Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Azure for Architects
Azure for Architects

Azure for Architects: Implementing cloud design, DevOps, containers, IoT, and serverless solutions on your public cloud , Second Edition

Arrow left icon
Profile Icon Pelaez Lopez Profile Icon Modi
Arrow right icon
$19.99 per month
Full star icon Full star icon Full star icon Half star icon Empty star icon 3.3 (6 Ratings)
Paperback Jan 2019 536 pages 2nd Edition
eBook
$24.99 $35.99
Paperback
$48.99
Subscription
Free Trial
Renews at $19.99p/m
Arrow left icon
Profile Icon Pelaez Lopez Profile Icon Modi
Arrow right icon
$19.99 per month
Full star icon Full star icon Full star icon Half star icon Empty star icon 3.3 (6 Ratings)
Paperback Jan 2019 536 pages 2nd Edition
eBook
$24.99 $35.99
Paperback
$48.99
Subscription
Free Trial
Renews at $19.99p/m
eBook
$24.99 $35.99
Paperback
$48.99
Subscription
Free Trial
Renews at $19.99p/m

What do you get with a Packt Subscription?

Free for first 7 days. $19.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing
Table of content icon View table of contents Preview book icon Preview Book

Azure for Architects

Getting Started

Every few years, there are technological innovations that change the entire landscape and ecosystem around them. If we go back in time, the 70s and 80s were the time of mainframes. They were huge, occupying large rooms, and almost all computing work was carried out by them. It was difficult to procure one and it was also time-consuming. Enterprises used to order months in advance, before they could have an operational mainframe set up.

The first part of the 90s was the era of personal computing and the internet. Computers became much smaller in size and were comparatively easier to procure. Continuous innovation on the personal computing and internet fronts changed the entire computer industry. People had a desktop through which they could run multiple programs and could connect to the internet. The rise of the internet also propagated the rise of client-server deployments. Now, there could be centralized servers hosting applications and services that could be reached by anyone who had a connection to the internet anywhere on the globe. This was also when server technology gained a lot of prominence. Windows NT was released during this time and was followed by Windows 2000 and Windows 2003 at the turn of the century.

The most remarkable innovation of the 2000s was the rise and adoption of portable devices, especially smartphones, and with them came a plethora of apps. Apps could connect to centralized servers on the internet and could carry out business as normal. Users were no longer dependent on browsers to make this work. All servers were typically either self-hosted or hosted with a service provider, such as an Internet Service Provider (ISP).

Users did not have much control over their servers. Multiple customers and their deployments were part of the same server, even without customers knowing about it.

However, there was something else happening toward the middle and later parts of the first decade of the 2000s. This was the rise of cloud computing, and it again rewrote the entire landscape of the IT industry. Initially, adoption was slow and people approached it with caution, either because the cloud was in its infancy and yet had to mature, or because people had various negative notions about what it was.

We will cover the following topics in the chapter:

  • Cloud computing
  • IaaS, PaaS, and SaaS
  • Understanding Azure
  • Azure Resource Manager
  • Virtualization, Containers, and Docker
  • Interacting with the intelligent cloud

Cloud computing

Today, cloud computing is one of the most promising upcoming technologies and enterprise—no matter how big or small, almost every companies and organization has adopted it as a part of their IT strategy. It is difficult these days to have any meaningful conversation about an IT strategy without including cloud computing in the overall solution discussions.

Cloud computing, or simply the cloud in layman terms, refers to the availability of resources on the internet. These resources are made available to users on the internet as services. For example, storage is available on demand through the internet to users for them to store their files, documents, and so on. Here, storage is a service provided by a cloud provider.

A cloud provider is an enterprise or consortium of companies that provide cloud services to other enterprises and consumers. They host and manage the services on behalf of the user. They are responsible for enabling and maintaining the health of services. Typically, there are large data centers across the globe opened by cloud providers to cater to IT demands from users.

Cloud resources consist of hosting services on on-demand infrastructure, such as compute, network, and storage facilities. This flavor of the cloud is known as Infrastructure as a Service.

Advantages of cloud computing

Cloud adoption is at an all-time high and is further growing because of the advantages it provides. Some of these advantages are mentioned here:

  • Pay-as-you-go: Customers do not need to purchase hardware and software for cloud resources. There is no capital expenditure for using cloud resource. Customers just pay for the resource for the time they are used.
  • Global access: Cloud resources are available globally via the internet. Customers can access their resources on demand from any where.
  • Unlimited resources: The scale of the cloud is unlimited. Customers can provision as many resources as they want, without any constraints. This is also known as unlimited scalability.
  • Managed Services: The cloud provides numerous services that are managed by the cloud provider for customers. This takes away the technical and financial burdens from customers.

Deployment Patterns in Azure

There are three different deployment patterns available on Azure. They are

  • Infrastructure as a Service (also popularly known as IaaS)
  • Platform as a Service (also popularly known as PaaS)
  • Software as a Service (also popularly known as SaaS)

The difference between these three deployment patterns is the level of control exercised by customer viz-a-viz Azure. The next image shows different levels of control within each of these deployment patterns.

