automating your azure environment
TRANSCRIPT
![Page 1: Automating Your Azure Environment](https://reader036.vdocument.in/reader036/viewer/2022081515/5875f67a1a28ab006e8b6521/html5/thumbnails/1.jpg)
Automating Your Azure Environment
Michael S. CollierCloud Solution Architect,
Microsoft
Level: Intermediate
![Page 2: Automating Your Azure Environment](https://reader036.vdocument.in/reader036/viewer/2022081515/5875f67a1a28ab006e8b6521/html5/thumbnails/2.jpg)
Michael S. CollierCloud Solution ArchitectMicrosoft
@MichaelCollierwww.MichaelSCollier.comhttp://aka.ms/csablog
![Page 3: Automating Your Azure Environment](https://reader036.vdocument.in/reader036/viewer/2022081515/5875f67a1a28ab006e8b6521/html5/thumbnails/3.jpg)
http://aka.ms/fundamentalsofazure
![Page 4: Automating Your Azure Environment](https://reader036.vdocument.in/reader036/viewer/2022081515/5875f67a1a28ab006e8b6521/html5/thumbnails/4.jpg)
Today’s Agenda1. Why Automation in Azure?
2. Azure Management Library
3. Azure PowerShella) Azure Service Managementb) Azure Resource Manager
4. Azure Automation
![Page 5: Automating Your Azure Environment](https://reader036.vdocument.in/reader036/viewer/2022081515/5875f67a1a28ab006e8b6521/html5/thumbnails/5.jpg)
Why Automate in Azure?
![Page 6: Automating Your Azure Environment](https://reader036.vdocument.in/reader036/viewer/2022081515/5875f67a1a28ab006e8b6521/html5/thumbnails/6.jpg)
Why Automation?• Time to provision full environments
– Compute, storage, etc.
• Deployment to multiple geographies– Change only configuration / parameters
![Page 7: Automating Your Azure Environment](https://reader036.vdocument.in/reader036/viewer/2022081515/5875f67a1a28ab006e8b6521/html5/thumbnails/7.jpg)
Why Automation?#1 source of failed projects (IMO)
Humans TERRIBLE at repetitive tasks
![Page 8: Automating Your Azure Environment](https://reader036.vdocument.in/reader036/viewer/2022081515/5875f67a1a28ab006e8b6521/html5/thumbnails/8.jpg)
A Few Options
REST API• Service
Management• Resource
Manager
![Page 9: Automating Your Azure Environment](https://reader036.vdocument.in/reader036/viewer/2022081515/5875f67a1a28ab006e8b6521/html5/thumbnails/9.jpg)
A Few Options
REST API• Service
Management• Resource
Manager
Azure Management Library
![Page 10: Automating Your Azure Environment](https://reader036.vdocument.in/reader036/viewer/2022081515/5875f67a1a28ab006e8b6521/html5/thumbnails/10.jpg)
A Few Options
REST API• Service
Management• Resource Manager
Azure Management Library
PowerShell• Invoke REST• Service
Management• Resource Manager
![Page 11: Automating Your Azure Environment](https://reader036.vdocument.in/reader036/viewer/2022081515/5875f67a1a28ab006e8b6521/html5/thumbnails/11.jpg)
A Few Options
REST API• Service
Management• Resource Manager
Azure Management Library
PowerShell• Invoke REST• Service
Management• Resource Manager
XPlat CLI• ??
![Page 12: Automating Your Azure Environment](https://reader036.vdocument.in/reader036/viewer/2022081515/5875f67a1a28ab006e8b6521/html5/thumbnails/12.jpg)
A Few Options
REST API• Service
Management• Resource Manager
Azure Management Library
PowerShell• Invoke REST• Service
Management• Resource Manager
XPlat CLI• ??
Azure Automation
![Page 13: Automating Your Azure Environment](https://reader036.vdocument.in/reader036/viewer/2022081515/5875f67a1a28ab006e8b6521/html5/thumbnails/13.jpg)
A Few Options
REST API• Service
Management• Resource Manager
Azure Management Library
PowerShell• Invoke REST• Service
Management• Resource Manager
XPlat CLI• ??
