Infrastructure as Code Azure

Azure Resource Manager (ARM) Benefits and Best Practices

Read Next:

[Azure, Cloud Volumes ONTAP, DevOps, Elementary, 6 minute read, Infrastructure as Code Azure, B]

Azure Resource Manager (ARM) is the native platform for infrastructure as code (IaC) in Azure. It enables you to centralize the management, deployment, and security of Azure resources. ARM groups resources into containers that group Azure assets together. You can use ARM to deploy assets from multiple Azure resource provider services, such as Microsoft Storage and Microsoft Compute.

In this post, we’ll examine key concepts and benefits of Azure Resource Manager and explain three best practices you should implement when adopting ARM templates. We’ll also explain how NetApp Cloud Volumes ONTAP can help simplify storage when using infrastructure as code in Azure.

In this article, you will learn:

What Is Azure Resource Manager?

Azure Resource Manager (ARM) is an Azure service you can use to manage and deploy resources using an infrastructure as code paradigm. It enables you to provision, modify, and delete resources using a variety of features including access controls, tags, and locks.

When using Azure Resource Manager, there is some specific terminology you should be aware of. The most common terms include:

  • resource—an asset that can be managed. Assets include virtual machines (VMs), virtual networks, databases, web apps, and storage accounts. Resources may also refer to tags, subscriptions, resource groups, or management groups.
  • resource group—a container that groups together related resources. An Azure resource group enables you to manage multiple resources as a whole.
  • resource provider—an individual service in Azure that you can create resources in. For example, Microsoft Storage or Microsoft Compute.
  • Resource Manager template—a file that defines how resources should be deployed to groups, subscriptions or tenants. This file is defined in JavaScript Object Notation (JSON).
  • declarative syntax—the syntax used for Resource Manager templates. It enables you to define how resources should be handled without having to know programming commands.

Key Benefits of Azure Resource Manager

Azure Resources Manager provides several benefits to ease resource management and deployment. These benefits include the following.


Centralized management

ARM enables you to manage resources from a centralized dashboard. It enables you to integrate any Azure resources you are using, including third-party applications and services adopted from the Microsoft Azure Marketplace.

This centralization makes it easier to ensure that resources are handled consistently. It also increases visibility into the configuration of your resources and enables you to restrict administrative workflows to a single tool.


Templates

Azure Resource Manager templates enable you to define and deploy any Azure resources you need to in a clear and consistent way. ARM templates enable you to define resource details, including names, locations, availability zones, security settings, and networks. Once defined, you can use Azure templates repeatedly to deploy identical resources, as needed for distributed applications, testing, or development.

ARM templates are customizable and can be built or modified through Visual Studio Code, Visual Studio, or the Azure Portal. You can also fully automate ARM template deployment, removing dependencies on manual configurations. Additionally, if you are using third-party tools, Azure Marketplace solutions often provide readily available ARM templates.


Security

ARM enables you to use a wide variety of security features with your resources, including role-based access controls (RBACs) and OAuth authentication. It provides granular control over resources and enables you to restrict who is able to modify which workloads. This includes the ability to lock resources against modification or deletion.

Additionally, within Azure Resource Manager, all events are logged with event changes and users. This enables you to audit management as needed and helps ensure that your environment management meets compliance standards.

What is an Azure Resource Manager Template?

Azure Resource Manager templates are JavaScript Object Notation (JSON) files that define your project's infrastructure and configuration.

Templates use declarative syntax. In this way, you can specify what to deploy without writing a series of commands that specify how to deploy it. Templates specify the resources to be deployed and the properties of those resources.

The template is ready for deployment only after it is validated by Resource Manager. This makes it unlikely that the deployment will fail midway.

The template includes the following parts:

  • Parameters - values that allow you to use the same template in different environments during deployment.
  • Variables - values to be reused in different templates. Variables can use values from parameters.
  • User-Defined Functions - lets you define customized elements to simplify templates.
  • Resources - specifies Azure resources to be deployed.
  • Outputs - the return value of the deployed resource.

ARM Template Best Practices

When creating ARM templates there are several best practices you should keep in mind. These practices can help make management easier and ensure that your resources are configured efficiently.


Template limits

In general, try to limit your templates to 4MB with parameters no larger than 64KB. These limits should be applied to the size of your final template, including any iterative resource definitions, variables, or parameters you need to include.