Cloud services- IaaS, PaaS, SaaS

It is clear from the previous image that customers have more control using IaaS deployments and it keeps reducing from PaaS to SaaS deployments.

Infrastructure as a Service

IaaS is a deployment types in which customer provision their own infrastructure on Azure. Azure provides infrastructure resources and customers can provision them on demand. Customer are responsible for maintaining and governing their infrastructure. Azure will ensure to maintain the physical infrastructure on which these virtual infrastructure resources are hosted. Under this approach, customers needs active management and operations on the Azure environment.

Platform as a Service

PaaS takes away infrastructure deployments and control from customer. This is a higher level abstraction compared to infrastructure as service. In this approach, customers bring their application, code and data and deploy them on Azure provided platform. These platform are managed and governed by Azure and customer are responsible solely for their application. Customers perform activities related to their applications deployment only. This model provides faster and easier options for deployment of applications compared to infrastructure as a service.

Software as a Service

SaaS is a level higher abstraction compared to PaaS. In this approach, software and its services are available for end user consumption. Customer bring only their data into these services. Customers do not have any control over these services.

Understanding Azure

Azure provides all the benefits of the cloud, while being open and flexible. Azure supports a variety of operating systems, languages, tools, platforms, utilities, and frameworks. It supports both Linux and Windows, SQL Server, MySQL, PostgreSQL and more, as well as C#, Python, Java, Node.js, Bash, and other languages; MongoDB and DocumentDB NoSQL databases, and Jenkins to VSTS as continuous integration tools. The whole idea behind this ecosystem is to enable users to have their choice and freedom of language, their choice of platform and operating system, their choice of database, their choice of storage, and their choice of tools and utilities. Users should not be constrained from the technology perspective; instead, they should be able to build and focus on their business solution, and Azure provides them with a world-class technology stack. Azure is compatible with the user's choice of technology stack.

For example, Azure supports all popular (open source or commercial) database environments. Azure provides Azure SQL, MySQL, and Postgres PaaS services. It provides a Hadoop ecosystem and offers HDInsight, a 100% Apache Hadoop-based PaaS. It also provides a Hadoop on Linux virtual machine implementation for customers who prefer the IaaS approach. Azure also provides a Redis cache service and supports other popular database environments, such as MongoDB, Couchbase, Oracle, and many others as an IaaS implementation.

The number of services is increasing by the day, and the following diagram displays the rich set of services provided by Azure. Not all services are shown here, and the list keeps on growing. The most updated list of services can be found at https://azure.microsoft.com/en-in/services/.

Azure also provides a unique cloud computing paradigmthe hybrid cloud. The hybrid cloud refers to a deployment strategy in which a subset of services are deployed on a public cloud, while other services are deployed in an on-premise private cloud or data center. There is a Virtual Private Network (VPN) connection between both the public and private cloud. Azure provides users the flexibility to divide and deploy their workload on both the public cloud and an on-premise data center.

Azure has data centers across the globe. Azure combines these data centers into regions. Each region has multiple data centers to ensure that recovery from disasters is quick and efficient. At the time of writing, there are 38 regions across the globe. This provides users the flexibility to deploy their services at their choice of location and region. They can also combine these regions to deploy a solution that is disaster-resistant and deployed near their customer base.

In China and Germany, the Azure cloud is separate for general use and for governmental use. This means that the cloud services are maintained in separate data centers.

Azure as an intelligent cloud

Azure provides infrastructure and services to ingest millions and billions of transactions with hyper-scale processing. It provides multi-petabytes of storage for data. It provides a host of inter-connected services that can pass data between themselves. With such capabilities in place, data can be processed to generate meaningful knowledge and insights. There are multiple types of insights that can be generated through data analysis, which are as follows:

  • Descriptive: This kind of analysis provides details about what is happening or has happened in the past.
  • Predictive: This kind of analysis provides details about what is going to happen in the near-future or the future.
  • Prescriptive: This kind of analysis provides details about what should be done to either enhance or prevent the current or future events happening.
  • Cognitive: This actually executes the actions determined by prescriptive analytics in an automated manner.

While deriving insights from data is good, it is equally important to act on them. Azure provides a rich platform to ingest large volume of data, process and transform it, eventually store and generate insights from them, and display them on real-time dashboards. It is also possible to take action on the insights automatically. These services are available to every user of Azure and provide a rich ecosystem on which to create solutions. Enterprises are creating applications and services that are completely disrupting industries because of the easy availability of these intelligent services from Azure that are easily combined to create meaningful value to end customers. Azure ensures that services that are commercially unviable to implement by small and medium companies can now be readily consumed and deployed in a few minutes.

