Understanding Azure Resource Manager

ARM

Azure & Azure Stack are comprised of several technologies in multiple layers to make them as a single platform. All these technologies like UI or Physical Infrastructure can be controlled by Azure Resource Manager (ARM). ARM is responsible for all communication between Resource Providers like Databases to Cloud Operators, Cloud Administrators and DevOps and vice versa.

ARM APIs
All interactions with the resource providers that power the functions of Azure and Azure Stack occur through the ARM layer. This layer exposes itself using REST APIs that are based on HTTPS communication. Each API has several versions and it is must to append API version while interacting with it. The API version is critical to understand the functionality offered by Resource Provider.  An example of API URL extended with version. 

https://management.local.azurestack.external/subscriptions/{subscriptionId}/{resourceprovider request}?api-version={API date}

All the interactions that we do using Portal, Azure Power Shell, Azure CLI and dev tools like Visual Studio or Github are through ARM APIs.

ARM Application Management
In general applications are based on two tiers or more and have dependencies between these tiers & components like databases, storage, Virtual machines etc.. All these components are often seen as a single entity that forms an application with resources that depend on one another to form the application. DevOps practice is to ensure that all these resources/components are deployed, managed & monitored as one entity. ARM enables you to manage these resources as a group. ARM templates help you to do all these actions in a single coordinated way. These templates are reusable and consistent to be used in Dev, Stage & Prod environments. Let’s quickly familiarize ourselves with the terminology used in ARM.

Term Description
Resource A resource is a single manageable item available through Azure or Azure Stack, like a virtual machine, a database, and a virtual network.
Resource Group This is a logical entity into which resources are deployed. Each
subscription can have a number of resource groups, with each resource group having several resources. Typically, you use a resource group for application life cycle management. Therefore, the resources required for the application are deployed into the same resource group.
Resource Provider This is a service that supplies resources, and you can deploy and manage them through the ARM interface. Each resource provider is solely responsible for the resources it can provide although it can work with other resource providers. For example, the Microsoft.Compute resource provider is responsible for virtual machines and this works with the
Microsoft.Storage resource provider to allocate storage and create the required blobs for a virtual machine. The resource providers communicate with each other through the REST APIs they expose through ARM.
Resource Manager Template These are also known as Azure Resource Manager templates. A Resource Manager template is a JSON file that contains the definition of one or more resources to be deployed into a single resource group. It defines any dependencies between resources. For example, it defines that a virtual machine requires a virtual network and a storage account. You can use a template to deploy resources consistently as many times as required.
Declarative Syntax Unlike other processes, the Resource Manager template states what it wants to achieve but not how to achieve it. The template informs Azure Resource Manager what it wants to create and Azure Resource Manager can then determine the correct order of processing to ensure that an entity such as a virtual machine has a storage account and virtual network to use before it deploys the virtual machine.

Use ARM to apply Role based access control (RBAC) to resources so that certain users / groups are allowed only to take actions. Apply tags to resources so that you can organize them as per your choice. These tags can be used to collate billing for all resources as single solution.

Considerations while creating Resource Groups

  • Create the Resource Groups based on the resources which shares the same life cycle, it means you can deploy, update and delete them at same time. If one of the resource such as Virtual Network has a different lifecycle, it should be deployed to different resource group.
  • A resource (such as virtual machine) can be assigned to one resource group at a time.
  • You can add or remove resources from Resource group when required.
  • You can move resources between resource groups however there are some resources that can’t be moved such as: VPN Gateway, Recovery Service vault (Azure) , Virtual Machines with certificate stored in key vault (Azure).
  • Although a resource group can have resources that reside in different regions, the resource group itself as a logical entity, must reside in a single region. This is because the resource group contains metadata about all the resources it contains and by defining the resource group location you are defining where the metadata is stored.
  • Administrative access can be granted through RBAC.
  • A resource in one resource group can interact with a resource in different resource group. For example For example, a virtual network can be one resource group and the virtual machines that are deployed into that virtual network are associated with another resource group.

