The Basics of Azure Resource Manager

How Azure Resource Manager Helps You Coordinate Effectively and Deploy Interdependent Entities

Azure Resource Manager (ARM) is a new way to deploy and manage the services in your application. You can interact with ARM from Azure Management Portal, REST API, PowerShell and Azure CLI. Azure Resource Manager enables users to work with resources such as virtual machines and databases in a solution as a single group. This model is often referred to as ARM or v2. The other way of deployment is referred to as classic or Azure Service Management (ASM) or v1. Microsoft recommends using the Resource Manager Deployment model instead of the classic system, as well as re-deploying existing resources through ARM if possible. Today, most services support ARM.

Resource Groups Combine Resources into a Coherent Application

Azure Resource Manager offers developers an easy way to create and manage a set of related resources in an orderly, predictable, and consistent fashion.
A Resource Group is a logical container which holds a set of related resources which you want to manage as a single unit. You can create a single resource group for all resources in your application, including storage, multiple virtual machines, NICs, IP Addresses, load balancers, subnet and Network Security group. Or, if you want to have a network as a basic unit and then be able to deploy multiple applications on top of it, you could have one resource group which contains a subnet, Network Security Group, and IP addresses, and another resource group with storage and multiple virtual machines. Also, if you are not able to decide at first on how to organize your resources into resource groups, don’t worry. Most resources may be moved into other resource groups.

How ARM Provides a Consistent Deployment Mechanism

ARM helps you define your deployment in a declarative JSON template. Using these templates, you can deploy and consistently redeploy your application. Resource Manager Templates enable us to specify resource dependencies, which help ensure that resources are deployed in the correct order. ARM template deployments are incremental, thereby ensuring that ARM does not re-provision the resource if it is in the same state as defined in the template.

Resource Tagging Provides an Efficient Way to Organize Your Entities

ARM supports organizing the resources by applying tags. A tag is a key-value, which can have up to 512 characters for the key and 256 characters for the value. Each resource can have up-to 15 tags. We can define the taxonomy for tags and make use of tagging for various scenarios. Tag taxonomy is subscription wide, and resources from all resource groups share the same taxonomy. The typical use case is to organize resources for billing or management by specifying the cost center, environment etc. Also, I have seen deployments where tags are used for on-call alias, specifying an owner for the resource (in some scenarios, we wanted to define a single point of contact on the resource – independent of RBAC & permissions).

Critical Access Control Concepts in ARM

Role based access control (RBAC) is natively integrated in ARM. In the classic model, we only had two levels of access across all subscriptions (service administrator and co-administrator). ARM comes with many built-in roles. Built-in roles include general roles like Owner, Contributor and Reader as well as service specific roles like SQL DB Contributor, SQL Security Manager, SQL Server Contributor etc. Each role specifies a set of operations that are allowed (called actions) or denied (called not actions) on specific resources. RBAC is by default a deny and explicit allow system. We can assign roles to users, groups or services at subscription, resource group, or resource levels.
Additionally, ARM allows you to configure a lock for write or delete operations on a subscription, resource group or resource to prevent accidental update or deletion of critical resources.

How and Why to Develop Custom Resource Management Policies

ARM enables us to define custom policies for managing our resources. Policies can be applied at the subscription, resource group, or resource level. Unlike RBAC, policies function by default as an allow and explicit deny system. Policies work together with RBAC – users must be authenticated through RBAC before the policy evaluation kick-start. The typical use case for using policies is to enforce specific tags for resources, to restrict certain resources to be created only in specific region, enforcing naming convention of resources, and so on.

Next Steps

Now that you have a concrete understanding of Azure Resource Manager, it’s time to set up a project of your very own. To help you develop proficiency with Azure, we offer a wide range of Azure courses, including Introduction to Azure Resource Manager. This course covers the following topics:

  • Best Practices for JSON Templates,
  • Deploying ARM JSON Templates,
  • Access Control in Azure Resource Manager,
  • JSON Template Tooling,
  • And a huge variety of demos to help get you started.

Sign up for your free 7-day trial today and start learning Azure right away!

Written by

Manesh is a software consultant and solutions architect specializing in cloud, data, Linux and devops in the azure realm with key focus on hybrid workloads. He has been working on Azure technologies since its inception and has helped many enterprises to onboard and adapt to Azure cloud, build solutions for datacenter scale / high consumer applications and services. Currently, he is Microsoft certified for Developing Microsoft Azure Solutions (70-532), Implementing Microsoft Azure Infrastructure Solutions(70-533) and Architecting Microsoft Azure Solutions (70-534).