Azure Resource Manager

Azure Resource Manager (ARM) is the technology platform and orchestration service from Microsoft that ties up all components discussed earlier. It brings Azure resource providers, resources, and resource groups together to form a cohesive cloud platform. It helps in the registration of resource providers to subscriptions and regions; it makes the resource types available to resource groups; it makes the resource and resource APIs accessible to the portal and other clients; and it authenticates access to resources. It also enables features such as tagging, authentication, Role-Based Access Control (RBAC), resource locking, and policy enforcement for subscriptions and its resource groups. It provides the same deployment and management experience, whether through a portal or client-based tools such as PowerShell or a command-line interface.

The ARM architecture

The architecture of ARM and its components are as shown in the following diagram. As we can see in the following figure, Azure Subscription comprises multiple resource groups. Each resource group contains resource instances that are created from resource types available in the resource provider:

Azure Resource Manager architecture

Limitations of Azure Service Manager (ASM)

ASM has inherent constraints, and some of the major ones are discussed here: ASM deployments are slow and blocking. Operations are blocked if an earlier operation is already in progress. Some of the limitations to ASM are mentioned here:

  • Parallelism: Parallelism is a challenge in ASM. It is not possible to execute multiple transactions successfully in parallel. The operations in ASM are linear and executed one after another. Either there are parallel operation errors or they will get blocked.
  • Resources: Resources in ASM are provisioned and managed in isolation from each other; there is no relation between ASM resources. Grouping services and resources or configuring them together is not possible.
  • Cloud services: Cloud services are the unit of deployment in ASM. They are reliant on affinity groups and not scalable due to their design and architecture.

Granular and discreet roles and permissions cannot be assigned to resources in ASM. Users are either service administrators or co-administrators in the subscription. They either get full control over resources or do not have access to them at all. ASM provides no deployment support. Deployments are either manual or you will need to resort to writing procedural scripts in PowerShell or .NET. ASM APIs are not consistent between resources.

ARM advantages

ARM provides distinct advantages and benefits over ASM, which are as follows:

  • Grouping: ARM allows grouping of resources together in a logical container. These resources can be managed together and go through a common life cycle as a group. This makes it easier to identify related and dependent resources.
  • Common life cycle: Resources in a group have the same life cycle. These resources can evolve and be managed together as a unit.
  • Role-Based Access Control: Granular roles and permissions can be assigned to resources providing discreet access to users. Users can also have only those rights that are assigned to them.
  • Deployment support: ARM provides deployment support in terms of templates enabling DevOps and Infrastructure as Code (IAC). The deployments are faster, consistent, and predictable.
  • Superior technology: Cost and billing of resources can be managed as a unit. Each resource group can provide their usage and cost information.
  • Manageability: ARM provides advanced features, such as security, monitoring, auditing, and tagging, for better manageability of resources. Resources can be queried based on tags. Tags also provide cost and billing information for resources tagged similarly.
  • Migration: Easier migration and updating of resources within and across resource groups.

ARM concepts

With ARM, everything in Azure is a resource. Examples of resources are virtual machines, network interfaces, public IP addresses, storage accounts, and virtual networks. ARM is based on concepts related to resource providers and resource consumers. Azure provides resources and services through multiple resource providers that are consumed and deployed in groups.

Resource providers

These are services that are responsible for providing resource types through ARM. The top-level concept in ARM is resource providers. These providers are containers for resource types. Resource types are grouped into resource providers. They are responsible for deploying and managing the resources. For example, a virtual machine resource type is provided by a resource provider called Microsoft.Compute Namespace. The REST API operations are versioned to distinguish between them. The version naming is based on the dates on which they are released by Microsoft. It is necessary that a related resource provider is available to a subscription to deploy a resource. Not all resource providers are available to a subscription out of the box. If a resource is not available in the subscription, you need to check whether the required resource provider is available in each region. If it is available, the user can explicitly register in the subscription.

Resource types

These are an actual resource specification defining their public API interface and implementation. They implement the working and operations supported by the resource. Similar to resource providers, resource types also evolve over time with regard to their internal implementation and have multiple versions of their schema and public API interface. The version names are based on the dates that they are released by Microsoft as a preview or General Availability (GA). The resource types become available to a subscription after a resource provider is registered to it. Also, not every resource type is available in every Azure region. The availability of a resource is dependent on the availability and registration of a resource provider in an Azure region and must support the API version needed for provisioning it.

Resource groups

Resource groups are a unit of deployment in ARM. They are containers grouping multiple resource instances in a security and management boundary. A resource group is uniquely named in a subscription. Resources can be provisioned on different Azure regions and yet belong to the same resource group. Resource groups provide additional services to all the resources within it. Resource groups provide metadata services, such as tagging, which enables the categorization of resources, policy-based management of resources, RBAC, protection of resources from accidental deletion or updates, and more. As mentioned before, they have a security boundary, and users that don't have access to a resource group cannot access resources contained within it. Every resource instance needs to be part of a resource group or else it cannot be deployed.