RBAC

RBAC allows for the granular control of actions over resources. It is natively integrated into the management platform and applies the access control to all services in a resource group. You must understand two main components when you work with RBAC:

• Role definition: This defines a set of permissions that you can undertake. You create role definitions at the subscription level and you can reuse them.
• Role assignment: This associates a role definition with an identity, be that a user or a group, for a specific scope. You can scope to a subscription, a resource group, or resource. Role assignments are inherited by lower scopes. For example, if you assign a role definition to a resource group, all the resources within the resource group inherit that role definition.

Azure Resource Manager provides several predefined role definitions. Some are defined at the subscription level, while others are assigned at the resource group or resource level. You can create your own role definitions in Azure Resource Manager based on the actions exposed by each resource provider. You can assign more than one role definition to an Azure Active Directory (Azure AD) identity. Designing RBAC for subscriptions, resource groups, and resources is the responsibility of the Cloud Administrator.

Policies
Cloud administrators can create customized policies using ARM for controlling the deployed resources in their subscriptions.  These policies could help applying organization specific constraints like Naming Conventions, Quotas etc.. Policies are defined as JSON and they can be applied to entire subscription or a resource group. The difference between RBAC & Policies is that RBAC can define what users/groups are permitted to do, it does not enforce restrictions on them as policies can.
An example of policy could be to ensure that only allowed Operating system versions can be deployed on Virtual machines.

Summary: Azure Resource Manager is the single interface between the end user, which could be Azure Stack Cloud Operators or Cloud Administrators/DevOps, and the underlying resource providers. By utilizing a common API set, Azure Resource Manager simplifies the development of solutions in Azure-based environments, whether it is Azure or Azure Stack.

 

 

Advertisements

Choosing between Azure Stack & Windows Azure Pack (WAP)

In my previous post we compared Azure & Azure Stack. Today we will compare Windows Azure Pack & Azure Stack.

Windows Azure Pack is another product offered by Microsoft, to provide cloud services for data center that delivers cloud services for end users and customers but its limited to private cloud only.  Both Azure Stack & Windows Azure Pack (WAP) have some similarities however they also have significant differences that we will discuss in this blog post.

What is WAP ?  It was first introduced in 2012 with the launch of Windows Server 2012 at no extra cost. It is based on SQL Server, Windows Server & Microsoft System Center suite, offering customers Self Services, multi tenant Cloud services  (SaaS & PaaS) such as Virtual Machines, Websites & Databases.  Some of the key features of WAP is listed below.

WAP Features Description
Tenant Portal To provision and manage services such as Virtual machines & Websites by Tenants.
Admin Portal  For services administrators to manage resources that they made available for tenants. They can configure quotas or User accounts.
Service Management API  REST API provides the ability to extend functions to tenants and admins such as creating users , managing subscriptions etc..
Virtual Machine Cloud Services  IaaS services of WAP provides the ability to provision Windows and Linux machines. Dependent on Ms System Center components (Service Provider Foundation & Virtual Machine Manager VMM).
WAP Web Sites  Provide the ability to provision scalable web applications based on ASP.NET, PHP & Node.js.
Service Bus  Distributed applications can communicate reliably using messaging services.
SQL and MySQL Services Ms SQL & MySQL services provides database provisioning to be used with other services such as WAP Websites
Automation  Automate tasks in WAP using System Center Services Management Automation.
International Language Support WAP Supports following languages: English, German, Spanish, French, Italian, Japanese, Chinese, Brazilian, Portuguese, Korean & Russian.

Complete features of WAP can be found here.

WAP utilizes Windows Server & System Center for its infrastructure to deliver the services. WAP now supports Windows Server 2016 & System Center 2016.

POC of WAP can be done by installing Express Edition of WAP on single VM or Physical Machine however for production minimum of 8 machines are needed (VM or Physical).

