Implementing Azure: Putting Modern DevOps to Use E-Book

Implementing Azure: Putting Modern DevOps to Use

Copyright © 2019 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the authors, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

First published: January 2019

Production reference: 1290119

Published by Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK.

ISBN 978-1-78883-393-6

www.packtpub.com

Mapt is an online digital library that gives you full access to over 5,000 books and videos, as well as industry leading tools to help you plan your personal development and advance your career. For more information, please visit our website.

Why subscribe?

Spend less time learning and more time coding with practical eBooks and Videos from over 4,000 industry professionals

Improve your learning with Skill Plans built especially for you

Get a free eBook or video every month

Mapt is fully searchable

Copy and paste, print, and bookmark content

Packt.com

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.packt.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at [email protected] for more details.

At www.packt.com, you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive exclusive discounts and offers on Packt books and eBooks. 

Contributors

About the authors

Florian Klaffenbach is working as a technology solutions professional at Microsoft. He is a well-known expert in hybrid cloud scenarios, cloud connectivity, and cloud environment optimization. Before he started working with Microsoft, he worked in several companies in different roles, such as the technical community manager and solution expert at Dell, and solutions architect at CGI Germany.

Oliver Michalski started in 1999 with his IT carrier as a Web Developer. Now, he is a Senior Software Engineer for Microsoft .NET and an SOA Architect. He also works as an Independent Enterprise Consultant in the field Microsoft Azure. When he started in 2011 with Microsoft Azure, there was no Azure Community on the German market. Therefore, Oliver founded the Azure Community Germany (ACD). Oliver is Chairman of the Azure Community Germany, and since April 2016 and July 2017, he has been a Microsoft Most Valuable Professional for Microsoft Azure. Oliver is author (co-author) of Implementing Azure Solutions and Implementing Azure Cloud Design Patterns, both available from Packt Publishing.

Markus Klein works as a technology solution specialist at Microsoft Germany, and specialize in Azure and Hybrid Azure scenarios. He is passionate about the Microsoft technology for more than 20 years, starting with System Center, Service Provider Foundation, KATAL, Azure Pack, Azure, and Azure Stack. Before joining Microsoft, he worked as an architect at Microsoft Cloud Partners. In 2007, he founded a cloud community and was the co-founder of some Azure meetups. Before he joined Microsoft, he was recognized as an MVP in cloud and datacenter management for seven years. He supports the community and is a regular blogger and speaker at conferences in Europe and abroad.

Mohamed Wali is a cloud DevOps engineer based in Amsterdam who has been working with Microsoft technologies for around seven years. He has been working with Azure since 2013. In July 2014, Mohamed became recognized as the youngest Microsoft MVP in the world. He has already authored and co-authored multiple books about Microsoft Azure. He shares his knowledge and expertise through blogging, authoring books, and speaking at events.

Namit Tanasseri is a certified Microsoft cloud solutions architect with an experience of more than 11 years. He started his career as a software development engineer with Microsoft Research and Development Center in 2005. During the first five years of his career, he had opportunities to work with major Microsoft product groups, such as Microsoft Office and Windows. During this time, he strengthened his knowledge of agile software development methodologies and processes. He also earned a patent during this tenure. As a technology consultant with Microsoft, Namit worked with Microsoft Azure Services for four years. Namit is a subject matter expert in Microsoft Azure and actively contributes to the Microsoft cloud community, while delivering top quality solutions for Microsoft customers. Namit also led the Windows Azure community in Microsoft Services India. Namit currently serves as a Microsoft cloud solutions architect from Sydney, Australia, and works on large and medium-sized enterprise engagements.

Rahul Rai is a technology consultant based in Sydney, Australia with over nine years of professional experience. He has been at the forefront of cloud consulting for government organizations and businesses around the world. Rahul has been working on Microsoft Azure since the service was in its infancy, delivering an ITSM tool built for and on Azure in 2008. Since then, Rahul has played the roles of a developer, a consultant, and an architect for enterprises ranging from small start-ups to multinational corporations. He worked for over five years with Microsoft Services with diverse teams to deliver innovative solutions on Microsoft Azure. In Microsoft, Rahul was a subject matter expert in Microsoft cloud technologies. Rahul has also worked as a cloud solution architect for Microsoft, for which he worked closely with some established Microsoft partners to drive joint customer transformations to cloud-based architectures. 

Packt is searching for authors like you

If you're interested in becoming an author for Packt, please visit authors.packtpub.com and apply today. We have worked with thousands of developers and tech professionals, just like you, to help them share their insight with the global tech community. You can make a general application, apply for a specific hot topic that we are recruiting an author for, or submit your own idea.

Table of Contents

Title Page

Copyright and Credits

Implementing Azure: Putting Modern DevOps to Use

About Packt

Why subscribe?

Packt.com

Contributors

About the authors

Packt is searching for authors like you

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the example code files

Conventions used

Get in touch

Reviews

Getting Started with Azure Implementation

Technical requirements

Service models

Deployment models

Cloud characteristics

Multi-cloud characteristics and models

Cloud brokering

Best of breed

Microsoft Azure

Azure services overview

Azure basics

Azure Resource Manager (ARM)

Resources

Azure regions

Microsoft data center and backbone

Azure portal

Azure automation

Azure automation tools

REST APIs

Summary

Azure Resource Manager and Tools

Technical requirements

Understanding ARM

Functionalities provided by ARM

Working with ARM

Creating an Azure resource group

Adding a resource to a resource group

First approach – adding a storage account to your resource group

Second approach – adding a storage account to your resource group

Tagging in ARM

Locking Azure resources

Azure resource locks

Working with ARM templates

Exporting a deployment as an ARM template (for IT pros)

Example 1 – exporting a resource group to an ARM template

Example 2 – exporting a resource (classic) to an ARM template

Modifying an ARM template

Authoring an ARM template

Creating your own ARM template (for developers)

