Introduction to Microsoft Azure Resource Manager (ARM)

Save to My DOJO

Introduction to Microsoft Azure Resource Manager (ARM)

As more organizations move to the public cloud, it has become increasingly important to centralize and standardize cloud application deployment, management, and security. Microsoft Azure has accomplished this through their unified operations portal which is known as Azure Resource Manager which can be accessed through http://portal.azure.com. This article explains exactly what Azure Resource Manager is, what it can do, and how you should be using it.

What is Azure Resource Manager?

Azure Resource Manager (ARM) supports modern cloud applications which are usually distributed and contain multi-tiered components, such as a frontend web server, a middle-tier application server, and a backend database server. Through the portal, these are still shown as separate entities but grouped as a connected service which can be managed as a single object. ARM is usually managed through the centralized GUI portal, but for customers with advanced needs, it also supports Azure PowerShell, Azure CLI, Azure REST APIs, and client SDKs. Let’s now look a bit deeper into Azure Resource Manager and its key components for management, templates, security, operations, monitoring, support, and troubleshooting.

Centralized Management with Azure Resource Manager (ARM)

When deploying a new application in Azure through ARM, the first step is to determine which Azure services you need. All of the core components of a cloud infrastructure are provided directly by Microsoft, such as virtual machines, networks, network interfaces, IP addresses, and storage accounts. The Microsoft Azure Marketplace offers thousands of third-party applications and services, all of which have been certified and optimized to run on Azure.  Once you have set up billing and subscriptions for the different cloud services which you will be using, then you can use ARM to centrally administer them.

First, these components will be organized into a Resource Group, which is the logical management container for the related components of this distributed application.  ARM lets you see and manage everything for this workload’s lifecycle in a single operation, including deployment, updating and deleting. In the screenshot below, you can see a Resource Group which was created as a backup from a production MongoDB database in a different geographic region. This Resource Group includes a virtual machine, virtual network, storage account, public IP address, network interface and network security group.

Azure Resource Manager dashboard

Figure 1: Using Azure Resource Manager (ARM) to centrally manage some cloud services

ARM also gives organizations the ability to tag any resource so that it can quickly be discovered, along with its related components. Organizations can categorize their resources to make them easier to sort by resource group, type, location, development state, organizational department, or cost center.  Now using the portal, it is possible to see costs, events, alerts and other relevant information as a single group.

Templates with Azure Resource Manager (ARM)

Each Azure resource (virtual machine, storage account, etc.) can be deployed by filling in parameters in a template, such as the name, location, availability zone, networks, security and more. These templates can be saved, then deployed and tested within a resource group. This allows the distributed application to be deployed repeatedly and consistently. The Resource Manager template is a JSON file which defines the resource group, its resources, their properties and any dependencies. This allows an identical copy of the application to easily be created so it can be deployed in testing, staging, production or in an additional geography to allow the service to scale out. The startup order and dependencies can also be defined so that this application comes online gracefully. All third-party Azure Marketplace solutions come with customizable templates which adhere to the ISV’s best practices to streamline deployment. ARM templates are customizable and can be built using the Azure Portal, Visual Studio or Visual Studio Code. Make sure that you fully-automate the deployment and remove any manual steps to eliminate any dependencies on human configuration. In the following screenshot you can see the template for adding a new disk to an Azure Resource Group.

Attach Unmanaged Disk ARM

Figure 2: Using Azure Resource Manager (ARM) to add a new disk within a template

Security with Azure Resource Manager (ARM)

Security is a critical component of every cloud service and Azure Resource Manager provides a breath of features to allow organizations to successfully manage these distributed applications using role-based access control (RBAC) or OAUTH authentication. The challenge with large cloud services is that they often require multiple administrators with specialized skills to configuring them, such as the cloud networking expert, the database administrator and the application owner.  ARM provides granular access control, only granting specific users with the ability to make changes on certain workloads. All actions are automatically logged so there is an audit trail for every action, event and user. Critical resources can even be ‘locked’ so that they cannot be changed accidentally or deliberately, as shown in the screenshot below.

MongoBackup - Locks

Figure 3: Using Azure Resource Manager (ARM) to create a lock on a protected group

Operations with Azure Resource Manager (ARM)

Azure Resource Manager also provides a suite of tools to automate standard operations for each Resource Group. These features provide the ability to automatically turn off an application, leverage Azure’s built-in backup and replication technologies, patch the services, manage the desired state configuration and track any changes. In the screenshot below, I am using ARM to configure disaster recovery of my Resource Group to a secondary site.

Configure disaster recovery

Figure 4: Using Azure Resource Manager (ARM) to configure disaster recovery

Monitoring with Azure Resource Manager (ARM)

The monitoring capabilities of ARM also provide a centralized view of the health of the cloud application. Through a single interface, each resource within the group can be analyzed for alerts, metrics, diagnostics, logs, connections and other best practices. In the following screenshot, some of the metrics of a virtual machine are displayed.

MonogoBackup Metrics

Figure 5: Using Azure Resource Manager (ARM) to monitor disks

Support & Troubleshooting with Azure resource Manager (ARM)

While Microsoft has taken great strides to making Azure resources easy to manage through ARM there may be issues which cannot be automatically repaired so advanced troubleshooting could be required. ARM centralizes the troubleshooting tools so that if an issue occurs, it is relatively easy to start the initial diagnosis. This includes viewing the resource health and performance, viewing the diagnostics of the boot log, redeploying the service, troubleshooting the network connection, or escalating the issue by creating a ticket with Microsoft’s support organization. In the screenshot below, I can quickly view the health history of my resource group.

MongoBackup Resource Health

Figure 6: Using Azure Resource Manager (ARM) to view resource health

Wrap-Up

Azure Resource Manager is a great tool for centralized management, templates, security, operations, monitoring, support and troubleshooting. By combining all the key features of application lifecycle management into a single interface, Microsoft has made it easy to organizations, developers and IT professionals to make the transition to the public cloud.  For more information about ARM, check out the official Azure Resource Manager Documentation from Microsoft.

What about you? Have you used ARM for cloud management yet? What have your experiences been? We’d love to hear! let us know in the comments section below!

Thanks for reading!

Threat Monitor
Share this post

Not a DOJO Member yet?

Join thousands of other IT pros and receive a weekly roundup email with the latest content & updates!

Leave a comment or ask a question

Your email address will not be published. Required fields are marked *

Your email address will not be published. Required fields are marked *

Notify me of follow-up replies via email

Yes, I would like to receive new blog posts by email

What is the color of grass?

Please note: If you’re not already a member on the Dojo Forums you will create a new account and receive an activation email.