Hello everybody, time to get in-depth with Azure Resource Manager. But, before I dive into the Azure Resource Manager, I would like to quickly review some of the basics in Azure. I will start with a rundown of the Azure Global Footprint. Then, I will go into how Azure charges are incurred. And finally, I will dive into the Azure Resource Manager V2 and comparing it to the older Azure Service Manager V1. Sit tight and let’s go for an Azure Ride 😉
Microsoft Azure itself is deployed around the world and involves the concept of regions, which is where you select to place and run your code. Each region has a Microsoft Azure data center. These data centers are massive facilities that host tens of thousands or, in some cases, hundreds of thousands of servers. Currently, Microsoft has:
- Four regions in North America
- Two regions in Europe
- Two regions in Asia
- One region in Japan
As shown above, Microsoft also has a number of Content Delivery Network (CDN) edge points. They can be used to cache your content and deliver it even faster to end users.
Once you build an application, you can choose any location in the world where you want to run it and you can move your workloads from region to region. You can also run your application in multiple regions simultaneously or just direct traffic and end users to whichever version of the app is closest to them
How are Azure Charges Incurred?
This may be different for many of you who are familiar with hosting providers and on-premises systems
Simply, with Microsoft Azure, you pay only for what you use:
- There are no upfront costs
- There is no need to buy any upfront server licenses; this is included in the price
- VMs (IaaS and web/worker role) usage is by the minute
- VMs (IaaS only) that are stopped in Microsoft Azure, only storage charges apply
- Likewise, if you use a SQL database, through the SQL Database feature in Microsoft Azure, you do not have to buy a SQL Server license—this is also included in the price
- For compute services, such as VMs and websites you only pay by the hour
This gives you the flexibility to run your applications very cost effectively
You can scale up and scale down your solutions or even turn them on and off as necessary. This also opens up a wide range of possibilities in terms of the new types of apps you can build.
Managing Azure Deployments
Microsoft Azure currently have two management models:
- Azure Service Manager (ASM) has been around since 2009 and has been due for an upgrade..
- Azure Resource Manager (ARM), released last summer, supports modern deployment practices. It is designed to be extensible to all current and future services.
Azure Service Manager V1
- Traditional way to deploy and manage applications hosted in Azure
- Azure Portal https://manage.windowsazure.com
- PowerShell / CLI (default mode)
- REST API
Azure Resource Manager V2
- Modern way to deploy and manage applications hosted in Azure
- Azure Portal https://portal.azure.com
- PowerShell / CLI (ARM mode)
- REST API
- Azure Resource Management Library for .NET
Why and what is Azure Resource Manager?
Today’s challenge with Azure Service Manager V1– it’s difficult to…
- Set and manage permissions – only co-admin and service admin
- Monitor and have alerting rules – limited to Management Services and basic KPI in portal
- Billing – through the billing portal
- Deployment – complex PowerShell to gather all components for an application
- Visualize a group of resources in a logical view, including monitoring/billing
- Resources are provisioned in isolation
- Finding resources is not so easy
- Deployment is more complex than on-premise
- Management of app is challenging
- Proper use of resources becomes more abstract
- Isolation makes communications a challenge
Ok, Rob, then why does Microsoft still keep ASM V1 in production?
Answer: As of the writing of this blog post, not all features have been ported over to Azure Resource Manager V2. Once all features and services have been ported over, I expect Microsoft to end of life Azure Service Manager V1.
Azure Resource Manager Overview
Azure Resource Manager enables you to work with the resources in your solution as a group. You can deploy, update or delete all of the resources for your solution in a single, coordinated operation. You use a template for deployment and that template can work for different environments such as testing, staging and production. Resource Manager provides security, auditing, and tagging features to help you manage your resources after deployment.
Benefits of ARM
- Desired-state deployment
- ARM does desired-state deployment of resources. It does not do desired-state configuration inside these resources (e.g., VMs), although it can initiate the process of desired-state configuration.
- Faster deployments
- ARM can deploy in true parallel as compared to semi-sequential in ASM
- Role-based access control (RBAC)
- RBAC is fully integrated with Azure Active Directory
- Resource-provider model
- Resource-provider model is intended to be fully extensible.