Summary

Deploying and Synchronizing Azure Active Directory

Azure AD

Azure AD options

Azure AD free

Azure AD basic

Azure AD premium P1

Deploying a custom Azure AD

Adding accounts and groups to Azure AD

Installing Azure AD Connect – prerequisites

Installing a basic Azure AD Connect environment

Azure AD Connect highly available infrastructure

Azure AD conditional access

Azure AD DS

Summary

Implementing Azure Networks

Azure networking limits

Azure networking components

Azure virtual networks (VNet)

VNet peering and global VNet peering

VNet service endpoints

Azure VPN gateways

Azure local gateway

Azure virtual WAN

Azure ExpressRoute

Route filter

ExpressRoute Direct 

ExpressRoute Global Reach

Azure connections

Azure route

Azure Firewall

Azure third-party network devices

Azure load balancer

Hash-based distribution

Port forwarding

Automatic reconfiguration

Service monitoring

Source NAT

Azure Application Gateways and Web Application Firewall

Web Application Firewall 

Azure Traffic Manager

Azure DNS

Azure DDoS

Setting up Azure networks

Setting up Azure VNet

Setting up Azure virtual network site-to-site VPN

Configuring local network gateway

Configuring Azure virtual network gateway

Configuring connection between local and virtual network gateways

Setting up Azure virtual network with MPLS and ExpressRoute

Configuring Azure virtual network gateway

Configuring Azure ExpressRoute circuit

Setting up Azure VNet peering

Preparing the deployment

Configuring VNet peering

Configuring custom routes

Common Azure network architectures

Summary

Implementing Azure Storage

Storage accounts

The Blob storage account

General-purpose storage v1 account

General-purpose storage v2 accounts

Azure File Sync/Storage Sync services

Azure Data Lake

Replication and redundancy

Locally redundant storage (LRS)

Zone-redundant storage (ZRS)

Geo-redundant storage (GRS)

Read-access geo-redundant storage (RA-GRS)

Azure Storage services

Blob storage services

Table storage services

Queue storage services

File storage services

Access keys

Exploring Azure Storage with Azure Storage Explorer

Premium storage accounts

Premium storage requirements

Pricing

How to deploy a storage account?

Summary

Implementing Azure-Managed Kubernetes and Azure Container Service

Technical requirements

Containers – the concept and basics

Microservices – the concept

Workloads to run in containers

Deploying container hosts in Azure

Docker on Linux

Windows Server Container VM

Azure Container Registry (ACR)

ACI

Creating a first container in Azure

Azure Marketplace containers

Creating custom containers

Container orchestration

The concept of container orchestration

Azure Kubernetes Service (AKS)

Summary

Azure Hybrid Data Center Services

Technical requirements

ASDK

Preparing the ASDK host

Identity management configuration

 Networking configuration

VM design of Azure Stack (ASDK)

Azure Stack configuration task

Operating Azure Stack

Working with the portals

Working with PowerShell

Working with the CLI

Hybrid cloud patterns

Configure hybrid cloud connectivity

Machine learning solution with Azure Stack

Azure stack staged data analysis

Azure Stack cloud burst scenario

Azure Stack geo-distributed Application

Monitoring Azure Stack

Summary

Azure Web Apps Basics

Introduction to Azure App Service

Azure Web Apps

App Service plans

Azure App Service Environments

App Service Environment types

Creating an App Service Environment

Creating an App Service plan

Creating an App Service

Summary

Managing Azure Web Apps

Deployment slots

Deployment slots key points

App Service application settings

Application settings key points

Azure App Service scalability

Scaling up

App Service plan scaleup key points

Scaling out

Scaling out the App Service plan manually

Scaling out the App Service plan automatically

Key points for autoscaling your App Service plan

Azure App Service backup

App Service backup key points

Summary

Basics of Azure SQL Database

Introduction to Azure SQL Database

Why Azure SQL Database?

SQL Database (IaaS/PaaS)

Azure SQL Database (PaaS)

Scenarios that would fit Azure SQL Database

SQL on Azure VMs (IaaS)

Scenarios that would suit SQL on Azure VMs

Azure SQL Database types

Elastic database pools

Single databases

SQL database managed instance

Service tier types

DTU service tiers

vCore service tiers

Creating an Azure SQL Database

Connecting to Azure SQL Database

Server-level firewall

Connecting to Azure SQL Database using SQL SSMS

Summary

Managing Azure SQL Database

Azure SQL elastic database pools

Benefits of using elastic database pools

Creating an elastic database pool

Adding a database to an elastic pool

Setting Azure Active Directory authentication

Azure SQL Database business continuity

How business continuity works in Azure SQL Database

Hardware failure

Point-in-time restore

Point-in-time restoration key points

Restoring a deleted database

Active geo-replication

Auto-failover groups

Azure SQL Managed Instances

Azure SQL Managed Instance types

Creating an Azure SQL Managed Instance

Connecting to an Azure SQL Managed Instance

Azure SQL Managed Instance key points

Summary

Microservices 2013; Getting to Know the Buzzword

What are Microservices?

Microservices hosting platform

The Microservice advantage

Fault tolerance

Technology-agnostic

Development agility

Heterogeneous deployment

Manageability

Reusability

The SOA principle

Issues with SOA

The Microservices solution

Inter-Microservice communication

Communication through user interface

Sharing common code

Composite user interface for the web

Thin backend for rich clients

Synchronous communication

Asynchronous communication

Orchestrated communication

Shared data

Architecture of Microservices-based systems

Conway's law

Summary

Understanding Azure Service Fabric

The Service Fabric advantage

Highly scalable

Support for partitioning

Rolling updates

State redundancy

High-density deployment

Automatic fault tolerance

Heterogeneous hosting platforms

Technology agnostic

Centralized management

Service Fabric as an orchestrator

Orchestration as a Service

Is a cluster resource manager similar to an Azure load balancer?

