Nomad_Soul - Fotolia


Getting a grip on Azure Resource Manager and templates

Azure Resource Manager is a critical tool for cloud admins that need to manage applications and services within Microsoft's growing public cloud.

Microsoft Azure is the leading challenger to Amazon Web Services in the public cloud market, offering a growing set of infrastructure and application services. However, the breadth of the Azure portfolio can seem complex when IT pros need to design, configure and deploy multi-tier applications that use multiple cloud services. Azure Resource Manager, the primary tool for service and application management on Azure, is designed to make these tasks easier.

Users typically access Azure Resource Manager through the Azure Web management graphical user interface (GUI). However, automation through the Azure command-line interface and PowerShell eliminate the need for the GUI.

Throughout an application's lifecycle, Azure Resource Manager plays three key roles:

  1. Description and design: Azure Resource Manager identifies all the Azure resources and services used for a particular application, the relationships and interdependencies between components and the logical assignment of resources to groups associated with different applications, users, workgroups or billing entities.
  2. Provisioning: With Azure Resource Manager, users can deploy resources in one or more Azure regions, which will soon include privately operated clouds based on Azure Stack, using preset configurations and policies that can include multiple deployment types for a particular application, such as production, testing, development or guest access.
  3. Control and administration: Azure Resource Manager acts as a central repository for Azure service design and deployment, meaning any changes users make to the master configuration are automatically applied to all deployed instances. For security, Azure Resource Manager uses role-based access controls (RBAC) to segregate privileges based on users' jobs and/or their organizational unit. Through integration, Azure Resource Manager can tie RBAC rights to existing users and groups in Active Directory. Like Active Directory, Azure Resource Manager also supports hierarchical inheritance of access rights, so a role assigned to a parent group grants access to the child users and groups contained within it.
With Azure Resource Manager, users can deploy resources in one or more Azure regions, which will soon include privately operated clouds based on Azure Stack.

Much like a package or build management system, Azure Resource Manager decouples logical service descriptions from specific deployed instantiations through support for Azure templates. Templates allow developers and operations teams to use declarative descriptions of Azure services, configurations and linkages to describe complex, interdependent application architectures.

Azure templates are written in JSON syntax and consist of four major elements:

  1. Parameters: These are values used to customize a deployment and describe attributes such as the runtime environment -- development, test or production -- versions, deployment region, server names or network configuration.
  2. Variables: As in any programming language, variables hold any values you want consistently applied throughout the template; if users change the variable once, every resource using the variable gets the new values.
  3. Resources: These are the heart of a template and describe the collection of deployed Azure services, including their configuration and properties that are defined by parameters or variables.
  4. Outputs: These describe any data returned from a deployment, such as a universal resource identifier and URL for REST APIs or a database connection string.

Users can extend Azure templates using expressions and functions. Typically, users will evaluate them at deployment time and use them to automate the custom configuration of certain properties in templates.

Understanding Azure Resource Manager is critical to effectively and efficiently deploy cloud-based applications on Azure. Like any new software, there's a learning curve, but the effort spent will pay dividends many times over by eliminating mistakes, security holes and management overhead.

Next Steps

Compare ARM templates vs. Terraform for infrastructure as code

Microsoft targets developers with new set of Azure services

Five quick tips on Azure cloud management

Dig Deeper on Cloud automation and orchestration