- Common interface for Azure and Azure Stack
- When Azure Stack is released, same API model for on-premises and Cloud
ARM Definitions and what they mean?
- Resource – Atomic unit of deployment
- Resource group – Collection of resources
- Resource provider – Manages specific kinds of resources
- Resource type – Specifies the type of resource
Ok, let’s dive into the details of each now.
A Resource Group is a Unit of Management providing:
- Application Life-Cycle Containment – Deployment, update, delete and status
- You can deploy everything included in a resource group together, thereby maintaining versions of an application along with it’s resources
- Declarative solution for Deployment – “Config as Code”
- Resource Group’s are .json, declarative/configuration code
- Grouping – Metering, billing, quote: applied and rolled up to the group
- Resource groups provide a logical grouping of resources
- Consistent Management Layer
- In the V2 portal, everything is controlled in a RG. RGs can be accessed via REST APIs and resource providers
- Access Control – Scope for RBAC permissions
- You can only use RBAC in the new portal and the highest level generally used for RBAC is the resource group level.
But, Rob, that sounds great, but should these resources (VM’s, DB’s, Storage, etc) be in the same Resource Group or in a different one?
Hint: Do they have common life cycle and management?
Answer: It’s up to you
Resource Groups Best Practices
- Tightly coupled containers of multiple resources of similar or different types
- When resources are in the container, they have a common life cycle. You can deploy these things together, put RBAC on them together with one request and they can know about each other
- Every resource *must* exist in one and only one resource group
- Every resource must be in ONE resource group, important for RBAC
- Resource groups can span regions
- Don’t have to live in same location, can deploy to multiple regions
A few final thoughts on Resource Groups and their deployment scenarios before we move on.
- Most significant question is of life-cycle and what to place in a resource group
- Can apply RBAC, but is this right for a particular resource group?
- Sometimes resources are shared across multiple applications, in other words a VM could be stored in a storage account in a different resource group
- Life-cycle is distinct and managed by different people
- There is no hard and fast rule
A Resource Provider is used by the Azure Resource Manager to manage distinct types of resources – in your JSON template, you will have code that shows what the resource provider expects to see in order for the resource provider (sitting out in Azure) to build the resource that you want…for example a SQL Server or SQL DB or VM.
Resource providers are an extensibility point allowing new resource providers to be added in a consistent manner as new services are added to Azure – anyone can write their own provider
Tools typically used with ARM
- PowerShell – Blog Post coming soon
- PowerShell is used to deploy the ARM templates and can be used to download log files from the Resource Group to analyze issues
- Troubleshooting in the portal – Blog Post coming soon
- Visual Studio
- Although not required, will more than likely be the tool of choice for creating the ARM templates – Blog Post coming soon
Well, that wraps up my blog post on Azure Resource Manager. We covered a lot and have much more to go. Stay tuned…..
Until next time, Rob…
In today’s IT, there are lot of discussions about different terms like PaaS, IaaS, and SaaS. So what do all of these cloud acronyms mean?
I’m going to give you the simplest explanation I can, to help you understand the difference between SaaS, IaaS, and PaaS. First, let’s expand those acronyms! Software as a Service, Infrastructure as a Service, and Platform as a Service are all just different types of clouds.
New Choices for Delivering IT
The cloud provides options for approach, sourcing, and control. It delivers a well-defined set of services, which are perceived by the customers to have infinite capacity, continuous availability, increased agility, and improved cost efficiency. To achieve these attributes in their customers’ minds, IT must shift its traditional server-centric approach to a service-centric approach. This implies that IT must go from deploying applications in silos with minimal leverage across environments to delivering applications on pre-determined standardized platforms with mutually agreed upon service levels. A hybrid strategy that uses several cloud options at the same time will become the norm as organizations choose a mix of various cloud models to meet their specific needs.
Typical Service Models
Software as a Service
Software as a Service (SaaS) delivers business processes and applications, such as CRM, collaboration, and email, as standardized capabilities for a usage-based cost at an agreed, business-relevant service level. SaaS provides significant efficiencies in cost and delivery in exchange for minimal customization and represents a shift of operational risks from the consumer to the provider. All infrastructure and IT operational functions are abstracted away from the consumer.
