Understanding Azure Resource Manager


Azure & Azure Stack are comprised of several technologies in multiple layers to make them as a single platform. All these technologies like UI or Physical Infrastructure can be controlled by Azure Resource Manager (ARM). ARM is responsible for all communication between Resource Providers like Databases to Cloud Operators, Cloud Administrators and DevOps and vice versa.

All interactions with the resource providers that power the functions of Azure and Azure Stack occur through the ARM layer. This layer exposes itself using REST APIs that are based on HTTPS communication. Each API has several versions and it is must to append API version while interacting with it. The API version is critical to understand the functionality offered by Resource Provider.  An example of API URL extended with version. 

https://management.local.azurestack.external/subscriptions/{subscriptionId}/{resourceprovider request}?api-version={API date}

All the interactions that we do using Portal, Azure Power Shell, Azure CLI and dev tools like Visual Studio or Github are through ARM APIs.

ARM Application Management
In general applications are based on two tiers or more and have dependencies between these tiers & components like databases, storage, Virtual machines etc.. All these components are often seen as a single entity that forms an application with resources that depend on one another to form the application. DevOps practice is to ensure that all these resources/components are deployed, managed & monitored as one entity. ARM enables you to manage these resources as a group. ARM templates help you to do all these actions in a single coordinated way. These templates are reusable and consistent to be used in Dev, Stage & Prod environments. Let’s quickly familiarize ourselves with the terminology used in ARM.

Term Description
Resource A resource is a single manageable item available through Azure or Azure Stack, like a virtual machine, a database, and a virtual network.
Resource Group This is a logical entity into which resources are deployed. Each
subscription can have a number of resource groups, with each resource group having several resources. Typically, you use a resource group for application life cycle management. Therefore, the resources required for the application are deployed into the same resource group.
Resource Provider This is a service that supplies resources, and you can deploy and manage them through the ARM interface. Each resource provider is solely responsible for the resources it can provide although it can work with other resource providers. For example, the Microsoft.Compute resource provider is responsible for virtual machines and this works with the
Microsoft.Storage resource provider to allocate storage and create the required blobs for a virtual machine. The resource providers communicate with each other through the REST APIs they expose through ARM.
Resource Manager Template These are also known as Azure Resource Manager templates. A Resource Manager template is a JSON file that contains the definition of one or more resources to be deployed into a single resource group. It defines any dependencies between resources. For example, it defines that a virtual machine requires a virtual network and a storage account. You can use a template to deploy resources consistently as many times as required.
Declarative Syntax Unlike other processes, the Resource Manager template states what it wants to achieve but not how to achieve it. The template informs Azure Resource Manager what it wants to create and Azure Resource Manager can then determine the correct order of processing to ensure that an entity such as a virtual machine has a storage account and virtual network to use before it deploys the virtual machine.

Use ARM to apply Role based access control (RBAC) to resources so that certain users / groups are allowed only to take actions. Apply tags to resources so that you can organize them as per your choice. These tags can be used to collate billing for all resources as single solution.

Considerations while creating Resource Groups

  • Create the Resource Groups based on the resources which shares the same life cycle, it means you can deploy, update and delete them at same time. If one of the resource such as Virtual Network has a different lifecycle, it should be deployed to different resource group.
  • A resource (such as virtual machine) can be assigned to one resource group at a time.
  • You can add or remove resources from Resource group when required.
  • You can move resources between resource groups however there are some resources that can’t be moved such as: VPN Gateway, Recovery Service vault (Azure) , Virtual Machines with certificate stored in key vault (Azure).
  • Although a resource group can have resources that reside in different regions, the resource group itself as a logical entity, must reside in a single region. This is because the resource group contains metadata about all the resources it contains and by defining the resource group location you are defining where the metadata is stored.
  • Administrative access can be granted through RBAC.
  • A resource in one resource group can interact with a resource in different resource group. For example For example, a virtual network can be one resource group and the virtual machines that are deployed into that virtual network are associated with another resource group.


RBAC allows for the granular control of actions over resources. It is natively integrated into the management platform and applies the access control to all services in a resource group. You must understand two main components when you work with RBAC:

• Role definition: This defines a set of permissions that you can undertake. You create role definitions at the subscription level and you can reuse them.
• Role assignment: This associates a role definition with an identity, be that a user or a group, for a specific scope. You can scope to a subscription, a resource group, or resource. Role assignments are inherited by lower scopes. For example, if you assign a role definition to a resource group, all the resources within the resource group inherit that role definition.

Azure Resource Manager provides several predefined role definitions. Some are defined at the subscription level, while others are assigned at the resource group or resource level. You can create your own role definitions in Azure Resource Manager based on the actions exposed by each resource provider. You can assign more than one role definition to an Azure Active Directory (Azure AD) identity. Designing RBAC for subscriptions, resource groups, and resources is the responsibility of the Cloud Administrator.

Cloud administrators can create customized policies using ARM for controlling the deployed resources in their subscriptions.  These policies could help applying organization specific constraints like Naming Conventions, Quotas etc.. Policies are defined as JSON and they can be applied to entire subscription or a resource group. The difference between RBAC & Policies is that RBAC can define what users/groups are permitted to do, it does not enforce restrictions on them as policies can.
An example of policy could be to ensure that only allowed Operating system versions can be deployed on Virtual machines.

