BlueXP Blog

Infrastructure as Code: Azure Tips to Save You Time and Headaches

Written by Yifat Perry, Technical Content Manager | Dec 15, 2019 2:27:05 PM

Microsoft Azure provides advanced tooling that help you define and deploy Infrastructure as Code (IaC) and move towards cloud automation. This can be extremely useful for use cases like automating DevOps processes, cloud workload management, and hybrid cloud deployment.

You can use Azure Resource Manager (ARM) templates to provide a declarative definition of the cloud resources you need, and Azure will set the resources up automatically, reliably and consistently. Azure also provides “blueprints” that help you package ARM templates with policies and RBAC definitions—everything you need to setup cloud resources end-to-end.

In this post, we’ll review Azure’s cloud automation components, explain how ARM templates and blueprints work, and show how NetApp Cloud Volumes ONTAP can help automate storage on the Azure cloud.

Also check out our article on Infrastructure as Code on AWS to see the parallel options offered in the Amazon cloud.

In this article, you will learn:

Implementing an Infrastructure as Code Azure Strategy with Azure Resource Manager

Infrastructure as Code is a modern approach for automating the provisioning and deployment of IT resources. The idea is to use simple configuration files to define what IT resources you want to set up, and have those resources created automatically based on that configuration. You can then check that configuration file into a version control repo, test it, manage versions, and start treating your infrastructure like you would ordinary source code.

On Microsoft Azure, there is one primary building block that enables Infrastructure as Code - Azure Resource Manager (ARM). ARM lets you author templates in JSON format, specifying Azure services you want to run, and makes it possible to easily deploy those services according to the template.


Here is a quick-start template provided by Azure which deploys an Azure Kubernetes Service (AKS) cluster:
"servicePrincipalClientSecret": {
      "reference": {
        "keyVault": {
          "id": "<specify Resource ID of the Key Vault you are using>"
        },
        "secretName": "<specify name of the secret in the Key Vault to get the service principal password from>"
      }
    }

ARM is the Central Deployment Engine on Azure

What’s interesting about ARM is that it is not just an automation engine. ARM is the Azure’s central resource manager. Any actions you perform on the Azure cloud, whether via the Azure portal, PowerShell, the Azure CLI or the REST API, are handled via the same Resource Manager.

Source: Microsoft Azure

This means that when you create ARM templates and deploy them, Azure guarantees a consistent result. You can create an AKS cluster automatically using the ARM template we showed above, manually through the Azure portal or CLI, or programmatically through the REST API, and the result will be exactly the same.

 

Benefits of IaC on Azure

Automating infrastructure with Azure Resource Manager templates lets you:

  • Adopt a declarative approach—provision infrastructure using declarative templates, which specify the end result you want to achieve, rather than brittle scripts that specify all the steps required for the deployment.
  • Handle resources as a group—ARM uses the concept of resource groups, which lets you deploy, manage, and monitor all the services in a specific architecture as one unit. The resource group also defines dependencies between resources and ensures they are deployed in the correct order.
  • Redeploy consistently—define a resource group once, test it, and then redeploy it as often as needed, and as many times as needed in parallel, if you need to scale up.
  • Organize resources using tags—you can use tags to identify resources or resource groups in your Azure subscription, allocate resources to projects, manage costs, etc.

While ARM templates are powerful, they do not provide a complete, standalone IaC solution. You need to combine templates with two other elements to automate workloads on Azure:

Taking IaC on Azure One Step Further: Azure Blueprints

  • Policy definitions—ARM templates are subject to the Azure Policies defined in your Azure subscription
  • Role-Based Access Control (RBAC)—ARM templates need you to define RBAC roles in order to give the template permission to run the required services on Azure.

This is where Azure blueprints come in. An Azure blueprint packs all three elements you need to fully automate your infrastructure: ARM templates, policy definitions and RBAC roles.

Source: Microsoft Industry Blogs

Azure blueprints are especially important if you need to deploy the same ARM templates across several Azure subscriptions, because each subscription will have separate policies and RBAC definitions. Blueprints avoid the need to separately define policies and RBAC in each Azure subscription.

Blueprints provide several useful features:

  • Lifecycle—blueprints are considered an Azure resource, and you can define a lifecycle for them just like any resource.
  • Artifacts—an Azure Blueprint contains Artifacts that define the resources you need to deploy. These can include Resource Groups, ARM templates, Policy Assignments, and Role Assignments.
  • Static and dynamic parameters—these are defined at the Blueprints definition level, and allow you to specify data for use in your templates and policies, which may be static across all Azure subscriptions, or defined based on conditions.