Architecture of cluster resource manager

Architecture of Service Fabric

Transport Subsystem

Federation Subsystem

Reliability Subsystem

Management Subsystem

Hosting subsystem

Communication subsystem

Testability Subsystem

Deconstructing Service Fabric

Infrastructure model

Cluster

Node

System services

Naming service

Image store service

Upgrade service

Failover manager service

Cluster manager service

Service placement

Application model

Programming model

Guest Executables

Reliable Services

Reliable Actors

Creating a cluster on Azure

Basics

Cluster configuration

Security

Summary

Viewing your cluster status

Service Fabric Explorer

Summary view

Cluster Map

Fault domains

Upgrade domains

Viewing applications and services

Cluster nodes

Actions

System

Preparing your system

Summary

Hands-on with Service Fabric – Guest Executables

Service Fabric discovery and communication

Service protocols

Service discovery

Connections from applications external to Service Fabric

Configuring ports and protocols

Configuring the service manifest

Configuring the custom endpoint

Configuring the Azure load balancer

Configuring the health check

Built-in communication API

Deploying a Guest Executable

Understanding the manifests

Package structure

Packaging Guest Executables using Visual Studio

Manually packaging a Guest Executable

Creating the directory structure

Adding code and configuration

Updating service manifest

Updating the application manifest

Deployment

Deploying a Guest Container

Deploying Windows Container

Container image deployment and activation

Resource governance

Container port to host port mapping

Container-to-container discovery and communication

Configuring and setting environment variables

Deploying a Linux container

Summary

Hands on with Service Fabric – Reliable Services

Exploring the Service Fabric Explorer

Application Type

Application instance

Service type

Partition

Replica

Stateless Reliable Services

Stateless service architecture

Stateless service lifecycle

Scaling stateless services

Stateless frontend and stateless middle-tier

Stateless frontend and stateful middle-tier

Reliable Services communication

Exploring the application model

Stateful service

Stateful service architecture

Reliable Collections

Up and down counter application

Stateful service lifecycle

Service partitioning

Service replicas

Summary

Reliable Actors

Actor model

What is an Actor?

Actors in Service Fabric

Actor lifetime

Saving state

Distribution and failover

Actor communication

The Actor proxy

Concurrency

Reentrancy

Asynchronous drivers

Timers

Actor reminders

Actor events

Your first Reliable Actors application

Summary

Microservices Architecture Patterns Motivation

Creating an architecture

Defining the solution boundaries

Creating the solution structure

Component design

Classification of architectural patterns

Optimization or non-functional patterns

Operational patterns

Implementation or functional patterns

Picking up the right architecture pattern

Context

Forces

Complementing patterns

Applying a pattern

Structural variation

Behavioral variation

Internal variation

Domain dependent variation

Summary

Microservices Architectural Patterns

Architectural patterns

Service proxy

Problem

Solution

Considerations

Related patterns

Use cases

Service Façade \ API Gateway

Problem

Solution

Considerations

Related patterns

Use cases

Reliable Data Store

Problem

Solution

Considerations

Related patterns

Use cases

Cluster Orchestrator

Problem

Solution

Considerations

Related patterns

Use cases

Auto-scaling

Problem

Solution

Considerations

Related patterns

Use cases

Partitioning

Problem

Solution

Considerations

Related patterns

Use cases

Centralized Diagnostics Service

Problem

Solution

Considerations

Related patterns

Use cases

High Density Deployment

Problem

Solution

Considerations

Related patterns

Use cases

API Gateway

Problem

Solution

Considerations

Related patterns

Use cases

Latency Optimized Load Balancing

Problem

Solution

Considerations

Related patterns

Use cases

Queue Driven Decomposing Strategy

Problem

Solution

Considerations

Related patterns

Use cases

Circuit Breaker

Problem

Solution

Considerations

Related patterns

Use cases

Message Broker for Communication

Problem

Solution

Considerations

Related patterns

Use cases

Compensating Transaction

Problem

Solution

Considerations

Related patterns

Use cases

Rate Limiter

Problem

Solution

Considerations

Related patterns

Use cases

Sagas

Problem

Solution

Considerations

Related patterns

Use cases

Master Data Management

Problem

Solution

Considerations

Related patterns

Use cases

CQRS – Command Query Responsibility Segregation

Problem

Solution

Microservices in CQRS

Advantages

Considerations

Related patterns

Use cases

Event Sourcing

Problem

Solution

Considerations

Related patterns

Use cases

Remindable Actors

Problem

Solution

Considerations

Related patterns

Use cases

Managed Actors

Problem

Solution

Considerations

Related patterns

Use cases

Summary

Securing and Managing Your Microservices

Securing the communication channels

Inter-node communication

Client to node security

Certificate security

Azure Active Directory security

Publishing an application to a secured cluster

Managing Service Fabric clusters with Windows PowerShell

Prerequisites

Deploying Service Fabric applications

Upgrading Service Fabric applications

Removing Service Fabric applications

Summary

Diagnostics and Monitoring

Health entities

Health state

Health policies

Cluster health policy

Application health policy

Service type health policy

Health evaluation

Health reporting

Centralized logging

Collecting logs

Diagnostic extension

Deploying the Diagnostics extension

Summary

Continuous Integration and Continuous Deployment

Continuous Integration

Continuous Delivery

Deploying Service Fabric application on a standalone cluster

Deploying the application

Summary

Serverless Microservices

Before committing to Nanoservices

Building Nanoservices with Azure Functions

Function app templates

Timer function apps

Data processing function apps

Webhook and API function apps

Summary

Other Books You May Enjoy

Leave a review - let other readers know what you think

Preface

This Learning Path helps you understand microservices architecture and leverage various services of Microsoft Azure Service Fabric to build, deploy, and maintain highly scalable enterprise-grade applications. You will learn to select an appropriate Azure backend structure for your solutions and work with its toolkit and managed apps to share your solutions with its service catalog. As you progress through the Learning Path, you will study Azure Cloud Services, Azure-managed Kubernetes, and Azure Container Services deployment techniques. To apply all that you’ve understood, you will build an end-to-end Azure system in scalable, decoupled tiers for an industrial bakery with three business domains. Toward the end of this Learning Path, you will build another scalable architecture using Azure Service Bus topics to send orders between decoupled business domains with scalable worker roles processing these orders.