Related Posts

— November 21, 2018

Google Cloud Certification: Preparation and Prerequisites

Google Cloud Platform (GCP) has evolved from being a niche player to a serious competitor to Amazon Web Services and Microsoft Azure. In 2018, research firm Gartner placed Google in the Leaders quadrant in its Magic Quadrant for Cloud Infrastructure as a Service for the first time. In t...

Read more
  • AWS
  • Azure
  • Google Cloud
— October 30, 2018

Azure Stack Use Cases and Applications

This is the second of a two-part series covering Azure Stack. Our first post provided an introduction to Azure Stack. Why would your organization consider using Azure Stack? What are the key differences between Azure Stack and Microsoft Azure? In this post, we'll begin to answer bot...

Read more
  • Azure
  • Hybrid Cloud
  • Virtualization
— October 3, 2018

Highlights from Microsoft Ignite 2018

Microsoft Ignite 2018 was a big success. Over 26,000 people attended Microsoft’s flagship conference for IT professionals in sunny Orlando, Florida. As usual, Microsoft made a huge number of announcements, ranging from minor to major in importance. To save you the trouble of sifting thr...

Read more
  • Azure
  • Ignite
— September 20, 2018

Planning for Microsoft Ignite 2018 Sessions: What Not to Miss

Cloud Academy is proud to be a sponsor of the Microsoft Ignite Conference to be held September 24 - 28 in Orlando, Florida. This is Microsoft’s biggest event of the year and is a great way to stay up to date on how to get the most from Microsoft’s products. In this post, I’ll help you p...

Read more
  • Azure
— September 18, 2018

How to Optimize Cloud Costs with Spot Instances: New on Cloud Academy

One of the main promises of cloud computing is access to nearly endless capacity. However, it doesn’t come cheap. With the introduction of Spot Instances for Amazon Web Services’ Elastic Compute Cloud (AWS EC2) in 2009, spot instances have been a way for major cloud providers to sell sp...

Read more
  • AWS
  • Azure
  • Google Cloud
— August 23, 2018

What are the Benefits of Machine Learning in the Cloud?

A Comparison of Machine Learning Services on AWS, Azure, and Google CloudArtificial intelligence and machine learning are steadily making their way into enterprise applications in areas such as customer support, fraud detection, and business intelligence. There is every reason to beli...

Read more
  • AWS
  • Azure
  • Google Cloud
  • Machine Learning
— July 5, 2018

How Does Azure Encrypt Data?

In on-premises environments, data security is typically a siloed activity, with a company's security team telling the internal technology groups (server administration, database, networking, and so on) what needs to be protected against intrusion.This approach is absolutely a bad...

Read more
  • Azure
— June 26, 2018

Disadvantages of Cloud Computing

If you want to deliver digital services of any kind, you’ll need to compute resources including CPU, memory, storage, and network connectivity. Which resources you choose for your delivery, cloud-based or local, is up to you. But you’ll definitely want to do your homework first.Cloud ...

Read more
  • AWS
  • Azure
  • Cloud Computing
  • Google Cloud
Albert Qian
— June 19, 2018

Preparing for the Microsoft Azure 70-535 Exam

The credibility of Microsoft Azure continues to grow in the first quarter of 2018 with an increasing number of enterprises migrating their workloads, resulting in a jump for Azure from 10% to 13% in market share. Most organizations will find that simply “lifting and shifting” applicatio...

Read more
  • Azure
  • Compute
  • Database
  • Security
— April 12, 2018

Azure Migration Strategy: A Checklist to Get Started

By now, you’ve heard it many times and from many sources: cloud technology is the future of IT. If your organization isn’t already running critical workloads on a cloud platform (and, if your career isn’t cloud-focused), you’re running the very real risk of being overtaken by nimbler co...

Read more
  • Azure
— March 2, 2018

Three Must-Use Azure Security Services

Keeping your cloud environment safe continues to be the top priority for the enterprise, followed by spending, according to RightScale’s 2018 State of the Cloud report.The safety of your cloud environment—and the data and applications that your business runs on—depends on how well you...

Read more
  • Azure
  • Security
— February 15, 2018

Is Multi-Cloud a Solution for High Availability?

With the average cost of downtime estimated at $8,850 per minute, businesses can’t afford to risk system failure. Full access to services and data anytime, anywhere is one of the main benefits of cloud computing.By design, many of the core services with the public cloud and its underl...

Read more
  • AWS
  • Azure
  • Cloud Adoption
  • Google Cloud