Summary: Azure Resource Manager is the single interface between the end user, which could be Azure Stack Cloud Operators or Cloud Administrators/DevOps, and the underlying resource providers. By utilizing a common API set, Azure Resource Manager simplifies the development of solutions in Azure-based environments, whether it is Azure or Azure Stack.




Choosing between Azure Stack & Windows Azure Pack (WAP)

In my previous post we compared Azure & Azure Stack. Today we will compare Windows Azure Pack & Azure Stack.

Windows Azure Pack is another product offered by Microsoft, to provide cloud services for data center that delivers cloud services for end users and customers but its limited to private cloud only.  Both Azure Stack & Windows Azure Pack (WAP) have some similarities however they also have significant differences that we will discuss in this blog post.

What is WAP ?  It was first introduced in 2012 with the launch of Windows Server 2012 at no extra cost. It is based on SQL Server, Windows Server & Microsoft System Center suite, offering customers Self Services, multi tenant Cloud services  (SaaS & PaaS) such as Virtual Machines, Websites & Databases.  Some of the key features of WAP is listed below.

WAP Features Description
Tenant Portal To provision and manage services such as Virtual machines & Websites by Tenants.
Admin Portal  For services administrators to manage resources that they made available for tenants. They can configure quotas or User accounts.
Service Management API  REST API provides the ability to extend functions to tenants and admins such as creating users , managing subscriptions etc..
Virtual Machine Cloud Services  IaaS services of WAP provides the ability to provision Windows and Linux machines. Dependent on Ms System Center components (Service Provider Foundation & Virtual Machine Manager VMM).
WAP Web Sites  Provide the ability to provision scalable web applications based on ASP.NET, PHP & Node.js.
Service Bus  Distributed applications can communicate reliably using messaging services.
SQL and MySQL Services Ms SQL & MySQL services provides database provisioning to be used with other services such as WAP Websites
Automation  Automate tasks in WAP using System Center Services Management Automation.
International Language Support WAP Supports following languages: English, German, Spanish, French, Italian, Japanese, Chinese, Brazilian, Portuguese, Korean & Russian.

Complete features of WAP can be found here.

WAP utilizes Windows Server & System Center for its infrastructure to deliver the services. WAP now supports Windows Server 2016 & System Center 2016.

POC of WAP can be done by installing Express Edition of WAP on single VM or Physical Machine however for production minimum of 8 machines are needed (VM or Physical).

Feature comparison between two products:

Azure Stack features which may (not) available in WAP

Azure Stack Features Available in WAP
Provisioning Virtual Machines Yes
Creating Storage Accounts No
Azure Resource Manager Templates No
Managing Networking Yes
Azure Stack Marketplace Yes (Gallery Items)
Custom Virtual Machine Images Yes (although not tenant defined images)
Billing & Chargeback Yes
Azure Stack Resource Providers No
App Service Yes
Microsoft Azure Consistency No

WAP features which may (not) available in Azure Stack

WAP Features Available in Azure Stack
Tenant Portal Yes
Admin Portal Yes
Service Management API No
Virtual Machine Clouds Service Yes
Windows Azure Pack Web Sites Yes (through App Services)
Service Bus Clouds service No
SQL and MySQL Services Yes(Using Resource Providers)
Automation No

Some possible challenges with WAP:
You may face some challenges while deploying WAP to your datacenter such as (but not limited to):

Challenge WAP Azure Stack
Infrastructure  POC with Express Edition Single VM/Physical

Production minimum 8 VMs/Physical

High availability needs more infrastructure and manual configuration

 High availability is configured automatically
in Azure Stack. For example, when you deploy a 4-node Azure Stack installation, then the Active Directory domain controllers, network controllers, and so on, are automatically deployed and configured for high availability. This dramatically reduces the overhead when you deploy a highly available Azure Stack
System Center Dependency Highly dependent on System center components to provide features such as VM Automation, and usage data. Virtual Machine Manager, Operations manager, Service Provider Foundation & Service Management Automation are Specifically needed. No dependency on System Center for mentioned features however some of them are not available to date.
Hybrid Cloud with Azure WAP is based on completely different API set which cannot be used with Azure. Azure Stack & Azure uses same API sets therefore applications and services can be moved back & forth using same templates.
Azure Resource Manager Not available in WAP, therefore if you already knows Azure templates, you still need to learn how to work with WAP. Azure Stack uses ARM templates, therefore same deployment templates can be used in interchangeably in both Azure & Azure Stack.


Deciding whether Azure Stack or Windows Azure Pack is the most suitable cloud service product for your organization depends on several different factors (but not limited to below):

Factor  WAP Azure Stack
Cost  No cost solution but requires substantial amount of infrastructure especially when high availability is needed. You can add additional cost of System center if you don’t have already. You must purchase Integrated system (hardware) from Dell EMC, Lenovo, HPE etc…
Flexibility Primarily a private cloud solution.

WAP offers features such as Shielded VMs and third party management tools for partner products which are currently not available in Azure Stack.

