Azure Resource Manager

ARM or Azure Resource Manager is a new way of building and grouping resources in Azure. A resource is single entity in the infrastructure like a virtual machine or storage account and so on. And now with ARM model you can group these in to a group called resource group.

So, is that it? What was the reason for wanting to do this in the first place? Let’s see.

Reason 1: Well if you look at the class portal also known as the ASM (Azure Service Manager) portal when you create resources they just got created and one fine day you would see a list like this containing a mix of types of resources which were created by different people for different reasons all in one place.

No Azure Resource Manager

No Azure Resource Manager

Whereas if you look at ARM based model, when you create resources they get grouped under resource groups. In fact you can browse by resource groups.

Resource groups in Azure

Resource groups in Azure

And when you expand on a resource group you could see the resources in that group.

Azure Resource Group

Azure Resource Group

Great, so one problem of grouping solved and a view which can drill down takes care of putting it cleanly for us. Is that it?

Reason 2: The real important problem that resource group solves is that in the earlier model Azure subscription was the real isolation boundary and that constrained lot of ways in which project teams could effectively use it. You could argue that you will give away a subscription for every team that needs it, but that used to bring up another issue of ease of resource sharing like DNS, AD, and Databases and so on across subscriptions. You had to go through site-to-site VPN to really start sharing resources between subscriptions. A bit too much overhead for simple requirement.

Resource group brings in one additional isolation boundary within a subscription.

As shown in the 2nd graphic above for every project you could provision a new resource group and create an owner for that, typically the project manager and let her run with it. The project manager can then add different users based on roles etc. That basically takes you into RBAC (Role Based Access Control) discussion. I had blogged about RBAC previously. You can check that out- Azure role based access control.

Some important things worth noting in the new ARM (Azure Resource Manager) world:

  • Virtual machines deployed with the classic deployment model cannot be included in a virtual network deployed with Resource Manager.
  • Virtual machines deployed with the Resource Manager deployment model must be included in a virtual network. Virtual machines deployed with the classic deployment model don’t have to be included in a virtual network.
  • Every virtual machine in classic deployment model must have a public IP. In the ARM model, you may choose not to have a public IP at all. See the graphic below.
  • You can of course build a Site-to-Site VPN between classic network and network build using ARM model.


ARM or Azure Resource Manager is V2 of Azure release in itself. It gives you an excellent way to manage resources which have to be together, like resources that belong to a project. You can move resources between resource groups. That said, it’s of immense importance to do some upfront planning to define and decide various resource groups that you would build in an organization. You could define an project Azure on-boarding strategy based on resource group mapping. Needless to say, but it is highly recommended that for any net new work you do in Azure, you should do it the ARM way. More of less all the new features being released are work under ARM model and are not backward compatible (examples include tagging in Azure, role based access control etc).

Hope you learnt something new and something important and interesting. These views are purely my own. I don’t work for Microsoft. These views are based on my experience working in various projects and my experiments with Azure.

Posted in Microsoft Azure | Tagged , , , , | Leave a comment

New SQL Server deployment options in Azure Portal

I am super excited about blogging about the new SQL Server deployment options in Microsoft Azure portal. A recent addition to the portal (3rd week of January 2016). When you configure a SQL Server virtual machine from marketplace in Azure, you are required to provide basic settings like name of server, password, resource group, location and of course few other details like network, subnet and so on. That always existed, but now we have new options in SQL Server settings blade for-

  • Storage configuration
  • Patching
  • Backup and
  • Key vault integration
Azure Portal New SQL Server deployment options

New SQL Server settings in Microsoft Azure

SQL Server Deployment – Storage configuration

As part of the storage configuration, you can now just select the IOPS that your application requires using the slider, and based on that Azure will not only suggest the number of disks to be attached, but in fact automatically attach it as well. And that takes into consideration the size of the VM that you might have chosen in the previous step, based on which the number of disks are recommended.

IOPS, Disks and Throughput selection- Azure Portal New SQL Server deployment options

IOPS, Disks and Throughput selection for SQL Server

Of course instead of IOPS you can select throughput or storage disks and other parameters change accordingly.

SQL Server Deployment – SQL Automated Patching

The second option is that of ‘automated patching’. Here you can enable or disable automated patching and select the maintenance schedule time and so on.

Automated SQL Server patching in Azure- Azure Portal New SQL Server deployment options

Automated SQL Server patching in Azure

SQL Server Deployment – SQL Automated Backup

The 3rd option is that of SQL Server backup. Here you can select the backup storage account and retention period. One important point worth noting here is that you can encrypt the backups.

New Sql Server backup blade with encryption- Azure Portal New SQL Server deployment options

New Sql Server backup blade with encryption

SQL Server Deployment – Azure Key Vault Integration.

Finally the 4th option is leveraging the key vault as the EKM (Extensible Key Management) provider for storing the symmetric key which can be used by SQL server for various aspects where encryption is required like TDE (transparent data encryption), row level encryption, backup data encryption etc.


These four new options- storage, patching, backup and key vault integration can now be totally configured with few clicks from within the Microsoft Azure portal. Something that would otherwise have taken quite a bit of planning and at least 4 to 6 hours of effort is now available out of box. This is really cool. This kind of feature release takes automation and entire cloud value proposition to entirely new level.

One important point is that this blade with these newer options is available for SQL Server 2014 onward.

Posted in Azure Portal | Tagged , , | Leave a comment

Understanding Azure Subscription

Download the eBook here.

One of the first questions that I get from customers who are serious about Microsoft Azure Cloud offering is “Where do I start?”, “What is an Azure subscription?” When you swipe your credit card or buy Azure what exactly do I get. To that extent the question from enterprise customers then is “How do I isolate work between various project teams?”, “What about show-back or charge-back?”

It was becoming tough to explain these in a single blog post, so I decided to write it in the form of a quick eBook so that you can download and read it as a complete topic.

Subscription container model in Azure

Subscription container model in Azure

This is the cover image I choose for this book “Understanding Azure Subscription”. It’s from Wikipedia. It’s called Matryoshka doll. The reason for choosing this image is of course covered in the eBook, so read on :). In short, you need to plan before you really get started in terms of leveraging various Azure features and this book helps you understand exactly that. The details in this book are not a must to know before you start working with Azure, but yes, knowing it makes your life easier specially if you are thinking multiple projects, isolation, network layout and so on.

Hopefully you will enjoy reading this. Have fun!

Cheers, -Phani

Posted in Azure | Tagged , , | Leave a comment

Vocabulary of the New Azure Preview Portal

The New Azure Preview Portal.

The user experience for the new azure preview portal ( is quite different than the current management portal ( I am no UX expert by any stretch but I wanted to introduce the vocabulary for the new Azure preview portal. So, let’s jump straight in-

Startboard: The first layout you are presented with when you login to You can pin various entities you feel you need one click access to Startboard.

azure startboard

azure startboard

Blade: Vertical container that acts as a starting point for a journey.  Can contain multiple parts.
Part:    Components that provide reusable units of functionality.
Lens:    Container for parts.

azure portal- blade, lens and part

azure portal- blade, lens and part

Journey: Series of steps that a user follows (represented by sequential blades) 

azure portal- journey
azure portal- journey

Jump Bar: As the name says it, it’s a jump bar.

azure jump bar

azure jump bar

Browse Hub: Hubs are the central location for global services that all extensions leverage.

browse hub

browse hub

I will keep adding to the list as I come across new ones. Hope you learnt something new!


Posted in Azure Portal, Windows Azure Portal | Tagged , | Leave a comment