WEBVTT

00:00:07.180 --> 00:00:09.219

Hey there and welcome, Cloud Gurus.

00:00:09.220 --> 00:00:13.528

I'm Chase and I'm going to be your Azure training architect here at ACG,

00:00:13.528 --> 00:00:16.480

a Pluralsight Company, and it's in this lesson,

00:00:16.480 --> 00:00:21.212

"Understanding Azure Resource Manager" that we're going to start off by

00:00:21.212 --> 00:00:25.550

going through some Azure cloud fundamentals that you may have already

00:00:25.550 --> 00:00:29.330

learned about but will ultimately help set the stage for the things

00:00:29.330 --> 00:00:33.081

that we're going to learn in this lesson and ultimately might provide

00:00:33.081 --> 00:00:34.660

you a nice refresher.

00:00:34.660 --> 00:00:35.800

Once we've covered that,

00:00:35.800 --> 00:00:38.860

we're going to get into describing Azure Resource Manager.

00:00:38.860 --> 00:00:39.944

And by doing this,

00:00:39.944 --> 00:00:44.252

this is going to help us understand how Azure Resource Manager is

00:00:44.252 --> 00:00:48.183

interacting with all the components of the Cloud to make all of the

00:00:48.183 --> 00:00:51.670

functionality that we have with Azure cloud possible.

00:00:51.670 --> 00:00:54.429

And then we're going to take an overview,

00:00:54.429 --> 00:00:59.319

high-level look at the Azure Cloud so we can see these components in action.

00:00:59.320 --> 00:01:02.870

And then we're going to review some key takeaways to help us

00:01:02.870 --> 00:01:06.700

prepare for later sections and for the exam.

00:01:06.700 --> 00:01:12.010

So, without further ado, let's get started by asking ourselves a question.
00:01:12.010 --> 00:01:14.530
What are clouds made of?

00:01:14.530 --> 00:01:17.020

Now, feel free to take a moment, pause the video,

00:01:17.020 --> 00:01:19.840

and think about this in terms of Azure cloud,

00:01:19.840 --> 00:01:22.930

what the smallest unit might be in the Azure cloud

00:01:22.930 --> 00:01:25.780

that makes up the cloud itself.

00:01:25.780 --> 00:01:28.780

Now, after briefly pondering this question,

00:01:28.780 --> 00:01:34.120

you may have arrived at the conclusion that Clouds are made of resources,

00:01:34.120 --> 00:01:36.160

and if you did arrive at this conclusion,

00:01:36.160 --> 00:01:37.240

you'd be correct.

00:01:37.240 --> 00:01:41.229

Resources are the smallest unit inside of the Azure cloud,

00:01:41.229 --> 00:01:45.879

and these are entities that are managed by Azure itself.

00:01:45.880 --> 00:01:48.789

Now these resources are things like our virtual machines,

00:01:48.789 --> 00:01:50.740

storage accounts, and virtual networks,

00:01:50.740 --> 00:01:56.170

and what other resources in Azure we might be utilizing for specific workloads.

00:01:56.170 --> 00:01:56.480

Now,

00:01:56.480 --> 00:02:03.970

all of these resources provide us functionality for completing certain tasks,

00:02:03.970 --> 00:02:07.288

such as compute or data storage, or networking,

00:02:07.288 --> 00:02:10.960

whatever we may need from the Azure cloud and its services.

00:02:10.960 --> 00:02:14.677

And all of these resources are going to be logically grouped into

00:02:14.677 --> 00:02:18.850

the next unit in the Azure cloud resource groups.
00:02:18.850 --> 00:02:24.224
Resource groups are ultimately a logical container for grouping all of

00:02:24.224 --> 00:02:27.370

our resources that we have running inside of Azure.

00:02:27.370 --> 00:02:30.196

Now, we can group these resources based on various things,

00:02:30.196 --> 00:02:31.570

such as lifecycle,

00:02:31.570 --> 00:02:35.300

maybe some of these resources are part of a workload that will

00:02:35.300 --> 00:02:38.050

share a common lifecycle when it is created,

00:02:38.050 --> 00:02:39.610

managed, and destroyed.

00:02:39.610 --> 00:02:42.303

Or maybe we want to group resources based on security,

00:02:42.303 --> 00:02:45.160

so we can control access based on resource groups.

00:02:45.160 --> 00:02:47.597

Or maybe we want to break it down into something

00:02:47.597 --> 00:02:50.440

different like dev environments, test environments,

00:02:50.440 --> 00:02:52.210

and maybe even production.

00:02:52.210 --> 00:02:55.788

We can use resource groups to do all of this as it's just

00:02:55.788 --> 00:02:58.420

a logical container construct for us.

00:02:58.420 --> 00:03:00.070

Now, let's take it one step higher here.

