Skip to main content

The Basics of Azure Resource Manager

How Azure Resource Manager Helps You Coordinate Effectively and Deploy Interdependent Entities

Azure Resource Manager (ARM) is a new way to deploy and manage the services in your application. You can interact with ARM from Azure Management Portal, REST API, PowerShell, and Azure CLI. Azure Resource Manager enables users to work with resources such as virtual machines and databases in a solution as a single group. This model is often referred to as ARM or v2. The other way of deployment is referred to as classic or Azure Service Management (ASM) or v1. Microsoft recommends using the Resource Manager Deployment model instead of the classic system, as well as re-deploying existing resources through ARM if possible. Today, most services support ARM.

Resource Groups Combine Resources into a Coherent Application

Azure Resource Manager offers developers an easy way to create and manage a set of related resources in an orderly, predictable, and consistent fashion.

A Resource Group is a logical container which holds a set of related resources which you want to manage as a single unit. You can create a single resource group for all resources in your application, including storage, multiple virtual machines, NICs, IP Addresses, load balancers, subnet, and Network Security group. Or, if you want to have a network as a basic unit and then be able to deploy multiple applications on top of it, you could have one resource group which contains a subnet, Network Security Group, and IP addresses, and another resource group with storage and multiple virtual machines. Also, if you are not able to decide at first on how to organize your resources into resource groups, don’t worry. Most resources may be moved into other resource groups.

How ARM Provides a Consistent Deployment Mechanism

ARM helps you define your deployment in a declarative JSON template. Using these templates, you can deploy and consistently redeploy your application. Resource Manager Templates enable us to specify resource dependencies, which help ensure that resources are deployed in the correct order. ARM template deployments are incremental, thereby ensuring that ARM does not re-provision the resource if it is in the same state as defined in the template.

Resource Tagging Provides an Efficient Way to Organize Your Entities

ARM supports organizing the resources by applying tags. A tag is a key-value, which can have up to 512 characters for the key and 256 characters for the value. Each resource can have up to 15 tags. We can define the taxonomy for tags and make use of tagging for various scenarios. Tag taxonomy is subscription wide, and resources from all resource groups share the same taxonomy. The typical use case is to organize resources for billing or management by specifying the cost center, environment etc. Also, I have seen deployments where tags are used for on-call alias, specifying an owner for the resource (in some scenarios, we wanted to define a single point of contact on the resource – independent of RBAC & permissions).

Critical Access Control Concepts in ARM

Role-based access control (RBAC) is natively integrated into ARM. In the classic model, we only had two levels of access across all subscriptions (service administrator and co-administrator). ARM comes with many built-in roles. Built-in roles include general roles like Owner, Contributor, and Reader as well as service specific roles like SQL DB Contributor, SQL Security Manager, SQL Server Contributor etc. Each role specifies a set of operations that are allowed (called actions) or denied (called not actions) on specific resources. RBAC is by default a deny and explicit allow system. We can assign roles to users, groups or services at subscription, resource group, or resource levels.

Additionally, ARM allows you to configure a lock for write or delete operations on a subscription, resource group or resource to prevent accidental update or deletion of critical resources.

How and Why to Develop Custom Resource Management Policies

ARM enables us to define custom policies for managing our resources. Policies can be applied at the subscription, resource group, or resource level. Unlike RBAC, policies function by default as an allow and explicit deny system. Policies work together with RBAC – users must be authenticated through RBAC before the policy evaluation kick-start. The typical use case for using policies is to enforce specific tags for resources, to restrict certain resources to be created only inthe specific region, enforcing naming convention of resources, and so on.

Next Steps

Now that you have a concrete understanding of Azure Resource Manager, it’s time to set up a project of your very own. To help you develop proficiency with Azure, we offer a wide range of Azure courses, including Introduction to Azure Resource Manager. This course covers the following topics:

  • Best Practices for JSON Templates,
  • Deploying ARM JSON Templates,
  • Access Control in Azure Resource Manager,
  • JSON Template Tooling,
  • And a huge variety of demos to help get you started.

Sign up for your free 7-day trial today and start learning Azure right away!

Avatar

Written by

Manesh Raveendran

Manesh is a software consultant and solutions architect specializing in cloud, data, Linux and devops in the azure realm with key focus on hybrid workloads. He has been working on Azure technologies since its inception and has helped many enterprises to onboard and adapt to Azure cloud, build solutions for datacenter scale / high consumer applications and services. Currently, he is Microsoft certified for Developing Microsoft Azure Solutions (70-532), Implementing Microsoft Azure Infrastructure Solutions(70-533) and Architecting Microsoft Azure Solutions (70-534).

