More about Infrastructure as Code Azure
Microsoft Azure provides advanced tooling that help you define and deploy Infrastructure as Code (IaC) and move towards cloud automation. You can use Azure Resource Manager (ARM) templates to provide a declarative definition of the cloud resources you need, and Azure will set the resources up automatically, reliably and consistently. Azure also provides “blueprints” that help you package ARM templates with policies and RBAC definitions—everything you need to setup cloud resources end-to-end.
In this post, we’ll review Azure’s cloud automation components, explain how ARM templates and blueprints work, and show how NetApp Cloud Volumes ONTAP can help automate storage on the Azure cloud.
Also check out our article on Infrastructure as Code on AWS to see the parallel options offered in the Amazon cloud.
In this article, you will learn:
- What is the Azure Resource Manager (ARM)
- Benefits of IaC on Azure
- Taking IaC one step further with Azure blueprints
- Azure storage automation with Cloud Volumes ONTAP
Infrastructure as Code on Azure with Azure Resource Manager
Infrastructure as Code is a modern approach for automating the provisioning and deployment of IT resources. The idea is to use simple configuration files to define what IT resources you want to set up, and have those resources created automatically based on that configuration. You can then check that configuration file into a version control repo, test it, manage versions, and start treating your infrastructure like you would ordinary source code.
On Microsoft Azure, the primary building block that enables Infrastructure as Code is Azure Resource Manager (ARM). ARM lets you author templates in JSON format, specifying Azure services you want to run, and makes it possible to easily deploy those services according to the template.
Here is a quick-start template provided by Azure which deploys an Azure Kubernetes Service (AKS) cluster:
"id": "<specify Resource ID of the Key Vault you are using>"
"secretName": "<specify name of the secret in the Key Vault to get the service principal password from>"
ARM is the Central Deployment Engine on Azure
What’s interesting about ARM is that it is not just an automation engine. ARM is the Azure’s central resource manager. Any actions you perform on the Azure cloud, whether via the Azure portal, PowerShell, the Azure CLI or the REST API, are handled via the same Resource Manager.
Source: Microsoft Azure
This means that when you create ARM templates and deploy them, Azure guarantees a consistent result. You can create an AKS cluster automatically using the ARM template we showed above, manually through the Azure portal or CLI, or programmatically through the REST API, and the result will be exactly the same.
Benefits of IaC on Azure
Automating infrastructure with Azure Resource Manager templates lets you:
- Adopt a declarative approach—provision infrastructure using declarative templates, which specify the end result you want to achieve, rather than brittle scripts that specify all the steps required for the deployment.
- Handle resources as a group—ARM uses the concept of resource groups, which lets you deploy, manage, and monitor all the services in a specific architecture as one unit. The resource group also defines dependencies between resources and ensures they are deployed in the correct order.
- Redeploy consistently—define a resource group once, test it, and then redeploy it as often as needed, and as many times as needed in parallel, if you need to scale up.
- Organize resources using tags—you can use tags to identify resources or resource groups in your Azure subscription, allocate resources to projects, manage costs, etc.
While ARM templates are powerful, they do not provide a complete, standalone IaC solution. You need to combine templates with two other elements to automate workloads on Azure:
Taking IaC on Azure One Step Further: Azure Blueprints
- Policy definitions—ARM templates are subject to the Azure Policies defined in your Azure subscription
- Role-Based Access Control (RBAC)—ARM templates need you to define RBAC roles in order to give the template permission to run the required services on Azure.
This is where Azure blueprints come in. An Azure blueprint packs all three elements you need to fully automate your infrastructure: ARM templates, policy definitions and RBAC roles.
Source: Microsoft Industry Blogs
Azure blueprints are especially important if you need to deploy the same ARM templates across several Azure subscriptions, because each subscription will have separate policies and RBAC definitions. Blueprints avoid the need to separately define policies and RBAC in each Azure subscription.
Blueprints provide several useful features:
- Lifecycle—blueprints are considered an Azure resource, and you can define a lifecycle for them just like any resource.
- Artifacts—an Azure Blueprint contains Artifacts that define the resources you need to deploy. These can include Resource Groups, ARM templates, Policy Assignments, and Role Assignments.
- Static and dynamic parameters—these are defined at the Blueprints definition level, and allow you to specify data for use in your templates and policies, which may be static across all Azure subscriptions, or defined based on conditions.
Source: Microsoft Industry Blogs
Azure Storage Automation with Cloud Volumes ONTAP
NetApp Cloud Volumes ONTAP, the leading enterprise-grade storage management solution, delivers secure, proven storage management services on AWS, Azure and Google Cloud. Cloud Volumes ONTAP supports up to a capacity of 368TB, and supports various use cases such as file services, databases, DevOps or any other enterprise workload.
In particular, Cloud Volumes ONTAP provides Cloud Manager, a UI and APIs for management, automation and orchestration, supporting hybrid & multi-cloud architectures, and letting you treat pools of storage as one more element in your Infrastructure as Code setup.
Cloud Manager is completely API driven and is highly geared towards automating cloud operations. Cloud Volumes ONTAP and Cloud Manager deployment through infrastructure- as- code automation helps to address the DevOps challenges faced by organizations when it comes to configuring enterprise cloud storage solutions. When implementing infrastructure as code, Cloud Volumes ONTAP and Cloud Manager go hand in hand with Terraform to achieve the level of efficiency expected in large scale cloud storage deployments.
Azure Resource Manager (ARM) Benefits and Best Practices
Azure Resource Manager (ARM) is a service to help you deploy and manage resources in Azure. As your Azure deployment grows more mature, tools like ARM can help you improve your management efficiency and free you to gain more from your resources.
This article explains what ARM is and how it works, how you can benefit from its use, and explains some best practices for using ARM.
Terraform on Azure: Platform-Agnostic Automation in the Cloud
Terraform is an infrastructure as code (IaC) tool that you can use to define, version, and manage your infrastructure. Terraform works on-premises or in the cloud, including with Azure, making it a valuable tool for flexible deployments.
This article explains how Terraform can help you improve your control over Azure resources, provides an example of how to manage infrastructure with Terraform, and how to store your Terraform states for production-ready deployments.
Azure Resource Manager Templates: A Guide to Efficient Automation in Azure
Azure Resource Manager (ARM) is a service you can use in Azure that enables you to define templates for managing infrastructure as code. These templates enable you to reliably define, deploy, and manage your infrastructure and can be shared across your organization.
This article explains what ARM templates are and how they work, walks you through creating your first template, and provides some tips for improving template adoption.
Ansible & Azure: Automating the Basic Building Blocks of the Azure Cloud
Ansible is an infrastructure automation tool that can simplify cloud resource management. When combined with Azure, you can use it to reliably and consistently manage your infrastructure and applications.
This article explains how you can use Ansible for Azure resources management, how to set up Ansible to work with Azure, and how to automate some of the most commonly used resources.