[MS Azure] ARM - Azure Resource Manager
Microsoft Azure Resource Manager Solution
I'm Nam, an enthusiastic Network Engineer. After spending years working with Cloud Computing, I've decided to deep dive into Microsoft Azure and I'm really excited about it! Today, I want to share some essential tips and things that will be super helpful for you as you start your own Azure learning adventure. Let's get started!
Azure Resource Manager
Azure Resource Manager (ARM) is a technology platform from Microsoft that puts all the pieces of Azure together in an organized way. It brings together Azure's resource providers, resources (like virtual machines and storage), and resource groups to create a well-structured cloud platform.
With ARM, Azure services are available through subscriptions, and resource types can be used in resource groups. It also allows easy access to resource APIs, which are like doors to interact with the portal and other client applications. ARM makes sure only authorized users can access these resources, keeping everything secure.
To manage your cloud resources, ARM provides simple deployment and management tools like the Azure portal, Azure PowerShell, and the command-line interface (CLI). These tools make it easy to work with your cloud service.
In Azure, everything is called a "resource." For example, storage accounts, virtual machines (VMs), network interfaces, public IP addresses, etc are all considered resources. These resources are managed through Azure Resource Manager (ARM), which works based on two main concepts: resource providers and resource consumers. (Refer above illustration)
Resource providers are like services that offer different types of resources. They act as containers for grouping similar resources together. For instance, a VM resource type is provided by a resource provider called "Microsoft.Compute/virtualMachines."
By using Resource Explorer via Azure Portal, you can easily see resources in detail. (Providers/Type/API version/contents)
Each resource provider has its own version of the resources it offers, which is identified by release dates. To use a specific resource, the corresponding resource provider must be available in the subscription. Not all resource providers are automatically available, so they might need to be registered separately for each subscription.
Resource groups are like containers for grouping multiple resource instances together. They serve as units of deployment and have a unique name within a subscription. Resources can be provisioned in different Azure regions but still belong to the same resource group.
Resource groups provide additional services like metadata services (such as tagging for categorization), policy-based management, role-based access control (RBAC), and protection against accidental deletions or updates.
Resources are instances created from resource types. Each resource instance has a name and type that make it unique globally or within a resource group. Resources inherit security and access configurations from their parent resource group, but these settings can be overridden for each resource. Resources can also be locked to prevent certain operations or access.
For example, Virtual Machine, Virtual Network, Network Interface, App Service, etc.
RBAC: Azure Active Directory (Azure AD) authenticates users and assigns roles to control access to resources, resource groups, and subscriptions based on permissions defined in roles.
Tags: Tags are name-value pairs used to add additional information and categorization to resources for better organization and management.
Policies: Custom policies are rules and conventions that define access control for resources and resource groups. They work alongside RBAC.
Locks: Subscriptions, resource groups, and resources can be locked to prevent accidental changes.
Multi-region: Resources can be provisioned in different Azure regions while still belonging to the same resource group.
Idempotent: This ensures that resource deployment is consistent and predictable, no matter how many times it's executed.
Extensible: ARM allows the platform to be extended with new resource providers and resource types.
In summary, ARM simplifies resource management in Azure by grouping resources under resource providers, organizing them into resource groups, and providing useful features like RBAC, tags, policies, locks, and more.