Platform as a Service
Platform as a Service (PaaS) delivers application execution services, such as application runtime, storage, and integration for applications written for a pre-specified development framework. PaaS provides an efficient and agile approach to operate scale-out applications in a predictable and cost-effective manner. Service levels and operational risks are shared because the consumer must take responsibility for the stability, architectural compliance, and overall operations of the application while the provider delivers the platform capability (including the infrastructure and operational functions) at a predictable service level and cost.
Infrastructure as a Service
Infrastructure as a Service (IaaS) abstracts hardware (server, storage, and network infrastructure) into a pool of computing, storage, and connectivity capabilities that are delivered as services for a usage-based (metered) cost. Its goal is to provide a flexible, standard, and virtualized operating environment that can become a foundation for PaaS and SaaS.
IaaS is usually seen to provide a standardized virtual server. The consumer takes responsibility for configuration and operations of the guest Operating System (OS), software, and Database (DB). Compute capabilities (such as performance, bandwidth, and storage access) are also standardized.
Service levels cover the performance and availability of the virtualized infrastructure. The consumer takes on the operational risk that exists above the infrastructure.
Infrastructure as a Service with Azure Virtual Machines
In short, IaaS gives you a server in the cloud (virtual machine) that you have complete control over. With an Azure VM, you are responsible for managing everything from the Operating System on up to the application you are running.
On-demand data centers, also known as IaaS, provide compute power, memory, and storage, typically priced per hour, based on resource consumption. You pay only for what you use, and the service provides all the capacity you need, but you are responsible for monitoring, managing, and patching your on-demand infrastructure.
The biggest advantage of IaaS is that it offers a cloud-based data center without requiring you to install new equipment or to wait for the hardware procurement process. This means you can get IT resources that otherwise might not be available.
This mode of operation will feel most like a typical on premises virtual machine where you remote desktop into the server to manage it instead of sitting down in front of a physical keyboard and mouse.
Platform as a Service – Azure Cloud Services
An Azure Cloud Service consists of two components: your application files (source code, DLLs, etc.) and a configuration file. Together, these two elements will spin up a combination of Web Roles and Worker Roles to execute your application. With Cloud Services, Azure handles all of the tedious Operating System details for you, so you can focus on what matters – building a quality application for your users.
A Web Role is an Azure VM that is pre-configured as a web server (running IIS) and will automatically have your application loaded on it by the time the server fully spins up. This will create the public endpoint for your application – usually a website, but it could also be an API or something similar.
Worker Roles run alongside your Web Roles and are responsible for performing computing functions to support your application. Typically, the Web Role will accept some sort of user input and queue up an action for the Worker Role to process at a later time. This allows the Web Roles to be more responsive and to fire-and-forget tasks to be processed later.
Software as a Service – Basecamp, Salesforce, Office 365, Azure Websites
Finally, Software as a Service applications are built and hosted through 3rd party vendors who typically charge for a certain level of service – $30/month for X projects and Y users.
Azure Websites can serve as a SaaS offering as well. You can configure a WordPress, Drupal, OpenX, or even phpBB site with a single click. No code, no deployment hassles, and minimal configuration. Azure Websites lets you stand up the service you need in minutes, not hours or days.
Most SaaS applications today are built on a cloud platform due to the low cost of entry – with prices continually falling – and the ability to scale up as your customer base grows. If Dropcam, SmugMug, or Netflix got one million new customers tomorrow, their infrastructure (Amazon Web Services) would be able to accommodate them.
- Software-as-a-Service (SaaS) means you’re renting the app or software
- Platform-as-a-Service (PaaS) means that you’re renting everything but the app or software
- Infrastructure-as-a-Service (IaaS) means you’re renting only the hardware as well as the tools used to manage the hardware
While each Azure Compute (IaaS) offering has their pros and cons, I personally prefer to build my projects around PaaS. With PaaS, you get the maximum possible amount of flexibility before you have to start worrying about the tedious world of OS maintenance, versions, security, patches, etc.
Until next time, Rob.
