�ݺ�ߣ

Editor's Notes

• #4: The aim of this module is to give a clear understanding of ARM and core concepts of resources, templates, resource groups and deployments and will dive deep into to process of deploying the resources automatically using ARM templates. Once you complete this module you all will be able to Create a res grp Add a resource to your rg Deploy an ARM template to RG Filter res using rags Author complex deployment using RBB
• #5: Before I start with ARM templates, let see how Azure has evolved over the last few years. This is the current state of the platform and you can already see that there significant number of services already available in the platform and new services are getting introduced on a regular basis. As the offerings began to grow, the management, deployment of these resources was becoming more of a headache for the operations team. So, Azure Resource Manager was introduced and will see in the upcoming slides how we can do that.
• #6: In Azure Resource Manager, each service in Azure is a Resource Provides where as each service instance is modular resource. Service instances can now grouped as resource group. A resource group act as a virtual container which provides a common lifecycle for the child resources, meaning they can now be created, managed, monitored and deleted together. The ARM has also have a concept called resource templates which enables you to define a service unit in advance and then use this template to create as many instances as you like. A typical scenario where these templates can be used is when you need to create different instance of a resource for different environments such as testing, staging, and production. Resource Manager provides security, auditing, and tagging features to help you manage your resources after deployment. Resource Manager provides a consistent management layer to perform tasks through Azure PowerShell, Azure CLI, Azure portal, REST API, and client SDKs
• #7: Resource Group : All the resources in your group should share the same lifecycle. You deploy, update, and delete them together. If one resource needs to be on different deployment cycle, it should be in diff resource group Each resource can exist only in one group Can add/remove a resource group at any time, is also possible to move from one to another, can reside in different regions Resource Provider Each resource provider gives you a set of resources and operations for working with an azure service. Format for a resource type is {resource-provider}/{resource-type}. For example if you want to publish a web app then the provider will be Microsoft.Web and offers resource type called sites --Microsoft.Web/sites/publish/Action Resource Manager Template Is a file In JSON format, which helps you to define the infrastructure and configuration for your solution. Helps you to repeat the deployments with easy ease and also can make sure that the solution will be in a consistent state
• #8: First two are required Parameter – values that are provided when the template is executed, Variables – values that are used in JSON which is used to simplify language expressions. Say for resource name by concatenating id + prefix Functions – user defined functions available inside the template Resources – resource types that are deployed/updated in a resource group Outputs – values that are returned after the deployment
• #9: This template can be used to create an empty resource group It accepts two parameters for name and location
• #10: Azure Powershell Needs to install Azure Powershell module in your local machine, then you can use use Azure commands to log in to azure, and deploy the resources you specified in the template Azure CLI Another way of doing is that is by using CLI tools. You need to install azure cli installed in your local machine
• #12: Access management for cloud resources is a critical function for any organization that is using the cloud. Role-based access control (RBAC) helps you manage who has access to Azure resources, what they can do with those resources, and what areas they have access to.
• #13: Security Principal Is an object that represents an user, group or service principal that is requesting accessing to azure resources User – an individual who has profile in azure, group – set of users created in Azure AD, security principal – security identity used by applications can be username/pwd or certificate Role definition – is a collection of permissions, list the operation that can be performed such as read, write and delete Has got four fundamental built in roles , Owner – has full access including delegation, Contribute – can create and manage all types of resources, but can’t grant access to others, Reader – can view existing resources, User access admin – manage user access to resources Scope is the boundary that access applies to, after you assign a role you can further limit action by defining scope Management group – can manage everything in all subscriptions in the group Subscription – can manage everything under the subscription Management group provides a scope above the subscription level, useful in the case of multiple subs
• #14: Built in Policy Sample Require SQL Server 12.0: This policy definition has conditions/rules to ensure that all SQL servers use version 12.0. Its effect is to deny all servers that do not meet these criteria. az policy assignment create --name 'audit-vm-manageddisks' --display-name 'Audit Virtual Machines without Managed Disks Assignment' --scope '<scope>' --policy '<policy definition ID>’ https://docs.microsoft.com/en-us/azure/azure-policy/assign-policy-definition-cli
• #15: Needs Azure CLI, nodejs then azure building blocks package Supported resources Virtual Networks Virtual Machines (including load balancers) Virtual Machine Extensions Route Tables Network Security Groups Virtual Network Gateways Virtual Network Connections