Resource and resource instances

Resources are created from resource types and should be unique within a resource group. The uniqueness is defined by the name of the resource and its type together. In OOP parlance, resource instances can be referred to as objects, while resource types can be referred to as a class. The services are consumed through the operations supported and implemented by resource instances. They define properties that should be configured before usage. Some are mandatory properties, while others are optional. They inherit the security and access configuration from its parent resource group. These inherited permissions and role assignments can be overridden for each resource. A resource can be locked in such a way that some of its operations can be blocked and not made available to roles, users, and groups even though they have access to it. They can be tagged for easy discoverability and manageability.

ARM features

The following are some of the major features provided by ARM:

  • Role-Based Access Control: Azure Active Directory (AAD) authenticates users to provide access to subscriptions, resource groups, and resources. ARM implements OAuth and RBAC within the platform, enabling authorization and access control for resources, resource groups, and subscriptions based on roles assigned to a user or group. A permission defines access to operations on a resource. These permissions could allow or deny access to the resource. A role definition is a collection of these permissions. Roles map AAD users and groups to the permissions. Roles are subsequently assigned to a scope, which can be an individual, collection of resources, resource group, or subscription. The AAD identities (users, groups, and service principles) added to a role gain access to the resource according to permissions defined in the role. ARM provides multiple out-of-the-box roles. It provides system roles, such as owner, contributor, and reader. It also provides resource-based roles, such as SQL DB contributor and virtual machine contributor. ARM allows the creation of custom roles.
  • Tags: Tags are name-value pairs that add additional information and metadata to resources. Both resources and resource groups can be tagged with multiple tags. Tags help in the categorization of resources for better discoverability and manageability. Resources can be quickly searched and identified easily. Billing and cost information can be fetched for resources that have the same tags. While this feature is provided by ARM, an IT administrator defines its usage and taxonomy with regard to resources and resource groups. Taxonomy and tags, for example, can relate to departments, resource usage, location, projects, or any other criteria deemed fit from a cost, usage, billing, or search perspective. These tags can then be applied to resources. Tags defined at the resource group level are not inherited by its resources.
  • Policies: Another security feature provided by ARM is policies. Custom policies can be created to control access to resources. Policies are defined conventions and rules and must be adhered to while interacting with resources and resource groups. The policy definition contains an explicit denial of actions on resources or access to resources. By default, every access is allowed if it is not mentioned in the policy definition. These policy definitions are assigned to resource, resource group, and subscriptions scope. It is important to note that these policies are not replacements or substitutes for RBAC. In fact, they complement and work together with RBAC. Policies are evaluated after a user is authenticated by AAD and authorized by the RBAC service. ARM provides a JSON-based policy definition language for defining policies. Some examples of policy definition are that it must tag every provisioned resource, and resources can only be provisioned to specific Azure regions.
  • Locks: Subscriptions, resource groups, and resources can be locked to prevent accidental deletion and updates by an authenticated user. Locks applied at higher-levels flow downstream of child resources. Locks applied at the subscription level lock every resource group and the resources within it.
  • Multi-region: Azure provides multiple regions for provisioning and hosting resources. ARM allows resources to be provisioned at different locations and yet reside within the same resource group. A resource group can contain resources from different regions.
  • Idempotent: This feature ensures predictability, standardization, and consistency in resource deployment by ensuring that every deployment will result in the same state of resources and configuration, no matter the number of times it is executed.
  • Extensible: ARM architecture provides an extensible architecture to allow the creating and plugging of new resource providers and resource types into the platform.

Virtualization

Virtualization was a breakthrough innovation that completely changed the way physical servers were looked at. It refers to the abstraction of a physical object into a logical object.

The virtualization of physical servers led to virtual servers known as virtual machines. These virtual machines consume and share the same physical CPU, memory, storage, and other hardware with the physical server on which they are hosted. This enabled faster and easier provisioning of application environments on demand, providing high availability and scalability with reduced cost. One physical server was enough to host multiple virtual machines, each virtual machine containing its own operating system and hosting services on it.

There was no longer any need to buy additional physical servers for deploying new applications and services. The existing physical servers were sufficient to host more virtual machines. Furthermore, as part of rationalization, many physical servers were consolidated into a few with the help of virtualization.

Each virtual machine contains the entire operating system, and each virtual machine is completely isolated from other virtual machines, including the physical hosts. Although a virtual machine uses the hardware provided by the host physical server, it has full control over its assigned resources and its environment. These virtual machines can be hosted on a network such as a physical server with its own identity.

Azure can create Linux and Windows virtual machines in a few minutes. Microsoft provides its own images, along with images from partners and the community. Users can provide their own images. Virtual machines are created using these images.

Containers

Containers are also a virtualization technology; however, they do not virtualize a physical server. Instead, a container is an operating system-level virtualization. What this means is that containers share the operating system kernel, provided by the host, among themselves along with the host. Multiple containers running on a host (physical or virtual) share the host operating system kernel. Containers ensure that they reuse the host kernel instead of each having a dedicated kernel to themselves.