To continue Windows Azure Pack series here is my next topic: Installing and Configuring Windows Azure Pack
If you missed other parts of the series, check links below:
Part 1 – Understanding Windows Azure Pack
Part 2 – Understanding Windows Azure Pack – Deployment Scenarios
Part 3 – Understanding Windows Azure Pack – How to guide with Express Edition on Nutanix – Environment Prep
Part 4 – Deploying Service Provider Framework on Nutanix
Again to reiterate from my previous blog posts and set some context, Windows Azure Pack (WAP) includes the following capabilities:
- Management portal for tenants – a customizable self-service portal for provisioning, monitoring, and managing services such as Web Site Clouds, Virtual Machine Clouds, and Service Bus Clouds.
- Management portal for administrators – a portal for administrators to configure and manage resource clouds, user accounts, and tenant offers, quotas, and pricing.
- Authentication sites – these sites provide authentication services for the management portal for administrators and the management portal for tenants. Windows Authentication + ADFS for Admins Sites and ASP.NET provider for tenants
- Service management API – a REST API that helps enable a range of integration scenarios including custom portal and billing systems.
- Web Site Clouds – a service that helps provide a high-density, scalable shared web hosting platform for ASP.NET, PHP, and Node.js web applications. The Web Site Clouds service includes a customizable web application gallery of open source web applications and integration with source control systems for custom-developed web sites and applications.
- Virtual Machine Clouds – a service that provides infrastructure-as-a-service (IaaS) capabilities for Windows and Linux virtual machines. The Virtual Machine Clouds service includes a VM template gallery, scaling options, and virtual networking capabilities.
- Service Bus Clouds – a service that provides reliable messaging services between distributed applications. The Service Bus Clouds service includes queued and topic-based publish/subscribe capabilities.
- SQL and MySQL – services that provide database instances. These databases can be used in conjunction with the Web Sites service.
- Automation – the capability to automate and integrate additional custom services into the services framework, including a runbook editor and execution environment.
- Optional resource = what you are going to connect with WAP (for example, SCVMM cloud, SQL Server, etc).
- Required components = Windows Azure Pack components which you install on one machine (express) or on multiple machines (distributed)
In other words, WAP is interface between your resources and tenants = clientscustomers. On the following diagram you can see the main components of WAP, cloud components and optional resources. WAP can be deployed in 2 different ways – express and distributed as previously discussed. In the express deployment, like we are deploying in this series, you can install all WAP components on one machine for labdemo purposes. If you want to have WAP in your production environment, you should always use distributed deployment as mentioned in previous posts in this series. In such a deployment, WAP required and optional components are installed on multiple machines.
Below are examples of various distributed deployments
In this blog post I will explain how to perform the following procedures;
- Installing Windows Azure Pack
- Configuring VMM and SPF
- Configuring Windows Azure Pack
- Login as a Tenant and provision a VM and SQL Database
- System Center Virtual Machine Manager 2012 R2 (VMM01) is installed and configured:
- Member of the AD domain
- One or more SCVMM Clouds created in SCVMM (See video)
- One or more VM Networks created in SCVMM
- Service Provider Foundation is installed as shown in my previous blog post
- SPF IIS Web service running under a domain account
- SQL Server Instance is installed running SQL 2012 or later for Hosting WAP Client Databases (DB01)
- Member of the AD domain
- With SQL Authentication enabled (Using SA)
- WAP Server (WAP01)
Installing Windows Azure Pack:
- On the freshly build WAP Windows Server 2012 R2 server follow the prerequisites steps to install WAP
- Disable Internet Explorer Enhanced Security
- Install Microsoft Web Platform Installer (Web PI) 4.6 (it can be downloaded from here if the WAP server has no Internet follow this blog post)
- Install the following software through Web Pl, in this order:
- Enable Microsoft .NET Framework 3.5 SP 1 in Server Manager
- .NET 4.5 Extended, with ASP.NET for Windows 8.
- IIS recommended configuration.
- Launch WEB PI (Windows Platform Installer) Installer
- Select Products from the top menu
- Type: Windows Azure Pack in the search field in the left side
- Click Add Windows Azure Pack: Portal and API Express
WAP Express installer in Web PI
- Click Install at the bottom of the WEB PI windows
- When the Wizard completes the installation, it will present a screen as the one described in the picture below asking to Continue. When clicking the Continue button, an Internet Explorer Window will be launched
WAP Install screen in Web PI
WAP Install screen in Web PI
- In the recently opened Internet Explorer page, copy the URL, and launch a new browser with administrative privileges. When the new browser is opened, paste the URL you obtained before (https://localhost:30101/)
- In the browser, if you are presented with warnings related to the certificate, click continue. and then the Windows Azure Pack Setup will be displayed
WAP Install screen in Web PI
- In the Database Server page, provide the following information:
Server Name: an instance that accepts SQL Authentication (for example db01.contoso.com)
Authentication type: SQL authentication (Windows Authentication can also be used).
