Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Architecting world class azure resource manager templates

958 views

Published on

This session will provide details on consumption scenarios, architecture, and implementation patterns identified during our design sessions and real-world template implementations with customers. Far from academic, these are proven practices informed by the development of ARM templates for 12 of the top Linux-based OSS technologies, including: Apache Kafka, Apache Spark, Cloudera, Couchbase, Hortonworks HDP, DataStax Enterprise powered by Apache Cassandra, Elasticsearch, Jenkins, MongoDB, Nagios, PostgreSQL, Redis, and Nagios. The majority of these templates were developed with a well-known vendor of a given distribution and influenced by the requirements of Microsoft’s enterprise and SI customers during recent projects.

Published in: Software
  • Be the first to comment

  • Be the first to like this

Architecting world class azure resource manager templates

  1. 1. AZURE RESOURCE MANAGER API
  2. 2.      
  3. 3.  container for multiple resources  resources exist in one* resource group  resource groups can span regions  resource groups can span services RESOURCE GROUP
  4. 4. You decide
  5. 5.  tracks template execution  created within a resource group  allows nested deployments RESOURCE GROUP
  6. 6.             
  7. 7.            
  8. 8.          
  9. 9.         
  10. 10. { "apiVersion": "2015-05-01-preview", "type": "Microsoft.Compute/virtualMachines", "name": "[concat(parameters('vmNamePrefix'), copyindex())]", "location": "[parameters('location')]", "copy": { "name": "virtualMachineLoop", "count": "[parameters('numberOfInstances')]" }, "dependsOn": [ "[concat('Microsoft.Network/networkInterfaces/', 'nic', copyindex())]" ], "properties": { "hardwareProfile": { "vmSize": "[parameters('vmSize')]" }, "osProfile": { "computername": "[concat('vm', copyIndex())]", "adminUsername": "[parameters('adminUsername')]", "adminPassword": "[parameters('adminPassword')]" }, "storageProfile": { "osDisk": { "name": "[concat(parameters('vmNamePrefix'),'-osDisk',copyindex())]", "osType": "[parameters('osType')]", "caching": "ReadWrite", "image": { "uri": "[variables('userImageName')]" }, "vhd": { "uri": "[concat(variables('osDiskVhdContainer'),parameters('vmNamePrefix'),copyindex(),'osDisk. vhd')]" }   
  11. 11.     { "name": "cluster-nodes", "type": "Microsoft.Resources/deployments", "apiVersion": "2015-01-01", "dependsOn": [ "[concat('Microsoft.Resources/deployments/', 'shared')]" ], "properties": { "mode": "Incremental", "templateLink": { "uri": "[variables('clusterNodesTemplateUrl')]", "contentVersion": "1.0.0.0" },
  12. 12.   Start App Service Plan End Auto Scale Setting Web Site Alert Rule App Insights MS Deploy PKG After App Service Plan Completes After Website Completes Once All Complete
  13. 13.       
  14. 14.   "networkSettings": { "vnetName": "[parameters('virtualNetworkName')]", "addressPrefix": "10.0.0.0/16", "subnets": { "dmz": { "name": "dmz", "prefix": "10.0.0.0/24", "vnet": "[parameters('virtualNetworkName')]" }, "data": { "name": "data", "prefix": "10.0.1.0/24", "vnet": "[parameters('virtualNetworkName')]" } "osSettings": { "imageReference": { "publisher": "Canonical", "offer": "UbuntuServer", "sku": "14.04.2-LTS", "version": "latest" } "tshirtSizeSmall": { "vmSize": "Standard_A1", "diskSize": 1023, "vmTemplate": "[concat(variables('templateBaseUrl'), 'database-2disk-resources.json')]", "vmCount": 2, "storage": { "name": "[parameters('storageAccountNamePrefix')]", "count": 1, "pool": "db", "map": [0,0], "jumpbox": 0 } }, "availabilitySetSettings": { "name": "pgsqlAvailabilitySet", "fdCount": 3, "udCount": 5 }
  15. 15.   "outputs": { "masterip": { "value": "[reference(concat(variables('nicName'),0)).ipConfigurations[0].properties.privateIPAddress]", "type":"string" }} "masterIpAddress": { "value": "[reference('master-node').outputs.masterip.value]" } }
