AZ900: Azure Resource Manager and Resource Groups
In the series so far, we have looked at how Microsoft has deployed its datacenters into Regions, how Regions are used to manage services globally and how the use of Availability Zones can protect against physical region outages. We are now going to look at the services Microsoft provides for generally managing resources.
Azure Resource Manager (ARM)
To make deployment and management of Azure services easy, Microsoft has developed Azure Resource Manager, also known as ARM. (Not to be confused with the company Arm who produce CPU chip designs).
You can use ARM to deploy and interact with Azure services. When you use the Azure Portal or CLI, you interact with ARM APIs, with means the results should be the same, no matter what method you use to access and manage Azure resources. The ARM APIs interact with the various Resource Providers, which are the services that supply Azure resources. E.g., Microsoft.Storage for Storage Account or Microsoft.Compute for VMs
When a user sends a request from any of the available tools, the Azure Resource Manager API receives the request. It then authenticates and authorizes the request based on the user’s credentials and permissions. If authorized, the request is passed to the resource providers for them to implement.
Deployments of Azure resources can be automated using Infrastructure as Code (IaC) technologies and methodologies. Azure supplies their solution called ARM templates, which are JSON files that define resources and their configuration. The templates use a declarative syntax, which means you specify what you intend to deploy, and ARM interprets the request and deploys the resources.
The benefits of using IaC means that the results are repeatable and allows the orchestration of deployments. This allows Cloud Engineers to use software development practices to improve deployments and reliability of deployed services.
For more information about ARM templates, there is a great blog series by Shannon Kuehn on the Skylines Blog
Resource Groups
Resource Groups are one of the main features of ARM you use to manage and organize your resources. A Resource Group is a logical container for you to store Azure services deployed in your subscriptions. By deploying all services associated with a particular business function or application into a single or small group of Resource Groups, you can then deploy and manage them more easily.
There are many different principles that you can use for resource group organization, and these need to be considered during the planning phase to help ongoing management and maintenance tasks. You can organize by Resource Type, Environment, Department, Function, Authorization Model, Billing, Life Cycle, or a combination of these strategies.
When deploying Resource Groups, you do have to select a location, but this is just the location where the Resource Group metadata resides. It does not restrict the location of resources deployed to the Resource Group. Therefore you can have resources from multiple locations stored within a single Resource Group.
Advantages of Resource Groups
ARM Templates
One of the main features of ARM is the concept of ARM templates. These are used to deploy resources and resource groups in a uniform and repeatable manner. The templates are written in JSON, using a declarative syntax allowing you to specify what resources you want and Azure Resource Manager works out how to deploy them. A typical template deploys multiple resources into a single Resource Group. You can get an auto-generated ARM template for a Resource Group from the Export template tab of the Resource Group blade.
Permissions and Governance
Permissions can be applied at the Resource Group level as well as the Subscription Level, and this means you can apply a more granular approach to Role-Based Access as required. Similar to RBAC permissions, you can also use Resource Groups to apply a granular approach to governance by configuring Azure Policies and Resource Locks at the Resource Group level.
Naming Conventions
Due to the naming of some of the automatically deployed resources, grouping Resources in Resource Groups means you can deploy your organizations naming convention to the Resource Groups, improving the quality of life of your Cloud Engineers. Being able to deploy your naming convention gives your engineers the ability to identify the function of the Resource Group at a glance.
Tags
Like with resources, Resource Groups can have tags applied too. These key-value pairs of name and value allow you to add additional information to resources and Resource Groups. Adding tags to Resource Groups does not automatically add them to the resources contained in the group. So, you can have a two-layer approach to the additional data you are adding to resources and their groups.
Cost management
Within the Resource Group pane, you can see the Costs of all Resources deployed into the Resource Group, and this is useful for understanding the costs of your deployed applications. If you have Resource Groups deployed by department, this can be very useful in cross charging the departments for their Resource utilization.
At the subscription level, you can also break down expenditure under the cost analysis to the Resource Group level.Housekeeping
When you need to delete a Resource Group and all its’ resources this can be quickly done by deleting the Resource Group, Azure automatically deletes all resources within the group. This is especially useful when you need to clean up Resources after testing specific scenarios. If all resources are deployed in a single Resource Group, everything can be deleted at once. Also, this is very useful when cleaning up any deployed Resource during your training lab time.
Summary
In the series, we have looked at the core infrastructure and services Microsoft provides in order to allow you to manage services on a global scale. With Regions and Region Pairing, they allow the deployment of applications and services around the world in a highly available manner. Using Availability Zones and Zonal services, you can enhance the fault tolerance of your services further to ensure minimal disruption due to maintenance cycles or unplanned outages.
We have now also looked at Azure Resource Manager and Resource Groups. These services and features allow organizations to deploy and manage their services and applications in an ordered manner. We also looked briefly at ARM templates these deployments can be standardized and orchestrated using DevOps practices to ensure consistent results.
—Matt Boyd