By the end of this Learning Path, you will be comfortable in using development, deployment, and maintenance processes to build robust cloud solutions on Azure.

This Learning Path includes content from the following Packt products:

Implementing Azure Solutions - Second Edition by

Florian Klaffenbach, Oliver Michalski, Markus Klein

Learn Microsoft Azure by Mohamed Wali

Microservices with Azure by Namit Tanasseri and Rahul Rai

Who this book is for

If you are an IT system architect, network admin, or a DevOps engineer who wants to implement Azure solutions for your organization, this Learning Path is for you. Basic knowledge of the Azure Cloud platform will be beneficial.

What this book covers

Chapter 1, Getting Started with Azure Implementation, will help you understand how the basic services of Azure make up the core of an application running in Azure. We will also give the reader an idea as to how Azure influences Microsoft’s products and product strategy. We will explain the different Cloud Models and Multi Cloud strategies in conjunction with Microsoft Azure too.

Chapter 2, Azure Resource Manager and Tools,  describes the Azure Resource Manager (ARM) concept, the ARM Tools Instrumentation and how it works. We show: Working with the Azure Portal and working with Azure PowerShell.  Last, we will also describe the differences between classic deployment and ARM.

Chapter 3, Deploying and Synchronizing Azure Active Directory, will describe how to deploy Azure Active Directory, how to secure it for the next following steps and give some best practice advises when using Azure Active Directory together with other Microsoft Services like Office 365. Within the chapter we will describe how Azure Active Directory Synchronization could be implemented. We will give best practices which Synchronization method is the best for different environments. We will also explain how to secure and filter which accounts and attributes are synced.

Chapter 4, Implementing Azure Networks,in this chapter you will learn how to deploy and configure virtual networks in Azure and will get some best practice advises about working with subnets and network splitting. We will also provide an overview about routing in Azure and Network Devices in Azure.

Chapter 5, Implementing Azure Storage, in this chapter, you will get to know how to implement storage accounts in azure, the differences between accounts and give a brief overview about the different usage scenarios.

Chapter 6, Implementing Azure-Managed Kubernetes and Azure Container Service, will describe the general concept behind containers in Azure work, the need to have Kubernetes as an orchestrator, how AKS works and where Azure Managed Instances make sense, how they are created, deployed and managed.

Chapter 7, Azure Hybrid Data Center Services,  will give the reader an overview how to implement Azure Hybrid Data Center Services using Azure Stack.

Chapter 8, Azure Web Apps Basics, covers one of Azure App Service, its different types, and how to work with them.

Chapter 9, Managing Azure Web Apps, covers some of the highly available solutions for Azure Web Apps in this chapter.

Chapter 10, Basics of Azure SQL Database, explores the Azure SQL Database, its types, and how to deploy it in Azure.

Chapter 11, Managing Azure SQL Database, covers other Azure SQL Database types and explains how to provide a highly available solution for them.

Chapter 12, Microservices 2013– Getting to Know the Buzzword, lays the foundation of concepts of Microservices and explores the scenarios, where Microservices are best suited for your application.

Chapter 13, Understanding Azure Service Fabric, explains the basic concepts and architecture of Azure Service Fabric.

Chapter 14, Hands-on with Service Fabric – Guest Executables, talks about building and deploying applications as Guest Executables on a Service Fabric cluster.

Chapter 15, Hands on with Service Fabric – Reliable Services, explains the concept of Reliable Services programming model for building Microservices hosted on Service Fabric.

Chapter 16, Reliable Actors, introduces Actor programming model on Service Fabric and the ways to build and deploy actors on a Service Fabric cluster.

Chapter 17, Microservices Architecture Patterns Motivation, provides an overview of the motivation behind driving Microservices architectural patterns. The chapter also talks about the classification of the patterns that are discussed in this book.

Chapter 18, Microservices Architectural Patterns, introduces a catalog of design patterns categorized by its application. Each design pattern explains the problem and the proven solution for that problem. The pattern concludes with considerations that should be taken while applying the pattern and the use cases where the pattern can be applied.

Chapter 19, Securing and Managing Your Microservices, will guide you on securing your Microservices deployment on a Service Fabric cluster.

Chapter 20, Diagnostics and Monitoring, covers how to set up diagnostics and monitoring in your Service Fabric application. You will also learn how to use Service Fabric Explorer to monitor the cluster.

Chapter 21, Continuous Integration and Continuous Deployment, takes you through the process of deploying your Microservices application on a Service Fabric cluster using Visual Studio Team Services.

Chapter 22, Serverless Microservices, helps you understand the concept of Serverless Computing and building Microservices using Azure functions.

To get the most out of this book

A basic knowledge of virtualization, networks, web development, databases, and active directory is required to get the most out of this book.

Download the example code files

You can download the example code files for this book from your account at www.packt.com. If you purchased this book elsewhere, you can visit www.packt.com/support and register to have the files emailed directly to you.

You can download the code files by following these steps:

Log in or register at

www.packt.com

.

Select the

SUPPORT

tab.

Click on

Code Downloads & Errata

.

Enter the name of the book in the

Search

box and follow the onscreen instructions.

Once the file is downloaded, please make sure that you unzip or extract the folder using the latest version of:

WinRAR/7-Zip for Windows

Zipeg/iZip/UnRarX for Mac

7-Zip/PeaZip for Linux

The code bundle for the book is also hosted on GitHub at https://github.com/PacktPublishing/Implementing-Azure-Putting-Modern-DevOps-to-Use. In case there's an update to the code, it will be updated on the existing GitHub repository.