Database server admin username: sa
- Click on the arrow for next.Database Server setup in WAP install
- In the Customer Experience Improvement program, select one Yes (MS needs your feedback:) ) and click Next
- In the Features Setup page, click on the to finish the wizard.
- Once the setup has completed, click in the arrow button
- Sign out and Sign in from WAP01 (this needs to be done for the user to be registered correctly in WAP)
- Open a browser and go to: https://wap01:30091
Validating the WAP installation succeeded:
- Log on to the WAP Server as Administrator
- Start IIS Management Console
- Check that the following IIS WEB Sites are created from pic below:
- Log on the SQL Server (SQL01) as SQL Administrator
- Open SQL Management Studio on the SQL Server as SA
- Check that the following Databases were successfully created from pic below:
Configuring SCVMM and SPF
- Log on to SCVMM Server as Administrator
- Start the SCVMM Console
- In the SCVMM console go to Fabric – Servers – All Hosts and verify your Nutanix Cluster is available and also your shares are available.
- Once hosts have been verified, copy one or more syspreped vhds to the VMM Library (e.g. \NTNXHYPERV-smb.nutanixbd.localNTNXHYPERV-libraryVHDs)
- Now create one or more clouds in SCVMM (in this case we created two: Contoso and Fabrikam, Microsoft default example companies) and assign one or more logical networks to the cloud. Make sure you leave Capability Profiles unchecked
- Under VM Networks, create a VM Network, a subnet and an IP Pool. Connect the VM Network to a logical network that was assigned to the cloud created earlier. (e.g. Contoso Tenant)
- Then create one or more hardware profiles (for example, small, medium and large)
- Create templates from the syspreped VHDs copied to the library (for example, Windows Server 2012 R2 Core and Windows Server 2012 R2 GUI)
NOTE: – when creating the VM templates, in Hardware Profiles it’s not necessary to select one, for our example we created medium, then click next, and make sure that you select Create a new Windows Operating System Customization Settings, and select the operating system (for example, Windows Server 2012 R2 Datacenter). If this is not selected, the VM will not show up in the Windows Azure Pack Portal.
- Select Settings
- Add the user under which the SPF Web Service (Application Pool) account is running to the Administrators group
Click Security > User Roles
Click Administrators > Members
Click Add and select the user that SPF Web Service (Application Pool) is running with. (See my SPF Blog Post)
Service Provider Foundation Configuration
- Log on to the SPF Server as Administrator.
- Start Computer Management
- Select Local User and Groups
- Create a user you want to use for SPF by right click Users > new user (e.g. spf)
Note: This is not the same as the SPF Web Service (Application Pool). This is a local user on the SPF Server.
- Click on the user and select the “Member Of” tab.
Note: Make the user member of all Groups starting with “SPF_”
- Verify that the SPF Web Service is running under the right user credentials
Note: The way SPF executes commands against VMM will be in the context of the user under which the web service is running.
To verify that the SPF Web Service is running under the right service account check the following:
- Log on to the SPF server as an administrator
- Start IIS Manager
- Expand SPF Server > Sites and verify that SPF shows in the list.