Azure Automation
![Page 14: Automating Your Azure Environment](https://reader036.vdocument.in/reader036/viewer/2022081515/5875f67a1a28ab006e8b6521/html5/thumbnails/14.jpg)
Azure Management Library
![Page 15: Automating Your Azure Environment](https://reader036.vdocument.in/reader036/viewer/2022081515/5875f67a1a28ab006e8b6521/html5/thumbnails/15.jpg)
Azure Management Library• Consistent modern libraries over the Azure
REST API– NET, Java, Python, Go, & Ruby
Source: http://www.BradyGaster.com
![Page 16: Automating Your Azure Environment](https://reader036.vdocument.in/reader036/viewer/2022081515/5875f67a1a28ab006e8b6521/html5/thumbnails/16.jpg)
Azure Management Library
Source: http://www.BradyGaster.com
Source: http://www.BradyGaster.com
![Page 17: Automating Your Azure Environment](https://reader036.vdocument.in/reader036/viewer/2022081515/5875f67a1a28ab006e8b6521/html5/thumbnails/17.jpg)
Azure Management Library• Scenarios
– Integration Testing– Custom provisioning of services (SaaS)– Dev/Test– Resource Governance
• Almost anything you may want to automate
![Page 18: Automating Your Azure Environment](https://reader036.vdocument.in/reader036/viewer/2022081515/5875f67a1a28ab006e8b6521/html5/thumbnails/18.jpg)
Azure Management Library• Microsoft.WindowsAzure.*
– Older RDFE version– Not recommended
• Microsoft.Azure.*– Based on new Azure Resource Manager (ARM)– Recommended
![Page 19: Automating Your Azure Environment](https://reader036.vdocument.in/reader036/viewer/2022081515/5875f67a1a28ab006e8b6521/html5/thumbnails/19.jpg)
Azure Management Library• Get all or
just the ones you need
![Page 20: Automating Your Azure Environment](https://reader036.vdocument.in/reader036/viewer/2022081515/5875f67a1a28ab006e8b6521/html5/thumbnails/20.jpg)
Authentication• Azure Active Directory
• Create a service principal– Password (PowerShell or CLI)– Certificate (PowerShell)
• Assign necessary ROLE to the service principal
![Page 21: Automating Your Azure Environment](https://reader036.vdocument.in/reader036/viewer/2022081515/5875f67a1a28ab006e8b6521/html5/thumbnails/21.jpg)
Create the Service PrincipalSwitch-AzureMode AzureResourceManager
Select-AzureSubscription -SubscriptionName “My MSDN Azure”
$appName = "VSLiveNYC2015"$appHomePage = "http://localhost"$appUri = "http://localhost"$pwd = "test!123"
# Create a new Azure AD application$azureAdApp = New-AzureADApplication -DisplayName $appName -HomePage $appHomePage -IdentifierUris $appUri -Password $pwd -Verbose
# Create a service principalNew-AzureADServicePrincipal -ApplicationId $azureAdApp.ApplicationId
# Assign a role to the service principalNew-AzureRoleAssignment -RoleDefinitionName Contributor -ServicePrincipalName $azureAdApp.ApplicationId
# Get the subscription for the role assignment$subscription = Get-AzureSubscription | where { $_.IsCurrent }
# Create a new credential object to contain the credentials$creds = Get-Credential -UserName $azureAdApp.ApplicationId -Message "enter your creds"
Add-AzureAccount -Credential $creds -ServicePrincipal -Tenant $subscription.TenantId
Get this at http://aka.ms/uognfb
![Page 22: Automating Your Azure Environment](https://reader036.vdocument.in/reader036/viewer/2022081515/5875f67a1a28ab006e8b6521/html5/thumbnails/22.jpg)
