Overview Of Azure Resource Manager

A new and modern way of managing Azure Resources on Microsoft Azure.

Resource management on Azure

In Microsoft Azure, we used to create a huge amount of resources to suit our business, such as - VMs, Web Apps, Azure SQL databases, Load Balancers and Virtual Networks. Creating and managing these individual resources has always been a challenge for businesses. In 2015, Microsoft introduced a new way of creating and managing these individual resources differently and more efficiently than the previous one, called Azure Resource Manager.

We know that Microsoft Azure supports 2 portals to create and manage resources in Azure Data Centers.

Creating and Managing resources in these 2 portals is different (Although we can use the classical way of managing resources with Preview Portal). Now, let's take a business case where we have 2 VMs, a Virtual Network, a Load-Balancer and a storage account, and see how our business case fits into these 2 Azure Portals.

Azure Service Management (the classical way)

If you have gone through the Azure experience using the classical portal before, you see a whole set of resources together categorized by the left navigation menu.



Using our business case with this ASM Portal, we get the following drawbacks:

  • We don't have a way to group and manage our business application's infrastructure individually.
  • We get a long list of resources where we need to find and configure the required resource. Each resource in Classical Portal is singleton.
  • We have to determined and take care of dependencies such as a storage account must be configured before a VM is provisioned.
  • There is nowhere we can calculate billings for our business application.
  • There is no way to recreate the same infrastructure at once. It means if we need to replicate the same infrastructure or we need some change, we must go through the entire process again such as creating non-dependent resources first and then provisioning VMs etc.

When managing resources with Classical Azure Portal through a terminal either PowerShell or Azure CLI, we are using Azure Service Management APIs where we manage each resource individually with shell commands.

To address these limitations, we make use of the new Azure Resource Manager.

Azure Resource Manager (ARM)

With Azure Portal, Microsoft introduced Azure Resource Manager (ARM) which is a modern, cheaper and a faster way to deploy and configure resources on Azure. ARM is only available in Azure Preview Portal but you can use the classical ASM model in the Preview Portal as well.

ARM addresses those limitations that exist in ASM. When working with ARM through a terminal such as PowerShell or Azure CLI, we make use of ARM API calls as we will see in a bit. Followings are some of the core features of ARM.

Resource Groups

With Azure Resource Manager, you can now create groups of related Azure resource called Resource Groups. With Resource Groups, you can group related resources separately from the rest of the Azure resources. This makes managing and monitoring resources much easier.

Declaratively Managing Resources

With ARM, you can now implement resources with a term called Infrastructure as Code. This means you can now write a JSON file where you declaratively write your Azure resources with their dependencies so that ARM provisions them before the dependent resources are provisioned. This helps teams like DevOps work better and helps them with setting up development, staging and production environments using code. This approach also helps you to redefine your infrastructure if it does not suit your needs. These JSON files are called Azure Resource Manager (ARM) Templates.

Faster Resource Provisioning

Now with ARM, you don't have to wait for a resource to get provisioned and then create another. Instead, you can create resources in parallel. If the resources that you want to provisione are dependent, you configure dependencies in ARM Templates and ARM will spin up non-dependent resources before the dependent resources. This is a faster way of deploying resources.

Costs

Using ARM, you can now calculate costs for a particular set of Azure resources. You can calculate the price of each resource group individually and separately.

Role-Based Access Control (RBAC)

Before ARM, if you want a user to access their particular business application's infrastructure, you have to provide him the entire control of your subscription or you have to make him a co-administrator. With this approach, the user has full control over your Azure subscription not only to those resources that are necessary to him. Now with ARM, you can use Role-Based Access Control (RBAC) to restrict access to users only to their Azure resources. Using RBAC, you can grant only the amount of access that a particular set of users need to get their job done so that when they logged in to your Azure subscription they will only see those resources which are related to them. You can even assign RBAC permissions to individual resources if you want.

