The document describes the Azure Resource Manager (ARM) API, detailing how it serves as a container for multiple resources within resource groups that can span regions and services. It provides technical specifications for deploying virtual machines, managing network settings, and security rules, along with parameters for customization. Additionally, it outlines concepts of role definitions and assignments for managing access and permissions at various levels within Azure resources.

3. AZURE RESOURCE MANAGER API

5. 






6.  container for multiple resources
 resources exist in one* resource group
 resource groups can span regions
 resource groups can span services
RESOURCE GROUP

7. You decide

8.  tracks template execution
 created within a resource group
 allows nested deployments
RESOURCE GROUP

10. 













11. 












12. 










13. 









15. { "apiVersion": "2015-05-01-preview",
"type": "Microsoft.Compute/virtualMachines",
"name": "[concat(parameters('vmNamePrefix'), copyindex())]",
"location": "[parameters('location')]",
"copy": {
"name": "virtualMachineLoop",
"count": "[parameters('numberOfInstances')]"
},
"dependsOn": [
"[concat('Microsoft.Network/networkInterfaces/', 'nic', copyindex())]"
],
"properties": {
"hardwareProfile": {
"vmSize": "[parameters('vmSize')]"
},
"osProfile": {
"computername": "[concat('vm', copyIndex())]",
"adminUsername": "[parameters('adminUsername')]",
"adminPassword": "[parameters('adminPassword')]"
},
"storageProfile": {
"osDisk": {
"name": "[concat(parameters('vmNamePrefix'),'-osDisk',copyindex())]",
"osType": "[parameters('osType')]",
"caching": "ReadWrite",
"image": {
"uri": "[variables('userImageName')]"
},
"vhd": {
"uri":
"[concat(variables('osDiskVhdContainer'),parameters('vmNamePrefix'),copyindex(),'osDisk.
vhd')]"
}




16. 


 { "name": "cluster-nodes",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2015-01-01",
"dependsOn": [
"[concat('Microsoft.Resources/deployments/',
'shared')]"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('clusterNodesTemplateUrl')]",
"contentVersion": "1.0.0.0"
},

17. 

Start
App
Service
Plan
End
Auto
Scale
Setting
Web
Site Alert
Rule
App
Insights
MS
Deploy
PKG
After App Service
Plan Completes
After Website
Completes
Once All
Complete

18. 







19. 

"networkSettings": {
"vnetName": "[parameters('virtualNetworkName')]",
"addressPrefix": "10.0.0.0/16",
"subnets": {
"dmz": {
"name": "dmz",
"prefix": "10.0.0.0/24",
"vnet": "[parameters('virtualNetworkName')]"
},
"data": {
"name": "data",
"prefix": "10.0.1.0/24",
"vnet": "[parameters('virtualNetworkName')]"
}
"osSettings": {
"imageReference": {
"publisher": "Canonical",
"offer": "UbuntuServer",
"sku": "14.04.2-LTS",
"version": "latest"
}
"tshirtSizeSmall": {
"vmSize": "Standard_A1",
"diskSize": 1023,
"vmTemplate": "[concat(variables('templateBaseUrl'),
'database-2disk-resources.json')]",
"vmCount": 2,
"storage": {
"name": "[parameters('storageAccountNamePrefix')]",
"count": 1,
"pool": "db",
"map": [0,0],
"jumpbox": 0
}
},
"availabilitySetSettings": {
"name": "pgsqlAvailabilitySet",
"fdCount": 3,
"udCount": 5
}

20. 

"outputs": {
"masterip": {
"value":
"[reference(concat(variables('nicName'),0)).ipConfigurations[0].properties.privateIPAddress]",
"type":"string"
}}
"masterIpAddress": {
"value":
"[reference('master-node').outputs.masterip.value]"
} }

21. Name Value Description
Location String The location where the resources will be deployed from a constrained list of Azure
regions.
storageAccountN
amePrefix
String Unique DNS name for the Storage Account where the VM’s disks will be placed
virtualNetworkNa
me
String For deployments that create a new Virtual Network, the name to use for creating that
resource. For deployments that use an existing Virtual Network, the name of the
VNet to deploy into.
username String User name for the virtual machine(s) and potentially the application(s). More than
one user name can be requested from the end user, but at least one must be
prompted.
password String Password for the virtual machine(s) and potentially the application(s). More than one
password can be requested from the end user for different VMs or applications, but
at least one must be prompted.
tshirtSize String The named scale unit size to provision from a constrained list of
offered t-shirt sizes. For example, “Small”, “Medium”, “Large”
enableJumpbox String Parameter that identifies whether to enable a jumpbox for the environment.
Values: “enabled”, “disabled”

22. 






