Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Automating Your Azure Environment

7,433 views

Published on

Learn how to leverage various tools to quickly and consistently create full environments in minutes.

Like most things in life, there's an easy way and a hard way. The same holds true when working in cloud environments such as Microsoft Azure. The Azure management portal and Visual Studio can be great for relatively simple projects, but quickly become tedious when trying to create the multiple resources that often make up a real-world solution. This session will demonstrate how to leverage various tools, such as PowerShell, Azure Resource Manager, Azure Automation, and the Azure Management Library, to quickly and consistently create full environments in minutes.

You will learn:
- How to use Azure Management Library to create various Azure assets
- How to use Azure PowerShell cmdlets to query Azure services, deploy VMs and Cloud Services
- How to leverage Azure Automation to reduce operating costs and other management tasks

Published in: Technology
  • Be the first to comment

Automating Your Azure Environment

  1. 1. Automating Your Azure Environment Michael S. Collier Cloud Solution Architect, Microsoft Level: Intermediate
  2. 2. Michael S. Collier Cloud Solution Architect Microsoft michael.collier@microsoft.com @MichaelCollier www.MichaelSCollier.com http://aka.ms/csablog
  3. 3. http://aka.ms/fundamentalsofazure
  4. 4. Today’s Agenda 1. Why Automation in Azure? 2. Azure Management Library 3. Azure PowerShell a) Azure Service Management b) Azure Resource Manager 4. Azure Automation
  5. 5. Why Automate in Azure?
  6. 6. Why Automation? • Time to provision full environments – Compute, storage, etc. • Deployment to multiple geographies – Change only configuration / parameters
  7. 7. Why Automation? #1 source of failed projects (IMO) Humans TERRIBLE at repetitive tasks
  8. 8. A Few Options REST API • Service Management • Resource Manager
  9. 9. A Few Options REST API • Service Management • Resource Manager Azure Management Library
  10. 10. A Few Options REST API • Service Management • Resource Manager Azure Management Library PowerShell • Invoke REST • Service Management • Resource Manager
  11. 11. A Few Options REST API • Service Management • Resource Manager Azure Management Library PowerShell • Invoke REST • Service Management • Resource Manager XPlat CLI • ??
  12. 12. A Few Options REST API • Service Management • Resource Manager Azure Management Library PowerShell • Invoke REST • Service Management • Resource Manager XPlat CLI • ?? Azure Automation
  13. 13. A Few Options REST API • Service Management • Resource Manager Azure Management Library PowerShell • Invoke REST • Service Management • Resource Manager XPlat CLI • ?? Azure Automation
  14. 14. Azure Management Library
  15. 15. Azure Management Library • Consistent modern libraries over the Azure REST API – NET, Java, Python, Go, & Ruby
  16. 16. Azure Management Library
  17. 17. Azure Management Library • Scenarios – Integration Testing – Custom provisioning of services (SaaS) – Dev/Test – Resource Governance • Almost anything you may want to automate
  18. 18. Azure Management Library • Microsoft.WindowsAzure.* – Older RDFE version – Not recommended • Microsoft.Azure.* – Based on new Azure Resource Manager (ARM) – Recommended
  19. 19. Azure Management Library • Get all or just the ones you need
  20. 20. Authentication • Azure Active Directory • Create a service principal – Password (PowerShell or CLI) – Certificate (PowerShell) • Assign necessary ROLE to the service principal