Now we have seen some of the core benefits of using Azure Resource Manager. Let's see ARM in action with a simplest example.

ARM Templates

As described earlier, you can create a JSON file known as ARM Template and pass this file to ARM and ARM will provision the required resources with their dependencies (if there are any) for you. This is usually called Infrastructure as Code approach in the DevOps world. There are dozens of pre-built ARM QuickStart templates that you can find here or you can create your own one to suit your business case. To help you create your own ARM Templates, you can use Visual Studio with Azure SDK installed if you are on Windows. Visual Studio provides great capabilities for creating ARM templates with which you can find the Cloud project category.



With Intellisense, there are code block selections and dialogs for creating ARM Templates. If you are on Windows, Visual Studio is the recommended tool for creating your own ARM templates. If you are on a non-Windows environment, you can use Visual Studio Code which is a free and cross platform code editor from Microsoft. Download and install VS Code and install Azure Resource Manager Tools editor extension from Microsoft. This will help you to build your own ARM templates by enabling Intellisense, Errors, Warnings etc in VS Code.

To keep things simple, I won't explain here each and every bit of an ARM template syntax. Instead, I'll use a pre-built QuickStart ARM template that will create a simple Web App with a SQL Database in a Resource Group using Docker Azure-CLI to avoid tooling installations but you can also use other shells like Microsoft Azure PowerShell and NPM Azure CLI.

If you are on a Mac or Linux, you can install Azure-CLI NPM tool or the installer for managing resources on Azure. Click Here to get more information about installing Azure-CLI.

If you are unfamiliar with Docker, Click Here to take a basic look.

So, we will pull down the latest microsoft/azure-cli Docker Image from the Docker Hub and interact with it using the command:

docker run -it microsoft/azure-cli

Inside the container, login to your Azure subscription by typing.

azure login

After walking through the login and subscription selection process, change the deployment configuration to ARM by typing.

azure config mode arm


Now you need to create a Resource Group. Recall that a Resource Group is a logical grouping of your Azure services. To create a Resource Group, we need a name and a Geo-location. Type any name with the location that suits your needs. For this example, I'll use:

azure group create -n "MyResourceGroup" -l "East Asia"


Execute this command and you can see that a Resource Group with the name MyResourceGroup has been created for you in the Portal.

We will use this pre-built ARM template available at Azure QuickStart Templates for simplicity. So we need to tell ARM using Azure-CLI that we need a Web App with a SQL Database based upon this template. So to get up and running, we use the raw version of the template from GitHub and define the Resource Group (that we just created) in the Azure-CLI as.

azure group deployment create --template-uri https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/201-web-app-sql-database/azuredeploy.json -g "MyResourceGroup"

After executing, you will see that the Azure-CLI has started provisioning Azure Resources for you. After a very short time, you will see an empty Web App connected with a SQL Database up and running in the Azure Portal.

Notice how quickly you set up your Azure Services with required configurations by typing just a single command. Provisioning and configuring these resources manually yourself is tedious. In the same way, businesses can author their own ARM templates the way they want their infrastructure to be. Provisioning resources with ARM is much faster.

Typically, a DevOps team works with ARM using a source control like:



The developers write the ARM templates, the operational team tests and verifies the infrastructure, and finally the DevOps team pushes it to the Source Control where ARM gets the template and updates the Azure Resource accordingly.

This is just a typical ARM DevOps work-flow. It can also include several other steps like running Unit and Integration Tests etc.

If you have an existing Azure Resource Group, you can export your ARM template from the portal or CLI. From the Preview Portal, you can go to "Resource Group => Automation Script", there you will see the JSON file of your Resource Group ARM Template. It can help you to re-create those Azure Services quickly.

To explore more about Azure Resource Manager, the best way is the ARM Website. From here, you can learn about how to create your own ARM templates that suit your business needs. Here, you can find how to use Role-Based Access Control (RBAC) with a Resource Group.