (e.g. resource group)
    • always inherited – subscription assignments apply to all resources
  27. Slide 27

    • Role Based Access Control
  28. Granular Scopes

    Slide 28 - Granular Scopes

    • /subscriptions/{id}/resourceGroups/{name}/providers/…/sites/{site}
    • subscription level – grants permissions to all resources in the sub
    • resource group level – grants permissions to all resources in the group
    • resource level – grants permissions to the specific resource
  29. Demo: Role Based Access Control

    Slide 29 - Demo: Role Based Access Control

  30. Demo: Role Based Access Control

    Slide 30 - Demo: Role Based Access Control

  31. Audit Logs

    Slide 31 - Audit Logs

    • journals all write/delete/actions
    • central location
    • common format
  32. Demo: Role Based Access Control

    Slide 32 - Demo: Role Based Access Control

  33. Demo: Role Based Access Control

    Slide 33 - Demo: Role Based Access Control

  34. Resource Locks

    Slide 34 - Resource Locks

    • Accidents happen. Resource locks help prevent them :)
    • Resource locks allow administrators to create policies which prevent write actions or prevent accidental deletion.
  35. Key Concepts

    Slide 35 - Key Concepts

    • Resource lock
    • Policy which enforces a "lock level" at a particular scope
    • Lock level
    • Type of enforcement; current values include CanNotDelete and ReadOnly
    • Scope:
    • The realm to which the lock level is applied. Expressed as a URI; can be set at the resource group, or resource scope.
  36. Demo: Resource Locks

    Slide 36 - Demo: Resource Locks

  37. Demo: Resource Locks

    Slide 37 - Demo: Resource Locks

  38. Many examples available @ https://github.com/Azure/azure-quickstart-templates

    Slide 38 - Many examples available @ https://github.com/Azure/azure-quickstart-templates

    • More examples available @ https://github.com/rjmax/ArmExamples
    • Documentation available @ http://azure.microsoft.com/en-us/documentation/articles/resource-group-overview/
    • Deploy a template today!
  39. Getting Started

    Slide 39 - Getting Started

    • Azure Resource Manager Overview
    • Using Windows PowerShell with Resource Manager
    • Using the Azure Cross-Platform Command-Line Interface with the Resource Manager
    • Using the Azure Portal to manage your Azure resources
    • Creating and Deploying Applications
    • Authoring Azure Resource Manager Templates
    • Deploy an application with Azure Resource Manager template
    • Troubleshooting Resource Group Deployments in Azure
    • Azure Resource Manager Template Functions
    • Advanced Template Operations
    • Organizing Resources
    •  Using tags to organize your Azure resources
    • Managing and Auditing Access
    •  Managing and Auditing Access to Resources
    • Authenticating a Service Principal with Azure Resource Manager
    • Create a new Azure Service Principal using the Azure classic portal
    • Next Steps
  40. Getting Started

    Slide 40 - Getting Started

    • Azure Resource Manager Overview
    • Using Windows PowerShell with Resource Manager
    • Using the Azure Cross-Platform Command-Line Interface with the Resource Manager
    • Using the Azure Portal to manage your Azure resources
    • Creating and Deploying Applications
    • Authoring Azure Resource Manager Templates
    • Deploy an application with Azure Resource Manager template
    • Troubleshooting Resource Group Deployments in Azure
    • Azure Resource Manager Template Functions
    • Advanced Template Operations
    • Organizing Resources
    •  Using tags to organize your Azure resources
    • Managing and Auditing Access
    •  Managing and Auditing Access to Resources
    • Authenticating a Service Principal with Azure Resource Manager
    • Create a new Azure Service Principal using the Azure classic portal
    • Next Steps
  41. Getting Started

    Slide 41 - Getting Started

    • Azure Resource Manager Overview
    • Using Windows PowerShell with Resource Manager
    • Using the Azure Cross-Platform Command-Line Interface with the Resource Manager
    • Using the Azure Portal to manage your Azure resources
    • Creating and Deploying Applications
    • Authoring Azure Resource Manager Templates
    • Deploy an application with Azure Resource Manager template
    • Troubleshooting Resource Group Deployments in Azure
    • Azure Resource Manager Template Functions
    • Advanced Template Operations
    • Organizing Resources
    •  Using tags to organize your Azure resources
    • Managing and Auditing Access
    •  Managing and Auditing Access to Resources
    • Authenticating a Service Principal with Azure Resource Manager
    • Create a new Azure Service Principal using the Azure classic portal
    • Next Steps
  42. Getting Started

    Slide 42 - Getting Started

    • Azure Resource Manager Overview
    • Using Windows PowerShell with Resource Manager
    • Using the Azure Cross-Platform Command-Line Interface with the Resource Manager
    • Using the Azure Portal to manage your Azure resources
    • Creating and Deploying Applications
    • Authoring Azure Resource Manager Templates
    • Deploy an application with Azure Resource Manager template
    • Troubleshooting Resource Group Deployments in Azure
    • Azure Resource Manager Template Functions
    • Advanced Template Operations
    • Organizing Resources
    •  Using tags to organize your Azure resources
    • Managing and Auditing Access
    •  Managing and Auditing Access to Resources
    • Authenticating a Service Principal with Azure Resource Manager
    • Create a new Azure Service Principal using the Azure classic portal
    • Next Steps