Feature comparison between two products:

Azure Stack features which may (not) available in WAP

Azure Stack Features Available in WAP
Provisioning Virtual Machines Yes
Creating Storage Accounts No
Azure Resource Manager Templates No
Managing Networking Yes
Azure Stack Marketplace Yes (Gallery Items)
Custom Virtual Machine Images Yes (although not tenant defined images)
Billing & Chargeback Yes
Azure Stack Resource Providers No
App Service Yes
Microsoft Azure Consistency No

WAP features which may (not) available in Azure Stack

WAP Features Available in Azure Stack
Tenant Portal Yes
Admin Portal Yes
Service Management API No
Virtual Machine Clouds Service Yes
Windows Azure Pack Web Sites Yes (through App Services)
Service Bus Clouds service No
SQL and MySQL Services Yes(Using Resource Providers)
Automation No

Some possible challenges with WAP:
You may face some challenges while deploying WAP to your datacenter such as (but not limited to):

Challenge WAP Azure Stack
Infrastructure  POC with Express Edition Single VM/Physical

Production minimum 8 VMs/Physical

High availability needs more infrastructure and manual configuration

 High availability is configured automatically
in Azure Stack. For example, when you deploy a 4-node Azure Stack installation, then the Active Directory domain controllers, network controllers, and so on, are automatically deployed and configured for high availability. This dramatically reduces the overhead when you deploy a highly available Azure Stack
installation.
System Center Dependency Highly dependent on System center components to provide features such as VM Automation, and usage data. Virtual Machine Manager, Operations manager, Service Provider Foundation & Service Management Automation are Specifically needed. No dependency on System Center for mentioned features however some of them are not available to date.
Hybrid Cloud with Azure WAP is based on completely different API set which cannot be used with Azure. Azure Stack & Azure uses same API sets therefore applications and services can be moved back & forth using same templates.
Azure Resource Manager Not available in WAP, therefore if you already knows Azure templates, you still need to learn how to work with WAP. Azure Stack uses ARM templates, therefore same deployment templates can be used in interchangeably in both Azure & Azure Stack.

AzureStack-Picture

Deciding whether Azure Stack or Windows Azure Pack is the most suitable cloud service product for your organization depends on several different factors (but not limited to below):

Factor  WAP Azure Stack
Cost  No cost solution but requires substantial amount of infrastructure especially when high availability is needed. You can add additional cost of System center if you don’t have already. You must purchase Integrated system (hardware) from Dell EMC, Lenovo, HPE etc…
Flexibility Primarily a private cloud solution.

WAP offers features such as Shielded VMs and third party management tools for partner products which are currently not available in Azure Stack.

Azure Stack is true hybrid cloud solution providing flexibility of hosting & moving apps / services between on-prem to the public cloud (Azure).
Automation WAP includes an Automation feature that you can use to automate tasks such as applying
a policy to a newly created virtual machine by a tenant.
Not available at this moment.
Multi-tier app support You would need to
deploy each tier separately, and then configure integration between them as a separate task.
Using ARM & ARM Templates, it is possible to define sequence & deployment of different roles like Back end SQL , Middle Tier Application Server & Front end web servers making deployments faster and less error prone.
System center integration WAP uses System center components like SCVMM, SCOM etc.. When VM is provisioned through WAP, it is actually handed over to SCVMM. This simplifies the rest of VM management tasks. Azure Stack does not integrate with System center.

Summary
WAP offers cloud services your end users and customers in a private cloud environment whereas Azure Stack does same but additionally provides integration with Azure thus creating a true Hybrid cloud environment. Since Azure Stack is a new product comparing to WAP, but Microsoft is working to expand its features over time including the features which currently available in Azure only. Windows Azure Pack running on Windows Server 2012 R2 will be moving into extended support on July 11th 2017, and Windows Azure Pack running on Windows Server 2016 will moving into extended support on January 11th 2022.

