Blog

Save Time and Headaches with Infrastructure as Code on Azure

Microsoft Azure provides advanced tooling that help you define and deploy Infrastructure as Code (IaC). You can use Azure Resource Manager (ARM) templates to provide a declarative definition of the cloud resources you need, and Azure will set the resources up automatically, reliably and consistently. Azure also provides “blueprints” that help you package ARM templates with policies and RBAC definitions—everything you need to setup cloud resources end-to-end.

In this post, we’ll review Azure’s cloud automation components, explain how ARM templates and blueprints work, and show how NetApp Cloud Volumes ONTAP can help automate storage on the Azure cloud.

In this article, you will learn:

Infrastructure as Code on Azure with Azure Resource Manager

Infrastructure as Code is a modern approach for automating the provisioning and deployment of IT resources. The idea is to use simple configuration files to define what IT resources you want to set up, and have those resources created automatically based on that configuration. You can then check that configuration file into a version control repo, test it, manage versions, and start treating your infrastructure like you would ordinary source code.

On Microsoft Azure, the primary building block that enables Infrastructure as Code is Azure Resource Manager (ARM). ARM lets you author templates in JSON format, specifying Azure services you want to run, and makes it possible to easily deploy those services according to the template.


Here is a quick-start template provided by Azure which deploys an Azure Kubernetes Service (AKS) cluster:
"servicePrincipalClientSecret": {
      "reference": {
        "keyVault": {
          "id": "<specify Resource ID of the Key Vault you are using>"
        },
        "secretName": "<specify name of the secret in the Key Vault to get the service principal password from>"
      }
    }

ARM is the Central Deployment Engine on Azure

What’s interesting about ARM is that it is not just an automation engine. ARM is the Azure’s central resource manager. Any actions you perform on the Azure cloud, whether via the Azure portal, PowerShell, the Azure CLI or the REST API, are handled via the same Resource Manager.

Azure Resource ManagerSource: Microsoft Azure

This means that when you create ARM templates and deploy them, Azure guarantees a consistent result. You can create an AKS cluster automatically using the ARM template we showed above, manually through the Azure portal or CLI, or programmatically through the REST API, and the result will be exactly the same.

Benefits of IaC on Azure

Automating infrastructure with Azure Resource Manager templates lets you:

  • Adopt a declarative approach—provision infrastructure using declarative templates, which specify the end result you want to achieve, rather than brittle scripts that specify all the steps required for the deployment.
  • Handle resources as a group—ARM uses the concept of resource groups, which lets you deploy, manage, and monitor all the services in a specific architecture as one unit. The resource group also defines dependencies between resources and ensures they are deployed in the correct order.
  • Redeploy consistently—define a resource group once, test it, and then redeploy it as often as needed, and as many times as needed in parallel, if you need to scale up.
  • Organize resources using tags—you can use tags to identify resources or resource groups in your Azure subscription, allocate resources to projects, manage costs, etc.

Taking IaC on Azure One Step Further: Azure Blueprints

While ARM templates are powerful, they do not provide a complete, standalone IaC solution. You need to combine templates with two other elements to automate workloads on Azure:

  • Policy definitions—ARM templates are subject to the Azure Policies defined in your Azure subscription
  • Role-Based Access Control (RBAC)—ARM templates need you to define RBAC roles in order to give the template permission to run the required services on Azure.

This is where Azure blueprints come in. An Azure blueprint packs all three elements you need to fully automate your infrastructure: ARM templates, policy definitions and RBAC roles.

Azure Blueprints - Enabling quick, repeatable creation of fully governed environmentsSource: Microsoft Industry Blogs

Azure blueprints are especially important if you need to deploy the same ARM templates across several Azure subscriptions, because each subscription will have separate policies and RBAC definitions. Blueprints avoid the need to separately define policies and RBAC in each Azure subscription.

Blueprints provide several useful features:

  • Lifecycle—blueprints are considered an Azure resource, and you can define a lifecycle for them just like any resource.
  • Artifacts—an Azure Blueprint contains Artifacts that define the resources you need to deploy. These can include Resource Groups, ARM templates, Policy Assignments, and Role Assignments.
  • Static and dynamic parameters—these are defined at the Blueprints definition level, and allow you to specify data for use in your templates and policies, which may be static across all Azure subscriptions, or defined based on conditions.

Blueprint DefinitionsSource: Microsoft Industry Blogs

Azure Storage Automation with Cloud Volumes ONTAP

NetApp Cloud Volumes ONTAP, the leading enterprise-grade storage management solution, delivers secure, proven storage management services on AWS, Azure and Google Cloud. Cloud Volumes ONTAP supports up to a capacity of 368TB, and supports various use cases such as file services, databases, DevOps or any other enterprise workload, with a strong set of features including high availability, data protection, storage efficiencies, cloud automation, Kubernetes integration, and more.

In particular, Cloud Volumes ONTAP provides Cloud Manager, a UI and APIs for management, automation and orchestration, supporting hybrid & multi-cloud architectures, and letting you represent any storage operation as code.

Want to learn more about cloud automation?

Have a look at these articles:

Want to get started? Try out Cloud Volumes ONTAP today with a 30-day free trial.

-