Azure Stack is true hybrid cloud solution providing flexibility of hosting & moving apps / services between on-prem to the public cloud (Azure).
Automation WAP includes an Automation feature that you can use to automate tasks such as applying
a policy to a newly created virtual machine by a tenant.
Not available at this moment.
Multi-tier app support You would need to
deploy each tier separately, and then configure integration between them as a separate task.
Using ARM & ARM Templates, it is possible to define sequence & deployment of different roles like Back end SQL , Middle Tier Application Server & Front end web servers making deployments faster and less error prone.
System center integration WAP uses System center components like SCVMM, SCOM etc.. When VM is provisioned through WAP, it is actually handed over to SCVMM. This simplifies the rest of VM management tasks. Azure Stack does not integrate with System center.

WAP offers cloud services your end users and customers in a private cloud environment whereas Azure Stack does same but additionally provides integration with Azure thus creating a true Hybrid cloud environment. Since Azure Stack is a new product comparing to WAP, but Microsoft is working to expand its features over time including the features which currently available in Azure only. Windows Azure Pack running on Windows Server 2012 R2 will be moving into extended support on July 11th 2017, and Windows Azure Pack running on Windows Server 2016 will moving into extended support on January 11th 2022.

Choosing between Azure & AzureStack

As you know Azure is there in the market since long time, once it was known as Windows Azure. Being a public cloud platform, Azure spans over several data centers across the globe. Microsoft has invested several billion dollars while building Azure. You can write a application in any programming language for almost any platform including Unix and can host it in Azure, integrate it with your on-prem Organization data centers. You can scale these applications as needed  and will be charged for your usage only. Azure is Self Service platform and Microsoft is continuously updating the back-end infrastructure with zero or minimum impact on your services or applications. It is NOT possible to list all offerings of Azure however we can try to cover some common offerings by type:

Type Common Offerings
Compute  Windows & Linux Virtual Machines, Scale Sets, Web Apps, Container Services & Container Registry
Networking  Virtual Network, Traffic Manager, Azure DNS, Content Delivery Network (CDN), Load Balancer, Application Gateway & Network Gateway
Storage  Storage, StorSimple, Backup Site Recovery & Data Lake Store
Databases SQL Database, Cosmos DB, SQL Data warehouse & SQL Server stretch database
Security & Identity  Azure Active Directory, Active Directory Domain Services, Key Vault & Secure Center
Monitoring & Management  Automation, Application Insights, Operational Insights (OMS), Log analytics & Azure Resource Manager

For a complete list of currently available services, software development kits (SDKs)/tools, and architecture in Microsoft Azure visit the following website.

Azure Stack Features

AzureStack can be thought of as Azure for the data center. Just like Azure, AzureStack features are also evolving day by day.  Most key features of AzureStack are same as of Azure and some are additional to AzureStack.

Type Common Offerings
Compute AzureStack allows to provision VMs of different types & sizes using AzureStack Portal and ability to connect them to a Virtual Network.
Networking VPN Gateways, iDNS (ability to resolve external
addresses without requiring to know the IP address of the resource)
Storage Storage Account includes Table, Blobs, Ques & Files.
Azure Resource Manager Templates
JSON based ARM templates are one of the key features in AzureStack. They provide you the ability to
deploy an application including all its dependencies (like Compute, Network, Storage, Active Directory, SQL, SharePoint etc…) in a single operation. You also can redeploy templates to update an application or service when required.To view and download the Azure Stack Resource Manager templates from GitHub, go to the following website.You can deploy templates by using the Azure Stack Portals, Windows PowerShell, Microsoft Visual Studio, or the Azure Command Line Interface (CLI).
AzureStack Market Place
This is a repository where tenants (DevOps) can obtain preconfigured resources (based on ARM Templates) to consume (like Services & Applications) made available by Cloud Operator.
Custom VM Images
Custom VHD based VM Images could be provided through AzureStack Market place by cloud operator for DevOps,  to ensure that virtual machines provisioned with Azure
Stack have the relevant software installed for an organizations compliance rules.
Resource Providers
In addition to Compute, Network, Storage Resource Providers, AzureStack also offers other providers like SQL Database & MySQL and many others to provide these databases as services.
Billing & Chargeback
There is no billing system included in AzureStack however usage data (which is recorded and aggregated) can be exported to BI tools such as Microsoft Power BI for creating charge back reports.
App Services
This is Azure App Service (Azure Websites and Azure Mobile Services) which is ported on AzureStack. You can use this service to create cloud applications for both web and mobile clients.

For further information about the key features and capabilities of Azure Stack, visit the following website.

