Skip to content

Latest commit

 

History

History
150 lines (80 loc) · 15.3 KB

File metadata and controls

150 lines (80 loc) · 15.3 KB

Azure Overview

Millions of customers worldwide trust the Azure platform, and there are over 90,000 Cloud Solution Providers (CSPs) partnered with Microsoft to add extra benefits and services to the Azure platform. By leveraging Azure, organizations can easily modernize their applications, expedite application development, and adapt application requirements to meet the demands of their users. This section provides an overview of Azure, its services, and recommendations on how to get started.

Advantages of choosing Azure

By offering solutions on Azure, ISVs can access one of the largest B2B markets in the world. Through the Azure Partner Builder's Program, Microsoft assists ISVs with the tools and platform to offer their solutions for customers to evaluate, purchase, and deploy with just a few clicks of the mouse.

One of the advantages of choosing Microsoft Azure is access to the Azure AI Services and Azure OpenAI Service, which empowers developers to integrate advanced artificial intelligence and natural language processing capabilities into their solutions. Developers are able to build, deploy, and manage applications with the language or platform of their choice. With Azure OpenAI Service and other Azure AI services, AI is now available to developers of all skill levels to build scale without constraint.

Microsoft's development suite includes such tools as the various Visual Studio products, Azure DevOps, GitHub, and low-code Power Apps. All of these contribute to Azure's success and growth through their tight integrations with the Azure platform. Organizations that adopt modern tools are 65% more innovative, according to a 2020 McKinsey & Company report.

This image demonstrates common development tools on the Microsoft cloud platform to expedite application development.

To facilitate developers' adoption of Azure, Microsoft offers a free subscription with $200 credit, applicable for thirty days; year-long access to free quotas for popular services and access to always free Azure service tiers.

Introduction to Azure resource management

The Azure Fundamentals Microsoft Learn Module demonstrates the different classifications of Azure Services. Moreover, Azure supports a variety of common tools, such as Visual Studio, PowerShell, and the Azure CLI, to manage Azure environments.

The Azure resource management hierarchy

Azure provides a flexible resource hierarchy to simplify cost management and security. This hierarchy consists of four levels:

  • Management groups: Management groups consolidate multiple Azure subscriptions for compliance and security purposes.

  • Subscriptions: Subscriptions govern cost control and access management. Azure users cannot provision Azure resources without a subscription.

  • Resource groups: Resource groups consolidate the individual Azure resources for a given deployment. All provisioned Azure resources belong to one resource group. In this guide, it will be required to provision a resource group in an subscription to hold the required resources.

    • Resource groups are placed in a geographic location that determines where metadata about that resource group is stored.
  • Resources: An Azure resource is an instance of a service. An Azure resource belongs to one resource group located in one subscription.

    • Most Azure resources are provisioned in a particular region.

    This image shows Azure resource scopes.

Create landing zone

An Azure landing zone is the target environment defined as the final resting place of a cloud migration project. In most projects, the landing zone should be scripted via ARM templates for its initial setup. Finally, it should be customized with PowerShell or the Azure Portal to fit the workload's needs. First-time Azure users will find creating and deploying to DEV and TEST environments easy.

To help organizations quickly move to Azure, Microsoft provides the Azure landing zone accelerator, which generates a landing zone ARM template according to an organization's core needs, governance requirements, and automation setup. The landing zone accelerator is available in the Azure portal.

This image demonstrates the Azure landing zone accelerator in the Azure portal, and how organizations can optimize Azure for their needs and innovate.

Automating and managing Azure services

When it comes to managing Azure resources, there are many potential options. Azure Resource Manager is the deployment and management service for Azure. It provides a management layer that enables users to create, update, and delete resources in Azure subscriptions. Use management features, like access control, locks, and tags, to secure and organize resources after deployment.

All Azure management tools, including the Azure CLI, Azure PowerShell module, Azure REST API, and browser-based Portal, interact with the Azure Resource Manager layer and Identity and access management (IAM) security controls.

This image demonstrates how the Azure Resource Manager provides a robust, secure interface to Azure resources.

Access control to all Azure services is offered via the Azure role-based access control (Azure RBAC) natively built into the management platform. Azure RBAC is a system that provides fine-grained access management of Azure resources. Using Azure RBAC, it is possible to segregate duties within teams and grant only the amount of access to users that they need to perform their jobs.

Azure management tools

The flexibility and variety of Azure's management tools make it intuitive for any user, irrespective of their skill level with specific technologies. As an individual's skill level and administration needs mature, Azure has the right tools to match those needs.

Azure service management tool maturity progression.

Azure portal

As a new Azure user, the first resource a person will be exposed to is the Azure Portal. The Azure Portal gives developers and architects a view of the state of their Azure resources. It supports extensive user configuration and simplifies reporting. The Azure mobile app provides similar features for users that are away from their main desktop or laptop.

The picture shows the initial Azure service list.

