Azure Resource Manager

ARM or Azure Resource Manager is a new way of building and grouping resources in Azure. A resource is single entity in the infrastructure like a virtual machine or storage account and so on. And now with ARM model you can group these in to a group called resource group.

So, is that it? What was the reason for wanting to do this in the first place? Let’s see.

Reason 1: Well if you look at the classic portal also known as the ASM (Azure Service Manager) portal when you create resources they just got created and one fine day you would see a list like this containing a mix of types of resources which were created by different people for different reasons all in one place.

No Azure Resource Manager

Whereas if you look at ARM based model, when you create resources they get grouped under resource groups.Resource groups in Azure

And when you expand on a resource group you could see the resources in that group.

Azure Resource Group

Great, so one problem of grouping solved and a view which can drill down takes care of putting it cleanly for us. Is that it?

Reason 2: The real important problem that resource group solves is that in the earlier model Azure subscription was the real isolation boundary and that constrained lot of ways in which project teams could effectively use it. You could argue that you will give away a subscription for every team that needs it, but that used to bring up another issue of ease of resource sharing like DNS, AD, and Databases and so on across subscriptions. You had to go through site-to-site VPN to really start sharing resources between subscriptions. A bit too much overhead for simple requirement.

Resource group brings in one additional isolation boundary within a subscription.

As shown in the 2nd graphic above for every project you could provision a new resource group and create an owner for that, typically the project manager and let her run with it. The project manager can then add different users based on roles etc. That basically takes you into RBAC (Role Based Access Control) discussion.

Some important things worth noting in the new ARM world:

  • Virtual machines deployed with the classic deployment model cannot be included in a virtual network deployed with Azure Resource Manager.
  • Virtual machines deployed with the Resource Manager Deployment model must be included in a virtual network. Virtual machines deployed with the classic deployment model don’t have to be included in a virtual network.
  • Every virtual machine in classic deployment model must have a public IP. In the ARM model, you may choose not to have a public IP at all. See the graphic below.

new virtual machine

  • Only resources created through Azure Resource Manager deployment model support tagging. You cannot apply tags to classic resources.
  • You can move resources from one resource group to another one.

Using PowerShell to move resources from one resource group to another.

PS C:\> $resource = Get-AzureRmResource -ResourceName ExampleApp -ResourceGroupName OldRG

PS C:\> Move-AzureRmResource -DestinationResourceGroupName NewRG -ResourceId $resource.ResourceId

 

 

 

Using REST to move resources from one resource group to another

POST https://management.azure.com/subscriptions/{source-subscription-id}/resourcegroups/{source-resource-group-name}/moveResources?api-version={api-version}

  • Any resources created using ARM will not be visible in the ASM or classic portal.
  • Role Based Access Control is available only in the ARM model and not in the classis model.
  • There is an entire different set of PowerShell cmdlets for dealing with resources in the ARM model and they are not compatible with classic set of cmdlets. The ARM PowerShell cmdlets have ‘Rm” in it. For example: Get-AzureRm

 

Summary of Azure Resource Manager

ARM is a great move forward in terms of the overall design for real world teams in organizations to work with. Every resource group can directly map to a project or even a region (development, test and production). If you are considering any net new development it’s needless to say that you should do it using ARM model in the new Azure portal which is now generally available.

 

Posted in Azure Portal, Microsoft Azure | Tagged , , , , | Leave a comment

Azure Support and managing requests

A brief guide for those of you who do not know how to raise Azure Support requests and manage them.

It’s there but it’s not there. What I mean is it’s easy to actually open azure support request right from within the Azure portal at https://portal.azure.com, but it’s really very easy to miss it. The option is right there on the right-top:

Azure Support Request

Here you can choose to open a new support request or manage existing requests. If you click ‘Help + Support’ it actually takes you support dashboard.

azure support dashboard

One important thing to notice here is that you can straight away link the current subscription at hand to your Microsoft Premier support investment or Azure support plan right here.

To open a support request click on ‘new support request’ from top menu or from the dashboard.

Azure Support Request

 

At this point you will be required to fill in few details.