Containers are also completely isolated from the host and other containers, such as a virtual machine. Containers use Windows storage filter drivers and session isolation to isolate operating system services such as the filesystem, registry, processes, and networks. Each container gets its own copy of operating system resources.

The container has the perception that it has a completely new and untouched operating system and resources. This arrangement provides lots of benefits, as follows:

  • Containers are fast to provision. They do not need to provide the operating system and its kernel services. They are available from the host operating system.
  • Containers are lightweight and require fewer computing resources than virtual machines. The operating system resource overhead is no longer required in containers.
  • Containers are much smaller than virtual machines.
  • Containers help solve problems related to managing multiple application dependencies in an intuitive, automated, and simple manner.
  • Containers provide infrastructure to define all application dependencies in a single place.

Containers are an inherent part and feature of Windows Server 2016 and Windows 10; however, they are managed and accessed using a Docker client and a Docker daemon. Containers can be created on Azure with Windows Server 2016 SKU as an image. Each container has a single main process that must be running for the container to exist. A container will stop when this process ends. Also, a container can either run in interactive mode or in a detached mode like a service.

Container architecture

The preceding diagram shows all the technical layers that enable containers. The bottom-most layer provides the core infrastructure in terms of network, storage, load balancers, and network cards. At the top of the infrastructure is the compute layer, consisting of either a physical server, or both physical and virtual servers on top of a physical server. This layer contains the operating system with the ability to host containers. The operating system provides the execution driver that the layers above use to call kernel code and objects to execute containers. Microsoft has created Host Container System Shim (HCSShim) for managing and creating containers and uses Windows storage filter drivers for image and file management.

The container environment isolation ability is provided to the Windows session. Windows Server 2016 and Nano Server provide the operating system, enable the container features, and execute the user-level Docker client and Docker engine. The Docker engine uses the services of HCSShim, storage filter drivers, and sessions to spawn multiple containers on the server, each containing a service, application, or database.

Docker

Docker provides management features to Windows containers. It comprises of the following two executables:

  • The Docker daemon
  • The Docker client

The Docker daemon is the workhorse for managing containers. It is a Windows service responsible for managing all activities on the host related to containers. The Docker client interacts with the Docker daemon and is responsible for capturing inputs and sending them across to the Docker daemon. The Docker daemon provides the runtime, libraries, graph drivers, and engine to create, manage, and monitor containers and images on the host server. It also has the ability to create custom images that are used for building and shipping applications to multiple environments.

Interacting with the intelligent cloud

Azure provides multiple ways to connect, automate, and interact with the intelligent cloud. All methods require users to be authenticated with valid credentials before they can be used. The different ways to connect to Azure are the following:

  • Azure Portal
  • PowerShell
  • Azure Command-Line Interface (CLI)
  • Azure REST API

Azure Portal

Azure Portal is a great place to get started. With Azure Portal, users can log in and start creating and managing Azure resources manually. The Portal provides an intuitive and user-friendly user interface through the browser. The Azure Portal provides an easy way to navigate to resources using blades. The blades display all the properties of a resource, logs, cost, its relationship with other resources, tags, security options, and more. The entire cloud deployment can be managed through the Portal.

PowerShell

PowerShell is an object-based command-line shell and scripting language used for the administration, configuration, and management of infrastructure and environments. It is built on top of the .NET framework and provides automation capabilities. PowerShell has truly become a first-class citizen among IT administrators and automation developers for managing and controlling the Windows environment. Today, almost every Windows and many Linux environments can be managed by PowerShell. In fact, almost every aspect of Azure can also be managed by PowerShell. Azure provides rich support for PowerShell. It provides a PowerShell module for each resource provider containing hundreds of cmdlets. Users can use these cmdlets in their scripts to automate interaction with Azure. The Azure PowerShell module is available through the web platform installer on as well as through the PowerShell Gallery. Windows Server 2016 and Windows 10 provide package management and PowerShellGet modules for quick and easy downloading, and installation of PowerShell modules from the PowerShell gallery. The PowerShellGet module provides the Install-Module cmdlet for downloading and installing modules on the system.

Installing a module is a simple act of copying the module files at well-defined module locations that can be done as follows:

Import-module PowerShellGet
Install-Module -Name AzureRM -verbose  

Azure Command-Line Interface (CLI)

Azure also provides Azure CLI 2.0, which can be deployed on Linux, Windows, and Mac operating systems. Azure CLI 2.0 is Azure's new command-line utility for managing Azure resources. Azure CLI 2.0 is optimized for managing and administering Azure resources from the command line, and for building automation scripts that work against the ARM. The CLI can be used to execute commands using Bash Shell or Windows command line. Azure CLI is a very famous among non-Windows users as it allows us to talk to Azure on Linux and Mac. Steps for installing Azure CLI 2 are available at https://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest.

