|
1 | 1 | # Azure Overview |
| 2 | + |
| 3 | +Millions of customers worldwide trust the Azure platform, and there are over 90,000 Cloud Solution Providers (CSPs) partnered with Microsoft to add extra benefits and services to the Azure platform. By leveraging Azure, organizations can easily modernize their applications, expedite application development, and adapt application requirements to meet the demands of their users. |
| 4 | + |
| 5 | +## Advantages of choosing Azure |
| 6 | + |
| 7 | +By offering solutions on Azure, ISVs can access one of the largest B2B markets in the world. Through the [Azure Partner Builder's Program](https://partner.microsoft.com/marketing/azure-isv-technology-partners), Microsoft assists ISVs with the tools and platform to offer their solutions for customers to evaluate, purchase, and deploy with just a few clicks of the mouse. |
| 8 | + |
| 9 | +Microsoft's development suite includes such tools as the various [Visual Studio](https://visualstudio.microsoft.com/) products, [Azure DevOps](https://dev.azure.com/), [GitHub](https://github.com/), and low-code [Power Apps](https://powerapps.microsoft.com/). All of these contribute to Azure's success and growth through their tight integrations with the Azure platform. Organizations that adopt modern tools are 65% more innovative, according to a [2020 McKinsey & Company report.](https://azure.microsoft.com/mediahandler/files/resourcefiles/developer-velocity-how-software-excellence-fuels-business-performance/Developer-Velocity-How-software-excellence-fuels-business-performance-v4.pdf) |
| 10 | + |
| 11 | + |
| 12 | + |
| 13 | +To facilitate developers' adoption of Azure, Microsoft offers a [free subscription](https://azure.microsoft.com/free/search/) with $200 credit, applicable for thirty days; year-long access to free quotas for popular services and access to always free Azure service tiers. |
| 14 | + |
| 15 | +## Introduction to Azure resource management |
| 16 | + |
| 17 | +The [Azure Fundamentals Microsoft Learn Module](https://learn.microsoft.com/learn/modules/intro-to-azure-fundamentals/) demonstrates the different classifications of Azure Services. Moreover, Azure supports a variety of common tools, such as Visual Studio, PowerShell, and the Azure CLI, to manage Azure environments. |
| 18 | + |
| 19 | +  |
| 20 | + |
| 21 | +### The Azure resource management hierarchy |
| 22 | + |
| 23 | +Azure provides a flexible resource hierarchy to simplify cost management and security. This hierarchy consists of four levels: |
| 24 | + |
| 25 | +- **[Management groups](https://learn.microsoft.com/azure/governance/management-groups/overview)**: Management groups consolidate multiple Azure subscriptions for compliance and security purposes. |
| 26 | +- **Subscriptions**: Subscriptions govern cost control and access management. Azure users cannot provision Azure resources without a subscription. |
| 27 | +- **[Resource groups](https://learn.microsoft.com/azure/azure-resource-manager/management/manage-resource-groups-portal)**: Resource groups consolidate the individual Azure resources for a given deployment. All provisioned Azure resources belong to one resource group. In this guide, it will be required to provision a *resource group* in an *subscription* to hold the required resources. |
| 28 | + - Resource groups are placed in a geographic location that determines where metadata about that resource group is stored. |
| 29 | +- **Resources**: An Azure resource is an instance of a service. An Azure resource belongs to one resource group located in one subscription. |
| 30 | + - Most Azure resources are provisioned in a particular region. |
| 31 | + |
| 32 | +  |
| 33 | + |
| 34 | +### Create landing zone |
| 35 | + |
| 36 | +An [Azure landing zone](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/) is the target environment defined as the final resting place of a cloud migration project. In most projects, the landing zone should be scripted via ARM templates for its initial setup. Finally, it should be customized with PowerShell or the Azure Portal to fit the workload's needs. First-time Azure users will find creating and deploying to DEV and TEST environments easy. |
| 37 | + |
| 38 | +To help organizations quickly move to Azure, Microsoft provides the Azure landing zone accelerator, which generates a landing zone ARM template according to an organization's core needs, governance requirements, and automation setup. The landing zone accelerator is available in the Azure portal. |
| 39 | + |
| 40 | + |
| 41 | + |
| 42 | +### Automating and managing Azure services |
| 43 | + |