We also have other code bundles from our rich catalog of books and videos available at https://github.com/PacktPublishing/. Check them out!

Conventions used

There are a number of text conventions used throughout this book.

CodeInText: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "In the search bar, write storage account."

Bold: Indicates a new term, an important word, or words that you see onscreen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "If you need something different, click on the DOWNLOADS link in the header for all possible downloads:"

Get in touch

Feedback from our readers is always welcome.

General feedback: If you have questions about any aspect of this book, mention the book title in the subject of your message and email us at [email protected].

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packt.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details.

Piracy: If you come across any illegal copies of our works in any form on the Internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.

Reviews

Please leave a review. Once you have read and used this book, why not leave a review on the site that you purchased it from? Potential readers can then see and use your unbiased opinion to make purchase decisions, we at Packt can understand what you think about our products, and our authors can see your feedback on their book. Thank you!

For more information about Packt, please visit packt.com.

Getting Started with Azure Implementation

Cloud services have come a long way in the last 5 to 10 years. Cloud was and still is one of the biggest trends in Information Technology (IT), with new topics still to be discovered.

In the early 2000s, cloud computing wasn't a widely phrase, but the concept, as well as data centers with massive computing power, already existed. Later in that decade, the word cloud became a buzzword for nearly anything that was not tangible or online. But the real rise of cloud computing with all its different service models happened before, when big IT companies started their cloud offerings. That was Amazon, Google, and Microsoft in particular. As these cloud offerings developed, they enabled companies from start ups to Fortune 500s to use cloud services, from web services to virtual machines, with billing exact to the minute.

In this chapter, we'll explore the following topics:

Cloud service models

Cloud deployment models

Cloud characteristics

Multi-cloud characteristics and models

An overview of Azure services 

Technical requirements

To start with Microsoft Azure and cloud services, you need an active Azure subscription and an Azure tenant, which will be obtained with the subscription. There are different ways to order such an subscription.

The following list provides a few options: 

Microsoft MSDN subscription

Microsoft Azure free trial 

Microsoft Azure pass 

Microsoft

Enterprise Agreement

(

EA

) with Azure commitment 

Microsoft Azure cloud solution provider 

Microsoft Azure in open licensing 

Microsoft BizSpark program 

Service models

Cloud computing is a new trend model for enabling workloads that use resources from a normally huge resource pool that is operated by a cloud service provider. These resources include servers, storage, network resources, applications, services, or even functions. These can be rapidly deployed, operated, and automated with little effort and the prices are calculated on a per-minute basis. This cloud model is composed of five essential characteristics, three service models, and four deployment models.

Cloud offerings are mainly categorized into the following service models:

Infrastructure as a Service 

(

IaaS

): This describes a model where the cloud provider enables the consumer to create and configure resources from the computing layer upwards, without any need to care or know about the hardware layer. That includes virtual machines, networks, appliances, and lots of other infrastructure-related resources and services. The most popular IaaS resources in Azure contain virtual machines, virtual networks (internal and external), container services, and storage.

Platform as a Service

 (

PaaS

): This gives the consumer an environment from the operating system upwards. So, the consumer is not responsible for the underlying IaaS infrastructure. Examples are operating systems, databases, or development frameworks. Microsoft Azure contains many PaaS resources such as SQL databases, Azure app services, or cloud services.

Software as a Service

(

SaaS

): This is the model with the lowest level of control and required management. A SaaS application is reachable from multiple clients and consumers, and the owning consumer doesn't have any control over the backend, except for some application-related management tasks. Examples of SaaS applications are Office 365, Visual Studio Online, the Outlook website, OneDrive, and even the Amazon website itself is a SaaS application with Amazon as its own consumer.

A comparison of service model responsibilities is shown in the following diagram:

Deployment models

There are also a number of deployment models for cloud computing that need to be discussed. These deployment models cover nearly all common cloud computing provider scenarios. They describe the group of consumers that are able to use the services of the cloud service, rather than the institution or the underlying infrastructure:

Public cloud

: A public cloud describes a cloud computing offer that can be accessed by the public. This includes individuals as well as companies. Examples of a public cloud are Microsoft Azure and Amazon AWS.

Community cloud

: A community cloud is only accessible by a specified group. These are, for example, connected by location, an organization membership, or by reasons of compliance. Examples of a community cloud are Microsoft Azure Germany (location) or Microsoft Azure Government (organization and compliance) for US government authorities.

Private cloud

: A private cloud describes an environment/infrastructure built and operated by a single organization for internal use. These offers are specifically designed for the different units in the organization. Examples are Microsoft

Windows Azure Pack

(

WAP

) or Microsoft Azure Stack, as well as OpenStack, if they are used for internal deployments.

Hybrid cloud

: The hybrid cloud combines the private and public clouds. It is defined as a private cloud environment at the consumer's premises, as well as the public cloud infrastructure that the consumer uses. These structures are generally connected by site-to-site VPNs or

Multiprotocol Label Switching

(

MPLS

). A hybrid cloud could also exist as a combination of any other models, such as community and public clouds. Examples are Azure VMs connected to an on-premises infrastructure through Microsoft Azure ExpressRoute or site-to-site VPN.

The following diagram depicts a comparison between Azure (public cloud) and Azure Pack (private cloud):

Cloud characteristics

Microsoft Azure is one of the biggest cloud service providers worldwide, offering a wide range of services from IaaS to PaaS to SaaS. It fulfills all of the characteristics that the National Institute of Standards and Technology (NIST) describes for cloud computing. These are as follows:

On-demand self-service

: This means an automated deployment of resources that a consumer orders through an interface such as a consumer portal.

Broad network access

: Providing availability of cloud services through a standardized network interface that is, at best, accessible by several endpoint devices.

Resource pooling

: This means that the automated assignment and reassignment of diverse resources from various resource pools for individual customers is possible.