- Select Applications Pools under connection menu
- Verify that both the SCVMM and Provider Application Pools are running under the account (Identity) that is also a member of the VMM Administrators
Configuring the Windows Azure Pack
In this section we will be configuring the following:
- Configuring VM Clouds Resource Provider in the Windows Azure Pack
- Configure SQL Servers Resource Provider in the Windows Azure Pack
- Configuring a plan in Windows Azure Pack
- Configure a Admin Account and a subscription in Windows Azure Pack
- Login as a Tenant and provision a VM and SQL Database to a Cloud
Configuring VM Clouds Resource Provider in the Windows Azure Pack
- Log on to WAP Admin Portal as an administrator (e.g. https://wap01.contoso.com:30091)
- Finish the Intro tour and click Ok
- In the main window, Select VM Clouds
- In the VM Clouds Window select Register System Center Service Provider Foundation
- Type the Service URL, Username and Password
Note: the User name and password is the user created locally on the SPF server and which was added to the SPF groups earlier in post
- Verify that the registration goes sucessful
- Register VMM: Go to VM Clouds – Clouds – Use an existing Virtual Machine Cloud Provider to Provision Virtual Machines, and provide the following info:
Virtual machine manager server: vmm01
Port number (optional):
Remote Desktop Gateway:
Click on register
Verify that VMM Server registers correctly by selecting the server under clouds and verify that all clouds shows for the VMM Server
Configure SQL Servers Resource Provider in Windows Azure Pack
- In the WAP Admin Portal, go to SQL Servers
- Click on Add an existing server to the hosting server group
- In the wizard provide the following information:
- SQL Server Group: Default
- SQL Server name: db01
- Username: sa
- Password: ********
- Size of hosting server in GB: 20
Note: The SQL Server used for the SQL server must have SQL Authentication enabled for the Service Provider service to work
- Verify that the following message shows in the status area
- Under Servers there should now be a new SQL Server showing
Configuring a Plan in Windows Azure Pack
- In the WAP Admin Portal, go to Plans.
- Click on + New -> PLAN -> CREATE PLAN
- Specify a name for the plan (e.g. Contoso)
- Select the service that should be offered via the plan (e.g. Virtual Machine Clouds and SQL Servers) and click next
- Skip add-ons and click Ok
Note: In our scenario we created two plans: Contoso and Fabrikam.
- Under plan verify that the new Plan(s) shows in the list
- Click on the first plan created
- Under plan service, click on Virtual Machine Clouds
- Select the VMM Server (There should only be one in the list).
- Under Virtual Machine Cloud, select the Cloud for which you would like to use with the plan (e.g. Contoso)
- Under Usage limit, specify the usage limits that the plan should use
- Under networks, click Add network
- Select the VM networks that should be used for the plan and click Ok
- Click Add hardware profiles
- Select the hardware profiles that should be used for the plan and click Ok
- Click Add Templates and select the templates that should be used for the plan
- Under Additional settings, select the actions that should be allowed within the plan
- Click Save
- Verify that the plan service shows as configured and Active for both services
Configure a Admin Account and a subscription in Windows Azure Pack
- In the WAP Admin main menu click User Accounts
- Click + New -> User Account > Quick Create >
- Provide the following information:
- E-mail: eg. firstname.lastname@example.org
- Password: *******
- Select a plan (e.g. Contoso)
- Click Create
- Click on the newly created user and verify that a subscription shows.
Login as a Tenant and provision a VM and SQL Database to a Cloud
- Open a browser and go to the WAP Tenant Portal (e.g. https://wap01.contoso.com:30081)
- Specify the user account created earlier and password (e.g. email@example.com)
- Click on Submit
- Finish the introduction wizard
- Click on Virtual Machines
- Click Create a virtual Machine Role
- Select Standalone Virtual Machine
- Select From Gallery -> Templates
- Select a template in the list and click Next
- Provide the following information of the VM
- Name: e.g. Contoso01
- Password: ********
- Product Key
Note: Depending on what kind of sysperped image is used, it’s necessary to provide a product key. Only if the image is build using a Volume License image it might not be needed to provide a product key.
- Select a network for the Virtual Machine e.g. Contoso Tenant (this is the network that was selected when creating the plan)
- Click Next
- Go to System Center Virtual Machine Manager 2012 R2 Server and start the SCVMM Console
- Select Job and Select Running
- Verify that one job shows provisioning the virtual machine
- Go back to the WAP Tenant Portal
- Select SQL Server Databases
- Click Add a New Database
- Specify a Name for the Database (e.g. DB01)
- Click Next
- Provide a User Name and a Password (e.g. dba01)
- Click Ok to create the Database
- Verify that the job completes with success.
- Click on All Items
- Verify that a VM and a Database shows in the list
Thats it…you did it…you build your own IaaS on Nutanix…I hope this blog post will help you with installing and configuring Windows Azure Pack on Nutanix. If you run into any issues, during the deployment, please feel free to post a comment.
Until next time, enjoy building your Nutanix Windows Azure Pack IasS offering!