- Overview of Azure Management Tools
So far in this course, the Azure Portal So the Azure Portal is a website. You have to log in; it’s secure, and then you get access to whatever you have permission to. You may be the owner of the subscription; you may only have read it; you may only write about it; or you may have something in between. But there are other ways to manage those resources. If you’re in DevOps and you like to write scripts, does Microsoft support PowerShell and CLI as scripting languages? And so, if you come from a Windows background or a Linux background, you have both of those options available for writing scripts.
That means that to create the functions and the logic apps and the VMs that we’ve done so far in this course, you could do it all in a script and you would never even need to log into the Azure Portal. Now, Azure also has a couple of other helper apps. One is called the cloud shell. So if you don’t want to install PowerShell or CLI on your computer and the SDKs for those, you can do all of your scripting right within the browser. I’m going to demo that in a second. And the last helpful thing we’re going to talk about is the mobile app. So the mobile app is basically what it sounds like: an app that you can download to your Android or iOS device and use to monitor the health and status of the resources. It’s not fully functional. You’re not making new virtual machines in the mobile app. But if you are the administrator for a large site and you need to know something is happening, I want to be able to restart a VM while you’re at the cafeteria for lunch. You can open up the app and check on the status of these resources. You can stop, restart servers, and execute commands.
And so the mobile app does have a place in your arsenal. Now I’m going to switch over to the Azure Portal once again to show you the Cloud Shell. Now the Cloud Shell is accessible through the top menu. So as we look at the blue bar across the top, there is a box with a greater-than symbol and underscore, and that represents the cloud shell. and I’m going to click it. Now, basically, a little frame opens up, and it starts off connecting to a terminal. Now, if you’ve never used this before, it’s going to ask you to create a storage account because Cloud Shell does require storage for the files.
I’m going to drag the window up so we can see it and even maximize it. And we can see it’s in PowerShell right now. So if you know anything about PowerShell command lets, you can type PowerShell commands right within the browser window, and it will execute them in your account. So I’m going to type “get virtual network,” and that’s going to go to my Azure count and list any of the virtual networks that I have now. It’s not very readable by us humans. I can scroll up, and you’ll see it’s in this JavaScript object format. But if you know how to programmer scripts, you can go get the virtual networks, add resources to them, create a virtual machine, add your virtual network, etc. So there are commands that you can do on the command line or save in a script, and even Cloud Shell will work for that.
2. Azure Advisor
So the next tool that we’ll talk about is the Azure Advisor. Now, Azure Advisor is pretty cool because what it will do is actually run and analyse your actual usage of Azure and make suggestions to you on how to improve. It does this across four categories: availability, security, performance, and cost. Microsoft is continually improving this tool, adding new ways to find recommendations for you and ways that you can improve your usage of Azure. Now, my Azure Advisor is probably pretty boring because I don’t actually use Azure this much. It’s only an account for teaching. But this screenshot shows how a couple of different cost savings recommended by Azure could potentially save this particular person $2,800 per month.
Now, these recommendations are typically going to be resources that you’ve reserved but aren’t using. You’re clearly underutilizing a server. So, if your CPU utilisation never exceeds a certain threshold, if you have obvious security flaws, storage accounts that are open to anonymous reading, and other such issues, So, I’m going to switch over to my live Azure Advisor, and we’ll see a more boring view compared to this, but one that’s more dynamic and where we can click on things. So, I just opened it up, and it actually refreshed my recommendations. And you can see here that it’s completely boring that I don’t have any recommendations across cost, security, reliability, operational excellence, and performance. So you can check to see if I had it. We can go into individual cost recommendations; we can either implement them or we can set ourselves an alert so that if there are new cost recommendations, we get notified via an SMS message or an email, et cetera.