Rapid elasticity

: It is also known as rapid scaling and describes the ability to scale resources in a massive way. The automatic and fast assignment and reassignment of resources, and rapid up and down scaling of single instances, are keywords when talking about rapid elasticity. The adjustment of web server resources depending on the demand is an example of rapid elasticity.

Measured service

: All data usage for consumer resources is monitored and reported, to be available for consumers and the cloud provider. This is one of the requirements for minute-based billing.

Multi-cloud characteristics and models

When defining multi-cloud, you need first to be aware of what a cloud service is. At this stage of this book, you already had some insight into cloud computing and cloud models and characteristics. Now, you should be able to identify the cloud services you already use in your company and that you might use in the future. 

Multi-cloud means you or your company are using not only the services of one cloud provider, but different solutions from different cloud providers. That could be an example of using Microsoft Office 365 for business collaboration, Salesforce for CRM, and AWS Area 52 for GeoDNS and GeoIP, or even OpenStack or Azure Stack as your private cloud solution within your data center or co-location.

The following diagram shows a schematic definition of a person or company between multiple cloud providers:  

Why use multiple cloud providers and not only one that fits all? There are different reasons why someone chooses a multi-cloud solution. Let me explain the most common reasons in the field:

Redundancy

: You don't want to build up your environment on only one cloud provider because one can fail, as happened with AWS in the past. So, you want to keep the business running with the services of another cloud provider. That's mostly a reason when using IaaS or PaaS. Redundancy is mostly not possible with SaaS if the cloud provider does not support hybrid environments. 

The solution does not fit my needs

: Mostly when choosing a cloud solution, you see whether it fits your need. You mostly look to features such as data center location or performance. Sometimes, a cloud solution from my preferred provider does not fit those needs, so I need to choose another cloud provider with its solution. Often, you see that in Microsoft Dynamics CRM Online versus Salesforce, or your preferred provider does not offer a data center in South Africa. So, you may switch from AWS to Microsoft Azure for that reason. 

The cloud provider does not offer the service I need

: Often, cloud providers are strong in one field and less so in others. This means they don't offer the services you may want; for example, you use Salesforce and want to have a unified single sign-on solution with Facebook, Twitter, or Instagram for your marketing teams. That's a service Salesforce does not offer at the moment, which means you may want to include Microsoft Azure

Active Directory

(

AD

) in your environment to achieve your goal.

Your departments use a cloud service as shadow IT

: I have seen

 shadow IT in 

nearly every company in the last 12 years of my work experience. It means a department uses a solution outside of the IT controlled area or solution field, managing the application itself without IT knowing of it. Often, it happens that those solutions become business critical and C-level management forces IT to take over the solution and support it. In times of easily accessible cloud solutions, this issue increased dramatically. Their are mostly two reasons for shadow IT:  

IT departments aren't fast enough to deploy an appropriate on-premises solution

The user thinks, 

Okay I only need a credit card? Let's try

.

The key elements to building and performing a successful multi-cloud solution is to build a uniform solution between all of the cloud providers. Those solutions are based on a uniform Identity and Access Management (IAM), network, and application infrastructure.

Within this field, you might see two flavors of multi-cloud.

Cloud brokering

With cloud brokering, you migrate your workload depending on the price and needs from one cloud provider to another. That can be on a day-to-day or more frequent basis.

This brokering was the first intention of businesses to save money with the cloud, but in practice, brokering only works with very simple IaaS or very standardized PaaS solutions. Most of the more complex workloads, such as Microsoft Exchange, SAP, and Oracle depend on drivers and you always have different hypervisor solutions between your cloud providers. In addition to that, IaaS workloads are very costly compared with solutions built on PaaS. So, looking down and ahead the timeline, the second multi-cloud model has become more common—best of breed. 

Best of breed

 Best of breed means you choose your cloud provider and a solution that fits for your needs and business requirements, or that is the market leader in a special area, for example, artificial intelligence, Network as a Service (NaaS), collaboration software, or data center distribution. Mostly, that means you will always end up with three or more cloud providers integrated with each other. 

Microsoft Azure

When Windows Azure came online for the general public in February 2010, there were only database services, websites, and virtual machine hosting available. Over time, Microsoft constantly added features and new services to Azure, and, as there were more and more offerings for Linux and other non-Windows services, Microsoft decided in April 2014 to rename Windows Azure to Microsoft Azure. This supported Microsoft's commitment to transform itself into a services company, which means that, in order to be successful, you have to offer as many services as possible to as many clients as possible. Since then, Microsoft has constantly improved and released new services. Additionally, it constantly builds and expands data centers all over the world.

Azure services overview

Azure offers many services in its cloud computing platform. These services include the following:

The service categories, differentiated between platform services and infrastructure services.

The platform services are as follows: 

Management

: These services include the management portal, the marketplace with the services gallery, and the components to automate things in Azure.

Compute services

: Compute services are Azure cloud services that are basically PaaS offerings for developers to quickly build and deploy highly scalable applications. The service fabric and Azure RemoteApp are also in this category.

Security

: This contains all of the services that provide identity in Azure, such as Azure AD, multi-factor authentication, and the key vault, which is a safe place for your certificates.

Integration

: The integration services include interface services such as BizTalk and Azure Service Bus, but also message helpers such as storage queues.

Media and CDN

: These are basically two services. One is the CDN, which makes it possible to build your own content delivery network based on Azure. The other is media services that make it very easy to use and process different media with the help of Azure.

Web and mobile

: These include all of the services that assist in creating apps or backend services for the web and mobiles, for example, web apps and API apps.

Developer services

: These are cloud-based development tools for version control, collaboration, and other development-related tasks. The Azure SDK is a part of the developer services.

Data

: The data services contain all of the different database types that you can deploy in Azure (SQL, DocumentDB, MongoDB, Table storage, and so on) and diverse tools to configure them.

