This document provides information about Stephane Lapointe, including his contact details. Stephane has over 20 years of experience with Microsoft technologies. He works as a Cloud Solution Specialist at GSOFT, where he is passionate about Microsoft Azure, DevOps practices, and automation using PowerShell. He is also a co-organizer for the Azure group at the Montreal MSDEVMTL community. Additionally, Stephane holds the Microsoft Azure MVP and Advisor titles. His contact information is provided at the end of the document.

1. stephane@lapointe.cloud

2. Stephane Lapointe
Over 20 years of experience with Microsoft technologies.
He is working at GSOFT where he’s a Cloud Solution
Specialist.
He is very passionate about everything that touches
Microsoft Azure, the DevOps practice and automation of
all sort of things using PowerShell. He is very dedicated
to the Montreal MSDEVMTL community where he is a
co-organizer for the Azure group. He is also an Microsoft
Azure MVP & Advisor.
Email : stephane@lapointe.cloud
Twitter : @s_lapointe
Facebook :
stephane.lapointe.azure
LinkedIn :
ca.linkedin.com/in/stephanelapointe

3. Agenda

4. Objectives

6. Azure Resource Manager (ARM)

7. Azure Resource
Manager
 enable application management within
Azure
 resource groups are containers that
can contain multiple IaaS + PaaS
resources
 support lifecycle management with
integrated Role Based Access Control
(RBAC)
 templatize application deployment and
configuration
 supports DevOps
RESOURCE GROUP

8. Resource
Group
 container for multiple resources
 resources exist in one* resource group
 resource groups can span regions
 resource groups can span services
 support both imperative and
declarative deployment models
RESOURCE GROUP

9. Deployment
 tracks template execution
 hold one or many deployment
operations
 created within a resource group
 allows nested deployments
RESOURCE GROUP

10. imperative
or
declarative
You decide

11. Azure Resource Manager templates
DEPENDS ON SQL

12. Getting started with Azure templates

13. Template language expressions

14. JSON files—simpler than they look

15. Template linking

16. Conditional logic in template
newExistingTemplate.json
newStorageAccount.json
existingStorageAccount.json

18. The t-shirt sizing approach

20. Debugging
 no breakpoints available
 bit more complex when more than one
template (ie: template linking)
 Enable debug logging*
 can use deployment operations
 use HTTP debugging proxy server
(ie: Fiddler)
 use Azure Resource Explorer

21. Debugging template in PowerShell

23. Protecting
sensitive data
 do NOT put sensitive data in template
 use SecureString & SecureObject types
 runtime retrieval w/ template functions
(ie: listKey, list*)
 reference Azure Key Vault secrets
 turn off debug logging* after use
 use existing secure mechanism
(ie: protectedSettings in DSC extension)

24. 24
Microsoft Azure
IaaS SaaSPaaS
Import
keys
HSM
KeyVault
Azure Key Vault
Key Vault offers an easy, cost-effective way to
safeguard keys and other secrets used by cloud
apps and services using Hardware Security
Modules (HSM)s.

25. Protecting sensitive data using list*
template functions
, listKeys(variables('storageAccountid'),'2016-12-01').keys[0].value )]

26. Protecting sensitive data using key vault’s
references in parameter files
"reference": {
"keyVault": {
"id": "/subscriptions/00000000-0000-0000-0000-000000000000
/resourceGroups/myresourcegroup
/providers/Microsoft.KeyVault/vaults/myvaultname"
},
"secretName": "VmAdministratorPassword"
}

27. Protecting sensitive data using key vault’s
secrets value in scripts
adminPassword = (Get-AzureKeyVaultSecret -VaultName $kv.VaultName -Name
'VmAdministratorPassword').SecretValue

30. In review: Session
objectives and takeaways

31. Resources
https://github.com/Azure/azure-quickstart-templates
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-template-functions
https://resources.azure.com
aka.ms/TryAzureForMonth