Additionally, you should keep in mind that there are some hard limits for templates. These restrict you to: 

  • 24,576 characters in a template expression
  • 64 output values
  • 800 resources (including copy count)
  • 256 variables
  • 256 parameters

Resource groups

Any resource groups you create store metadata about your resources. This metadata is stored in the same location as your group. This means that if a group region is inaccessible, you cannot update or manage those resources until region access is restored.

If you need to create a failover for a resource group, be sure to keep a copy of your metadata in the failover region. This ensures that you retain control even if your original group is inaccessible.


Consider YAML

The format for ARM templates is JSON. This format is fine for simple templates but as resource numbers and deployment complexities scale, these templates lose their human-readability. For example, some Azure resources require over a hundred lines to define with seemingly endless nested brackets. This makes interpreting the template definitions very difficult.

While you cannot change this format, you can write your templates in YAML and convert to JSON when ready to deploy. YAML can increase the readability of your templates and enable you to comment why you are defining resources as you are. This ability to comment is especially helpful if you have multiple team members working to define templates.


Avoid linked templates unless necessary

Linked templates are a feature in Azure Resource Manager that enable you to split your resources into individual templates. These templates are then linked together and tied to a single deployment source.

This linking is great except that it requires templates to either be publicly accessible or that your deployment pipeline is accessible. You can provide this later access with a SAS token but this still adds some vulnerability to your systems.

Additionally, when using linked templates, you are restricted to using either parameter URI or parameter objects. You cannot combine formats, restricting your ability to handle sensitive information inside the template.

Rather than trying to work around these issues, you should consider using standard templates. You can use your pipelines to control deployment and ensure that dependent templates are deployed together. This enables you to achieve the same result as linked templates with greater security.

For more tips about efficient cloud optimization, see our article about Azure quickstart templates.

What is the Difference Between Azure Classic and Resource Manager?

The Azure public cloud supports two deployment models: Classic mode and Azure Resource Manager (ARM).

Classic Mode
Each resource configured in Azure in classic mode is a separate management unit. Azure resources are created in a cloud container, but you cannot manage the container as a whole each resource must be managed individually. Classic mode does not allow resource grouping, making it less convenient to manage Azure resources.

If you are accessing Classic mode resources from Azure PowerShell or from the Azure portal, behind the scenes you are activating Azure Service Management (ASM) API Calls. ASM is the traditional way to access Azure resources. 

Azure Resource Manager
ARM is the new way to deploy Azure resources using resource groups, which let you manage multiple resources together. When interacting with ARM resource groups using Azure PowerShell or the Azure Portal, behind the scenes you are using the ARM API.

Both Classic resources and ARM resources are available in the new Azure portal. However,  if you are using the Classic Azure portal, you can only use Classic resources (not ARM resources).

Azure Resource Manager Q&A

How Do I Get Started with Templates?

Here are several resources you can use when creating and using ARM templates:

  • Tools—to get started, you need to install Visual Studio Code and the Azure Resource Manager extension. You can learn how to use these resources in this quick start guide.
  • Documentation—Azure offers documentation you can use to learn more about creating your own ARM templates. For example, a good place to start is this beginner tutorial series on ARM templates. 

How Can I Test my Template Before Deploying It?

You can run the ARM test toolkit and “what-if” operation on your templates before deploying them. The toolkit tries to validate if your templates use best practices. If the test toolkit finds elements that require improvements, it provides warnings. 

The what-if operation helps you see how the template will change your environment. It can help you discover unintended changes before deployment. Additionally, the operation returns errors detected during any pre-flight validation. 

Azure Resource Manager with Cloud Volumes ONTAP

NetApp Cloud Volumes ONTAP, the leading enterprise-grade storage management solution, delivers secure, proven storage management services on AWS, Azure and Google Cloud. Cloud Volumes ONTAP supports up to a capacity of 368TB, and supports various use cases such as file services, databases, DevOps or any other enterprise workload, with a strong set of features including high availability, data protection, storage efficiencies, Kubernetes integration, and more.

In particular, Cloud Volumes ONTAP provides Cloud Manager, a UI and APIs for management, automation and orchestration, supporting hybrid & multi-cloud architectures, and letting you treat pools of storage as one element in your infrastructure as code setup.

New call-to-action

-