So Azure or AzureStack or Both (Hybrid) 


This could be tricky however knowing the key features of both Azure & AzureStack would help you in deciding (along with other factors) where to port your application. Azure is hosted in Microsoft data centers thus all the head-ache of managing underlying is shifted to Microsoft whereas AzureStack is hosted in your data center so it becomes your responsibility to keep it updated by all aspects. Azure has lot more features that are currently not available in newly launched AzureStack but this will be changed with the passage of time. Moreover, the update cycle for both Azure and Azure Stack is much more frequent compared to other Microsoft applications. Therefore, new features and capabilities will be included on a more regular basis.
To determine which product you should adopt, you should consider your requirements as a business and the types of services you need to provide to your end users or customers. Other factors affecting this decision could include:
• Cost: The cost of hosting Azure Stack in your datacenter as opposed to subscribing to the services offered in Azure.
• Time: The administrative overhead of managing and updating the Azure Stack infrastructure.
• Other factors: There may be any number of other factors that will affect your decision that relate specifically to your organization such as security, compliance, or latency.
In many cases, you might need to utilize both products to provide a true hybrid cloud platform as described earlier in this module. This model provides you the capability to offer specialized solutions hosted in your datacenter and the ability to utilize the Microsoft public cloud including all its benefits as discussed. So choose wisely but this is guaranteed that a true Hybrid Cloud environment can be achieved together with Azure & AzureStack if architected in a right way.

Next Read: Choosing between AzureStack & Windows Azure Pack (WAP).

How AzureStack enables DevOps


Until recently the organizations are suffering from lack of coordination between Development teams & IT Operations specially at the time of deployments. I witness this since my career started back in 2000. The term DevOps means for most organizations improving communications between development and deployment & maintenance teams thus increasing overall productivity, sustainability & availability.

Consider you developed a business critical application and after several tests on pre-production you handed over this to deployment team but it fails at first attempt. Later deployment team adjusted the configuration based on Production environment without informing you and deployed the application successfully. After 3 months when you release a update, once again it fails to install and break the application in production environment. This is/was the story of almost all organizations but thanks to Cloud technology and Azure Stack that can help you to adopt practices that enable DevOps.

Infrastructure as a Code (IaC) is utilized when deploying software in a Cloud using Self Services. By using Azure Resource Manager (ARM) templates in Azure Stack, you define reusable deployment configurations that you can use to quickly deploy application infrastructure with a predictable method that works every time. This is known as idempotent. The integration between ARM Templates and Desired State Configuration (DSC) enables you to also ensure the application is configured correctly when it is being deployed.

Developing applications for Azure or AzureStack allow developers to write application & infrastructure code at the same time & stored in same repository. With this approach application can run on any environment (Azure or AzureStack). Some benefits can be realized immediately but not limited to:
1. Infrastructure required for the application is defined as code (IaC), which implies fewer errors.
2. Deployment times are faster providing end users with more value from their applications.
3. Requirements can be defined for on-premises, off-premises, or both.

Some useful links are available here to study further on this topic.
You can watch a Video as well.

See how @AteaNorge is helping @Komplettno with consistent hybrid cloud: @Azure and #AzureStack : https://www.youtube.com/watch?v=DdLzafea5NY&feature=youtu.be

Introduction to Azure Stack

Image result for Azure stack picture

There are four cloud models in general, but not limited to:

  1. Public Cloud
  2. Private Cloud
  3. Community Cloud
  4. Hybrid Cloud

Microsoft Azure Stack is a hybrid cloud platform that lets you provide Azure services from your data-center. Microsoft is describing Azure Stack as “an extension of Azure.” After the initial purchase of Azure Stack, customers will only pay for Azure services that they use from general availability, forward (“pay-as-you-use” pricing). The current one-node offering meant for dev/test will continue to be free after general availability. Azure Stack comes in the form an appliance built to run on specific server hardware like HPE, Dell EMC, Lenovo, Cisco & recently Avanade and Huawei. It provides customers with many of the pieces of Microsoft’s Azure public-cloud platform in a form they can run inside their own or partners’ on-premises datacenters.

  • It can be thought of Azure in your data center.
  • It provides same look & feel as Azure Portal.
  • Scale-able to fulfil the needs of any sized organization.
  • Shipped with ARM (Azure Resource Manager) to quickly deploy & configure Virtual Machines or Applications.
  • Offers PaaS & IaaS to build SaaS applications.

Azure Stacks features set includes:

  • Provisioning virtual machines
  • Creating storage accounts
  • Azure Resource Manager templates
  • Azure Stack marketplace
  • Custom virtual machine Images
  • Azure Stack resource providers
  • App Service

Before you plan to use Azure Stack, let’s discuss some key concepts of Azure Stack. If you are already using Azure then below concepts are not new to you except Personas. Additionally you will be allowed to prepare your own plans & offers according to available resources in our data center and type of technology stacks your organization is operating.

