Tag: Service Catalog

Microsoft Ignite 2019 – Extending Azure Resource Manager (ARM), Azure’s Control Plane

Speakers:

  • Guarav Bhatnagar
  • Evan Hissey

Challenges with Extending Azure

  • As part of my template deployment, I want to …
    • Do some post-configuration to set up my application
    • Ex-Configure DB passwords, etc.
  • Certain services/types/APIs can’t be called from ARM templates
    • Ex – Create AD users, storage tables, calling APIs external to Azure
  • 200+ Azure services – which ones are the right ones for my applications?
    • Which is the rights VM SKU to use?
    • Which would be more cost effective for my company?
  • Integrating my service in Azure
    • New or existing SaaS
    • Service just for my enterprise
    • Easy discovery for Azure customers

What is Extending Azure?

What does this really mean? Magnify the power of Azure platform by enabling customers and partners to easily bring in custom solutions to Azure.

  • Who are you building it for?
    • Own ent3erprise
    • Selected customers
    • All customers?
  • Different options available at your disposal

Deployment Scripts

  • New resource type – Microsfot.Resources/deploymentScripts – can be run directly from your ARM template.
  • Allows running PowerShell/CLI scripts
  • Script can be provided inline or URI
  • Pre or post configuration of ARM resources
    • Ex: configurate Cosmos DB accounts, DB passwords, create certifictes.
  • Fire and forget resource type
    • Configurable auto-deletion of this type – delete? And when?

Demo Service Catalog – Nothing New Here

Goes to Storage Accounts to create one. Names it. Clicks through. It fails at validation. It fails because he does not have permission to create a storage account – a policy prevents creation. He goes to service catalog. There is a managed storage account option there. It’s just managed apps – behind the scenes, a “service provider” subscription is filled with the actual resources, and they are reflected and billed through the “customer” subscription.

Extensibility Questions

  • Organisations want to extend ARM and Azure management to the services they use, both custom and 3rd party built.
  • Partners want to extend their services directly into Azure for their customers. Bring your SaaS into Azure, for example. Or create an API to do some complex task.
  • Managed app developers need to give some control to their customers

You can create custom resource provider custom actions and custom resources. Access from Managed App UI, PowerShell, ARM Template, HTTP Request. Any REST API, Azure Function, and more.

Azure Custom Provider Enables

  • Organisations want to extend Azure management to the service they use, both custom and 3rd party
  • Partners want to extend their services directly into Azure for their customers.
  • Manage app providers want stuff.

Demo

He’s got a managed application for ServiceNow in the Azure Portal. He clicks add to “onboard” resources. This gives the managed app permissions to the resources.

Managed App VS Code extension in private preview now and public version coming soon.

We can see in the VS Code ARM managed app code that one of the actions calls a logic app. We are shown the logic app, which uses a ServiceNow CMDB API call.

New feature: A policy to associate a managed app with an action, e.g. do something when a resource is created.

Customer Needs

  • Operated and managed for them by a 3rd party
  • Simple discovery and acquisition from Azure Marketplace
  • No overhead to begin when consuming complex applications

Partner Needs

  • Enable management out of the box
  • Easy to author
  • Something else

Azure Managed Applications Demo

Partner publishes an app in Managed Applications Center in Marketplace Applications. Can view subscription IDs, resource groups, customer names, version, and even alerts. Creates a new offer/SKU. Adds a new packaged file which is a zip file containing JSON files. Specifies principal ID and permissions for support staff from the partner tenant.

New private preview in December. You can specify custom metering for managed applications. It will appear in the customer bill. You can have up to 18 line items. You can create different tiers of SKUs.

What is a Resource Provider?

Around 220 RPs in Azure, 10% of which are third party. Most powerful mechanism to deliver your service to Azure customers.

Get the benefit of the Azure platofrm native capabilities for your services: RBACK , policy, billing and more.

Why Create an RP?

  • Customers use native Azure services AND partner services
  • Homogeneous experience across services
  • Capability parity across services
  • Custom billing

Build Services for off-Azure resources

  • Leverage Azure Arc and provide capabilities over Azure
  • More

Waste of useful time for customer story sales pitch.