Azure REST API

All Azure resources are exposed to users through REST endpoints. Representational State Transfer (REST) APIs are service endpoints that implement HTTP operations (methods), providing create, retrieve, update, or delete (CRUD) access to the service's resources. Users can consume these APIs to create and manage resources. In fact, the CLI and PowerShell mechanism uses these REST APIs internally to interact with resources on Azure.

ARM templates

In an earlier section, we witnessed deployment features, such as multi-service, multi-region, extensible, and idempotent, provided by ARM. ARM templates are the primary means of provisioning resources in ARM. ARM templates provide implementation support for ARM deployment features.

ARM templates provide a declarative model through which resources, their configuration, scripts, and extensions are specified. ARM templates are based on JavaScript Object Notation (JSON) format. They use the JSON syntax and conventions to declare and configure resources. JSON files are text-based, human-friendly, and easily readable files.

They can be stored in a source code repository and have version control. They are also a means to represent IAC that can be used to provision resources in an Azure resource group again and again, predictably, consistently, and uniformly. A template needs a resource group for deployment. It can only be deployed to a resource group and the resource group should exist before executing a template deployment. A template is not capable of creating a resource group.

Templates provide the flexibility to be generic and modular in their design and implementation. Templates provide the ability to accept parameters from users, declare internal variables, define dependencies between resources, link resources within same or different resource groups, and execute other templates. They also provide scripting language type expressions and functions that make them dynamic and customizable at runtime.

Deployments

PowerShell allows the following two modes of deployment of templates:

  • Incremental: Incremental deployment adds resources declared in the template that don't exist in a resource group, leaves resources unchanged in a resource group that is not part of a template definition, and leaves resources unchanged in a resource group that exists in both the template and resource group with the same configuration state.
  • Complete: Complete deployment, on the other hand, adds resources declared in a template to the resource group, deletes resources that do not exist in the template from the resource group, and leaves resources unchanged that exist in both the resource group and template with the same configuration state.

Summary

The cloud is not more than 10 years old. It is a new paradigm and still in its nascent stage. There will be a lot of innovation and capabilities added over time. Azure is one of the top cloud providers today and it provides rich capabilities through IaaS, PaaS, SaaS, and hybrid deployments. In fact, the Azure stack, which is an implementation of the private cloud from Microsoft, will be released soon. This will have the same features available on a private cloud as on the public cloud. They both will, in fact, connect and work seamlessly and transparently together.

It is very easy to get started with Azure, but developers and architects can also fall into a trap if they do not design and architect their solutions appropriately. This book is an attempt to provide guidance and directions toward architecting solutions the right way, using appropriate services and resources. Every service on Azure is a resource. It is important to understand how these resources are organized and managed in Azure. This chapter provided context around ARM and groupsthe core framework that provides building blocks for resources. It provides a set of services to resources that help provide uniformity, standardization, and consistency in managing them. The services, such as RBAC, tags, policies, and locks, are available to every resource provider and resource. Azure also provides rich automation features to automate and interact with resources. Tools such as PowerShell, ARM templates, and Azure CLI can be incorporated as part of release pipelines and continuous deployment and delivery. Users can connect to Azure from heterogeneous environments using these automation tools.

The next chapter will discuss some of the important architectural concerns that help solve common cloud-based deployment problems and ensure the application is secure, available, scalable, and maintainable in the long run.

Left arrow icon Right arrow icon
Download code icon Download Code

Key benefits

  • Get familiar with the different design patterns available in Microsoft Azure
  • Develop Azure cloud architecture and a pipeline management system
  • Get to know the security best practices for your Azure deployment

Description

Over the years, Azure cloud services have grown quickly, and the number of organizations adopting Azure for their cloud services is also gradually increasing. Leading industry giants are finding that Azure fulfills their extensive cloud requirements. Azure for Architects – Second Edition starts with an extensive introduction to major designing and architectural aspects available with Azure. These design patterns focus on different aspects of the cloud, such as high availability, security, and scalability. Gradually, we move on to other aspects, such as ARM template modular design and deployments. This is the age of microservices and serverless is the preferred implementation mechanism for them. This book covers the entire serverless stack available in Azure including Azure Event Grid, Azure Functions, and Azure Logic Apps. New and advance features like durable functions are discussed at length. A complete integration solution using these serverless technologies is also part of the book. A complete chapter discusses all possible options related to containers in Azure including Azure Kubernetes services, Azure Container Instances and Registry, and Web App for Containers. Data management and integration is an integral part of this book that discusses options for implementing OLTP solutions using Azure SQL, Big Data solutions using Azure Data factory and Data Lake Storage, eventing solutions using stream analytics, and Event Hubs. This book will provide insights into Azure governance features such as tagging, RBAC, cost management, and policies. By the end of this book, you will be able to develop a full-?edged Azure cloud solution that is Enterprise class and future-ready.

Who is this book for?