Source: Microsoft Industry Blogs

Azure Storage Automation with Cloud Volumes ONTAP

NetApp Cloud Volumes ONTAP, the leading enterprise-grade storage management solution, delivers secure, proven storage management services on AWS, Azure and Google Cloud. Cloud Volumes ONTAP supports up to a capacity of 368TB, and supports various use cases such as file services, databases, DevOps or any other enterprise workload, with a strong set of features including high availability, data protection, storage efficiencies, cloud automation, Kubernetes integration, and more.

In particular, Cloud Volumes ONTAP provides Cloud Manager, a UI and APIs for management, automation and orchestration, supporting hybrid & multi-cloud architectures, and letting you represent any storage operation as code.

Azure Resource Manager (ARM) is a service to help you deploy and manage resources in Azure. As your Azure deployment grows more mature, tools like ARM can help you improve your management efficiency and free you to gain more from your resources.

Learn More about Infrastructure as Code in Azure

Azure Resource Manager (ARM) Benefits and Best Practices

Azure Resource Manager (ARM) is the native platform for infrastructure as code (IaC) in Azure. It enables you to centralize the management, deployment, and security of Azure resources. ARM groups resources into containers that group Azure assets together. Learn what is Azure Resource Manager (ARM) and what are the benefits of using ARM, including best practices you can implement when adopting ARM templates.

Read: Azure Resource Manager (ARM) Benefits and Best Practices

Azure Resource Manager Templates: A Guide to Efficient Automation in Azure

Azure Resource Manager templates enable teams to standardize the management of Infrastructure as Code (IaC). ARM template documents are written in JSON, using declarative syntax to define how infrastructure resources should be configured, deployed, and managed. Learn what Azure Resource Manager templates are, and how to create your first ARM template. Including 4 tips to improve your ARM templates. 

Read: Azure Resource Manager Templates: A Guide to Efficient Automation in Azure

Terraform on Azure: Platform-Agnostic Automation in the Cloud

Terraform by HashiCorp is an open-source Infrastructure as Code tool (IaC). You can use Terraform to build, change, and version cloud and on-premise infrastructure. Learn about the benefits of Terraform on Azure, and how to use Terraform to automate Azure infrastructure, with practical code examples.

Read: Terraform on Azure: Platform-Agnostic Automation in the Cloud

Ansible & Azure: Automating the Basic Building Blocks of the Azure Cloud

Ansible enables you to automate cloud resource management. You can use Ansible to provision, manage, and deploy resources across multiple cloud vendors. Learn how you can leverage Ansible for Azure cloud resource management automation. Including a quick tutorial to help you get started with Ansible for Azure.

Read: Ansible & Azure: Automating the Basic Building Blocks of the Azure Cloud

Azure Quickstart Templates: How to Use Them to Make Cloud Storage Easier

Microsoft Azure provides hundreds of Quickstart Templates for getting started with automating your cloud storage infrastructure. The cloud storage templates are in-depth and provide almost all of the configuration you need to set up your environment quickly and efficiently. This walkthrough gives a quick introduction on how to use these Quickstart templates.

Read: Azure Quickstart Templates: How to Use Them to Make Cloud Storage Easier

How to Automate Azure MySQL Deployment Using Azure CLI

MySQL has fast emerged as one of the most popular choices for relational databases in Azure. This has been fueled mostly by an increase in open-source workloads. Azure Database for MySQL delivers this database as a managed service where the underlying infrastructure is managed by the Azure platform. Learn how Azure Database for MySQL deployment from the Azure CLI can help you treat your database as infrastructure as code. 

Read: How to Automate Azure MySQL Deployment Using Azure CLI

Azure SQL & PowerShell: How to Automate SQL Deployment Using PowerShell

There are different options available to deploy SQL services in Azure, and SQL PowerShell is a helpful tool to use to automate the deployment of Azure SQL. In this blog you’ll get a step-by-step walkthrough of how to deploy Azure SQL services using PowerShell commands.

Read: Azure SQL & PowerShell: How to Automate SQL Deployment Using PowerShell

See Additional Guides on Key DevOps Topics

Together with our content partners, we have authored in-depth guides on several other topics that can also be useful as you explore the world of DevOps.

Software Documentation

Authored by Swimm

Application Mapping

Authored by Faddom

Configuration Management

Authored by Configu