Choosing between Azure & AzureStack

As you know Azure is there in the market since long time, once it was known as Windows Azure. Being a public cloud platform, Azure spans over several data centers across the globe. Microsoft has invested several billion dollars while building Azure. You can write a application in any programming language for almost any platform including Unix and can host it in Azure, integrate it with your on-prem Organization data centers. You can scale these applications as needed  and will be charged for your usage only. Azure is Self Service platform and Microsoft is continuously updating the back-end infrastructure with zero or minimum impact on your services or applications. It is NOT possible to list all offerings of Azure however we can try to cover some common offerings by type:

Type Common Offerings
Compute  Windows & Linux Virtual Machines, Scale Sets, Web Apps, Container Services & Container Registry
Networking  Virtual Network, Traffic Manager, Azure DNS, Content Delivery Network (CDN), Load Balancer, Application Gateway & Network Gateway
Storage  Storage, StorSimple, Backup Site Recovery & Data Lake Store
Databases SQL Database, Cosmos DB, SQL Data warehouse & SQL Server stretch database
Security & Identity  Azure Active Directory, Active Directory Domain Services, Key Vault & Secure Center
Monitoring & Management  Automation, Application Insights, Operational Insights (OMS), Log analytics & Azure Resource Manager

For a complete list of currently available services, software development kits (SDKs)/tools, and architecture in Microsoft Azure visit the following website.

Azure Stack Features

AzureStack can be thought of as Azure for the data center. Just like Azure, AzureStack features are also evolving day by day.  Most key features of AzureStack are same as of Azure and some are additional to AzureStack.

Type Common Offerings
Compute AzureStack allows to provision VMs of different types & sizes using AzureStack Portal and ability to connect them to a Virtual Network.
Networking VPN Gateways, iDNS (ability to resolve external
addresses without requiring to know the IP address of the resource)
Storage Storage Account includes Table, Blobs, Ques & Files.
Azure Resource Manager Templates
JSON based ARM templates are one of the key features in AzureStack. They provide you the ability to
deploy an application including all its dependencies (like Compute, Network, Storage, Active Directory, SQL, SharePoint etc…) in a single operation. You also can redeploy templates to update an application or service when required.To view and download the Azure Stack Resource Manager templates from GitHub, go to the following website.You can deploy templates by using the Azure Stack Portals, Windows PowerShell, Microsoft Visual Studio, or the Azure Command Line Interface (CLI).
AzureStack Market Place
This is a repository where tenants (DevOps) can obtain preconfigured resources (based on ARM Templates) to consume (like Services & Applications) made available by Cloud Operator.
Custom VM Images
Custom VHD based VM Images could be provided through AzureStack Market place by cloud operator for DevOps,  to ensure that virtual machines provisioned with Azure
Stack have the relevant software installed for an organizations compliance rules.
Resource Providers
In addition to Compute, Network, Storage Resource Providers, AzureStack also offers other providers like SQL Database & MySQL and many others to provide these databases as services.
Billing & Chargeback
There is no billing system included in AzureStack however usage data (which is recorded and aggregated) can be exported to BI tools such as Microsoft Power BI for creating charge back reports.
App Services
This is Azure App Service (Azure Websites and Azure Mobile Services) which is ported on AzureStack. You can use this service to create cloud applications for both web and mobile clients.

For further information about the key features and capabilities of Azure Stack, visit the following website.

So Azure or AzureStack or Both (Hybrid) 

