Previously, my colleague Riaan did a comparison of AWS and Azure for integration services, highlighting the strengths of each vendor across various areas of enterprise integration. In this blog, I will deep dive into a few of the Azure features as well as provide some best practices that make a huge difference to the time, effort and even cost involved in building solutions, and how these are a prime example of the benefits of building an integration solution using cloud providers like Azure.
Azure Resource Management (ARM) Templates
An important tool in Azure’s arsenal are Azure Resource Management (ARM) templates. Similar to AWS CloudFormation, ARM templates allow you to write infrastructure as code (IaC) and can be used across development and DevOps scenarios. An ARM template is a JSON based file allowing you to define parameters, variables, the resources you are creating and provides an expression language which includes in-built functions. ARM templates are used to define your resources and help to automate the creation of those Azure resources in a reproducible way that can then be subsequently utilised in your CI/CD pipeline, further discussed below. Using ARM templates can help to reduce development time and effort, in addition to the speed, reduced risk and other benefits that come with using an IaC approach.
ARM Template Scopes
One interesting feature to note about ARM templates is their ability to be defined within different scopes. The scopes include:
- management groups
- subscriptions
- resource groups
- tenant
Deploying ARM templates at the management, subscription and tenant may warrant their usefulness in lift and shift of on-premise infrastructure, when it comes to the development of integration projects. In the projects I’ve worked on, however, we found for the most part that defining ARM templates within the Resource Group scope gave us the most control and flexibility in terms of managing the resource lifecycle, allowing us to keep those resources that belonged together in a logical grouping. However, this will depend on what you are trying to achieve, and there are many use cases that would benefit from applying templates at different scoping levels such as the ability to manage roles and policies at higher levels that are inherited by child resources within that scope. Again another great benefit for automating governance for all your resources where roles and policies can be created and assigned once and applied consistently.
Managing Policies, Roles and Other Groups as Code
As already mentioned ARM Templates can also help when it comes to managing your governance across Azure resources. Built on top of Azure role-based access control (Azure RBAC) authentication system, management of how roles are assigned to your users, groups or applications can be declaratively achieved. Another great feature when it comes to how you govern your cloud resources is the ability to manage policies that can be applied to various scopes on resources such as networking and infrastructure or applying a CI/CD policy during pre- and post- deployment phases. Policies provide an effective way to enforce rules and audit your resources based on compliance with public and corporate standards that can be defined once and constantly applied with all your deployments. Coupled with Azure Policy, a compliance dashboard available in Azure Portal, these policies can be viewed and decisions made to remediate non-compliance issues. Some typical examples of out-of-the-box Azure policies are disabling public network access from your API Management resources or controlling whether your API Management needs to be deployed on a Azure Virtual Network for security and isolation purposes. In addition, Azure allows customers to define their own rules as custom policies that can help enforce security or other practices, or cost management like applying tags to identify cost ownership or the location of your resources. All these policies can be configured and managed by ARM Templates with Azure Policy as your dashboard.
Use ARM templates with Azure DevOps to create CI/CD pipelines
By creating ARM templates per resource group, it allowed us to set up deployment pipelines that run on a per resource group basis. Resources that relate to one another can be grouped together giving us control over the lifecycle of the resources.
Azure DevOps provides all the tools necessary to build an automated CI/CD platform utilizing Azure Repo (Azure native code repository) and Azure Pipelines. It allowed us to deploy resources via ARM templates, automatically creating the artefacts and resources in a reproducible way across different environments.
Azure Pipelines is where you define the deployment pipeline specified using YAML format. It comes with many in-built tasks that can be used to build your deployment pipelines and other utilities to carry out the steps in your deployment job such as scripting or bash execution. The ARM Template Deployment task allows you to refer to an ARM Template file that is used to deploy your resources. The ability to execute shell commands as PowerShell or Azure CLI in your deployment pipeline is also available, and the Azure Key Vault task is great if you need to access sensitive information during deployment rather than exposing this information as plain text in your ARM template parameters. Want to make your UiPath project part of your CICD pipeline? Then use the UiPath Deploy task to connect to a UiPath Orchestrator instance to deploy your application. In fact just about any Maven-based project could use the Maven task to deploy your application to its native platform, for instance Mulesoft applications to Mulesoft Anypoint.
API Management backed up by Logic Apps
A useful design pattern that can be utilised when building integration solutions, which often require exposing an API, is to use Logic Apps with a request trigger as a backend service to the API Management service.
That way, your API endpoint resources can each be handled by different Logic Apps built specifically to handle a particular RESTful resource. Coupled with Logic Apps’ ability to build sophisticated workflows, creating APIs becomes easier and much more powerful.
Other services to help with security, monitoring and alerts
As already mentioned, Azure Key Vault helps with managing how sensitive information is used by your resources and applications, similar to what AWS provides with Secrets Manager. Sensitive information like usernames and passwords can be stored in the Key Vault and then accessed from your ARM Templates and deployment pipelines, or passed into your Logic Apps as parameters. This is great because secured information can be protected and not exposed anywhere in your code.
The other Azure service that is of particular interest to many clients is the ability to monitor and receive alerts based on certain metric conditions that you define with your resources. This information is available to be viewed via a dashboard in Azure Monitor. Take for instance, setting up alerts to monitor when an API request exceeds a certain threshold such as requests per minute and sends a notification to the support team to help them make better decisions regarding service issues. This is very useful when you want to monitor the behaviour of your APIs and receive up to date information about the health or performance of your APIs.
Conclusion
Many organisations may already be using Azure cloud without knowing it. If you use Office365 and/or Azure Active Directory, which are both Azure SaaS services, then you probably already have an Azure Subscription. Adjusting further to add other Azure services may not be such a huge disruption to your organisation, and worth looking into the different pricing models available, or just go ‘pay-as-you-go’, if that is what you prefer. Microsoft has a Software Assurance program that may be of benefit if you are looking at moving some of your systems to the cloud.
In summary, as we enter into an era of serverless and cloud computing, and as the functional gap narrows between different cloud providers, it is beneficial for organisations to take advantage of different cloud platform offerings whether that be for technical, financial or other business reasons. The wide array of services and rapid pace of innovation by vendors like Microsoft Azure is allowing skilled developers to build robust, enterprise-level solutions, while saving considerable development time and effort.
Need help with your Azure cloud platform solution? Get in touch here to organise a chat with one of our consultants.