Azure Stack Concept Description
Personas You use personas to describe the four types of role within Azure Stack. The roles related to Azure Stack are:
• Cloud Architect: Responsible for the design of the cloud from a strategical perspective to ensure it meets the needs of the business.
• Cloud Operator: Responsible for managing the day-to-day operations of Azure Stack such as responding to alerts and managing the underlying infrastructure.
• Cloud Administrator: Responsible for the tenant subscriptions in the cloud including who can access them and the actions that can be performed on the subscriptions.
• DevOps: Responsible for managing the deployment and configuration of resources consumed in Azure Stack from a tenant perspective.
Portals Azure Stack includes two portals: one for cloud operators to manage and  maintain the Azure Stack environment and another for cloud administrators and DevOps to manage and maintain the Azure Stack resources that they have consumed through subscriptions.
Regions Regions provide Azure Stack the ability to scale beyond a single location. You can create multiple regions and offer different services in each region. In other words, these could be your data center locations.
Services Services are Azure Stack’s key features. Services such as web services, virtual machines, and Microsoft SQL Server databases are provided to tenants in the form of plans.
Plans You use plans to group one or more services. Tenants subscribe to Offers made from one or more plans, which then allow tenants to use the services provided each plan.
Offers You use offers to group one or more plans. cloud operators present plans to tenants who can then subscribe to them. Cloud operators can create add-on plans to increase a tenant’s quota of resources.
Subscriptions Subscriptions contain the offers that tenants subscribe to or purchase.
Azure Resource Manager Azure Resource Manager is the interface that you use to deploy, monitor, and manage solutions created in Azure Stack.
Resource Group A resource group is a logical collection of resources such as virtual machines, IP addresses, storage virtual networks, or websites.
Templates You use Azure Resource Manager templates to define the deployment and configuration of an application offered to tenants in Azure Stack.
Resource Providers Azure Resource Manager uses resource providers to surface Azure Stack services to Azure Stack consumers. There are several resource providers
available in Azure Stack including Compute, Network, and Storage.
Blob Storage Blob storage provides the ability to access and retrieve large amounts of data such as documents, media files, or virtual hard disk (VHD) files for virtual machines.
Table Storage You use table storage to store data that you need to filter or select based on criteria such as user data or address book information.
Queue Storage You use queue storage to provide cloud-based messaging between
application components. This provides applications the ability to decouple,
which allows them to scale independently when running in different
environments (or devices).
Role Based Access Control (RBAC) You use RBAC to control access to Azure Stack resources and services. RBAC controls access by using role definitions associated with the users who log in to Azure Stack.
Usage Data Azure Stack collects usage data to provide charge back and billing reports or to help integrate Azure Stack with external tools.

For more information about the key concepts and features in Azure Stack, visit the following website: https://docs.microsoft.com/en-us/azure/azure-stack/

If you want to learn more about Azure Stack, here is a presentation that Microsoft CTO Mark Russinovich and Jeffery Snover (#AzureStack Architect) gave at Ignite 2017: https://youtu.be/taecz1LSEWg



Azure Stack Packaging and Pricing Datasheet can be downloaded from here.

Next Read, AzureStack Personas & Deployment Tools


Error 401 on Azure Blockchain Workbench APIs/Swagger

It’s a global issue among all Azure Blockchain users since the documentation isn’t mature.  Microsoft documentation on the Blockchain API is insufficient and misses a lot of important points, since the Azure Blockchain service is still in preview such things are expected in documentation.

We were facing this issue then my Colleague Khaled Salameh managed to resolve it with below mentioned steps. Thank you Khaled, you make the life easy for Azure Blockchain workbench developers.

The end result should help you finish writing your code in a way that should work. There are several things you need to modify on your Blockchain configuration on Azure, Blockchain API requires OAuth2 Tokens to function, that’s why the Swagger UI couldn’t connect to the API and returned 401, because the Swagger UI that comes with blockchain out of the box doesn’t support OAuth2 and the API Key that is supposed to be filled there won’t work with Blockchain API because OAuth2 is a must.

Changes at the Azure Blockchain App Service Level:

  1. First, you need to modify the (-API) App Service that was provisioned with the Blockchain


  1. Go to Authentication/Authorization Blade


  1. Configure the settings as in the following screenshot:


  1. Click on Azure Active Directory (Under Authentication Providers as seen in the image above)
  2. Click Advanced
  3. Fill in the options as in the following image:
    1. Client ID is the same as App ID in the AzureAD Application Registration
    2. Client Secret is the same as API Key you generated from the Keys Section in the AzureAD Application Registration
    3. Issuer URL is https://sts.windows.net/{AZUREADTENANTID} ß You can get the azuread tenant ID from the AzureAD Properties
    4. Allowed Token Audiences should have the following value:

                                                               i.      [https://%7bYOURBLOCKCHAINAPIURL-API.azurewebsites.net/.auth/login/aad/callback]https://{YOURBLOCKCHAINAPIURL-API.azurewebsites.net/.auth/login/aad/callback


  1. Save the settings

Changes at AzureAD Level:

Now, go to Azure AD and Navigate to App Registrations and Click BlockChain API ß or the name you chose for your Azure AD App Registration when you configured blockchain the first time:


  1. Click Settings and Click Reply URLs


  1. Add the following URLs there:
    1. Blockchain Workbench URL (it should be already there)
    2. Blockchain API Base URL (the one that has -API in it)
    3. Blockchain API Base URL with Callback (as indicated below, but use your own URL and add /.auth/login/aad/callback)
    4. The getpostman.com/oauth2/callback URL will be used later to test the API using the Postman App (An App used to test APIs), please add it as is below


  1. Save your settings and then go the Manifest (Next to settings in the Blockchain API AzureAD App Properties)


  1. Set the Manifest entry oauth2allowimplicitflow to True:


  1. Save your configuration

That’s it, now we need to test the API, you can download Postman to test the API, the configuration of Postman is a little bit long, I would prefer that you sign up free on this service: https://www.wintellectnow.com/Videos/Watch?videoId=blockchain-on-azure