AzureStack-Difference

This could be tricky however knowing the key features of both Azure & AzureStack would help you in deciding (along with other factors) where to port your application. Azure is hosted in Microsoft data centers thus all the head-ache of managing underlying is shifted to Microsoft whereas AzureStack is hosted in your data center so it becomes your responsibility to keep it updated by all aspects. Azure has lot more features that are currently not available in newly launched AzureStack but this will be changed with the passage of time. Moreover, the update cycle for both Azure and Azure Stack is much more frequent compared to other Microsoft applications. Therefore, new features and capabilities will be included on a more regular basis.
To determine which product you should adopt, you should consider your requirements as a business and the types of services you need to provide to your end users or customers. Other factors affecting this decision could include:
• Cost: The cost of hosting Azure Stack in your datacenter as opposed to subscribing to the services offered in Azure.
• Time: The administrative overhead of managing and updating the Azure Stack infrastructure.
• Other factors: There may be any number of other factors that will affect your decision that relate specifically to your organization such as security, compliance, or latency.
In many cases, you might need to utilize both products to provide a true hybrid cloud platform as described earlier in this module. This model provides you the capability to offer specialized solutions hosted in your datacenter and the ability to utilize the Microsoft public cloud including all its benefits as discussed. So choose wisely but this is guaranteed that a true Hybrid Cloud environment can be achieved together with Azure & AzureStack if architected in a right way.

Next Read: Choosing between AzureStack & Windows Azure Pack (WAP).

How AzureStack enables DevOps

DevOps

Until recently the organizations are suffering from lack of coordination between Development teams & IT Operations specially at the time of deployments. I witness this since my career started back in 2000. The term DevOps means for most organizations improving communications between development and deployment & maintenance teams thus increasing overall productivity, sustainability & availability.

Consider you developed a business critical application and after several tests on pre-production you handed over this to deployment team but it fails at first attempt. Later deployment team adjusted the configuration based on Production environment without informing you and deployed the application successfully. After 3 months when you release a update, once again it fails to install and break the application in production environment. This is/was the story of almost all organizations but thanks to Cloud technology and Azure Stack that can help you to adopt practices that enable DevOps.

Infrastructure as a Code (IaC) is utilized when deploying software in a Cloud using Self Services. By using Azure Resource Manager (ARM) templates in Azure Stack, you define reusable deployment configurations that you can use to quickly deploy application infrastructure with a predictable method that works every time. This is known as idempotent. The integration between ARM Templates and Desired State Configuration (DSC) enables you to also ensure the application is configured correctly when it is being deployed.

Developing applications for Azure or AzureStack allow developers to write application & infrastructure code at the same time & stored in same repository. With this approach application can run on any environment (Azure or AzureStack). Some benefits can be realized immediately but not limited to:
1. Infrastructure required for the application is defined as code (IaC), which implies fewer errors.
2. Deployment times are faster providing end users with more value from their applications.
3. Requirements can be defined for on-premises, off-premises, or both.

Some useful links are available here to study further on this topic.
You can watch a Video as well.

See how @AteaNorge is helping @Komplettno with consistent hybrid cloud: @Azure and #AzureStack : https://www.youtube.com/watch?v=DdLzafea5NY&feature=youtu.be

Introduction to Azure Stack

Image result for Azure stack picture

There are four cloud models in general, but not limited to:

  1. Public Cloud
  2. Private Cloud
  3. Community Cloud
  4. Hybrid Cloud

Microsoft Azure Stack is a hybrid cloud platform that lets you provide Azure services from your data-center. Microsoft is describing Azure Stack as “an extension of Azure.” After the initial purchase of Azure Stack, customers will only pay for Azure services that they use from general availability, forward (“pay-as-you-use” pricing). The current one-node offering meant for dev/test will continue to be free after general availability. Azure Stack comes in the form an appliance built to run on specific server hardware like HPE, Dell EMC, Lenovo, Cisco & recently Avanade and Huawei. It provides customers with many of the pieces of Microsoft’s Azure public-cloud platform in a form they can run inside their own or partners’ on-premises datacenters.

  • It can be thought of Azure in your data center.
  • It provides same look & feel as Azure Portal.
  • Scale-able to fulfil the needs of any sized organization.
  • Shipped with ARM (Azure Resource Manager) to quickly deploy & configure Virtual Machines or Applications.
  • Offers PaaS & IaaS to build SaaS applications.

