With the accelerated pace of digital transformation, DevOps, adoption of new platforms, and also managing cloud resources are becoming increasingly challenging for central IT. Applying available best practices, compliance requirements and cost management are adding to the challenge. With the Serverless technologies, customers can apply such policies to cloud resources and run them over a long time.
This blog gives a basic understanding of Serverless and also discusses how to use Azure Functions, Logic Apps, and Event Grid to apply IT policies such as asset tagging, maintenance window and many more.
Common challenges in managing Azure resources
- Making sure assets are compliant and not just security
- Cost and utilization optimization – An enterprise want the engineering teams, business teams to be fast and quick. At the same time, it needs to be aware and also control the expected cost
- There are too many external systems available for integration and orchestration
- It is quite difficult to keep up with legacy management platforms
Adding automated operations can save you up to 65% in operational cost. Being an IT admin or a developer, you hate anything which will slow you down. However, Microsoft has not yet rolled out the ‘perfect’ settings which would take you out of your miseries.
Why do we need Serverless for IT management?
The following points justify the question:
- It allows the developers and operation teams to focus only on their need. It totally abstracts server management, capacity planning, and availability
- You pay only when the code, workflow, or the event gets fired. Even an automation process would only cost you a few nickels
- The agility to develop and bring the product to market is tremendous
- There are a lot of connectors available. For instance, out of the box, there are about 200 connectors available in Azure Logic Apps which can also be used to integrate with external services like Pager Duty
What is Serverless Computing?
Abstraction of servers
It allows the developers to focus only on their code and completely abstracts server management, capacity planning, and availability.
Application components react to events and triggers in real-time with virtually unlimited scalability.
The billing is typically calculated on the number of function calls, code execution time and also memory used.
Benefits of Serverless Computing
- Focus – It allows you to focus only on business problems and ignore the involved technology behind it
- Efficiency – It provides better efficiency by providing service stability, development and testing management, shorter time to market and many more
- Scalability – It allows you to scale at your pace and hence it is a natural fit for microservices
Major services available in Azure Serverless platform
Azure Event Grid
This is one of the new entrants in the Azure platform. It basically acts as a network between all the services which lets each to communicate with one another and also notifies the user when an event occurs. For instance, if a new device is added to the IoT Hub, it would notify the system admin or the concerned authority about this event. Also, it is customizable to notify on the custom events.
It is a solution for easily running a small piece of code or function in the cloud. You can write just the code you need for the problem at hand, without worrying about a whole application or the infrastructure to run it.
It helps you automate and orchestrate tasks, business process, and workflows when you need to integrate applications, services across enterprise or organization both on-premise and cloud.
What is new with Azure Functions and Logic Apps?
- Version 2.0 is made generally available. Now, it supports python language which would be much helpful in the automation process
- Key Vault secret integration is now available for authentication purpose
- Python private preview
- Introduced an Integration environment which allows you to run the Logic Apps in an isolated environment with Virtual Network
- Managed identities
- The smart design feature which uses machine learning for service recommendations
Event Grid Roadmap
It is a multi-tenant way to manage subscription in Azure Event Grid.
- In/Not in
- Begins with/Ends with
- In/Not in
- Greater than/Less than
- Greater than or equal/Less than or equal
- Key Vault
- Azure Container Registry
- Device Provisioning Service
- Azure Data Lake Store
Identity and Authentication
Here, let us try to understand how identity and authentication work. Consider a scenario, where you want all the resources in the subscription to follow a naming convention. So, you can define a custom code which executes and checks the name when the resource gets created. If the name is not compatible the script will automatically rename it. To do this action, the script needs authentication and authorization. The script needs permission to act on the subscription.
Azure Active Directory
This is an identity fabric of Azure Resources and Microsoft Graph Entities. It gives service identity, user identity and much more. There are a few ways by which you can authenticate the services
Managed identity authentication
This is one of the new concepts in Azure. This feature provides Azure services with an automatically managed identity in Azure AD. You can use the identity to authenticate any service without any credentials in your code. Azure takes care of rolling the credentials that are used by service instance.
Service principle authentication
It is a way to create a special account in Azure AD for automated authentication. For Instance, if you are creating a “Name-checking application”, you can generate identity and a secret key for that application. The application gets a token and would be authorized by the service principle where the required information is stored. The action which takes place in the “Name-checking application” can be tracked using an auto log.
This is one way of authentication which we usually do in Microsoft office and Azure portal using username and password.
- API keys and Anonymous.
Scenario: Azure Logger using Cosmos DB
This scenario is based on creating Azure Logger using Cosmos DB. The goal is to store a snapshot of the resource group state each time a change is made.
An event raised from the ARM (Azure Resource Manager) would reach Event Grid and triggers a Function. The Azure Function investigates all the resource state and also takes a snapshot. In the next phase, the snapshot sends to CosmosDB.
Azure Alert to Serverless Code/Workflow
The alerts in Azure could be fired due to many reasons. It may be a planned or unplanned one. One of the unplanned alerts is called resource health alert. The health alerts can be provisioned for the resources which you want to monitor.
The alert condition configuration requires two parameters,
- Target selection
- Alert criteria definition
Once you configure the alert, point it to Logic Apps or Azure Functions in the desired subscription.
Scenario: Automated Tags Sync
Consider a scenario, where you want to synchronize mandatory tags set on your resources. Out of the box, there is a Logic App which runs on a recurrent basis. It investigates all the resources and resource groups in the ARM and also triggers the Azure Function. In the next phase, the Azure Function checks the Cosmos DB which contains the necessary tag information that the resource should hold. In the absence of the tag, it automatically syncs the tag to the resources in the ARM.
The above picture represents the code to check into the Cosmos DB for tag information and compare it with the existing Resource tag.
This picture shows the Logic Apps workflow. There is a scheduler which runs over an interval of 10 minutes. Then, there is an ARM action which retrieves all the resources of the defined subscription. In the next step, there is a ‘for each’ action which checks all the resources in the subscription against the Azure Function code. If the tags do not match the resources, it publishes an event to Event Grid.
Scenario: VM scale set management
Consider a scenario, where you want to simplify the management of large-scale VM. There is a Logic App which runs on a recurrent basis and triggers the Azure Function every three minutes. In the next phase, Azure Function checks the Cosmos DB for the number of VM instances and passes the value to Power BI.
This dashboard in Power BI shows the historical data on the VM instances that generates over a period. This real-time dashboard will be helpful to the operations team to get insights on the VM instances.
Scenario: Cleaning up the resources
This scenario is based on how on to remove the resources once it meets the expiration date. Initially, there is a scheduler which runs over a defined interval of time. Then, there is a Function which checks each resource for its ‘project’ and ‘tag’ name. In the absence of any of these names, the Azure Function appends it to the resource. Once it meets the expiration date, it cleans up the resource based on the tag from the subscription which is present in the ARM.
React to Azure Scheduled Events from outside the VM
The above Function runs an infinite loop and whenever it finds a scheduled event in VM, it gets pushed to the Event Grid and “autoAck” attribute acknowledges to the Azure portal.
The HTTP request triggers the Logic App and stores the event in Blob Storage. Then the Logic Apps sends the Email notification to the user.
Recently, Microsoft has published a brief tutorial on monitoring virtual machine changes with Azure Event Grid and Logic Apps.
In this blog, we discussed the common challenges in IT and also gave a basic understanding of Serverless. Furthermore, few use case scenarios were explained to leverage the available Azure resources. Stay tuned for further updates. Happy Learning!
You can watch the session here.