Use Code: FREETRIAL to sign up – It will require a credit card but it won’t be charged, use any prepaid or postpaid card, but watching this video is highly recommended, specially at minute 53 as it explains how to use the API with Postman (Remember to disable the trial to prevent the card from being charged after 7 days 😊)

Here is a sample Token generated using the built in Auth Sample code that comes with Azure Blockchain Samples on Gethub (You can download this from here: https://github.com/Azure-Samples/blockchain/tree/master/blockchain-workbench/auth-samples/bearer-token-retrieval/static ), if you are going to test using it, you must add http://localhost to the Reply URLs above and you have to place it on your localhost IIS)


And here is a sample from Postman which shows how the token is added to the request header:


Here is the response before the authorization token:



Once the authorization token is available, here is the response that is generated once I call the API indicated in the GET Section in the image above:


Also, here is the response headers after a successful authorization:



To sum it up, the #blockchain API requires #OAuth2 authentication token, this token isn’t passed using Swagger UI or the application you built, you need to modify your application to authenticate to AAD OAuth2 to obtain a Token from AzureAD, then you need to use this generated token in the request header to the API in order to call the API.

One additional tip, don’t select the default machine size while creating workbench, but choose better performance machines like: VM Size: Standard F2s_v2 (2 vcpus, 4 GB memory) ==> approx.. 50 USD per month .

Azure Stack Personas & Deployment Tools

If you are already using Microsoft Azure in any way, you may be aware of two roles (personas) which exist and two more introduced in Azure Stack which also exist “behind the scenes” in Microsoft Azure.

Azure Stack is offering four personas, each persona has a defined set of responsibilities. One of more persons could be assigned to each persona and similarly one person may be assigned to more than one persona as per Organization needs.


Cloud Architect is responsible for carefully planning & architecture how the leverage Azure Stack in the organization. He may also responsible for creating different offerings as per Organization needs. This role requires to be an authoritative in order to drive cloud adoption in the organization. Cloud architects are heavily involved in the planning and deployment stages of Azure Stack through communication with OEM vendors and technical delivery partners. Cloud Architect is also responsible for creating (Hybrid) Cloud Strategy in his/her organization. Comparing to Current Azure Portal, this role is currently behind the scenes, may be fulfilled by Microsoft Guru’s like Mark Russonovich , Scott Gurthie , Corey Senders and may be more.

Cloud Operator is responsible for day to day operations of Azure Stack Deployment. Cloud operators manage the underlying infrastructure in terms of capacity planning, patch management, responding to different alerts and closely working with support teams to answer the concerns raised by tenants. They also should be aware of any changes or upgrades announced by Microsoft or any OEM Vendor with respect to firmware or underlying infrastructure.  Comparing to Azure Portal, this role is also behind the scene, consider it people managing Microsoft data centers across regions with all aspects of compute, storage & network etc…

Cloud Administrator is same like Azure Subscription Owner, therefore this persona is also called Azure Stack Subscription owner. It is the responsibility of the cloud administrators to manage their Azure Stack subscription(s), determine who has access to a subscription(s), and the actions that each user could undertake in any of their subscription(s).

DevOps would be the consumer of Azure Stack resources within the context of tenant. They are responsible for deployment and configuration of Azure Stack resources within assigned subscription with their functions limited by Azure Stack Cloud Administrators.

Deployments through Azure Stack

Azure Stack enables you to deploy and manage Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) applications from a provider’s datacenter in a hybrid cloud environment, or in a private cloud scenario. Azure Stack services are multi-tenant. This means that as the hosts (or provider) of Azure Stack, you can offer the same service to
multiple tenants, while isolating the resources that the tenants consume from other tenant resources.

Azure Stack also provides automated deployment of applications and services with reusable templates through Azure Resource Manager. You can use one of the following tools to deploy resources in Azure Stack:
• Azure Stack Administrator Portal
• Azure Resource Manager
• Visual Studio
• Azure PowerShell
• Azure Command Line Interface (CLI)
• Direct REST API interaction
You can use the CLI to manage Azure Stack on Windows, Linux, and Mac operating systems. Azure Stack is currently available through Enterprise Agreement only, however You may also try Azure Stack for free by downloading the Azure Stack Development Kit (ASDK).

Since Azure & Azure Stack is using same Interface & underlying APIs therefore its easy for everyone to keep the consistency while they are working with Private Cloud (Azure Stack) or Public Cloud (Azure) or Hybrid.  In the following list, some of the key benefits of utilizing Azure Stack are described:
• Provides application developers the ability to be more productive. Using Azure Resource Manager and templates, you can quickly deploy applications in a consistent manner.
• You can use the knowledge and experience you gained with using Azure when managing and consuming Azure Stack.
• Service Providers adopting Azure Stack can provide cloud services across the globe.
• IT organizations can provide cloud services on demand.

References: https://azure.microsoft.com/en-us/overview/azure-stack/

Review Introduction to AzureStack here.

Community Sites in SharePoint 2013 – Part 3

Recap: You can read Part 1 & Part 2.

Community Site Planning (Phase 3)

Planning the solution Planning the solution architecture involves identifying
answers for the following:

  • What type of community do you want?
  • What is the primary language for the community?
  • Where does the Community Site logically belong in the current or planned SharePoint
  • What services and service applications do you have or need that support community
    features and functionality?