Azure Stacks features set includes:

  • Provisioning virtual machines
  • Creating storage accounts
  • Azure Resource Manager templates
  • Azure Stack marketplace
  • Custom virtual machine Images
  • Azure Stack resource providers
  • App Service

Before you plan to use Azure Stack, let’s discuss some key concepts of Azure Stack. If you are already using Azure then below concepts are not new to you except Personas. Additionally you will be allowed to prepare your own plans & offers according to available resources in our data center and type of technology stacks your organization is operating.

Azure Stack Concept Description
Personas You use personas to describe the four types of role within Azure Stack. The roles related to Azure Stack are:
• Cloud Architect: Responsible for the design of the cloud from a strategical perspective to ensure it meets the needs of the business.
• Cloud Operator: Responsible for managing the day-to-day operations of Azure Stack such as responding to alerts and managing the underlying infrastructure.
• Cloud Administrator: Responsible for the tenant subscriptions in the cloud including who can access them and the actions that can be performed on the subscriptions.
• DevOps: Responsible for managing the deployment and configuration of resources consumed in Azure Stack from a tenant perspective.
Portals Azure Stack includes two portals: one for cloud operators to manage and  maintain the Azure Stack environment and another for cloud administrators and DevOps to manage and maintain the Azure Stack resources that they have consumed through subscriptions.
Regions Regions provide Azure Stack the ability to scale beyond a single location. You can create multiple regions and offer different services in each region. In other words, these could be your data center locations.
Services Services are Azure Stack’s key features. Services such as web services, virtual machines, and Microsoft SQL Server databases are provided to tenants in the form of plans.
Plans You use plans to group one or more services. Tenants subscribe to Offers made from one or more plans, which then allow tenants to use the services provided each plan.
Offers You use offers to group one or more plans. cloud operators present plans to tenants who can then subscribe to them. Cloud operators can create add-on plans to increase a tenant’s quota of resources.
Subscriptions Subscriptions contain the offers that tenants subscribe to or purchase.
Azure Resource Manager Azure Resource Manager is the interface that you use to deploy, monitor, and manage solutions created in Azure Stack.
Resource Group A resource group is a logical collection of resources such as virtual machines, IP addresses, storage virtual networks, or websites.
Templates You use Azure Resource Manager templates to define the deployment and configuration of an application offered to tenants in Azure Stack.
Resource Providers Azure Resource Manager uses resource providers to surface Azure Stack services to Azure Stack consumers. There are several resource providers
available in Azure Stack including Compute, Network, and Storage.
Blob Storage Blob storage provides the ability to access and retrieve large amounts of data such as documents, media files, or virtual hard disk (VHD) files for virtual machines.
Table Storage You use table storage to store data that you need to filter or select based on criteria such as user data or address book information.
Queue Storage You use queue storage to provide cloud-based messaging between
application components. This provides applications the ability to decouple,
which allows them to scale independently when running in different
environments (or devices).
Role Based Access Control (RBAC) You use RBAC to control access to Azure Stack resources and services. RBAC controls access by using role definitions associated with the users who log in to Azure Stack.
Usage Data Azure Stack collects usage data to provide charge back and billing reports or to help integrate Azure Stack with external tools.

For more information about the key concepts and features in Azure Stack, visit the following website: https://docs.microsoft.com/en-us/azure/azure-stack/

If you want to learn more about Azure Stack, here is a presentation that Microsoft CTO Mark Russinovich and Jeffery Snover (#AzureStack Architect) gave at Ignite 2017: https://youtu.be/taecz1LSEWg

References:
http://www.zdnet.com/article/microsoft-azure-stack-is-ready-to-order-from-dell-emc-hpe-and-lenovo/

https://blog.augustoalvarez.com.ar/2017/06/19/azure-stack-welcomes-two-new-hardware-oem-vendors/

Azure Stack Packaging and Pricing Datasheet can be downloaded from here.

Next Read, AzureStack Personas & Deployment Tools

 

Error 401 on Azure Blockchain Workbench APIs/Swagger

It’s a global issue among all Azure Blockchain users since the documentation isn’t mature.  Microsoft documentation on the Blockchain API is insufficient and misses a lot of important points, since the Azure Blockchain service is still in preview such things are expected in documentation.