Get the Authentication Token
private const string SubscriptionId = “[YOUR_AZURE_SUBSCRIPTION_ID]";private const string TenantId = “[YOUR_AZURE_AD_TENANT_ID]";private const string ApplicationId = “[YOUR_NEWLY_REGISTERED_APP_id]";private const string ApplicationPwd = "test!123";
public static string GetAToken(){ var authenticationContext = new AuthenticationContext(string.Format("https://login.windows.net/{0}", TenantId)); var credential = new ClientCredential(clientId: ApplicationId, clientSecret: ApplicationPwd); var result = authenticationContext.AcquireToken(resource: "https://management.core.windows.net/", clientCredential: credential);
if (result == null) { throw new InvalidOperationException("Failed to obtain the JWT token"); }
string token = result.AccessToken; return token;}
Get this at http://aka.ms/uognfb
![Page 23: Automating Your Azure Environment](https://reader036.vdocument.in/reader036/viewer/2022081515/5875f67a1a28ab006e8b6521/html5/thumbnails/23.jpg)
DemoAuthenticate and Browse
![Page 24: Automating Your Azure Environment](https://reader036.vdocument.in/reader036/viewer/2022081515/5875f67a1a28ab006e8b6521/html5/thumbnails/24.jpg)
Demo Recap1. Create a Service Principal in Azure AD2. Get the JWT authentication token3. Create a credential object with token and
subscription4. Create a resource client5. Execute actions against the client
![Page 25: Automating Your Azure Environment](https://reader036.vdocument.in/reader036/viewer/2022081515/5875f67a1a28ab006e8b6521/html5/thumbnails/25.jpg)
PowerShell Cmdlets• Get the goods
http://azure.microsoft.com/en-us/downloads/ https://github.com/Azure/azure-powershell/releases
![Page 26: Automating Your Azure Environment](https://reader036.vdocument.in/reader036/viewer/2022081515/5875f67a1a28ab006e8b6521/html5/thumbnails/26.jpg)
PowerShell• Use cmdlets and/or REST APIs• Ability to script complex environments
– Template with an XML parameters file– PowerShell learning curve– Your responsibility to handle errors & ensure
consistency• Consistent Deployments
– Build server or developer machine
![Page 27: Automating Your Azure Environment](https://reader036.vdocument.in/reader036/viewer/2022081515/5875f67a1a28ab006e8b6521/html5/thumbnails/27.jpg)
Authentication Options• Interactive
– Azure ADPS C:\> Add-AzureAccount
* Tip – Profile data stored in C:\Users\<user>\AppData\Roaming\Windows Azure Powershell
![Page 28: Automating Your Azure Environment](https://reader036.vdocument.in/reader036/viewer/2022081515/5875f67a1a28ab006e8b6521/html5/thumbnails/28.jpg)
Authentication Options• Interactive
– Azure ADPS C:\> Add-AzureAccountVERBOSE: Account "[email protected]" has been added.VERBOSE: Subscription "MSFT Azure Internal - Collier" is selected as the default subscription.VERBOSE: To view all the subscriptions, please use Get-AzureSubscription.VERBOSE: To switch to a different subscription, please use Select-AzureSubscription.
Id Type Subscriptions Tenants-- ---- ------------- [email protected] User 0bbbc191-0023-aaaa-yyyy-xxxxxxxxxxxx 9b6b07ee-3eb1-aaaa-yyyy-xxxxxxxxxxxx 278b93db-29ab-aaaa-yyyy-xxxxxxxxxxxx 715f4ed0-544a-aaaa-yyyy-xxxxxxxxxxxx 3acf171d-3d34-aaaa-yyyy-xxxxxxxxxxxx 72f988bf-86f1-aaaa-yyyy-xxxxxxxxxxxx c68d7703-d6ed-aaaa-yyyy-xxxxxxxxxxxx 20acfbf0-4318-aaaa-yyyy-xxxxxxxxxxxx 57c8cb4e-3ce2-aaaa-yyyy-xxxxxxxxxxxx a28aed54-1dc8-aaaa-yyyy-xxxxxxxxxxxx b5fb8dfb-3e0b-aaaa-yyyy-xxxxxxxxxxxx 362755da-bfb2-aaaa-yyyy-xxxxxxxxxxxx 9a94b816-e790-aaaa-yyyy-xxxxxxxxxxxx 7805bdb6-17da-aaaa-yyyy-xxxxxxxxxxxx cd978409-0ac9-aaaa-yyyy-xxxxxxxxxxxx