00:03:00.070 --> 00:03:04.150

Resource groups are not the top level in the hierarchy here.

00:03:04.150 --> 00:03:09.010

Resource groups are actually contained within Azure subscriptions.

00:03:09.010 --> 00:03:14.980

Now, Azure subscriptions are that boundary for our actual resources,

00:03:14.980 --> 00:03:18.629

and this is a logical construct that groups together the resource

00:03:18.629 --> 00:03:22.750

groups and any associated resources that they contain.

00:03:22.750 --> 00:03:29.440

And this is what we use for a billing unit to determine our Azure Cloud costs.

00:03:29.440 --> 00:03:34.317

Now we determine Azure Cloud costs based on all of the accumulated

00:03:34.317 --> 00:03:38.320

costs of these resources running inside of these resource groups

00:03:38.320 --> 00:03:40.930

that are contained within a subscription.

00:03:40.930 --> 00:03:46.540

And we pay our bills on a per-subscription basis depending on our billing model.

00:03:46.540 --> 00:03:48.670

For example, pay as you go.

00:03:48.670 --> 00:03:48.889

Now,

00:03:48.889 --> 00:03:54.070

these subscriptions can be used to break things up into various billing models,

00:03:54.070 --> 00:03:58.750

such as maybe a subscription for marketing or production,

00:03:58.750 --> 00:04:00.010

or maybe dev/test.

00:04:00.010 --> 00:04:02.116

We can do whatever we need to do with this logical

00:04:02.116 --> 00:04:04.000

construct to break up our billing.

00:04:04.000 --> 00:04:07.217

And these subscriptions interact with something

00:04:07.217 --> 00:04:09.520

known as the Azure Resource Manager.

00:04:09.520 --> 00:04:09.739

Now,

00:04:09.739 --> 00:04:13.004

the Azure Resource Manager is something we promised we'd

00:04:13.004 --> 00:04:15.070

describe at the beginning of this video,

00:04:15.070 --> 00:04:16.450

and we're going to do that right now.

00:04:16.450 --> 00:04:21.970

Azure Resource Manager is the top-level resource in the Azure cloud.
00:04:21.970 --> 00:04:25.139
It is simply the orchestration layer that allows us to

00:04:25.139 --> 00:04:27.430

manage resources in the Azure cloud.

00:04:27.430 --> 00:04:30.801

We can use things like the Azure portal,

00:04:30.801 --> 00:04:36.159

the Azure CLI, and the Azure PowerShell to interact with these resources.

00:04:36.159 --> 00:04:39.850

Now, this is all happening via REST API endpoints.

00:04:39.850 --> 00:04:40.170

And actually,

00:04:40.170 --> 00:04:45.040

Azure Resource Manager is not interacting with the resources themselves,

00:04:45.040 --> 00:04:45.661

but rather,

00:04:45.661 --> 00:04:49.780

it's interacting with and connecting to these resource providers

00:04:49.780 --> 00:04:52.840

that are associated to specific resources.

00:04:52.840 --> 00:04:57.130

For example, for compute resources, we may have a resource provider,

00:04:57.130 --> 00:05:02.688

and this is then forwarded from the request that we have to manage resources

00:05:02.688 --> 00:05:06.643

for Azure Resource Manager to the resource provider to perform and complete

00:05:06.643 --> 00:05:09.490

those requests on the resources themselves.

00:05:09.490 --> 00:05:13.060

Now that we've got an understanding of Azure Resource Manager,

00:05:13.060 --> 00:05:17.740

let's actually take a step back here and look at an overview of the Azure cloud,

00:05:17.740 --> 00:05:20.080

so that we can watch play-by-play,

00:05:20.080 --> 00:05:22.960

how these components interact with one another.

00:05:22.960 --> 00:05:27.863

So we know that we use some REST API endpoints like the Azure portal,

00:05:27.863 --> 00:05:32.470

Azure PowerShell, and Azure CLI, to interact with the Azure Resource Manager,
00:05:32.470 --> 00:05:36.190
and we make requests for specific operations,

00:05:36.190 --> 00:05:39.239

and then the Resource Manager forwards these requests to the

00:05:39.240 --> 00:05:43.136

appropriate resource providers depending on the resource that

00:05:43.136 --> 00:05:45.250

we're trying to perform in operation on.

00:05:45.250 --> 00:05:47.860

And then from these resource providers,

00:05:47.860 --> 00:05:51.762

the operation is actually performed on the specific

00:05:51.762 --> 00:05:56.083

resources that we have specified whenever we were making

00:05:56.083 --> 00:05:58.900

the request for a specific operation.