  21. 21. Create the Service Principal Switch-AzureMode AzureResourceManager Select-AzureSubscription -SubscriptionName “My MSDN Azure” $appName = "VSLiveNYC2015" $appHomePage = "http://localhost" $appUri = "http://localhost" $pwd = "test!123" # Create a new Azure AD application $azureAdApp = New-AzureADApplication -DisplayName $appName -HomePage $appHomePage -IdentifierUris $appUri -Password $pwd -Verbose # Create a service principal New-AzureADServicePrincipal -ApplicationId $azureAdApp.ApplicationId # Assign a role to the service principal New-AzureRoleAssignment -RoleDefinitionName Contributor -ServicePrincipalName $azureAdApp.ApplicationId # Get the subscription for the role assignment $subscription = Get-AzureSubscription | where { $_.IsCurrent } # Create a new credential object to contain the credentials $creds = Get-Credential -UserName $azureAdApp.ApplicationId -Message "enter your creds" Add-AzureAccount -Credential $creds -ServicePrincipal -Tenant $subscription.TenantId Get this at http://aka.ms/uognfb
  22. 22. Get the Authentication Token private const string SubscriptionId = “[YOUR_AZURE_SUBSCRIPTION_ID]"; private const string TenantId = “[YOUR_AZURE_AD_TENANT_ID]"; private const string ApplicationId = “[YOUR_NEWLY_REGISTERED_APP_id]"; private const string ApplicationPwd = "test!123"; public static string GetAToken() { var authenticationContext = new AuthenticationContext(string.Format("https://login.windows.net/{0}", TenantId)); var credential = new ClientCredential(clientId: ApplicationId, clientSecret: ApplicationPwd); var result = authenticationContext.AcquireToken(resource: "https://management.core.windows.net/", clientCredential: credential); if (result == null) { throw new InvalidOperationException("Failed to obtain the JWT token"); } string token = result.AccessToken; return token; } Get this at http://aka.ms/uognfb
  23. 23. Demo Authenticate and Browse
  24. 24. Demo Recap 1. Create a Service Principal in Azure AD 2. Get the JWT authentication token 3. Create a credential object with token and subscription 4. Create a resource client 5. Execute actions against the client
  25. 25. PowerShell Cmdlets • Get the goods http://azure.microsoft.com/en-us/downloads/ https://github.com/Azure/azure-powershell/releases 
  26. 26. PowerShell • Use cmdlets and/or REST APIs • Ability to script complex environments – Template with an XML parameters file – PowerShell learning curve – Your responsibility to handle errors & ensure consistency • Consistent Deployments – Build server or developer machine
  27. 27. Authentication Options • Interactive – Azure AD PS C:> Add-AzureAccount C:Users<user>AppDataRoamingWindows Azure Powershell
  28. 28. Authentication Options • Interactive – Azure AD PS C:> Add-AzureAccount VERBOSE: Account "michael.collier@live.com" has been added. VERBOSE: Subscription "MSFT Azure Internal - Collier" is selected as the default subscription. VERBOSE: To view all the subscriptions, please use Get-AzureSubscription. VERBOSE: To switch to a different subscription, please use Select-AzureSubscription. Id Type Subscriptions Tenants -- ---- ------------- ------- michael.collier@live.com User 0bbbc191-0023-aaaa-yyyy-xxxxxxxxxxxx 9b6b07ee-3eb1-aaaa-yyyy-xxxxxxxxxxxx 278b93db-29ab-aaaa-yyyy-xxxxxxxxxxxx 715f4ed0-544a-aaaa-yyyy-xxxxxxxxxxxx 3acf171d-3d34-aaaa-yyyy-xxxxxxxxxxxx 72f988bf-86f1-aaaa-yyyy-xxxxxxxxxxxx c68d7703-d6ed-aaaa-yyyy-xxxxxxxxxxxx 20acfbf0-4318-aaaa-yyyy-xxxxxxxxxxxx 57c8cb4e-3ce2-aaaa-yyyy-xxxxxxxxxxxx a28aed54-1dc8-aaaa-yyyy-xxxxxxxxxxxx b5fb8dfb-3e0b-aaaa-yyyy-xxxxxxxxxxxx 362755da-bfb2-aaaa-yyyy-xxxxxxxxxxxx 9a94b816-e790-aaaa-yyyy-xxxxxxxxxxxx 7805bdb6-17da-aaaa-yyyy-xxxxxxxxxxxx cd978409-0ac9-aaaa-yyyy-xxxxxxxxxxxx C:Users<user>AppDataRoamingWindows Azure Powershell
  29. 29. Authentication Options • Programmatic – Management certificate – New –credentials option $userName = "<your work/school account user name>" $securePassword = ConvertTo-SecureString -String "<your work/school account password>" - AsPlainText -Force $cred = New-Object System.Management.Automation.PSCredential($userName, $securePassword) Add-AzureAccount -Credential $cred
