Organizations running applications in public clouds need a centralized system for deploying managing and securing their apps.
Azure Resource Manager provides you with a centralized and standardized method to deploy and manage apps in the cloud in a secure manner through a unified operations portal supported by Microsoft.
What Is Azure Resource Manager?
Azure Resource Manager enables organizations to deploy and manage cloud applications, which have multi-tiered components. Those components usually include a frontend web server, a middle-tier application server and a backend database server. Resource Manager groups these separate entities into a grouped service, which you can manage as a single object.
Resource Manager runs as a centralized GUI portal for cloud apps management but it also supports interfaces through Azure Power Shell, Azure CLI, Azure REST APIs and client SDKs
Core Features of Azure Resource Manager
Resource Manager supports thousands of cloud applications by third-party developers that run on Azure while Microsoft provides all the core elements of the cloud infrastructure your organization needs. Once you identify what specific services you will use, you can use Resource Manager for centralized cloud apps management in three core areas.
Deployment of App Resources
With Azure Resource Manager, you can consistently deploy the same application by using a single declarative template in which you specify the infrastructure and dependencies for your app.
Organizations can take advantage of the template in all environments including test, staging or production environment. Solutions you create by using the Azure Marketplace come with a template that is most suitable for the respective third-party application.
Resource Organization
You can easily visualize resources in your app and manage those resources without having to deploy individual parts of your application one by one and only then bind them together.
Resource Manager enables you to create resource groups made of resources with a common lifecycle. This way you can deploy or delete those resources within a single action.
The tool allows for checking dependencies between resources and tagging resources to categorize them for various management tasks.
Specify Resource Access Rights
Azure Resource Manager allows the organization to specify access rights to resources and define role-based permissions. You can permit individual users to perform actions with resources or create user groups that have such access rights.
You can protect critical resources by locking them and preventing users from deleting or modifying a particular resource. Auditing of actions related to the resources is performed based on logs that track all user actions such as username, time, events, and status.
Classic App Deployment vs. Azure Resource Manager
All the above-mentioned core features work in a centralized and standardized environment, which was not the case with the classic application deployment model. The classic model does not allow for grouping your related resources and each resource exists as an independent entity.
What it means is that you must manually track all the individual resources that are part of your solution and manually manage each of them without a centralized console that shows them as a single service.
The classic deployment model also requires deploying each and every resource manually through the Azure portal or having a script that deploys all the resources under a list that orders them correctly.
Access rights policies in the classic model are hard to implement and update while you cannot have tags on resources to track and monitor billing.
With the introduction of the resource group concept in 20014, Resource Manager offers the following advantages as opposed to the classic deployment model:
- Grouping all your services and managing all of them as a group and not as individual services
- Repeatedly deploying your solutions or applications throughout their entire lifecycle to have consistent solutions running in the cloud.
- Defining user access rights for any of your resources in a group while Resource Manager automatically applies those policies to resources you are adding to the group.
- Tagging of resources to organize and categorize them.
- Defining the infrastructure for your specific solution by using JavaScript Object Notation (JSON) files that work as Resource Manager templates.
- Defining resource dependencies to deploy them in the correct order.
Unfortunately, not all resources are manageable within the Resource Manager portal.
What Resources You Can Deploy with Resource Manager
In the context of the Azure cloud ecosystem, organizations can deploy cloud services only by implementing them through the classic model.
You can choose to use both Resource Manager and classic deployment models for virtual machines, storage accounts and virtual networks.
Resource Manager supports all the other Azure services.
Available Deployments in Resource Manager
Source: Microsoft
Since the classic deployment models and the modern Resource Manager models of deployment differ, organizations need to plan which models are most suitable for their solutions or applications
Differences between Classic and Resource Manager Deployments
The table below shows how resource providers interact in the classic deployment model and Azure Resource Manager.
Element |
Classic Model |
Azure Resource Manager |
Cloud Service for Virtual Machines |
Cloud Service is a container that contains the virtual machines that required Availability from the platform and Load Balancing. |
The model does not require Cloud Service as an object to create a virtual machine. |
Virtual Networks |
You can deploy a virtual network for the virtual machine at your discretion. If you have one, you cannot deploy it using Resource Manager. |
Virtual machines need a virtual network that you deploy with Resource Manager. |
Storage Accounts |
Your virtual machine needs a storage account to store the virtual hard disks for the operating system, temporary, and additional data disks. |
The virtual machine stores data in blob storage, which in turn requires a storage account. |
Load Balancing |
A Cloud Service provides an implicit load balancer for your virtual machines. |
The Microsoft. Network provider exposes the Load Balancer resource. The primary network interface of your virtual machines, which needs to be load balanced, should reference the load balancer. You can have internal or external load balancers. |
Endpoints |
You should configure Input Endpoints on a virtual machine to have connectivity for specific ports. |
You should configure Inbound NAT Rules in load balancers to enable endpoints on specific ports for connections to the virtual machines. |
DNS (Domain Name System) |
A cloud service gets an implicit globally unique DNS name. |
DNS name is an optional parameter you specify on a Public IP Address resource. |
There are even more differences in how you deploy resources and applications within a classic and a Resource Manager model, which requires further evaluation of your specific deployment needs and requirements.
Conclusion
Azure Resource Manager is a platform that equips you with advanced features for centralized management of cloud applications throughout the entire lifecycle. Its features include app monitoring, deployment templates, operations, and security as well as troubleshooting capabilities.
Organizations transferring their operations and application deployment into public clouds will benefit from a single interface for solution management.
Interested in Microsoft Azure Sentinel?
Datashield has helped countless clients implement Microsoft Azure Sentinel.