We were facing this issue then my Colleague Khaled Salameh managed to resolve it with below mentioned steps. Thank you Khaled, you make the life easy for Azure Blockchain workbench developers.

The end result should help you finish writing your code in a way that should work. There are several things you need to modify on your Blockchain configuration on Azure, Blockchain API requires OAuth2 Tokens to function, that’s why the Swagger UI couldn’t connect to the API and returned 401, because the Swagger UI that comes with blockchain out of the box doesn’t support OAuth2 and the API Key that is supposed to be filled there won’t work with Blockchain API because OAuth2 is a must.

Changes at the Azure Blockchain App Service Level:

  1. First, you need to modify the (-API) App Service that was provisioned with the Blockchain

BC1

  1. Go to Authentication/Authorization Blade

BC2

  1. Configure the settings as in the following screenshot:

BC3

  1. Click on Azure Active Directory (Under Authentication Providers as seen in the image above)
  2. Click Advanced
  3. Fill in the options as in the following image:
    1. Client ID is the same as App ID in the AzureAD Application Registration
    2. Client Secret is the same as API Key you generated from the Keys Section in the AzureAD Application Registration
    3. Issuer URL is https://sts.windows.net/{AZUREADTENANTID} ß You can get the azuread tenant ID from the AzureAD Properties
    4. Allowed Token Audiences should have the following value:

                                                               i.      [https://%7bYOURBLOCKCHAINAPIURL-API.azurewebsites.net/.auth/login/aad/callback]https://{YOURBLOCKCHAINAPIURL-API.azurewebsites.net/.auth/login/aad/callback

BC4

  1. Save the settings

Changes at AzureAD Level:

Now, go to Azure AD and Navigate to App Registrations and Click BlockChain API ß or the name you chose for your Azure AD App Registration when you configured blockchain the first time:

BC5.png

  1. Click Settings and Click Reply URLs

BC6

  1. Add the following URLs there:
    1. Blockchain Workbench URL (it should be already there)
    2. Blockchain API Base URL (the one that has -API in it)
    3. Blockchain API Base URL with Callback (as indicated below, but use your own URL and add /.auth/login/aad/callback)
    4. The getpostman.com/oauth2/callback URL will be used later to test the API using the Postman App (An App used to test APIs), please add it as is below

BC7

  1. Save your settings and then go the Manifest (Next to settings in the Blockchain API AzureAD App Properties)

BC8

  1. Set the Manifest entry oauth2allowimplicitflow to True:

BC9

  1. Save your configuration

That’s it, now we need to test the API, you can download Postman to test the API, the configuration of Postman is a little bit long, I would prefer that you sign up free on this service: https://www.wintellectnow.com/Videos/Watch?videoId=blockchain-on-azure

Use Code: FREETRIAL to sign up – It will require a credit card but it won’t be charged, use any prepaid or postpaid card, but watching this video is highly recommended, specially at minute 53 as it explains how to use the API with Postman (Remember to disable the trial to prevent the card from being charged after 7 days 😊)

Here is a sample Token generated using the built in Auth Sample code that comes with Azure Blockchain Samples on Gethub (You can download this from here: https://github.com/Azure-Samples/blockchain/tree/master/blockchain-workbench/auth-samples/bearer-token-retrieval/static ), if you are going to test using it, you must add http://localhost to the Reply URLs above and you have to place it on your localhost IIS)

BC10

And here is a sample from Postman which shows how the token is added to the request header:

BC11

Here is the response before the authorization token:

BC12A

BC12

Once the authorization token is available, here is the response that is generated once I call the API indicated in the GET Section in the image above:

BC13

Also, here is the response headers after a successful authorization:

BC14A

BC14

To sum it up, the #blockchain API requires #OAuth2 authentication token, this token isn’t passed using Swagger UI or the application you built, you need to modify your application to authenticate to AAD OAuth2 to obtain a Token from AzureAD, then you need to use this generated token in the request header to the API in order to call the API.