I’ve not always been great. You can see that I was at 75% or 78% at one point, and it wasn’t until the end of the year, in 2021, that I got my score up to 100. But like I said, I don’t actually use Azure in this account for all that much other than teaching. So, Microsoft is really trying to help you save money to improve your performance and the service that you’re giving to your end users. And it’s in their best interests that you make the most of their services. If you’ve got reserved virtual machines that you’re not utilizing, they want you to utilise them. They don’t want to collect your money every month for two years before you realise that you have these servers that aren’t being used. So this is a pretty cool dashboard. Then you can look into individual recommendations to see what changes you can make. And the coolest part is that it’s a free service; you’re not paying anything extra for this. It’s running against everyone’s individual account, and the recommendations are specific to you. And someone else’s recommendations will be different.
3. Managing Azure with ARM Templates
So the following topic is critical for understanding how Azure works under the hood. We’ve said before that there are many different ways for you to create, manage, and run scripts against Azure, from the Portal to the CLI and PowerShell. There’s also a rest API we haven’t talked about. You can basically programmer your own code to manage Azure, but how does that all tie together? This is known as the Azure Resource Manager, or Arm, model. And I’m going to show you a diagram in a second that explains how those things all tie together. But the Arm service is basically the deployment service for managing Azure resources under the hood. Now it’s like a management layer that allows you to manage resources. Now everything is treated as a deployment.
So when you go through the portal into a wizard and you go page by page, tab by tab, at the end of that process, it actually creates a deployment for you. And you can see that as the deployment is taking place and you can check on the status, steps, and time it took, et cetera, that’s the same underlying engine that powers the other ways to access. So at the top of this diagram, you have the Portal, PowerShell, CLI, any kind of direct API call to the Azure Management URLs, and any kind of programming that you can do in different programming languages. All that comes through the Azure Resource Manager deployment model. There is an authentication layer because you have to be in control of the resources to affect them. And underneath that are the databases, the web apps, the virtual machines, the storage accounts, and all of those things. They all basically funnel through the same deployment process, no matter how you’re asking Azure to do something for you. The actual things they’re recreating are now known as Arm templates. They are now written in JSON JavaScript object notation. We saw this when we ran the PowerShell function and it returned JSON. So it’s the same language. You might think, “Oh, that’s just a bunch of data.” It can’t really be read, but actually, if you know what you’re looking for, you can see something. So in this particular Arm template, it’s got a resources array.
So what we can see so far is that it’s trying to deploy two resources, one of them being a storage account and the other being a container in a storage account. So the storage account and then the container inside of it So I can see different parameters. It’s a LRS, which is locally redundant. Storage.Storage. V two. The GPV Two hot access tiers All that information is on the screen, but it’s in a format that a computer can understand. You can actually store your configuration. There’s a technique called infrastructure as code. And so you can have your servers and networks, load balancers, web apps, storage accounts, and everything else stored in this JSON template notation as an Arm template and store that within GitHub. And every time someone wants to make a change to your infrastructure, they have to go and change the template, which gets redeployed, and your infrastructure changes. So this is one way of documenting your infrastructure and controlling how it changes, because it doesn’t change except if you go into the template and edit the template. Now, not everyone does it that way, but it is available to you to control your infrastructure in a very documented way using Arm templates.
4. Azure Monitor
Now the thought might occur to you that if you get dozens and dozens and hundreds of resources in your Azure account, how do you even keep track of everything? How do you know something’s working or something’s broken? Are there any warnings or error messages? Or if everything’s going great? And the answer is azure. Monitor Now, Azure Monitor is sort of a centralised dashboard for most of your resources. In Azure, there are certain categories of resources that Monitor doesn’t yet cover, but it’s working to cover quite a lot of them. Now, here’s a diagram that sort of represents what Azure Monitor is meant to be. But you have data coming into Azure Monitor from your applications. The operating system, whether it’s Windows or Linux, any kind of storage account, the subscription level, the active directory, audit logs—all of these sources come in, and they get stored into both metrics and logs. Tables in your log analytics workspace and monitor workspace And then you have various ways of visualising those errors.