Analytics and IoT

: As the name suggests, analytics services are tools to analyze and process data. This offers a broad range of possibilities, from machine learning to stream analytics. These can, but don't have to, build on certain data services. The 

Internet of Things

(

IoT

) services include the fundamental tools needed to work with devices used for the IoT, such as the Raspberry Pi 2.

Hybrid operations

: This category sums up all of the remaining services that could not clearly be categorized. These include backup, monitoring, and disaster recovery, as well as many others.

 The infrastructure services are as follows:

Operating system and server compute

: This category consists of compute containers. It includes virtual machine containers and, additionally, container services, which are quite new to the product range.

Storage

: Storage services are the two main storage types—

BLOB

and

file storage

. They have different pricing tiers depending on the speed and latency of the storage ordered. 

Networking

: This category consists of basic networking resources. Examples are load balancer, ExpressRoute, and VPN gateways.

The important thing is to remember that we are talking about a rapidly changing and very agile cloud computing platform. After this chapter, if you have not already done so, you should start using Azure by experimenting, exploring, and implementing your solutions while reading the correlating chapters.

For testing purposes, you should use the Azure FreeTrial (https://azure.microsoft.com/en-in/offers/ms-azr-0044p/‎), Visual Studio Dev Essentials (https://www.visualstudio.com/dev-essentials/), or the included Azure amount from an MSDN subscription.

Azure basics

In the following section, we will take a look at the basic Microsoft Azure key concepts. This should provide an overview and an idea of how to use Azure.

Azure Resource Manager (ARM)

In the previous major version of Azure, a deployment backend model called Azure Service Manager (ASM) was used. With higher demand on scaling, and being more flexible and standardized, a new model called ARM was introduced and is now the standard way of using Azure.

This includes a new portal, a new way of looking at things as resources, and a standardized API that every tool, including the Azure portal, that interacts with Azure uses.

With this API and architectural changes, it's possible to use such things as ARM templates for any size of deployment. ARM templates are written in JavaScript Object Notation (JSON) and are a convenient way to define one or more resources and their relationship to another programmatically. This structure is then deployed to a resource group. With this deployment model, it's possible to define dependencies between resources, as well as being able to deploy the exact same architecture again and again. The next section will dive a little deeper into resources.

Resources

Azure resources are the key to every service offering in Azure. Resources are the smallest building blocks and represent a single technical entity, such as a VM, a network interface card, a storage account, a database, or a website. When deploying a web app, a resource called app service will be deployed along with a service plan for billing.

When deploying a virtual machine from an Azure Marketplace template, a VM resource will be created as well as a storage account resource holding the virtual hard disks, a public IP Address resource for initial access to the VM, a network interface card, and a virtual network resource.

Every resource has to be deployed to one specific resource group. A resource group can hold multiple resources, while a single resource can only exist in one resource group. Resource groups also can't contain another resource group, which leads to a single layer of containers regarding resources.

One resource group can contain all resources of a deployment or multiple resources of different deployments. There are no strong recommendations on structuring resource groups, but it's recommended to organize either the resources of one project/enrollment/deployment in separate resource groups or distribute resources based on their purpose (networking, storage, and so on) to resource groups.

Azure regions

Azure as a global cloud platform provides multiple regions to deploy resources to. One region consists of at least one highly available data center or data center complex. At the time of writing, 54 regions are distributed all over the world and include community clouds, so-called sovereign regions.

Microsoft also divides its regions into geopolitical zones, which can be found at the following URL: https://azure.microsoft.com/en-us/global-infrastructure/regions/.

These sovereign clouds where built by Microsoft to fit customer or governmental needs, such as for special compliance and/or data privacy laws. At the moment, the following sovereign clouds are available: 

Microsoft Azure US

Department of Defense

(

DoD

) 

Microsoft Azure US Government 

Microsoft Azure China 

Microsoft Cloud Germany

Microsoft Cloud Germany is also special among the sovereign clouds. Because of customer demands, Microsoft built up Microsoft Cloud Germany differently. Microsoft does not operate the cloud in Germany itself; they use a data trustee to operate the cloud for them.

Microsoft Azure staff and all Microsoft employees are not allowed to enter the data centers or lay hands on the servers or framework. Everything is operated by the trustee, starting with hardware maintenance up to updates of the framework. 

Regions can also have an impact on the performance and availability of some resources. Some services may not be, or are only partially, available in a specific region.

The costs of offered services also vary by region. For reduced latency, it's recommended to choose a region next to the physical location of the consumer. It might also be important to see which legal requirements must be met. This could, for example, result in a deployment only in EU regions, or even regions in specific countries:

A

vailable Azure regions

:

https://azure.microsoft.com/en-us/regions/

Lists all the services available in specific regions

:

https://azure.microsoft.com/en-us/regions/services/

Microsoft data center and backbone

Microsoft operates two types of following data centers:

The first type is the production data center, where Microsoft calculates all workloads of its customers and stores all the data.

The second type is the edge or delivery site. Those sites connect all Microsoft Cloud services to the internet and Microsoft's customers. Edge sites come in two stages of expansion. The smallest one allows Microsoft public direct peering through the internet. With the second stage of expansion, Microsoft allows customers and providers to establish a private connection to the Microsoft backbone using the Microsoft Azure ExpressRoute service. 

The following diagram shows a schematic of the Microsoft data center structure:

Edge and production sites are connected through the Microsoft backbone. Currently Microsoft owns and operates the second largest and fastest full meshed provider backbone of the world.. Microsoft also owns and operates own see cables such as the MAREA cable from Bilbao (Spain) to Virginia (US). 

This map shows the current Microsoft Azure backbone with the new MAREA cable:

While building its backbone, Microsoft acts differently to the other cloud providers. Microsoft builds its own dark fibre cables or leases dark fibre cables and operates the whole backbone itself. Microsoft runs a fully software-defined network and infrastructure for its backbone, using firewall appliances built for network function virtualization.