If you are Cloud Architects, DevOps Engineers, or developers who want to learn key architectural aspects of the Azure Cloud platform, then this book is for you. Prior basic knowledge of the Azure Cloud platform is good to have.

What you will learn

  • Create an end-to-end integration solution using Azure Serverless Stack
  • Learn Big Data solutions and OLTP–based applications on Azure
  • Understand DevOps implementations using Azure DevOps
  • Architect solutions comprised of multiple resources in Azure
  • Develop modular ARM templates
  • Develop Governance on Azure using locks, RBAC, policies, tags and cost
  • Learn ways to build data solutions on Azure
  • Understand the various options related to containers including Azure Kubernetes Services

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Jan 31, 2019
Length: 536 pages
Edition : 2nd
Language : English
ISBN-13 : 9781789614503
Vendor :
Microsoft
Tools :

What do you get with a Packt Subscription?

Free for first 7 days. $19.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing

Product Details

Publication date : Jan 31, 2019
Length: 536 pages
Edition : 2nd
Language : English
ISBN-13 : 9781789614503
Vendor :
Microsoft
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
$19.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
$199.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts
$279.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total $88.97 $127.97 $39.00 saved
Azure for Architects
$48.99
Mastering Identity and Access Management with Microsoft Azure
$65.99
Azure DevOps Server 2019 Cookbook
$54.99
Total $88.97$127.97 $39.00 saved Stars icon
Banner background image

Table of Contents

16 Chapters
Getting Started Chevron down icon Chevron up icon
Azure Solution Availability and Scalability Chevron down icon Chevron up icon
Security and Monitoring Chevron down icon Chevron up icon
Cross-Subscription Deployments Using ARM Templates Chevron down icon Chevron up icon
ARM Templates - Modular Design and Implementation Chevron down icon Chevron up icon
Designing and Implementing Serverless Solutions Chevron down icon Chevron up icon
Azure Integration Solutions Chevron down icon Chevron up icon
Cost Management Chevron down icon Chevron up icon
Designing Policies, Locks, and Tags Chevron down icon Chevron up icon
Azure Solutions Using Azure Container Services Chevron down icon Chevron up icon
Azure DevOps Chevron down icon Chevron up icon
Azure OLTP Solutions Using Azure SQL Sharding, Pools, and Hybrid Chevron down icon Chevron up icon
Azure Big Data Solutions Using Azure Data Lake Storage and Data Factory Chevron down icon Chevron up icon
Azure Stream Analytics and Event Hubs Chevron down icon Chevron up icon
Designing IoT Solutions Chevron down icon Chevron up icon
Other Books You May Enjoy Chevron down icon Chevron up icon

Customer reviews

Top Reviews
Rating distribution
Full star icon Full star icon Full star icon Half star icon Empty star icon 3.3
(6 Ratings)
5 star 50%
4 star 0%
3 star 0%
2 star 33.3%
1 star 16.7%
Filter icon Filter
Top Reviews

Filter reviews by




Dietrich Mar 30, 2019
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Das Buch erleichtert das Arbeiten mit Azure ungemein und der Autor hat die verschiedenen Themen sehr gut zusammengepackt.Beispielhaft ist hier Kapitel 3 "Security and Monitoring" zu nennen. Hier werden die verschiedenen Optionen zur Implementierung von Sicherheitsvorgaben der Reihe nach durchgegangen (Network Security Groups, Firewall, Role based Access, ...). Obwohl hier viele Details und Einzelparameter durchgegangen werden, wird trotzdem das große Ziel mit Checklisten etc. nicht vergessen. Ein sehr gelungenes Kapitel!Weiteres Beispiel für die Qualität des Buches ist Kapitel 10 "Azure Solutions using Azure Container Services": Zu Beginn wird die Azure Container Registry eingeführt und wie man eigene Repositories erstellen kann. Nach einer Kurzerklärung zu Kubernetes wird ein Beispiel dazu Befehl für Befehl durchgegangen, so dass ein Deployment von eigenen Services nichts mehr im Wege steht.Die beiden Kapitel sind in Summe ca. 80 Seiten lang. Die restlichen 13 Kapitel füllen 430 Seiten und haben somit alle ungefähr eine Länge zwischen 30 und 40 Seiten, was die jeweilige Einarbeitung in ein Thema sehr angenehm macht.
Amazon Verified review Amazon
Ravi Pandey Aug 22, 2019
Full star icon Full star icon Full star icon Full star icon Full star icon 5
It's nice book and we'll explained
Amazon Verified review Amazon
mugdha Jul 26, 2019
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Good book
Amazon Verified review Amazon
Dr Gav Apr 25, 2021
Full star icon Full star icon Empty star icon Empty star icon Empty star icon 2
this is not an architect book in my personal view, i term an architect as someone who does top down systems design and partitions, structures and balances a wide range of complex considerations including scale, performance, reliability, quality, flexibility and extensibility (just for starters). as an intro book to configuring a good number of Azure components and services it's pretty good, but doesn't explain much and jumps straight to screen shots in very low res of admin panels. why they aren't better resolution and annotated is beyond me.
Amazon Verified review Amazon
peter k Jul 19, 2019
Full star icon Full star icon Empty star icon Empty star icon Empty star icon 2
No matter how good or bad the contents of this book are; the quality of the editing and proofreading leave a LOT to be desired.The content itself is ok but by no means true architect material. A telltale sign is the sheer number of screenshots and code snippets that low quality publishers use to pad out the number of pages in books. If you are an architect you are not interested in step by step instructions on how to configure stuff, that should be left to books dealing with implementation. The book is very light on actual architectural advice: it lists all the options but does not really go into how to adopt these to requirements.Unfortunately there are very few books dealing with azure on an architectural level so this may be as good as any.I guess if you can live through bad English, redundant content, unreadable diagrams and lots of screenshots and code snippets this book does give an overview of azure and how the various components of the platform work together.
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is included in a Packt subscription? Chevron down icon Chevron up icon