You can look at the raw log files, you can run queries, and you can create a dashboard that will show you graphs of certain things. On the right of this diagram are all the things you can do with that data. So instead of having to go to each VM one at a time and look at the log files, you have that centralised location where it all accumulates. And then you can write one query that queries all your VMs. You can set up alerts based on notifications sent to your phone or email, among other things. And this could even trigger a logic app. So if you’ve got a function that needs to run in an email or that needs to go out in some kind of tweet, then that could come out of all of this because of your monitor. Now that’s why the Azure Monitor service is generally free. You’re going to pay for storage, of course, and there are ways of enhancing that. Another related service is called Health. So how do you know if Azure itself is having problems? So your VMs are fine, your web apps are fine, and your networks are fine, but they’re having a regional-level issue. Someone misconfigured a router, and some deployments went wrong—it happens.
So this service, the health service, is like Azure Monitor for Azure as a whole. And then you can see what issues are currently going on, particularly the ones that affect you. So, if you don’t have any resources, you may not care that there is a problem in Western Europe right now. In Western Europe, you can see on a screenshot where this might be me, but there are only four green dots on the screen, and those are in the United States, and there are no other resources that you have anywhere else. And so Japan, Asia, and all these places are not really going to affect you. So service health is a way to see service alerts that do affect you. For instance, you can go into the history and go back and see that in May 2019, there was a connectivity issue in Northern Europe. And then this RCA is a root-cause analysis report. And if you are so inclined, you can read up on that and see exactly what happened. You can see on the bottom sort of a hint of what happened, but you can actually go in there and read it. And so as these things happen, you can read up on them. Get alerts on your phone again if there’s an issue affecting you that’s not necessarily caused by you. So service health is where you go to monitor events that affect Azure as a whole. And Azure Monitor is where you go for information that is relevant to you.
5. Service Health
Now there is a service called Azure Service Health. You can search for “service health.” The purpose of Service Health is to notify you of issues that affect all of Azure for a particular region or a particular service, not specifically your instance of a service. So, whereas Azure Monitor is designed to monitor your virtual machines, networks, storage, web apps, and so on, Service Health is responsible for issues that occur across Azure. As you can see, it’s now intelligent enough to exclude only regions where I currently have resources deployed. So I have resources in Canada, a few in the United States, and maybe one in Japan, and so those are the only ones selected. If there are errors in Australia, Brazil, France, or Germany, I don’t really need to know about them. So it’s pretty smart in that way. So you can actually add this to your dashboard. There’s a little pin icon here, and if you click on that, it’ll add it to your dashboard. You’ll always be able to see if there are any ongoing issues. You might be interested in past issues now, not just current ones.
So if we go under “health history,” I’ve selected the last three months here, and we can see that there were some incidents around issues in October, November, and February. Here’s one from Azure Monitor from February s one from AzIt was globally affected. And if you want to understand what happened, maybe this affects you, and you’re curious, you can read up on the incident: what happened, what times were affected, what was the cause, and how are they mitigating that issue in the future? You can also download this if you need to store it for your own records. If something is ongoing, you can follow it. So if services are down, you can look at the history of that. Obviously, if there’s planned maintenance in the future, they can also use this to notify us. Now, one of the other interesting parts of Service Health is the ability to do alerts.
So if you are interested in a particular service or in a particular region, you can basically set up either an SMS message or an email or one of the standard alert modes to let you know that there’s an issue going on. And so you might get alerts when your specific resources are affected. So if your virtual machine goes down and you set up the right alert to notify you, that could come through the monitor service. However, if you simply want to know that some people in the eastern United States are affected by an issue but that you are not specifically affected, you can set up a more generalised alert to let you know that this is what’s going on and that you have a number of options. They use the action group format in order to notify you. So Service Health is effectively monitoring Azure as a whole, as opposed to Azure Monitor, which is monitoring your own individual resources.