If you ever have the chance to see a server rack that connects the Microsoft backbone or represents a Microsoft Edge site, it will probably look like this:

If you want to know more about Microsoft regarding data center equipment and software defined, I highly recommend you consult open source and open compute projects. Microsoft is investing highly in these and is very open in the following projects:

Microsoft cloud servers:

Open cloud server platform

: 

https://www.opencompute.org/projects/server

ARM-based cloud server project olympus

: 

https://www.opencompute.org/wiki/Server/ProjectOlympus

Microsoft network cards for backbone and cloud services: 

Smart NIC

: 

https://www.opencompute.org/wiki/Server/Mezz

Microsoft networking and switch software

:

Project SONiC

: 

https://azure.microsoft.com/de-de/blog/sonic-the-networking-switch-software-that-powers-the-microsoft-global-cloud/

Azure portal

The Azure portal is a web application and the most straightforward way to view and manage most Azure resources. The Azure portal can also be used for identity management, to view billing information, and to create custom dashboards for often used resources to get a quick overview of some deployments.

Although it's easy to start with using and deploying services and resources, it's highly recommended to use some Azure automation technologies for larger and production environments. The Azure portal is located at https://portal.azure.com.

Azure automation

Azure automation is a service and a resource, as well as an Azure concept in the context of cloud computing.

It's very important to see automation as an essential concept when it comes to cloud computing. Automation is one of the key technologies to reduce operational costs and will also provide a consistent and replicable state. It also lays the foundation of any rapid deployment plans.

As Azure uses a lot of automation internally, Microsoft decided to make some of that technology available as a resource called automation account.

Azure automation tools

Azure provides several ways of interacting and automating things. The two main ways to interact with Azure besides the portal are Azure PowerShell and the Azure Command-Line Interface (CLI).

Both are basically just wrappers around the Azure API to enable everyone not familiar with RESTful APIs, but familiar with their specific scripting language, to use and automate Azure. The Azure PowerShell module provides cmdlet for managing Azure services and resources through the Azure API. Azure PowerShell cmdlet are used to handle account management and environment management, including creating, updating, and deleting resources. These cmdlet work completely the same on Azure, Azure Pack, and the Azure Stack, Microsoft's private cloud offerings.

Azure PowerShell is open source and maintained by Microsoft. The project is available on GitHub at the following link: https://github.com/Azure/azure-powershell. The Azure CLI is a tool that you can use to create, manage, and remove Azure resources from the command-line. The Azure CLI was created for administrators and operators that are not that experienced with Microsoft technologies, but with other server technologies, such as Unix or Linux. The Azure CLI is an open source project as well, and is available for Linux, macOS, and Windows here: https://github.com/Azure/azure-cli.

REST APIs

All Azure services, including the Azure Management Portal, provide their own REST APIs for their functionality. They can, therefore, be accessed by any application that RESTful services can process.

In order for software developers to write applications in the programming language of their choice, Microsoft offers wrapper classes for the REST APIs.

These are available as an Azure SDK for numerous programming languages (for example, .NET, Java, and Node.js) here at https://github.com/Azure.

Summary

In this chapter, we learned about cloud models and what cloud in general means. We now know how Microsoft fits into that ecosystem with its cloud services and their strategy. We also gained some very important insights into Azure and Microsoft regarding their data centers and backbone. 

Azure Resource Manager and Tools

The Azure platform consists primarily of three parts—Azure execution model, which denotes the areas where you can provide your services and applications in the cloud; Azure Building Blocks; and Azure Data Services, which refers to services that extend the platform to common capabilities and functionalities.

I could actually forgo the description of the platform, because most users only get to see these three parts, but there are still more. Many other services are working under the hood of the platform and ensure its ongoing operation. These services include, for example, Azure Traffic Manager, Azure Load Balancer, and Azure Resource Manager (ARM). All of these services can be customized using various interfaces for your personal needs.

In this chapter, I'll introduce you to ARM in detail, and we will explore the following topics:

ARM and Azure resource groups

Azure resource tags

Azure resource locks

Working with ARM templates

Creating your own ARM template

Technical requirements

For running containers in a cloud environment, no specific installations are required, as you only need the following:

A computer with an internet browser

An Azure subscription (if not available, a trial could work too, at 

https://azure.microsoft.com/en-us/free/

)

The code in this chapter can be found here:

https://github.com/PacktPublishing/Implementing-Azure-Putting-Modern-DevOps-to-Use

Understanding ARM

With the classic Azure system management, you could previously manage only one resource on the Azure platform at the same time. But what about more complex applications, as are common today? The infrastructure of today's applications typically consists of several components—a virtual machine, a storage account, a virtual network, a web app, a database, a database server, or a third-party service. To manage such complex applications, with the first preview of the Azure Management Portal 3.0, the concept of resource groups was introduced.

You now no longer see your components as separate entities, but as related and interdependent parts of a single entity. So, you will be able to manage all the resources of your application simultaneously. As an instrument for this type of management, ARM (and ARM tools) was introduced.

Enough of the preliminary remarks. Let's take a look at ARM in detail with the following diagram:

As you can see in the preceding diagram, ARM can be accessed through a variety of different technologies and interfaces. These access options include the following:

The traditional way, through the Azure portal (version 3.0 and newer)

The script-based way, through Azure PowerShell (look for PowerShell modules with the

AzureRM

prefix) or through the Azure

C

ommand-Line Interface

(

CLI

) (cross-platform CLI)

For developers, through Visual Studio

For developers, there are also SDKs available (

.NET

and some other programming languages) and, as with all Azure services, an extensive RESTful API

Let's go through the preceding diagram:

It consists of one or more Azure resource groups and one or more Azure resources. An Azure resource group is a container (a management unit), that all of the resources of your Azure solution contain. The Azure resource is any form of manageable element available through Azure (for example, a virtual machine, a virtual network, and so on).