00:05:58.900 --> 00:06:01.390

Now at this point, you may be wondering,

00:06:01.390 --> 00:06:04.420

well, if Azure Resource Manager is a top-level resource,

00:06:04.420 --> 00:06:08.350

and it can manage resources across all subscriptions inside of Azure,

00:06:08.350 --> 00:06:11.702

what prevents someone from managing resources that

00:06:11.702 --> 00:06:13.450

don't belong to their organization?

00:06:13.450 --> 00:06:16.750

And that is a good question, and that's one we're going to answer here.

00:06:16.750 --> 00:06:23.170

Now, Azure approaches everything from a identity-centric security method,

00:06:23.170 --> 00:06:25.810

and we're using Azure AD,

00:06:25.810 --> 00:06:28.159

which is something we're going to learn about later in this course,

00:06:28.159 --> 00:06:31.420

in the "Identity" section, but to simplify it,

00:06:31.420 --> 00:06:37.210

Azure AD is our identity and access management resource inside of Azure.

00:06:37.210 --> 00:06:39.520

And it stands alone from our subscriptions.

00:06:39.520 --> 00:06:42.340

And we have what is known as a tenant.

00:06:42.340 --> 00:06:44.409

So for example, we have TenantA here,

00:06:44.409 --> 00:06:47.620

and TenantA is going to have things like users,

00:06:47.620 --> 00:06:50.721

and these users may make specific requests to manage

00:06:50.721 --> 00:06:54.281

resources via these REST API endpoints that will be

00:06:54.281 --> 00:06:55.960

forwarded to Azure Resource Manager,

00:06:55.960 --> 00:06:59.730

which then forwards the request to be completed by a resource provider,

00:06:59.730 --> 00:07:04.900

and then it is completed on the actual resources we're trying to manage.

00:07:04.900 --> 00:07:07.360

Now, if there is another tenant out there,

00:07:07.360 --> 00:07:11.302

it won't be able to do anything because it doesn't have the trust

00:07:11.302 --> 00:07:14.698

relationship that the tenant that we've established a trust

00:07:14.698 --> 00:07:16.810

relationship between our subscription does.

00:07:16.810 --> 00:07:21.387

So for example, our subscription here has a trust relationship between TenantA,

00:07:21.387 --> 00:07:24.867

and a subscription can only have a trust relationship

00:07:24.867 --> 00:07:26.530

with a single tenant at a time.

00:07:26.530 --> 00:07:30.310

However, a tenant could have a trust relationship with multiple subscriptions,

00:07:30.310 --> 00:07:33.975

and this is how we can make sure that only we have access to manage our

00:07:33.975 --> 00:07:38.140

resources across all of our subscriptions inside of the Azure cloud.

00:07:38.140 --> 00:07:39.909

Now that we've got all of that covered,
00:07:39.909 --> 00:07:42.850
let's wrap up this lesson with some key takeaways here.

00:07:42.850 --> 00:07:45.880

So one of the first exam tips that I have for you here is

00:07:45.880 --> 00:07:48.578

understanding that Azure resources, like virtual machines,

00:07:48.578 --> 00:07:50.073

storage accounts, and virtual networks,

00:07:50.073 --> 00:07:54.191

are simply just Azure-managed entities that we have that

00:07:54.191 --> 00:07:56.753

are contained inside of resource groups,

00:07:56.753 --> 00:07:57.130

right?

00:07:57.130 --> 00:08:02.288

Resources are contained in a logical grouping called a resource group.

00:08:02.288 --> 00:08:07.905

And then we have the ability to manage all of those resource groups and

00:08:07.905 --> 00:08:11.500

the resources they contain inside of a subscription,

00:08:11.500 --> 00:08:16.540

and the subscription acts as our billing entity for our accumulated cost.

00:08:16.540 --> 00:08:16.830

Then,

00:08:16.830 --> 00:08:20.599

the next takeaway here is we have to understand that we use

00:08:20.599 --> 00:08:24.756

REST API endpoints to manage all of these Azure resources

00:08:24.756 --> 00:08:27.520

through the Azure Resource Manager,

00:08:27.520 --> 00:08:30.272

which is the top-level resource as it is the

00:08:30.272 --> 00:08:32.376

management service of the Azure cloud,

00:08:32.376 --> 00:08:36.130

and it interacts with each of these resources,

00:08:36.130 --> 00:08:40.480

specific resource providers, to perform the specific operations,

00:08:40.480 --> 00:08:44.860

and we have access to manage those resources using those tenants,
00:08:44.860 --> 00:08:47.228
which is something we're going to learn more about again in

00:08:47.228 --> 00:08:49.120

the "Identity" section of this course.

00:08:49.120 --> 00:08:51.190

All right, Gurus, that concludes this lesson.

00:08:51.190 --> 00:08:53.710

Thanks so much for joining me in this lesson,

00:08:53.710 --> 00:08:56.073

and I look forward to seeing you in the next one.