  30. 30. Demo Create a VM with Custom Script Extension Deploy a Cloud Service
  31. 31. Demo Recap 1. Authenticate PowerShell with Azure 2. Upload to blob storage a .ps1 script to format drives 3. Provision new Azure VM via PowerShell. a) Custom script extension to format data disks 4. Create Cloud Service (web role) project 5. PowerShell script to upload and deploy
  32. 32. Azure Resource Manager What is Azure Resource Manager? Unit of Management • Lifecycle • Identity • Grouping One Resource -> One Resource Group
  33. 33. ARM Benefits Desired-state deployment Faster deployment Role-based access control (RBAC) Resource-provider model Orchestration Resource configuration SQL - A Website Virtual Machines SQL-A Website [SQL CONFIG] VM (2x) DEPENDS ON SQLDEPENDS ON SQL SQLCONFIG Image source - http://channel9.msdn.com/Events/Build/2014/2-607
  34. 34. Consistent Management Layer Resource Provider https://management.azure.com/subscriptions/{{subscriptionId}}/provide rs?api-version={{apiVersion}} ? REST API
  35. 35. ARM Functions ARM Templates supports small set of built-in functions parameters, variables reference, resourceGroup, resourceId base64, concat, padLeft, padLeft, replace, toLower, toUpper deployment, provider, subscription listKeys Not supported User-defined functions Control constructs – if, while, etc.
  36. 36. Loops and Nested Templates Loops Provide basic copy capability Useful in cloning resource configuration For example, deploying multiple VMs Nested Templates One template can invoke another Simplifies creation of sophisticated templates Supports parameters Supports output variables
  37. 37. ARM Deployment Logs Logs Provider Resource group Resource Availability Kept for 15 days Default is last hour (PowerShell) Filter by Status e.g., Failed PowerShell Get-AzureResourceProviderLog Get-AzureResourceGroupLog Get-AzureResourceLog
  38. 38. Demo Create a new Azure Web App + SQL DB
  39. 39. Demo Recap 1. Get latest Azure SDK for Visual Studio 2. Create new ‘Azure Resource Group’ project 3. Add Web App + SQL template 4. Provide parameters 5. Deploy via PowerShell
  40. 40. What is Azure Automation? • IT process automation solution for Azure – Creation, monitoring, deployment, & maintenance – Runbooks & Assets – Leverage existing PowerShell scripts
  41. 41. Runbook Types • PowerShell Workflow – Windows Workflow Foundation • Checkpoint, suspend, & resume – Parallel or serial execution – Compilation (time increases as complexity increases) • PowerShell (native) – No checkpoint, suspend, or resume – Serial execution only – No compile step! Fast!
  42. 42. Demo Stop VMs nightly
  43. 43. Demo Recap 1. Create Azure Automation account a) Create an AAD user for Azure Automation b) Create an Azure Connection Asset 2. Create Runbook to Stop VMs 1. Connect to Azure subscription 2. Iterate over all services and VMs 3. Test Runbook 4. Publish Runbook 5. Link Runbook to a Schedule
  44. 44. Choices . . . When to Use
  45. 45. Resources • Azure Resource Manager Preview SDKs – https://azure.microsoft.com/en-us/blog/azure-resource-manager-preview-sdks/ • Authenticating a service principal with Azure Resource Manager – https://azure.microsoft.com/en-us/documentation/articles/resource-group-authenticate- service-principal/ • Keith Mayer’s blog posts on Azure Automation – http://blogs.technet.com/b/keithmayer/archive/2014/04/04/step-by-step-getting-started- with-windows-azure-automation.aspx
  46. 46. Questions?
  47. 47. Thank You! Michael S. Collier @MichaelCollier | www.michaelscollier.com michaelscollier@gmail.com | michael.collier@microsoft.com

×