* Tip – Profile data stored in C:\Users\<user>\AppData\Roaming\Windows Azure Powershell
![Page 29: Automating Your Azure Environment](https://reader036.vdocument.in/reader036/viewer/2022081515/5875f67a1a28ab006e8b6521/html5/thumbnails/29.jpg)
Authentication Options• Programmatic
– Management certificate– New –credentials option
$userName = "<your work/school account user name>"
$securePassword = ConvertTo-SecureString -String "<your work/school account password>" -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential($userName, $securePassword)
Add-AzureAccount -Credential $cred
http://azure.microsoft.com/en-us/documentation/articles/install-configure-powershell/
![Page 30: Automating Your Azure Environment](https://reader036.vdocument.in/reader036/viewer/2022081515/5875f67a1a28ab006e8b6521/html5/thumbnails/30.jpg)
DemoCreate a VM with Custom Script ExtensionDeploy a Cloud Service
![Page 31: Automating Your Azure Environment](https://reader036.vdocument.in/reader036/viewer/2022081515/5875f67a1a28ab006e8b6521/html5/thumbnails/31.jpg)
Demo Recap1. Authenticate PowerShell with Azure2. Upload to blob storage a .ps1 script to format
drives3. Provision new Azure VM via PowerShell.
a) Custom script extension to format data disks
4. Create Cloud Service (web role) project5. PowerShell script to upload and deploy
![Page 32: Automating Your Azure Environment](https://reader036.vdocument.in/reader036/viewer/2022081515/5875f67a1a28ab006e8b6521/html5/thumbnails/32.jpg)
Azure Resource ManagerWhat is Azure Resource Manager?
Resource Group
Unit of Management• Lifecycle• Identity• Grouping
One Resource -> One Resource Group
![Page 33: Automating Your Azure Environment](https://reader036.vdocument.in/reader036/viewer/2022081515/5875f67a1a28ab006e8b6521/html5/thumbnails/33.jpg)
ARM BenefitsDesired-state deployment
Faster deployment
Role-based access control (RBAC)
Resource-provider model
Orchestration
Resource configuration
SQL - A Website VirtualMachines
SQL-AWebsite[SQL CONFIG] VM (2x)
DEPENDS ON SQLDEPENDS ON SQL
SQLCONFIG
Image source - http://channel9.msdn.com/Events/Build/2014/2-607
![Page 34: Automating Your Azure Environment](https://reader036.vdocument.in/reader036/viewer/2022081515/5875f67a1a28ab006e8b6521/html5/thumbnails/34.jpg)
Cache
Consistent Management Layer
Azure Resource Manager
Website VM SQL DB
Resource Provider
…..
Provider Contract
https://management.azure.com/subscriptions/{{subscriptionId}}/providers?api-version={{apiVersion}}
Tools
?
REST API
![Page 35: Automating Your Azure Environment](https://reader036.vdocument.in/reader036/viewer/2022081515/5875f67a1a28ab006e8b6521/html5/thumbnails/35.jpg)
ARM FunctionsARM Templates supports small set of built-in functions
parameters, variablesreference, resourceGroup, resourceIdbase64, concat, padLeft, padLeft, replace, toLower, toUpperdeployment, provider, subscriptionlistKeys
Not supportedUser-defined functionsControl constructs – if, while, etc.