  16. 16. Name Value Description Location String The location where the resources will be deployed from a constrained list of Azure regions. storageAccountN amePrefix String Unique DNS name for the Storage Account where the VM’s disks will be placed virtualNetworkNa me String For deployments that create a new Virtual Network, the name to use for creating that resource. For deployments that use an existing Virtual Network, the name of the VNet to deploy into. username String User name for the virtual machine(s) and potentially the application(s). More than one user name can be requested from the end user, but at least one must be prompted. password String Password for the virtual machine(s) and potentially the application(s). More than one password can be requested from the end user for different VMs or applications, but at least one must be prompted. tshirtSize String The named scale unit size to provision from a constrained list of offered t-shirt sizes. For example, “Small”, “Medium”, “Large” enableJumpbox String Parameter that identifies whether to enable a jumpbox for the environment. Values: “enabled”, “disabled”
  17. 17.      
  18. 18. jumpbox tshirtSize osFamily
  19. 19. jumpbox tshirtSize osFamily
  20. 20. jumpbox tshirtSize osFamily
  21. 21. jumpbox tshirtSize osFamily
  22. 22. jumpbox tshirtSize osFamily
  23. 23. jumpbox tshirtSize osFamily
  24. 24. jumpbox tshirtSize osFamily
  25. 25. jumpbox tshirtSize osFamily
  26. 26. jumpbox tshirtSize osFamily
  27. 27.       
  28. 28. jumpbox tshirtSize osFamily
  29. 29. jumpbox tshirtSize osFamily
  30. 30.   
  31. 31.   
  32. 32. Two Key Concepts Role Definitions • describes the set of permissions (e.g. read actions) • can be used in multiple assignments Role Assignments • associate role definitions with an identity (e.g. user/group) at a scope (e.g. resource group) • always inherited – subscription assignments apply to all resources
  33. 33. subscription level – grants permissions to all resources in the sub resource group level – grants permissions to all resources in the group resource level – grants permissions to the specific resource
  34. 34.         
  35. 35.           
  36. 36.          
  37. 37.             
  38. 38. { "apiVersion": "2015-05-01-preview", "type": "Microsoft.Network/networkSecurityGroups", "name": "[parameters('FENSGName')]", "location": "[parameters('location')]", "properties": { "securityRules": [ { "name": "rdp_rule", "properties": { "description": "Allow RDP", "protocol": "Tcp", "sourcePortRange": "*", "destinationPortRange": "3389", "sourceAddressPrefix": "Internet", "destinationAddressPrefix": "*", "access": "Allow", "priority": 100, "direction": "Inbound" } }, { "name": "web_rule", "properties": { "description": "Allow WEB", "protocol": "Tcp", "sourcePortRange": "*", "destinationPortRange": "80", "sourceAddressPrefix": "Internet", "destinationAddressPrefix": "*", "access": "Allow", "priority": 101, "direction": "Inbound" } } ] } } { "apiVersion": "2015-05-01-preview", "type": "Microsoft.Network/networkSecurityGroups", "name": "[parameters('AppNSGName')]", "location": "[parameters('location')]", "properties": { "securityRules": [{ "name": "Allow_FE", "properties": { "description": "Allow FE Subnet", "protocol": "Tcp", "sourcePortRange": "*", "destinationPortRange": "443", "sourceAddressPrefix": "10.0.0.0/24", "destinationAddressPrefix": "*", "access": "Allow", "priority": 100, "direction": "Inbound" } }, { "name": "Block_RDP_Internet", "properties": { "description": "Block RDP", "protocol": "tcp", "sourcePortRange": "*", "destinationPortRange": "3389", "sourceAddressPrefix": "Internet", "destinationAddressPrefix": "*", "access": "Deny", "priority": 101, "direction": "Inbound" } }, { "name": "Block_Internet_Outbound", "properties": { "description": "Block Internet", "protocol": "*", "sourcePortRange": "*",
  39. 39.   
  40. 40.    
  41. 41.   
  42. 42.  
  43. 43.      
  44. 44.           
  45. 45.       52
  46. 46.        
  47. 47.  https://github.com/Azure/azure-quickstart-templates  http://azure.microsoft.com/en- us/documentation/articles/resource-group-overview/
  48. 48. Getting Started Azure Resource Manager Overview Using Windows PowerShell with Resource Manager Using the Azure Cross-Platform Command-Line Interface with the Resource Manager Using the Azure Portal to manage your Azure resources Creating and Deploying Applications Authoring Azure Resource Manager Templates Deploy an application with Azure Resource Manager template Troubleshooting Resource Group Deployments in Azure Azure Resource Manager Template Functions Advanced Template Operations Organizing Resources Using tags to organize your Azure resources Managing and Auditing Access Managing and Auditing Access to Resources Authenticating a Service Principal with Azure Resource Manager Create a new Azure Service Principal using the Azure classic portal

×