I'm Chase and I'm going to be your Azure training architect here at ACG,
00:00:13.528 --> 00:00:16.480
a Pluralsight Company, and it's in this lesson,
00:00:16.480 --> 00:00:21.212
"Understanding Azure Resource Manager" that we're going to start off by
00:00:21.212 --> 00:00:25.550
going through some Azure cloud fundamentals that you may have already
00:00:25.550 --> 00:00:29.330
learned about but will ultimately help set the stage for the things
00:00:29.330 --> 00:00:33.081
that we're going to learn in this lesson and ultimately might provide
00:00:33.081 --> 00:00:34.660
you a nice refresher.
00:00:34.660 --> 00:00:35.800
Once we've covered that,
00:00:35.800 --> 00:00:38.860
we're going to get into describing Azure Resource Manager.
00:00:38.860 --> 00:00:39.944
And by doing this,
00:00:39.944 --> 00:00:44.252
this is going to help us understand how Azure Resource Manager is
00:00:44.252 --> 00:00:48.183
interacting with all the components of the Cloud to make all of the
00:00:48.183 --> 00:00:51.670
functionality that we have with Azure cloud possible.
00:00:51.670 --> 00:00:54.429
And then we're going to take an overview,
00:00:54.429 --> 00:00:59.319
high-level look at the Azure Cloud so we can see these components in action.
00:00:59.320 --> 00:01:02.870
And then we're going to review some key takeaways to help us
00:01:02.870 --> 00:01:06.700
prepare for later sections and for the exam.
00:01:06.700 --> 00:01:12.010
So, without further ado, let's get started by asking ourselves a question. 00:01:12.010 --> 00:01:14.530 What are clouds made of?
00:01:14.530 --> 00:01:17.020
Now, feel free to take a moment, pause the video,
00:01:17.020 --> 00:01:19.840
and think about this in terms of Azure cloud,
00:01:19.840 --> 00:01:22.930
what the smallest unit might be in the Azure cloud
00:01:22.930 --> 00:01:25.780
that makes up the cloud itself.
00:01:25.780 --> 00:01:28.780
Now, after briefly pondering this question,
00:01:28.780 --> 00:01:34.120
you may have arrived at the conclusion that Clouds are made of resources,
00:01:34.120 --> 00:01:36.160
and if you did arrive at this conclusion,
00:01:36.160 --> 00:01:37.240
you'd be correct.
00:01:37.240 --> 00:01:41.229
Resources are the smallest unit inside of the Azure cloud,
00:01:41.229 --> 00:01:45.879
and these are entities that are managed by Azure itself.
00:01:45.880 --> 00:01:48.789
Now these resources are things like our virtual machines,
00:01:48.789 --> 00:01:50.740
storage accounts, and virtual networks,
00:01:50.740 --> 00:01:56.170
and what other resources in Azure we might be utilizing for specific workloads.
00:01:56.170 --> 00:01:56.480
Now,
00:01:56.480 --> 00:02:03.970
all of these resources provide us functionality for completing certain tasks,
00:02:03.970 --> 00:02:07.288
such as compute or data storage, or networking,
00:02:07.288 --> 00:02:10.960
whatever we may need from the Azure cloud and its services.
00:02:10.960 --> 00:02:14.677
And all of these resources are going to be logically grouped into
00:02:14.677 --> 00:02:18.850
the next unit in the Azure cloud resource groups. 00:02:18.850 --> 00:02:24.224 Resource groups are ultimately a logical container for grouping all of
00:02:24.224 --> 00:02:27.370
our resources that we have running inside of Azure.
00:02:27.370 --> 00:02:30.196
Now, we can group these resources based on various things,
00:02:30.196 --> 00:02:31.570
such as lifecycle,
00:02:31.570 --> 00:02:35.300
maybe some of these resources are part of a workload that will
00:02:35.300 --> 00:02:38.050
share a common lifecycle when it is created,
00:02:38.050 --> 00:02:39.610
managed, and destroyed.
00:02:39.610 --> 00:02:42.303
Or maybe we want to group resources based on security,
00:02:42.303 --> 00:02:45.160
so we can control access based on resource groups.
00:02:45.160 --> 00:02:47.597
Or maybe we want to break it down into something
00:02:47.597 --> 00:02:50.440
different like dev environments, test environments,
00:02:50.440 --> 00:02:52.210
and maybe even production.
00:02:52.210 --> 00:02:55.788
We can use resource groups to do all of this as it's just
00:02:55.788 --> 00:02:58.420
a logical container construct for us.
00:02:58.420 --> 00:03:00.070
Now, let's take it one step higher here.