Community Types

Type Permission Approval setting
Private community. Available to only specified members. Share the site with only specific users or groups, and grant Member
permissions to them so they can contribute.
Not applicable.
Closed community. Everyone can view the content of the site, but only members who
have approved requests for membership can contribute.
Share the site with Everyone and grant Visitor
permissions to them so that they can view the site and request access.
Enable access requests on the site.
Open community with explicit membership. Everyone can view the site and can automatically
join to contribute to the site.
Share the site with Everyone and grant Visitor
permissions so they can view the site and automatically join as members.
Enable auto-approval on the site.
Open community. Everyone can contribute to the community. Share the site with Everyone and grant Member
permissions so they can all contribute.
Not applicable.


  • Generally used single language (so users can understand discussions)
  • Multilanguage support can be enabled.
  • Replies or Posts can be created in any language.

Logical Architecture   Based on the identified business needs, determine
where the community logically belongs in your SharePoint environment. For example,
if the business need is to enable large-scale participation among employees across
the company or a region, the community might logically belong with the company portal
or another similar high-level area in the SharePoint environment. However, if the
goal is to enable participation among a smaller group of employees, such as a division
or business unit, the community might logically belong with a divisional portal
or similar level in the SharePoint environment. Or you might have a farm specifically
for content or collaboration sites where you decide all of your Community Sites

  • Enterprise Community Site & Communities Portal
  • Divisional Community Site & Communities Portal
  • Smaller Business Unit level Community Site


  • Dedicated Farm specifically for Collaboration sites

Services & Service Applications

  • User Profile Service
  • Management Metadata Service
  • Search Service

User Profile service
Consider using the User Profile service to
integrate communities with My Sites. The User Profile service and service application
store information about users, such as profile pictures, organizational details,
and activities. This is a required service for My Sites and it is one of the key
services for the social computing experience in SharePoint Server 2013. Community
Sites benefit from feed integration and a Community Portal when you implement them
with the User profile service and the My Site Host site template. When community
members mention other members or use hash tags in their discussion posts and replies,
SharePoint Server updates users’ feeds with these activities. On users’ My Sites,
users who follow those mentioned people or hash tags see these activities in their
feed. This can help users discover communities of interest, other people to follow,
and information about things they are interested in. Additionally, members can click
mentioned members to navigate to a member’s profile on their My Site. When implemented
in the same environment as My Sites, users can access the Community Portal from
the Sites page on their My Sites. Additionally, when a member joins a community,
starts a discussion, has a post liked or marked as a best reply, or increases the
reputation level, a notification is posted to the feeds and is displayed for users
who are following that user on their My Sites.

Managed metadata
Consider using the Managed metadata service to enable hash tags in Community Sites.
When members include hash tags in discussion posts and replies, they can select
tags from the term store from the Managed metadata service. Additionally, when a
term does not already exist in the term store, members can create new tags and add
them to the term store. This helps to seed the Community Site with the corporate
taxonomy for tagging and enable growth of the term store through member contributions.

Search service
SharePoint Search is an important part of the SharePoint
user experience, including the experience with Community Sites and Community Portals.
Search enables users to search within discussions and find information in a Community
Site. It also populates the search-driven Community Portal page with sites that
use the Community Site template. Search performs the security trimming for the results
that display both in community searches and the communities that appear on the Community
Portal. The Community Portal is a page that users can browse and search to discover
communities of interest. This portal provides integration between users’ My Sites
and Community Sites. The My Site contains a link to the Community Portal so that
users can easily navigate to the portal.

Site Ownership & Moderation Roles

  • Identify them & assign appropriate permissions
  • Moderators will keep the community ‘Active & Healthy’.
  • Moderator should configure reasonable reputation settings prior to start community.
  • Designate Category owners based on members size.
  • Determine the rules of participation and consequences when rules are broken.
  • Export discussions to Excel (using manage discussion view) for better monitoring.

SharePoint will not recalculate reputation if , reputation model is changed while
users already earned reputation points. However new users will have accurate results.
Moderator can setup alerts for category owners or adding them to moderators group.
Determine the rules of participation and consequences when rules are broken. Most
communities are fairly self-governing, but the moderator role should have clear
guidelines from the business about how to handle issues and guidance from the IT
staff on how to implement those consequences in the technology itself. Export: This
way, they can easily determine how many posts are unanswered, have replies, and
so on. This data can help moderators and site owners to address issues in the community
if it is necessary, and understand where they should intervene, such as encouraging
participation and moving discussions to more appropriate categories. Just as with
other SharePoint lists, moderators and site owners can edit or create a specific
view of the discussion list to make sure that the data that they need for review
is included during export.

Community Site Creation & Configuration

  • Community Site can be created using ‘Community Site’ template from Collaboration
  • Community Portal can be created using ‘Community Portal’ template from Enterprise
  • Farm Administrator privileges are required to create.
  • Additional Steps:
    • Create as many Community Sites as you want.
    • Configure permissions for each community
    • Customize the Site as needed.
    • Run Search Crawler

Run a search crawl so that it indexes the new site or sites, and populates the Community
Portal with Community Sites. No communities appear on the portal until you run a
crawl. Configure the incremental crawl schedule so that the Community Portal continues
to display any new Community Sites, and so that members can search within communities
and the portal.