![Page 36: Automating Your Azure Environment](https://reader036.vdocument.in/reader036/viewer/2022081515/5875f67a1a28ab006e8b6521/html5/thumbnails/36.jpg)
Loops and Nested TemplatesLoops
Provide basic copy capabilityUseful in cloning resource configurationFor example, deploying multiple VMs
Nested TemplatesOne template can invoke anotherSimplifies creation of sophisticated templatesSupports parametersSupports output variables
![Page 37: Automating Your Azure Environment](https://reader036.vdocument.in/reader036/viewer/2022081515/5875f67a1a28ab006e8b6521/html5/thumbnails/37.jpg)
ARM Deployment LogsLogs
ProviderResource groupResource
AvailabilityKept for 15 daysDefault is last hour (PowerShell)Filter by Status e.g., Failed
PowerShellGet-AzureResourceProviderLogGet-AzureResourceGroupLogGet-AzureResourceLog
![Page 38: Automating Your Azure Environment](https://reader036.vdocument.in/reader036/viewer/2022081515/5875f67a1a28ab006e8b6521/html5/thumbnails/38.jpg)
DemoCreate a new Azure Web App + SQL DB
![Page 39: Automating Your Azure Environment](https://reader036.vdocument.in/reader036/viewer/2022081515/5875f67a1a28ab006e8b6521/html5/thumbnails/39.jpg)
Demo Recap1. Get latest Azure SDK for Visual Studio2. Create new ‘Azure Resource Group’ project3. Add Web App + SQL template4. Provide parameters5. Deploy via PowerShell
![Page 40: Automating Your Azure Environment](https://reader036.vdocument.in/reader036/viewer/2022081515/5875f67a1a28ab006e8b6521/html5/thumbnails/40.jpg)
What is Azure Automation?• IT process automation solution for Azure
– Creation, monitoring, deployment, & maintenance
– Runbooks & Assets– Leverage existing PowerShell scripts
![Page 41: Automating Your Azure Environment](https://reader036.vdocument.in/reader036/viewer/2022081515/5875f67a1a28ab006e8b6521/html5/thumbnails/41.jpg)
Runbook Types• PowerShell Workflow
– Windows Workflow Foundation• Checkpoint, suspend, & resume
– Parallel or serial execution– Compilation (time increases as complexity increases)
• PowerShell (native)– No checkpoint, suspend, or resume– Serial execution only– No compile step! Fast!
![Page 42: Automating Your Azure Environment](https://reader036.vdocument.in/reader036/viewer/2022081515/5875f67a1a28ab006e8b6521/html5/thumbnails/42.jpg)
DemoStop VMs nightly
![Page 43: Automating Your Azure Environment](https://reader036.vdocument.in/reader036/viewer/2022081515/5875f67a1a28ab006e8b6521/html5/thumbnails/43.jpg)
Demo Recap1. Create Azure Automation account
a) Create an AAD user for Azure Automationb) Create an Azure Connection Asset
2. Create Runbook to Stop VMs1. Connect to Azure subscription2. Iterate over all services and VMs
3. Test Runbook4. Publish Runbook5. Link Runbook to a Schedule
![Page 44: Automating Your Azure Environment](https://reader036.vdocument.in/reader036/viewer/2022081515/5875f67a1a28ab006e8b6521/html5/thumbnails/44.jpg)
Choices . . . When to UseMAML
• PCL (WinPhone/WinStore)• Higher level languages
PowerShell
• DevOps• Templates• Build Servers• Quicker than portal
Azure Automation
• Schedule Tasks• Integrate with Other Services• System Center scripts
Azure Resource Manager
• Future for Azure API• New, well-defined topology• Unable to export from cloud
![Page 45: Automating Your Azure Environment](https://reader036.vdocument.in/reader036/viewer/2022081515/5875f67a1a28ab006e8b6521/html5/thumbnails/45.jpg)
Resources• Azure Resource Manager Preview SDKs
– https://azure.microsoft.com/en-us/blog/azure-resource-manager-preview-sdks/
• Authenticating a service principal with Azure Resource Manager– https://azure.microsoft.com/en-us/documentation/articles/resource-group-authenticate-
service-principal/
• Keith Mayer’s blog posts on Azure Automation– http://
blogs.technet.com/b/keithmayer/archive/2014/04/04/step-by-step-getting-started-with-windows-azure-automation.aspx
![Page 46: Automating Your Azure Environment](https://reader036.vdocument.in/reader036/viewer/2022081515/5875f67a1a28ab006e8b6521/html5/thumbnails/46.jpg)
Questions?
![Page 47: Automating Your Azure Environment](https://reader036.vdocument.in/reader036/viewer/2022081515/5875f67a1a28ab006e8b6521/html5/thumbnails/47.jpg)
Thank You!
Michael S. Collier@MichaelCollier | www.michaelscollier.com