| 44 | +When it comes to managing Azure resources, there are many potential options. [Azure Resource Manager](https://learn.microsoft.com/azure/azure-resource-manager/management/overview) is the deployment and management service for Azure. It provides a management layer that enables users to create, update, and delete resources in Azure subscriptions. Use management features, like access control, locks, and tags, to secure and organize resources after deployment. |
| 45 | + |
| 46 | +All Azure management tools, including the [Azure CLI](https://learn.microsoft.com/cli/azure/what-is-azure-cli), [Azure PowerShell](https://learn.microsoft.com/powershell/azure/what-is-azure-powershell?view=azps-7.1.0) module, [Azure REST API](https://learn.microsoft.com/rest/api/azure/), and browser-based Portal, interact with the Azure Resource Manager layer and [Identity and access management (IAM)](https://learn.microsoft.com/azure/role-based-access-control/overview) security controls. |
| 47 | + |
| 48 | +  |
| 49 | + |
| 50 | +Access control to all Azure services is offered via the [Azure role-based access control (Azure RBAC)](https://learn.microsoft.com/azure/role-based-access-control/overview) natively built into the management platform. Azure RBAC is a system that provides fine-grained access management of Azure resources. Using Azure RBAC, it is possible to segregate duties within teams and grant only the amount of access to users that they need to perform their jobs. |
| 51 | + |
| 52 | +### Azure management tools |
| 53 | + |
| 54 | +The flexibility and variety of Azure's management tools make it intuitive for any user, irrespective of their skill level with specific technologies. As an individual's skill level and administration needs mature, Azure has the right tools to match those needs. |
| 55 | + |
| 56 | + |
| 57 | + |
| 58 | +#### Azure portal |
| 59 | + |
| 60 | +As a new Azure user, the first resource a person will be exposed to is the Azure Portal. The **Azure Portal** gives developers and architects a view of the state of their Azure resources. It supports extensive user configuration and simplifies reporting. The **[Azure mobile app](https://azure.microsoft.com/get-started/azure-portal/mobile-app/)** provides similar features for users that are away from their main desktop or laptop. |
| 61 | + |
| 62 | +  |
| 63 | + |
| 64 | +Azure runs on a common framework of backend resource services, and every action taken in the Azure portal translates into a call to a set of backend APIs developed by the respective engineering team to read, create, modify, or delete resources. |
| 65 | + |
| 66 | +##### Azure Marketplace |
| 67 | + |
| 68 | +[Azure Marketplace](https://learn.microsoft.com/marketplace/azure-marketplace-overview) is an online store that contains thousands of IT software applications and services built by industry-leading technology companies. In Azure Marketplace, it is possible to find, try, buy, and deploy the software and services needed to build new solutions and manage the cloud infrastructure. The catalog includes solutions for different industries and technical areas, free trials, and consulting services from Microsoft partners. |
| 69 | + |
| 70 | + |
| 71 | + |
| 72 | +##### Evolving |
| 73 | + |
| 74 | +Moving workloads to Azure alleviates some administrative burdens, but not all. Even though there is no need to worry about the data center, there is still a responsibility for service configuration and user access. Applications will need resource authorization. |
| 75 | + |
| 76 | +Using the existing command-line tools and REST APIs, it is possible to build custom tools to automate and report resource configurations that do not meet organizational requirements. |
| 77 | + |
| 78 | +#### Azure PowerShell and CLI |
| 79 | + |
| 80 | +**Azure PowerShell** and the **Azure CLI** (for Bash shell users) are useful for automating tasks that cannot be performed in the Azure portal. Both tools follow an *imperative* approach, meaning that users must explicitly script the creation of resources in the correct order. |
| 81 | + |
| 82 | +  |
| 83 | + |
| 84 | +There are subtle differences between how each of these tools operates and the actions that can be accomplished. Use the [Azure command-line tool guide](https://learn.microsoft.com/azure/developer/azure-cli/choose-the-right-azure-command-line-tool) to determine the right tool to meet the target goal. |
| 85 | + |
| 86 | +#### Azure CLI |
| 87 | + |
| 88 | +It is possible to run the Azure CLI and Azure PowerShell from the [Azure Cloud Shell](https://shell.azure.com), but it does have some limitations. It is also possible to run these tools locally. |
| 89 | + |
| 90 | +To use the Azure CLI, [download the CLI tools from Microsoft.](https://learn.microsoft.com/cli/azure/install-azure-cli) |
| 91 | + |