Community Site Requirements & Dependencies

Item Required / Optional Description
Content DB Required To store the content from the site’s lists and pages.
User Profile service, service application, and social and profile databases Optional Will notify the users who are following some one, when new post is created or any
relevant event occurred.
Managed Metadata service, service application, and database Optional To enable hash tags and integration with feeds
Search service, service application, and databases Optional To enable users to search communities and discussions, and to populate the Community

Community Site Permissions

The default groups and permission levels should be sufficient for most communities,
but as with other SharePoint sites, you can create additional groups and configure
unique permission levels to suit the needs of your community. When you create your
site collection and select the Community Site template, you must specify a primary
owner, and optionally a secondary owner. These users belong to the Owners
group for the Community Site and have permission to add users to groups. As part
of your governance plan, work with the owners to understand the groups and permission
levels for the site.

SharePoint Group Permission Level Description
Members Contribute Members can view, add, update, and delete lists and documents. Exceptions: Members
can only read the Categories and Members list items, and the site pages
Moderators Moderate Moderators can view, add, update, delete, and moderate list items and documents.
Owners Full Control Owners have full control of the site.
Visitors Read Visitors can view pages and list items, and download documents.

Community Sites in SharePoint 2013 Part 2

You can read Part 1 here.

Community Members and My Membership

  • At any time people can go to the Members list to see all members and rank them by various metrics
  • People can also see their status and what is needed to move to the next level of reputation:


Report Abuse

  • Allow any members to report any post (reply or discussion) as an abuse of the Community
  • Reports with comments are stored in an hidden list
  • Members are notified real time for their reporting activity SP_CommunitySites7
  • Moderators can then decide to delete the post, edit the post or remove the Report>


Community Portal

When you have multiple Community Sites that you want to display to users in your enterprise, you can deploy the Community Portal.

  • It is an enterprise site template available at Site Collection level only.
  • The Community Portal is Search-Driven Page (Web Part Page), that surfaces Site Collections and sites which have ‘Community Template’ in the SharePoint Farm.
  • Users can visit the Community Portal to discover popular communities and to search for communities that they might want to join.
  • The Community Portal relies on enterprise search for security trimming, and displays only Community Sites for which a user has at least read permissions.
  • Sorting Order of Popular Community is based on replies, posts & no. of members. But Posts are weighted higher.
  • The Community Portal page is customizable.
  • Only one community portal is allowed across a SP Farm.
  • Can be accessible from ‘Sites’ link if deployed with ‘My Site’.

Community Site Planning

This is very important step because bad planning could lead you to less adaption and failed idea.

  • Phase 1: Identify project stakeholders and responsibilities
  • Phase 2: Determine business needs and evaluate collaboration solutions
  • Phase 3: Plan the Solution
  • Phase 4: Define site ownership and moderation roles

Community Site Planning (Phase 1)

Identify stakeholders who will work together to identify business needs, develop requirements, evaluate possible solutions, determine a schedule, and approve plans for a collaboration initiative. Business leaders and users should lead collaboration initiatives with input from the IT staff on the available technology options. Make sure that you have a balance of people high enough in the organization to provide approval and funding for the project, in addition to people who are closest to the daily work to help identify the challenges and define the requirements that the solution should address. Without these key people involved, you might implement a solution that does not have the necessary budget and resources allocated, has poor user adoption because it does not meet user needs, and so on. In short:

  • Identify Business Needs
  • Develop Requirements
  • Evaluate Possible Solutions
  • Determine Schedule
  • Approve Plans

Community Site Planning (Phase 2)

Determine business needs and evaluate collaboration solutions. SharePoint 2013 offers different ways of collaboration. You can choose from one of them:

  • Communities
  • Team sites
  • Project sites
  • My Sites

Communities are well suited for mass collaboration initiatives, where a large group of users participate in sharing knowledge and learning from other people across organizational and hierarchical boundaries. They are a persistent form of knowledge collection and storage.

Team sites are well suited for distinct groups of users to collaborate and store information that is common to the team, such as documents and calendars. They are generally used within organizational hierarchies, and generally have more permanence than project sites.

Project sites are well suited for distinct groups of users who are working together on a specific project, although these users might span organizational hierarchies. They generally exist only for the life of a project, and might be discarded or archived when the project is completed.

My Sites are well suited for individual users to promote their profile information, save and share personal documents, build networks of people, follow content and sites of interest, keep up-to-date via relevant information in feeds, and participate in microblogging activities. Some parts of the My Site are more lasting than others, such as document storage and profiles, whereas other parts are briefer, such as items in feeds.


Usage options

Make sure that a Community Site is an appropriate solution for your business needs. In some cases, it might be easier for users to add a discussion list or activate the new community features on an existing site, such as a team site. However, when you want users to specifically use a site to discuss and share knowledge around communities of practice and interests, create a Community Site. Additionally, only sites that use the Community Site template display in the Community Portal if you deploy one.

What is next ?
Continue reading Part 3 here.