Azure runs on a common framework of backend resource services, and every action taken in the Azure portal translates into a call to a set of backend APIs developed by the respective engineering team to read, create, modify, or delete resources.

Azure Marketplace

Azure Marketplace is an online store that contains thousands of IT software applications and services built by industry-leading technology companies. In Azure Marketplace, it is possible to find, try, buy, and deploy the software and services needed to build new solutions and manage the cloud infrastructure. The catalog includes solutions for different industries and technical areas, free trials, and consulting services from Microsoft partners.

The picture shows an example of Azure Marketplace search results.

Evolving

Moving workloads to Azure alleviates some administrative burdens, but not all. Even though there is no need to worry about the data center, there is still a responsibility for service configuration and user access. Applications will need resource authorization.

Using the existing command-line tools and REST APIs, it is possible to build custom tools to automate and report resource configurations that do not meet organizational requirements.

Azure PowerShell and CLI

Azure PowerShell and the Azure CLI (for Bash shell users) are useful for automating tasks that cannot be performed in the Azure portal. Both tools follow an imperative approach, meaning that users must explicitly script the creation of resources in the correct order.

Shows an example of the Azure CLI.

There are subtle differences between how each of these tools operates and the actions that can be accomplished. Use the Azure command-line tool guide to determine the right tool to meet the target goal.

Azure CLI

It is possible to run the Azure CLI and Azure PowerShell from the Azure Cloud Shell, but it does have some limitations. It is also possible to run these tools locally.

To use the Azure CLI, download the CLI tools from Microsoft.

To use the Azure PowerShell cmdlets, install the Az module from the PowerShell Gallery, as described in the installation document.

Azure Cloud Shell

The Azure Cloud Shell provides Bash and PowerShell environments for managing Azure resources imperatively. It also includes standard development tools, like Visual Studio Code, and files are persisted in an Azure Files share.

Launch the Cloud Shell in a browser at https://shell.azure.com.

PowerShell Module

The Azure portal and Windows PowerShell can be used for managing Azure Cosmos DB for NoSQL. To get started with Azure PowerShell, install the Azure PowerShell cmdlets for Azure Cosmos DB with the following PowerShell command in an administrator-level PowerShell window:

Install-Module -Name Az.CosmosDB

Infrastructure as Code

Infrastructure as Code (IaC) provides a way to describe or declare what infrastructure looks like using descriptive code. The infrastructure code is the desired state. The environment will be built when the code runs and completes. One of the main benefits of IaC is that it is human readable. Once the environment code is proven and tested, it can be versioned and saved into source code control. Developers can review the environment changes over time.

There are a few options of IaC tooling to choose from when provisioning and managing Azure resources. These include Azure-native tools from Microsoft, like ARM templates and Azure Bicep, as well as third-party tools popular within the industry like HashiCorp Terraform.

ARM templates

ARM templates can deploy Azure resources in a declarative manner. Azure Resource Manager can potentially create the resources in an ARM template in parallel. ARM templates can be used to create multiple identical environments, such as development, staging, and production environments.

The picture shows an example of an ARM template JSON export.

Bicep

Reading, updating, and managing the ARM template JSON code can be difficult for a reasonably sized environment. What if there was a tool that translates simple declarative statements into ARM templates? Better yet, what if there was a tool that took existing ARM templates and translated them into a simple configuration? Bicep is a domain-specific language (DSL) that uses a declarative syntax to deploy Azure resources. Bicep files define the infrastructure to deploy to Azure and then use that file throughout the development lifecycle to repeatedly deploy infrastructure changes. Resources are deployed consistently.

By using the Azure CLI it is possible to decompile ARM templates to Bicep using the following:

az bicep decompile --file template.json

Additionally, the Bicep playground tool can perform similar decompilation of ARM templates.

Sample Bicep code that deploys Azure Cosmos DB for NoSQL

Terraform

Hashicorp Terraform is an open-source tool for provisioning and managing cloud infrastructure resources. Terraform simplifies the deployment of Azure services, including Azure Kubernetes Service, Azure Cosmos DB, and Azure AI, through infrastructure-as-code to automate provisioning and management of Azure services. Terraform is also adept at deploying infrastructure across multiple cloud providers. It enables developers to use consistent tooling to manage each infrastructure definition.

Sample Terraform code that deploys Azure Cosmos DB for NoSQL

Other tips

Azure administrators should consult with cloud architects and financial and security personnel to develop an effective organizational hierarchy of resources.

Here are some best practices to follow for Azure deployments.

  • Utilize Management Groups Create at least three levels of management groups.

  • Adopt a naming convention: Azure resource names should include business details, such as the organization department, and operational details for IT personnel, like the workload. Defining an Azure resource naming convention will help the organization standardize on a common naming convention that will help better identify resources once created.

  • Adopt other Azure governance tools: Azure provides mechanisms such as resource tags and resource locks to facilitate compliance, cost management, and security.