Azure Resource Manager

 Azure Resource Manager

Chapter 5

Summary

Imagine you’ve joined a company that has been moving to the cloud. This movement happened organically across different departments and resulted in a lack of awareness of what’s already been created and where everything is. There’s no ability to determine who owns which resources quickly. There’s no enforcement of standards for things like resource names, resource sizes, and geographic locations. There have also been several instances where critical resources were inadvertently deleted, causing business-critical outages. Your manager has asked you to head up an effort to put some order into the chaos, but you’re new to Azure and aren’t entirely sure what you can do to make this better. Azure Resource Manager has various highlights that you can use to compose resources, implement measures, and shield essential Azure resources from inadvertent cancellation. We’ll take a visit through these highlights, and show how you can utilize them to further your potential benefit.

As was referenced before in the exploration technique, the examination had consideration criteria. The reason for the consideration requirements is to guarantee that not every person takes part in the exploration but rather just the ideal respondents who have the applicable information to the extent the examination is concerned. For this situation, the two significant consideration criteria were that the respondent knows about Azure, and the respondent more likely than not had some involvement with distributed computing, particularly Azure. These guarantees no bystander partakes in the investigation and subsequently authorizing the exactness of the outcomes.

The main objective of the research was to examine the Control and organization of cloud resources with the Azure Resource Manager. The respondents demonstrated much knowledge as far as using Azure in cloud resource management is concerned. For instance, the respondents vouched for the greatness of controlling just as an association of cloud resources utilizing Azure. Purplish blue Resource Manager has various highlights that you can use to arrange funds, implement measures, and shield necessary Azure resources from inadvertent deletion.

Besides, the respondents acquainted with Azure and their fulfillment of utilizing Azure in Control and the association of cloud resources. This is only an affirmation of the productivity of Control and association of cloud resources with Azure. On using labeling in sorting out supplies is concerned. Nine of the respondents recognize this procedure as fantastic. Labels are name/esteem sets of content information that you can apply to resources and resource gatherings. Tags enable you to relate custom insights concerning your resource, notwithstanding the standard Azure properties a resource has:

• Department (like money, advertising, and that’s just the beginning)
• Environment (push, test, dev.),
• cost focus
• Life cycle and mechanization (like shutdown and startup of virtual machines).

Making resource groups was one of the fundamental subjects of exploration. The inquiry proposed to test the strategy for resource bunch creation is dear to numerous respondents. The majority of the respondents are slanted towards Azure entryway and some on Azure PowerShell. Anyway, Resource gatherings can be made by utilizing both of the accompanying strategies:

• Azure entryway
• Azure PowerShell
• Azure CLI
• Templates
• Azure SDKs (like .NET, Java)

While creating resources, you, by and large, have the decision to make another resource bunch as a choice as opposed to using a present resource gathering. This improves the technique a piece, anyway as you find in your new affiliation, can incite resources spread transversely over resource bunch with little thought in regards to how to orchestrate them.

Conclusion

Resource groups are a fundamental element of the Azure platform. A resource group is a logical container for resources deployed on Azure. These resources are anything you create in an Azure subscription-like virtual machine, Application Gateways, and Cosmos DB instances. All funds must be in a resource group, and a resource can only be a member of a single resource group. Many resources can be moved between resource groups, with some services having specific limitations or requirements to proceed. Resource groups can’t be nested. Before any resource can be provisioned, you need a resource group for it to be placed in.

Resource groups can be organized in several ways. We might put all resources that are core infrastructure into this resource group. But we could also organize them strictly by resource type. For example, put all VNets in one resource group, all virtual machines in another resource group, and all Azure Cosmos DB instances in yet another resource group.

Organizing for authorization

Since resource groups are a scope of RBAC, you can organize resources by who needs to administer them. If your database administration team is responsible for managing all of your Azure SQL Database instances, putting them in the same resource group would simplify administration. You could give them the proper permissions at the resource group level to administer the databases within the resource group. Similarly, the database administration team could be denied access to the resource group with virtual networks, so they don’t inadvertently make changes to resources outside the scope of their responsibility.

Organizing for life cycle

We mentioned earlier that resource groups serve as the life cycle for the resources within it. If you delete a resource group, you eliminate all the resources in it. Use this to your advantage, especially in areas where supplies are more disposable, like non-production environments. If you deploy ten servers for a project that you know will only last a couple of months, you might put them all in a single resource group. One resource group is easier to clean up than ten or more resource groups.

Organizing for billing

Lastly, placing resources in the same resource group is a way to group them for usage in billing reports. If you’re trying to understand how your costs are distributed in your Azure environment, arranging them by resource group is one way to filter and sort the data to better understand where prices are allocated.

Recommendations

• We’ve seen how we could use policies to ensure that our resources have the tags that organize our resources. There are other ways procedures can be used to our benefit.
• We could use policy to restrict which Azure regions we can deploy resources to. For organizations that are heavily regulated or have legal or regulatory restrictions on where data can reside, policies help to ensure that resources aren’t provisioned in geographic areas that would go against these requirements.
• We could use policy to restrict which types of virtual machine sizes can be deployed. You may want to allow large VM sizes in your production subscriptions, but maybe you’d like to ensure that you keep costs minimized in your dev. Subscriptions. By denying the large VM sizes through policy in your div. Subscriptions, you can ensure they don’t get deployed in these environments.
• We could also use policy to enforce naming conventions. If our organization has standardized on specific naming conventions, using the procedure to implement the agreements helps us to keep a consistent naming standard across our Azure resources.
• When planning your access control strategy, grant users the lowest privilege level that they need to do their work.
• Use Resource Locksto ensure critical resources aren’t modified or deleted (more on that next!)
• You can utilize tags to gather your charging information. For instance, in case you’re running numerous VMs for various associations, utilize the cards to aggregate use by cost focus. You can also use labels to classify costs by run-time conditions, for example, the charging utilization for VMs running in the generation condition.

• You can recover every one of the resources in your membership with a particular tags name or worth. Labels empower you to improve related resources from various resource gatherings. This methodology is useful when you have to arrange funds for charging or executives.

• Segregate duties inside your group and award just the measure of access to clients that they have to play out their occupations. Rather than giving everyone unlimited consents in your Azure membership or resources, permit just explicit activities at a specific degree.

References

De Tender, P., Rendon, D., & Erskine, S. (2019). Azure Naming Conventions and Standards. In Pro Azure Governance and Security (pp. 29-51). Apress, Berkeley, CA.

Serhiienko, O., Gkikopoulos, P., & Spillner, J. (2019). Extensible declarative management of cloud resources across providers. In CCGrid 2019, Nicosia, Cyprus, May 2019 (pp. 678-683). IEEE.

Medina, O., & Schumann, E. (2018). Provisioning the SharePoint Farm to Azure Using Terraform. In DevOps for SharePoint (pp. 85-153). Apress, Berkeley, CA.

Preston, S. (2016). Chef Azure VM Extensions. Using Chef with Microsoft Azure (pp. 55-69). Apress, Berkeley, CA.

Preston, S. (2016). Microsoft Azure Terminology and Concepts. Using Chef with Microsoft Azure (pp. 29-53). Apress, Berkeley, CA.