One additional tip, don’t select the default machine size while creating workbench, but choose better performance machines like: VM Size: Standard F2s_v2 (2 vcpus, 4 GB memory) ==> approx.. 50 USD per month .

Azure Stack Personas & Deployment Tools

If you are already using Microsoft Azure in any way, you may be aware of two roles (personas) which exist and two more introduced in Azure Stack which also exist “behind the scenes” in Microsoft Azure.

Azure Stack is offering four personas, each persona has a defined set of responsibilities. One of more persons could be assigned to each persona and similarly one person may be assigned to more than one persona as per Organization needs.

AzureStack-Personas

Cloud Architect is responsible for carefully planning & architecture how the leverage Azure Stack in the organization. He may also responsible for creating different offerings as per Organization needs. This role requires to be an authoritative in order to drive cloud adoption in the organization. Cloud architects are heavily involved in the planning and deployment stages of Azure Stack through communication with OEM vendors and technical delivery partners. Cloud Architect is also responsible for creating (Hybrid) Cloud Strategy in his/her organization. Comparing to Current Azure Portal, this role is currently behind the scenes, may be fulfilled by Microsoft Guru’s like Mark Russonovich , Scott Gurthie , Corey Senders and may be more.

Cloud Operator is responsible for day to day operations of Azure Stack Deployment. Cloud operators manage the underlying infrastructure in terms of capacity planning, patch management, responding to different alerts and closely working with support teams to answer the concerns raised by tenants. They also should be aware of any changes or upgrades announced by Microsoft or any OEM Vendor with respect to firmware or underlying infrastructure.  Comparing to Azure Portal, this role is also behind the scene, consider it people managing Microsoft data centers across regions with all aspects of compute, storage & network etc…

Cloud Administrator is same like Azure Subscription Owner, therefore this persona is also called Azure Stack Subscription owner. It is the responsibility of the cloud administrators to manage their Azure Stack subscription(s), determine who has access to a subscription(s), and the actions that each user could undertake in any of their subscription(s).

DevOps would be the consumer of Azure Stack resources within the context of tenant. They are responsible for deployment and configuration of Azure Stack resources within assigned subscription with their functions limited by Azure Stack Cloud Administrators.

Deployments through Azure Stack

Azure Stack enables you to deploy and manage Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) applications from a provider’s datacenter in a hybrid cloud environment, or in a private cloud scenario. Azure Stack services are multi-tenant. This means that as the hosts (or provider) of Azure Stack, you can offer the same service to
multiple tenants, while isolating the resources that the tenants consume from other tenant resources.

Azure Stack also provides automated deployment of applications and services with reusable templates through Azure Resource Manager. You can use one of the following tools to deploy resources in Azure Stack:
• Azure Stack Administrator Portal
• Azure Resource Manager
• Visual Studio
• Azure PowerShell
• Azure Command Line Interface (CLI)
• Direct REST API interaction
You can use the CLI to manage Azure Stack on Windows, Linux, and Mac operating systems. Azure Stack is currently available through Enterprise Agreement only, however You may also try Azure Stack for free by downloading the Azure Stack Development Kit (ASDK).

Since Azure & Azure Stack is using same Interface & underlying APIs therefore its easy for everyone to keep the consistency while they are working with Private Cloud (Azure Stack) or Public Cloud (Azure) or Hybrid.  In the following list, some of the key benefits of utilizing Azure Stack are described:
• Provides application developers the ability to be more productive. Using Azure Resource Manager and templates, you can quickly deploy applications in a consistent manner.
• You can use the knowledge and experience you gained with using Azure when managing and consuming Azure Stack.
• Service Providers adopting Azure Stack can provide cloud services across the globe.
• IT organizations can provide cloud services on demand.

References: https://azure.microsoft.com/en-us/overview/azure-stack/

Review Introduction to AzureStack here.