Azure support choose an issue type

 

Depending on the type of the issue for which there are four categories- technical, billing, quota and subscription management and subscription, the relevant support plan is populated.

issue type

The 2nd step really is to provide description of the issue itself and select A, B and C severity. The 3rd and final step is to provide your contact information and submit the ticket. You can then monitor the status of the ticket by selecting to manage the support requests-

azure support manage support requests

Once you are finished, a technical person from the support team should contact you over the e-mail you provided.

Here’s how you can link up your existing Premier Support contract or Azure Program Benefits information (BizSpark, Microsoft Partner Network, MSDN, Signature Cloud Support). You have to type in your Access ID and Contract ID/Password and click on the Link button to link your subscription to the the support benefit.

link benefits

It’s a great step forward in terms of providing an end to end view into support from within the Azure portal itself. I am sure the future versions of this will have many rich reporting features and so on.

 

 

 

Posted in Azure Portal, Microsoft Azure | Tagged , | Leave a comment

New SQL Server deployment options in Azure Portal

I am super excited about blogging about the new SQL Server deployment options in Microsoft Azure portal. A recent addition to the portal (3rd week of January 2016). When you configure a SQL Server virtual machine from marketplace in Azure, you are required to provide basic settings like name of server, password, resource group, location and of course few other details like network, subnet and so on. That always existed, but now we have new options in SQL Server settings blade for-

  • Storage configuration
  • Patching
  • Backup and
  • Key vault integration
Azure Portal New SQL Server deployment options

New SQL Server settings in Microsoft Azure

SQL Server Deployment – Storage configuration

As part of the storage configuration, you can now just select the IOPS that your application requires using the slider, and based on that Azure will not only suggest the number of disks to be attached, but in fact automatically attach it as well. And that takes into consideration the size of the VM that you might have chosen in the previous step, based on which the number of disks are recommended.

IOPS, Disks and Throughput selection- Azure Portal New SQL Server deployment options

IOPS, Disks and Throughput selection for SQL Server

Of course instead of IOPS you can select throughput or storage disks and other parameters change accordingly.

SQL Server Deployment – SQL Automated Patching

The second option is that of ‘automated patching’. Here you can enable or disable automated patching and select the maintenance schedule time and so on.

Automated SQL Server patching in Azure- Azure Portal New SQL Server deployment options

Automated SQL Server patching in Azure

SQL Server Deployment – SQL Automated Backup

The 3rd option is that of SQL Server backup. Here you can select the backup storage account and retention period. One important point worth noting here is that you can encrypt the backups.

New Sql Server backup blade with encryption- Azure Portal New SQL Server deployment options

New Sql Server backup blade with encryption

SQL Server Deployment – Azure Key Vault Integration.

Finally the 4th option is leveraging the key vault as the EKM (Extensible Key Management) provider for storing the symmetric key which can be used by SQL server for various aspects where encryption is required like TDE (transparent data encryption), row level encryption, backup data encryption etc.

Summary

These four new options- storage, patching, backup and key vault integration can now be totally configured with few clicks from within the Microsoft Azure portal. Something that would otherwise have taken quite a bit of planning and at least 4 to 6 hours of effort is now available out of box. This is really cool. This kind of feature release takes automation and entire cloud value proposition to entirely new level.

One important point is that this blade with these newer options is available for SQL Server 2014 onward.

Posted in Azure Portal | Tagged , , | Leave a comment

Understanding Azure Subscription

Download the eBook here.

One of the first questions that I get from customers who are serious about Microsoft Azure Cloud offering is “Where do I start?”, “What is an Azure subscription?” When you swipe your credit card or buy Azure what exactly do I get. To that extent the question from enterprise customers then is “How do I isolate work between various project teams?”, “What about show-back or charge-back?”

It was becoming tough to explain these in a single blog post, so I decided to write it in the form of a quick eBook so that you can download and read it as a complete topic.

Subscription container model in Azure

Subscription container model in Azure

This is the cover image I choose for this book “Understanding Azure Subscription”. It’s from Wikipedia. It’s called Matryoshka doll. The reason for choosing this image is of course covered in the eBook, so read on :). In short, you need to plan before you really get started in terms of leveraging various Azure features and this book helps you understand exactly that. The details in this book are not a must to know before you start working with Azure, but yes, knowing it makes your life easier specially if you are thinking multiple projects, isolation, network layout and so on.

Hopefully you will enjoy reading this. Have fun!

Cheers, -Phani

Posted in Azure | Tagged , , | Leave a comment