23. jumpbox
tshirtSize
osFamily

24. jumpbox
tshirtSize
osFamily

25. jumpbox
tshirtSize
osFamily

26. jumpbox
tshirtSize
osFamily

27. jumpbox
tshirtSize
osFamily

28. jumpbox
tshirtSize
osFamily

29. jumpbox
tshirtSize
osFamily

30. jumpbox
tshirtSize
osFamily

31. jumpbox
tshirtSize
osFamily

32. 







33. jumpbox
tshirtSize
osFamily

34. jumpbox
tshirtSize
osFamily

35. 



36. 



37. Two Key Concepts
Role Definitions
• describes the set of permissions
(e.g. read actions)
• can be used in multiple
assignments
Role Assignments
• associate role definitions with an
identity (e.g. user/group) at a
scope (e.g. resource group)
• always inherited – subscription
assignments apply to all resources

39. subscription level – grants
permissions to all
resources in the sub
resource group level –
grants permissions to all
resources in the group
resource level – grants
permissions to the specific
resource

40. 









41. 











42. 










43. 













45. {
"apiVersion": "2015-05-01-preview",
"type": "Microsoft.Network/networkSecurityGroups",
"name": "[parameters('FENSGName')]",
"location": "[parameters('location')]",
"properties":
{
"securityRules": [
{
"name": "rdp_rule",
"properties":
{
"description": "Allow RDP",
"protocol": "Tcp",
"sourcePortRange": "*",
"destinationPortRange": "3389",
"sourceAddressPrefix": "Internet",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 100,
"direction": "Inbound"
}
},
{
"name": "web_rule",
"properties": {
"description": "Allow WEB",
"protocol": "Tcp",
"sourcePortRange": "*",
"destinationPortRange": "80",
"sourceAddressPrefix": "Internet",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 101,
"direction": "Inbound"
}
}
]
}
}
{
"apiVersion": "2015-05-01-preview",
"type": "Microsoft.Network/networkSecurityGroups",
"name": "[parameters('AppNSGName')]",
"location": "[parameters('location')]",
"properties": {
"securityRules": [{
"name": "Allow_FE",
"properties": {
"description": "Allow FE Subnet",
"protocol": "Tcp",
"sourcePortRange": "*",
"destinationPortRange": "443",
"sourceAddressPrefix": "10.0.0.0/24",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 100,
"direction": "Inbound"
}
},
{
"name": "Block_RDP_Internet",
"properties": {
"description": "Block RDP",
"protocol": "tcp",
"sourcePortRange": "*",
"destinationPortRange": "3389",
"sourceAddressPrefix": "Internet",
"destinationAddressPrefix": "*",
"access": "Deny",
"priority": 101,
"direction": "Inbound"
}
},
{
"name": "Block_Internet_Outbound",
"properties": {
"description": "Block Internet",
"protocol": "*",
"sourcePortRange": "*",

46. 



47. 




48. 



49. 


50. 






51. 











52. 





52

53. 








54. 
https://github.com/Azure/azure-quickstart-templates

http://azure.microsoft.com/en-
us/documentation/articles/resource-group-overview/

55. Getting Started
Azure Resource Manager Overview
Using Windows PowerShell with Resource Manager
Using the Azure Cross-Platform Command-Line Interface with the Resource Manager
Using the Azure Portal to manage your Azure resources
Creating and Deploying Applications
Authoring Azure Resource Manager Templates
Deploy an application with Azure Resource Manager template
Troubleshooting Resource Group Deployments in Azure
Azure Resource Manager Template Functions
Advanced Template Operations
Organizing Resources
Using tags to organize your Azure resources
Managing and Auditing Access
Managing and Auditing Access to Resources
Authenticating a Service Principal with Azure Resource Manager
Create a new Azure Service Principal using the Azure classic portal