00:03:00.070 --> 00:03:04.150
Resource groups are not the top level in the hierarchy here.
00:03:04.150 --> 00:03:09.010
Resource groups are actually contained within Azure subscriptions.
00:03:09.010 --> 00:03:14.980
Now, Azure subscriptions are that boundary for our actual resources,
00:03:14.980 --> 00:03:18.629
and this is a logical construct that groups together the resource
00:03:18.629 --> 00:03:22.750
groups and any associated resources that they contain.
00:03:22.750 --> 00:03:29.440
And this is what we use for a billing unit to determine our Azure Cloud costs.
00:03:29.440 --> 00:03:34.317
Now we determine Azure Cloud costs based on all of the accumulated
00:03:34.317 --> 00:03:38.320
costs of these resources running inside of these resource groups
00:03:38.320 --> 00:03:40.930
that are contained within a subscription.
00:03:40.930 --> 00:03:46.540
And we pay our bills on a per-subscription basis depending on our billing model.
00:03:46.540 --> 00:03:48.670
For example, pay as you go.
00:03:48.670 --> 00:03:48.889
Now,
00:03:48.889 --> 00:03:54.070
these subscriptions can be used to break things up into various billing models,
00:03:54.070 --> 00:03:58.750
such as maybe a subscription for marketing or production,
00:03:58.750 --> 00:04:00.010
or maybe dev/test.
00:04:00.010 --> 00:04:02.116
We can do whatever we need to do with this logical
00:04:02.116 --> 00:04:04.000
construct to break up our billing.
00:04:04.000 --> 00:04:07.217
And these subscriptions interact with something
00:04:07.217 --> 00:04:09.520
known as the Azure Resource Manager.
00:04:09.520 --> 00:04:09.739
Now,
00:04:09.739 --> 00:04:13.004
the Azure Resource Manager is something we promised we'd
00:04:13.004 --> 00:04:15.070
describe at the beginning of this video,
00:04:15.070 --> 00:04:16.450
and we're going to do that right now.
00:04:16.450 --> 00:04:21.970
Azure Resource Manager is the top-level resource in the Azure cloud. 00:04:21.970 --> 00:04:25.139 It is simply the orchestration layer that allows us to
00:04:25.139 --> 00:04:27.430
manage resources in the Azure cloud.
00:04:27.430 --> 00:04:30.801
We can use things like the Azure portal,
00:04:30.801 --> 00:04:36.159
the Azure CLI, and the Azure PowerShell to interact with these resources.
00:04:36.159 --> 00:04:39.850
Now, this is all happening via REST API endpoints.
00:04:39.850 --> 00:04:40.170
And actually,
00:04:40.170 --> 00:04:45.040
Azure Resource Manager is not interacting with the resources themselves,
00:04:45.040 --> 00:04:45.661
but rather,
00:04:45.661 --> 00:04:49.780
it's interacting with and connecting to these resource providers
00:04:49.780 --> 00:04:52.840
that are associated to specific resources.
00:04:52.840 --> 00:04:57.130
For example, for compute resources, we may have a resource provider,
00:04:57.130 --> 00:05:02.688
and this is then forwarded from the request that we have to manage resources
00:05:02.688 --> 00:05:06.643
for Azure Resource Manager to the resource provider to perform and complete
00:05:06.643 --> 00:05:09.490
those requests on the resources themselves.
00:05:09.490 --> 00:05:13.060
Now that we've got an understanding of Azure Resource Manager,
00:05:13.060 --> 00:05:17.740
let's actually take a step back here and look at an overview of the Azure cloud,
00:05:17.740 --> 00:05:20.080
so that we can watch play-by-play,
00:05:20.080 --> 00:05:22.960
how these components interact with one another.
00:05:22.960 --> 00:05:27.863
So we know that we use some REST API endpoints like the Azure portal,
00:05:27.863 --> 00:05:32.470
Azure PowerShell, and Azure CLI, to interact with the Azure Resource Manager, 00:05:32.470 --> 00:05:36.190 and we make requests for specific operations,
00:05:36.190 --> 00:05:39.239
and then the Resource Manager forwards these requests to the
00:05:39.240 --> 00:05:43.136
appropriate resource providers depending on the resource that
00:05:43.136 --> 00:05:45.250
we're trying to perform in operation on.
00:05:45.250 --> 00:05:47.860
And then from these resource providers,
00:05:47.860 --> 00:05:51.762
the operation is actually performed on the specific
00:05:51.762 --> 00:05:56.083
resources that we have specified whenever we were making
00:05:56.083 --> 00:05:58.900
the request for a specific operation.
