Introduction to Microsoft Azure Resource Manager (ARM)

With the need to centralize and standardize cloud application deployment, management, and security, Microsoft Azure has accomplished this through their unified control plane known as Azure Resource Manager, or Azure ARM, which can be accessed through http://portal.azure.com. This article explains exactly what Azure Resource Manager is, what it can do, and how you should be using it.

What is Azure Resource Manager (ARM)?

Azure Resource Manager (ARM) is the control plane and management layer for Microsoft Azure. If you have interacted with Microsoft Azure through the Azure portal or programmatically using Azure APIs you have interacted with Azure Resource Manager without even knowing it. When a user sends a request using any of the Azure tools, such as the Azure portal, APIs, SDKs, and PowerShell, Azure Resource Manager receives the request, authenticates and authorizes the user and then sends the request on to the appropriate Azure resources. ARM provides efficient Azure resource management across the board.

Azure Resource Manager (ARM) supports modern cloud applications which are usually distributed and contain multi-tiered components, such as a frontend web server, a middle-tier application server, and a backend database server. Through the Azure Resource Manager portal, these are still shown as separate entities but grouped as a connected service which can be managed as a single object. Azure ARM is usually managed through the centralized GUI portal, but for customers with advanced needs, it also supports Azure PowerShell, Azure CLI, Azure REST APIs, and client SDKs. Let’s now look a bit deeper into Azure Resource Manager and its key components for management, templates, security, operations, monitoring, support, and troubleshooting.

Centralized Management with Azure Resource Manager (ARM)

When deploying a new application in Azure through ARM, the first step is to determine which Azure resources you need. All of the core components of cloud infrastructure are provided directly by Microsoft, such as virtual machines, networks, network interfaces, IP addresses, and storage accounts. The Microsoft Azure Marketplace offers thousands of third-party applications and services, all of which have been certified and optimized to run on Azure. Once you have set up billing and subscriptions for the different cloud services which you will be using, then you can use ARM to centrally administer them.

First, these components will be organized into an Azure Resource Group, which is the logical management container for the related components of this distributed application. Azure ARM lets you see and manage everything for this workload’s life cycle in a single operation, including deployment, updating and deleting. In the screenshot below, you can see an Azure Resource Group which was created as a backup from a production MongoDB database in a different geographic region. This Azure Resource Group includes a virtual machine, virtual network, storage account, public IP address, network interface and network security group.

Figure 1: Using Azure Resource Manager (ARM) to centrally manage some cloud services

ARM also gives organizations the ability to tag any resource so that it can quickly be discovered, along with its related components. Organizations can categorize their resources to make them easier to sort by resource group, type, location, development state, organizational department, or cost center. Now using the portal, it is possible to see costs, events, alerts and other relevant information as a single group.

What is an Azure Resource Manager Template?

Each Azure resource (virtual machine, storage account, etc.) can be deployed by filling in parameters in an Azure ARM template, such as the name, location, availability zone, networks, security and more. These Azure ARM templates can be saved, then deployed and tested within an Azure resource group. This allows the distributed application to be deployed repeatedly and consistently.

The Azure Resource Manager template is a JSON file which defines the resource group, its resources, their properties and any dependencies. This allows an identical copy of the application to easily be created so it can be deployed in testing, staging, production or in an additional geography to allow the service to scale out. The startup order and dependencies can also be defined so that this application comes online gracefully. All third-party Azure Marketplace solutions come with customizable templates which adhere to the ISV’s best practices to streamline deployment. ARM templates are customizable and can be built using the Azure Portal, Visual Studio or Visual Studio Code. Make sure that you fully-automate the deployment and remove any manual steps to eliminate any dependencies on human configuration. In the following screenshot you can see the template for adding a new disk to an Azure Resource Group.

Figure 2: Using Azure Resource Manager (ARM) to add a new disk within a template

Security with Azure Resource Manager (ARM)

Security is a critical component of every cloud service and Azure Resource Manager provides a breadth of features to allow organizations to successfully manage these distributed applications using role-based access control (RBAC) or OAUTH authentication. The challenge with large cloud services is that they often require multiple administrators with specialized skills to configure them, such as the cloud networking expert, the database administrator and the application owner.  ARM provides granular access control, only granting specific users with the ability to make changes on certain workloads. All actions are automatically logged so there is an audit trail for every action, event and user. Critical resources can even be ‘locked’ so that they cannot be changed accidentally or deliberately, as shown in the screenshot below.

Figure 3: Using Azure Resource Manager (ARM) to create a lock on a protected group

Operations with Azure Resource Manager (ARM)

Azure Resource Manager also provides a suite of tools to automate standard operations for each Resource Group. These features provide the ability to automatically turn off an application, leverage Azure’s built-in backup and replication technologies, patch the services, manage the desired state configuration and track any changes. In the screenshot below, I am using ARM to configure disaster recovery of my Resource Group to a secondary site.

Figure 4: Using Azure Resource Manager (ARM) to configure disaster recovery

Monitoring with Azure Resource Manager (ARM)

The monitoring capabilities of ARM also provide a centralized view of the health of the cloud application. Through a single interface, each resource within the group can be analyzed for alerts, metrics, diagnostics, logs, connections and other best practices. In the following screenshot, some of the metrics of a virtual machine are displayed.

Figure 5: Using Azure Resource Manager (ARM) to monitor disks

Azure Resource Group Best Practices

Azure Resource groups provide many benefits. However, there are certain best practices to be aware of with Resource groups. These include the following as detailed from Microsoft:

• You should manage your Azure resource groups with the same lifecycle methodologies. This best practice includes deploying, updating, and deleting resource group resources in lock-step, together. 
• Your resources should only be located in one resource group. However, you can add or remove resources to a different Azure Resource group at any time.
• When creating resource groups, provide a location for the resource group. The reason for this is it stores metadata about the resources that help with compliance objectives, such as making sure data exists in a certain region
• Apply Azure Policies, Azure Roles, and Resources can be assigned to a resource group. You can also apply tags to resource groups. However, the child resources of the resource group do not inherit the tags on the parent resource group
• Up to 800 instances of a resource type can be deployed in a resource group. Keep this limitation in mind.

Support & Troubleshooting with Azure Resource Manager (ARM)

While Microsoft has taken great strides to make Azure resources easy to manage through ARM there may be issues which cannot be automatically repaired so advanced troubleshooting could be required. ARM centralizes the troubleshooting tools so that if an issue occurs, it is relatively easy to start the initial diagnosis. This includes viewing the resource health and performance, viewing the diagnostics of the boot log, redeploying the service, troubleshooting the network connection, or escalating the issue by creating a ticket with Microsoft’s support organization. In the screenshot below, I can quickly view the health history of my resource group.

Figure 6: Using Azure Resource Manager (ARM) to view resource health

To properly protect your Hyper-V virtual machines, use Altaro VM Backup to securely backup and replicate your virtual machines. We work hard perpetually to give our customers confidence in their Hyper-V backup strategy.

To keep up to date with the latest Hyper-V best practices, become a member of the Altaro DOJO | Hyper-V now (it’s free).

Wrap-Up

Azure Resource Manager is a great tool for centralized management, templates, security, operations, monitoring, support and troubleshooting. By combining all the key features of application lifecycle management into a single interface, Microsoft has made it easy to organizations, developers and IT professionals to make the transition to the public cloud.  For more information about ARM, check out the official Azure Resource Manager Documentation from Microsoft.

What about you? Have you used ARM for cloud management yet? What have your experiences been? We’d love to hear! Let us know in the comments section below!

Thanks for reading the post about Azure Resource Manager!