Related Posts

Avatar
Guy Hummel
— June 6, 2019

How to Become a Microsoft Certified Azure Administrator

Microsoft Azure is one of the hottest cloud services on the planet, and it’s growing at a phenomenal rate. This rapid growth has created a huge demand for people who know how to administer and manage Azure implementations.To make it easier for employers to verify the skills of Azure...

Read more
  • Azure
  • exam
Avatar
Guy Hummel
— May 20, 2019

Preparing for the Microsoft AZ-900 Exam

Microsoft has offered Azure certification exams for years, but until recently, they were all meant for technical IT professionals. Now non-technical professionals, such as salespeople and managers, can take the new AZ-900 exam to prove their understanding of Azure fundamentals. People w...

Read more
  • Azure
Avatar
Thomas Mitchell
— May 16, 2019

An Overview of Azure Storage (Part 2)

Archive StorageArchive Storage offers the lowest storage costs of all Azure storage. Its retrieval costs, however, are higher when compared to Hot and Cool storage. The archive tier of storage is designed for data that can tolerate several hours of latency when being retrieved. It’s a...

Read more
  • Azure
  • Storage
Avatar
Thomas Mitchell
— May 14, 2019

An Overview of Azure Storage (Part 1)

Welcome to part one of our series on Azure Storage. Stay tuned for the second part. An Overview of Azure StorageMicrosoft Azure Storage is a cloud-based storage offering that provides multiple storage solutions for organizations. In addition to a massively scalable object store for ...

Read more
  • Azure
  • Storage
Avatar
Giacomo Marinangeli
— March 29, 2019

NEW: Custom Hands-On Labs for Azure and Google Cloud Platform

Harvard Business Review recently estimated that some 90% of corporate training never gets applied on the job. Given the $200B training industry, that is a staggering amount of waste. One reason for the disconnect? Lack of context.Cloud Academy’s platform was built to make it extraor...

Read more
  • Azure
  • Content Engine
  • Google Cloud Platform
  • Hands-on Labs
Avatar
Guy Hummel
— March 28, 2019

How to Become a Microsoft Certified Azure Solutions Architect

Microsoft Azure is the fastest growing cloud provider. Azure’s revenue grew an incredible 76% in the last quarter of 2018. As more and more businesses move their IT infrastructure to Microsoft’s cloud platform, the demand for Azure professionals keeps rising. Since there are relatively ...

Read more
  • Azure
Avatar
Nitheesh Poojary
— March 20, 2019

What is Heroku? Getting Started with PaaS Development

So just what is Heroku? It's a service for developers eager to get their applications online without having to worry about infrastructure details.Metered, pay-as-you-go Cloud Computing services come in all kinds of flavors. Infrastructure as a Service (IaaS) offerings like AWS allow e...

Read more
  • Azure
  • Development & Deploy
Avatar
Nitheesh Poojary
— March 12, 2019

Understanding Object Storage and Block Storage Use Cases

Cloud Computing, like any computing, is a combination of CPU, memory, networking, and storage. Infrastructure as a Service (IaaS) platforms allow you to store your data in either Block Storage or Object Storage formats.Understanding the differences between these two formats - and how ...

Read more
  • Azure
  • Storage
Avatar
Thomas Mitchell
— January 29, 2019

What are Azure Blueprints?

What are Azure Blueprints?Blueprints, in the traditional sense, are used by architects and engineers to design and build new things.  They are used to ensure that the final products are built to specifications and in compliance with certain standards and requirements.Azure Bluepri...

Read more
  • Azure
  • Blueprints
Avatar
Thomas Mitchell
— January 22, 2019

Azure Hybrid Identity Authentication Methods

The move to the cloud is picking up steam.  As such, many corporations are beginning to find themselves supporting a mixture of on-prem apps as well as cloud apps. Users are finding that they need access to this mix of applications as well.  As one would expect, this can become a challe...

Read more
  • Azure
  • Hybrid Cloud
  • Hybrid Identity
Avatar
Andrew Larkin
— January 15, 2019

2018 Was a Big Year for Content at Cloud Academy

As Head of Content at Cloud Academy I work closely with our customers and my domain leads to prioritize quarterly content plans that will achieve the best outcomes for our customers.We started 2018 with two content objectives: To show customer teams how to use Cloud Services to solv...

Read more
  • AWS
  • Azure
  • Cloud Computing
  • Google Cloud Platform
Avatar
Dwayne Monroe
— December 17, 2018

Azure Internet of Things (Azure IoT) – An Introduction

IoT, or the ‘Internet of Things’, is an intriguing and rapidly growing technology that's bringing significant change to important elements of modern life. According to Gartner, IoT security spending alone is set to reach $1.5 billion during 2018.Like many newly minted terms, the def...

Read more
  • Azure
  • IoT