I recently finished delivering a technical presentation all about Azure in both Sydney and Melbourne at the Microsoft offices. It was a good turnout and something learnt that there is still segregation in IT teams even in today’s world of the cloud – there is still a large number of people that are IT network people!! Although I am, I fell into it by accident with network virtualisation on Hyper-V with converged networks and more recently Azure.
Now I have posted lots around ARM (Azure Resource Manager) before, but I think I tended to focus on putting all resources into the one basket (Resource Group). When I say Resources, I mean, the virtual machine, storage account and any other network resource e.g. Virtual Network, NSG, Load Balancer, NIC and PIP. This is one way of deploying IaaS to Azure, have all resources that relate to an ‘application’ a part of the same resource group – there’s no wrong in this.
However, think of this – what if you could spread your eggs into different baskets? I.e. have your Azure resources spread across more than one Azure Resource Group.
Why? two very good reasons, how hard is to delete resources in Azure Resource Groups? There are multiple resources that depend on each other, you can’t just delete random Azure resources, some will fail the deletion process as they are dependant on by other resources, you really need to know what you are doing. It’s much more easy to blow away an entire Resource Group. The other reason is the fact that you can delegate access to certain teams within your organisation, i.e. the network team wil have access to all the network resources in a network based Azure resource group.
Just so you know, the diagram below depicts what I am setting out to achieve and setup in Azure all with the help of PowerShell scripts. This will be setup over 4 Azure Resource Groups in this same order:
- Virtual Network and related vNet resources
- NSGs (Network Security Groups) to be attached to subnets
- Azure virtual machine, a single Azure VM in the DMZ subnet
- Azure virtual machine, multiple Azure VMs load balanced in the Internal subnet
The screenshot below is an example of the first Azure Resource Group in this series with the virtual network and all the network related Azure resources that can be setup by using a single PowerShell script.