A subscription provides you with full access to view all Packt and licnesed content online, this includes exclusive access to Early Access titles. Depending on the tier chosen you can also earn credits and discounts to use for owning content

How can I cancel my subscription? Chevron down icon Chevron up icon

To cancel your subscription with us simply go to the account page - found in the top right of the page or at https://subscription.packtpub.com/my-account/subscription - From here you will see the ‘cancel subscription’ button in the grey box with your subscription information in.

What are credits? Chevron down icon Chevron up icon

Credits can be earned from reading 40 section of any title within the payment cycle - a month starting from the day of subscription payment. You also earn a Credit every month if you subscribe to our annual or 18 month plans. Credits can be used to buy books DRM free, the same way that you would pay for a book. Your credits can be found in the subscription homepage - subscription.packtpub.com - clicking on ‘the my’ library dropdown and selecting ‘credits’.

What happens if an Early Access Course is cancelled? Chevron down icon Chevron up icon

Projects are rarely cancelled, but sometimes it's unavoidable. If an Early Access course is cancelled or excessively delayed, you can exchange your purchase for another course. For further details, please contact us here.

Where can I send feedback about an Early Access title? Chevron down icon Chevron up icon

If you have any feedback about the product you're reading, or Early Access in general, then please fill out a contact form here and we'll make sure the feedback gets to the right team. 

Can I download the code files for Early Access titles? Chevron down icon Chevron up icon

We try to ensure that all books in Early Access have code available to use, download, and fork on GitHub. This helps us be more agile in the development of the book, and helps keep the often changing code base of new versions and new technologies as up to date as possible. Unfortunately, however, there will be rare cases when it is not possible for us to have downloadable code samples available until publication.

When we publish the book, the code files will also be available to download from the Packt website.

How accurate is the publication date? Chevron down icon Chevron up icon

The publication date is as accurate as we can be at any point in the project. Unfortunately, delays can happen. Often those delays are out of our control, such as changes to the technology code base or delays in the tech release. We do our best to give you an accurate estimate of the publication date at any given time, and as more chapters are delivered, the more accurate the delivery date will become.

How will I know when new chapters are ready? Chevron down icon Chevron up icon

We'll let you know every time there has been an update to a course that you've bought in Early Access. You'll get an email to let you know there has been a new chapter, or a change to a previous chapter. The new chapters are automatically added to your account, so you can also check back there any time you're ready and download or read them online.

I am a Packt subscriber, do I get Early Access? Chevron down icon Chevron up icon

Yes, all Early Access content is fully available through your subscription. You will need to have a paid for or active trial subscription in order to access all titles.

How is Early Access delivered? Chevron down icon Chevron up icon

Early Access is currently only available as a PDF or through our online reader. As we make changes or add new chapters, the files in your Packt account will be updated so you can download them again or view them online immediately.

How do I buy Early Access content? Chevron down icon Chevron up icon

Early Access is a way of us getting our content to you quicker, but the method of buying the Early Access course is still the same. Just find the course you want to buy, go through the check-out steps, and you’ll get a confirmation email from us with information and a link to the relevant Early Access courses.

What is Early Access? Chevron down icon Chevron up icon

Keeping up to date with the latest technology is difficult; new versions, new frameworks, new techniques. This feature gives you a head-start to our content, as it's being created. With Early Access you'll receive each chapter as it's written, and get regular updates throughout the product's development, as well as the final course as soon as it's ready.We created Early Access as a means of giving you the information you need, as soon as it's available. As we go through the process of developing a course, 99% of it can be ready but we can't publish until that last 1% falls in to place. Early Access helps to unlock the potential of our content early, to help you start your learning when you need it most. You not only get access to every chapter as it's delivered, edited, and updated, but you'll also get the finalized, DRM-free product to download in any format you want when it's published. As a member of Packt, you'll also be eligible for our exclusive offers, including a free course every day, and discounts on new and popular titles.