| 92 | +To use the Azure PowerShell cmdlets, install the `Az` module from the PowerShell Gallery, as described in the [installation document.](https://learn.microsoft.com/powershell/azure/install-az-ps?view=azps-6.6.0) |
| 93 | + |
| 94 | +##### Azure Cloud Shell |
| 95 | + |
| 96 | +The Azure Cloud Shell provides Bash and PowerShell environments for managing Azure resources imperatively. It also includes standard development tools, like Visual Studio Code, and files are persisted in an Azure Files share. |
| 97 | + |
| 98 | +Launch the Cloud Shell in a browser at [https://shell.azure.com](https://shell.azure.com). |
| 99 | + |
| 100 | +#### PowerShell Module |
| 101 | + |
| 102 | +The Azure portal and Windows PowerShell can be used for managing Azure Cosmos DB for Mongo DB API. To get started with Azure PowerShell, install the [Azure PowerShell cmdlets](https://learn.microsoft.com/en-us/powershell/module/az.cosmosdb/) for Cosmos DB with the following PowerShell command in an administrator-level PowerShell window: |
| 103 | + |
| 104 | +```PowerShell |
| 105 | +Install-Module -Name Az.CosmosDB |
| 106 | +``` |
| 107 | + |
| 108 | +#### Infrastructure as Code |
| 109 | + |
| 110 | +[Infrastructure as Code (IaC)](https://learn.microsoft.com/devops/deliver/what-is-infrastructure-as-code) provides a way to describe or declare what infrastructure looks like using descriptive code. The infrastructure code is the desired state. The environment will be built when the code runs and completes. One of the main benefits of IaC is that it is human readable. Once the environment code is proven and tested, it can be versioned and saved into source code control. Developers can review the environment changes over time. |
| 111 | + |
| 112 | +##### ARM templates |
| 113 | + |
| 114 | +[ARM templates](https://learn.microsoft.com/azure/azure-resource-manager/templates/) can deploy Azure resources in a *declarative* manner. Azure Resource Manager can potentially create the resources in an ARM template in parallel. ARM templates can be used to create multiple identical environments, such as development, staging, and production environments. |
| 115 | + |
| 116 | +  |
| 117 | + |
| 118 | +##### Bicep |
| 119 | + |
| 120 | +Reading, updating, and managing the ARM template JSON code can be difficult for a reasonably sized environment. What if there was a tool that translates simple declarative statements into ARM templates? Better yet, what if there was a tool that took existing ARM templates and translated them into a simple configuration? [Bicep](https://learn.microsoft.com/azure/azure-resource-manager/bicep/overview) is a domain-specific language (DSL) that uses a declarative syntax to deploy Azure resources. Bicep files define the infrastructure to deploy to Azure and then use that file throughout the development lifecycle to repeatedly deploy infrastructure changes. Resources are deployed consistently. |
| 121 | + |
| 122 | +By using the Azure CLI it is possible to decompile ARM templates to Bicep using the following: |
| 123 | + |
| 124 | +```powershell |
| 125 | +az bicep decompile --file template.json |
| 126 | +``` |
| 127 | + |
| 128 | +Additionally, the [Bicep playground](https://aka.ms/bicepdemo) tool can perform similar decompilation of ARM templates. |
| 129 | + |
| 130 | + |
| 131 | + |
| 132 | +##### Terraform |
| 133 | + |
| 134 | +[Hashicorp Terraform](https://www.terraform.io/) is an open-source tool for provisioning and managing cloud infrastructure. [Terraform](https://learn.microsoft.com/azure/developer/terraform/overview) is adept at deploying infrastructure across multiple cloud providers. It enables developers to use consistent tooling to manage each infrastructure definition. |
| 135 | + |
| 136 | + |
| 137 | + |
| 138 | +#### Other tips |
| 139 | + |
| 140 | +Azure administrators should consult with cloud architects and financial and security personnel to develop an effective organizational hierarchy of resources. Here are some best practices to follow for Azure deployments. |
| 141 | + |
| 142 | +- **Utilize Management Groups** Create at least three levels of management groups. |
| 143 | +- **Adopt a naming convention:** Names in Azure should include business details, such as the organization department, and operational details for IT personnel, like the workload. |
| 144 | +- **Adopt other Azure governance tools:** Azure provides mechanisms such as [resource tags](https://learn.microsoft.com/azure/azure-resource-manager/management/tag-resources?tabs=json) and [resource locks](https://learn.microsoft.com/azure/azure-resource-manager/management/lock-resources?tabs=json) to facilitate compliance, cost management, and security. |
0 commit comments