00:05:58.900 --> 00:06:01.390
Now at this point, you may be wondering,
00:06:01.390 --> 00:06:04.420
well, if Azure Resource Manager is a top-level resource,
00:06:04.420 --> 00:06:08.350
and it can manage resources across all subscriptions inside of Azure,
00:06:08.350 --> 00:06:11.702
what prevents someone from managing resources that
00:06:11.702 --> 00:06:13.450
don't belong to their organization?
00:06:13.450 --> 00:06:16.750
And that is a good question, and that's one we're going to answer here.
00:06:16.750 --> 00:06:23.170
Now, Azure approaches everything from a identity-centric security method,
00:06:23.170 --> 00:06:25.810
and we're using Azure AD,
00:06:25.810 --> 00:06:28.159
which is something we're going to learn about later in this course,
00:06:28.159 --> 00:06:31.420
in the "Identity" section, but to simplify it,
00:06:31.420 --> 00:06:37.210
Azure AD is our identity and access management resource inside of Azure.
00:06:37.210 --> 00:06:39.520
And it stands alone from our subscriptions.
00:06:39.520 --> 00:06:42.340
And we have what is known as a tenant.
00:06:42.340 --> 00:06:44.409
So for example, we have TenantA here,
00:06:44.409 --> 00:06:47.620
and TenantA is going to have things like users,
00:06:47.620 --> 00:06:50.721
and these users may make specific requests to manage
00:06:50.721 --> 00:06:54.281
resources via these REST API endpoints that will be
00:06:54.281 --> 00:06:55.960
forwarded to Azure Resource Manager,
00:06:55.960 --> 00:06:59.730
which then forwards the request to be completed by a resource provider,
00:06:59.730 --> 00:07:04.900
and then it is completed on the actual resources we're trying to manage.
00:07:04.900 --> 00:07:07.360
Now, if there is another tenant out there,
00:07:07.360 --> 00:07:11.302
it won't be able to do anything because it doesn't have the trust
00:07:11.302 --> 00:07:14.698
relationship that the tenant that we've established a trust
00:07:14.698 --> 00:07:16.810
relationship between our subscription does.
00:07:16.810 --> 00:07:21.387
So for example, our subscription here has a trust relationship between TenantA,
00:07:21.387 --> 00:07:24.867
and a subscription can only have a trust relationship
00:07:24.867 --> 00:07:26.530
with a single tenant at a time.
00:07:26.530 --> 00:07:30.310
However, a tenant could have a trust relationship with multiple subscriptions,
00:07:30.310 --> 00:07:33.975
and this is how we can make sure that only we have access to manage our
00:07:33.975 --> 00:07:38.140
resources across all of our subscriptions inside of the Azure cloud.
00:07:38.140 --> 00:07:39.909
Now that we've got all of that covered, 00:07:39.909 --> 00:07:42.850 let's wrap up this lesson with some key takeaways here.
00:07:42.850 --> 00:07:45.880
So one of the first exam tips that I have for you here is
00:07:45.880 --> 00:07:48.578
understanding that Azure resources, like virtual machines,
00:07:48.578 --> 00:07:50.073
storage accounts, and virtual networks,
00:07:50.073 --> 00:07:54.191
are simply just Azure-managed entities that we have that
00:07:54.191 --> 00:07:56.753
are contained inside of resource groups,
00:07:56.753 --> 00:07:57.130
right?
00:07:57.130 --> 00:08:02.288
Resources are contained in a logical grouping called a resource group.
00:08:02.288 --> 00:08:07.905
And then we have the ability to manage all of those resource groups and
00:08:07.905 --> 00:08:11.500
the resources they contain inside of a subscription,
00:08:11.500 --> 00:08:16.540
and the subscription acts as our billing entity for our accumulated cost.
00:08:16.540 --> 00:08:16.830
Then,
00:08:16.830 --> 00:08:20.599
the next takeaway here is we have to understand that we use
00:08:20.599 --> 00:08:24.756
REST API endpoints to manage all of these Azure resources
00:08:24.756 --> 00:08:27.520
through the Azure Resource Manager,
00:08:27.520 --> 00:08:30.272
which is the top-level resource as it is the
00:08:30.272 --> 00:08:32.376
management service of the Azure cloud,
00:08:32.376 --> 00:08:36.130
and it interacts with each of these resources,
00:08:36.130 --> 00:08:40.480
specific resource providers, to perform the specific operations,
00:08:40.480 --> 00:08:44.860
and we have access to manage those resources using those tenants, 00:08:44.860 --> 00:08:47.228 which is something we're going to learn more about again in