Questions on laying out Resource Groups in Azure - azure

We are looking to move/create 3 websites with Azure Web Apps, and would like to determine the best design for Resource Groups to use with this.
These 3 websites (website1, website2, and website3) would all point to the same database.
We would like to have a deployment cycle like this:
Azure Web App (AWA1) – website1-dev (DB: CompanyDb-dev; File Storage: CompanyFiles-dev) (Service Plan F1 (Free))
AWA2 – website1-qa (DB: CompanyDb-dev; File Storage: CompanyFiles-dev) (Service Plan F1 (Free))
AWA3 – website1 & website1-staging (slot) (DB: CompanyDb; File Storage: CompanyFiles) (Service Plan S1, S2, or S3)
So, for website1 we could Publish to –dev, -qa, or –staging, and –dev and –qa would use the –dev database and file storage, while –staging and prod would use the prod database and file storage.
So, my question(s), would it make sense to have the 3 Azure Web Apps, the 2 databases, and the 2 file stores in the same Resource group?
If our other two websites will also make use of CompanyDb, should they (and their related development Azure Web Apps) be in the same resource group? Or their own resource group?

According to the Azure Resource Manager overview documentation page.
All of the resources in your group should share the same lifecycle. You will deploy, update and delete them together. If one resource, such as a database server, needs to exist on a different deployment cycle it should be in another resource group.
From that you should consider which pieces can be grouped together as a lifecycle. What group could you safely delete and recreate without affecting the other groups.
From that, it probably safest to have a DB resource group, and each Website in its own group. That way you could probably just have two templates (a db and a website) and deploy those as much as you need.

This is more of a personal preference question. Resource Groups are just for logical grouping of your resources, it doesn't actually affect much implementation wise.
So go with whatever you think is most convenient.
As a side note: instead of creating three different web sites, have you guys considered using Site Slots?

Related

Are my Function Apps dependent on Storage Accounts? I want to move my Function Apps to a new Resource Group

Goal: Move all the necessary, and only the necessary, function apps and their dependencies from one resource group to another. This resource group they are currently in contains an App Configuration, 2 App Services (Function Apps), their Application Insights, a Storage account, and an App Service Plan.
The resource group I want to move them into already has things like Storage accounts, other Function apps, Logic apps, etc.
I have tried consulting the docs, maybe I am consulting the wrong ones. I am still puzzled about the dependencies Function Apps may have, and why this resource group needed to spin up a Storage account and what azure-webjobs-host and what the files populating within it mean or do.
Q1: How can I move them to the new resource group? I am thinking of using their ARM templates, but am vague on details.
Q2: Do I need to bring their Storage account with them?
Q3: Could I instead integrate them with the Storage account in their new resource group, after I moved them? How?
Q4: Can I simply delete Function Apps' Application Insights if I have no further use for them?
Q5: Any good resources or knowledge you want to share about Logic Apps / Function Apps being dependent on other resource types?
Thank you.
Are my Function Apps dependent on Storage Accounts?
Yes, function app on azure needs you to specified a storage account. This is because triggers other than httptrigger needs storage emulator.(This is built-in feature.)
How can I move them to the new resource group?
If you dont have too many function apps to move, just click 'Move' -> 'Move to another resource group' in the overview of your resource group and then select the function app you want to move.
Do I need to bring their Storage account with them?
No. No matter built-in feature or your function app need to deal with some storage accounts, it just needs you to offer connection string to link to.
Could I instead integrate them with the Storage account in their new
resource group, after I moved them? How?
Yes.(If you are talking about built-in feature.) But you need to change this value:
And the value is getting from this place:
Can I simply delete Function Apps' Application Insights if I have no
further use for them?
Yes, you can. It is just a way to monitor your function app. You can delete or re-create it whenever you want.
Any good resources or knowledge you want to share about Logic Apps /
Function Apps being dependent on other resource types?
One thing I want to remind. Please keep your resources in the same region if you dont have some special requirement. This is not only because of some built-in restrictions, but it can also help you save costs. (For resources in Azure, data transmission between resources located in different regions requires additional bandwidth fees.)

Azure created DefaultResourceGroup-EAU resource group

Today I am noticing that the Azure Group, I dont know when Azure created the
"DefaultResourceGroup-EAU" resource group, and in this group two item is placed
I am not using any Azure Container Registry service and AKS, should I remove this group because it paying in my invoice, I just only have Azure Web Apps and Azure SQL databases and one VM only, should its impact on my above mentioned services after deletion?
certainly not in terms of how those services function, but monitoring might be impaired if you delete those.
Those resources look like they were created alongside AKS cluster. Doesn't mean that they were only being used for that, but highly likely.

What is the right way to create development and production environments for a network of servers in Azure?

I want to deploy multiple machines across various geographical regions to serve my application in a Development and Production environment; I'm coming from Google Cloud Platform where my solution would be to create 2 projects:
project-dev
project-prod
With that I have complete freedom of creating resources in any region/zone in either project/environment.
The closest thing to this I have found on Azure is Resource Groups, but those are tied to a specified region, which is not ideal for me. Is there a better way, rather than creating a resource group in EACH region I choose to deploy resources for both environments as follows:
project-dev-east-us
project-dev-west-us
project-dev-west-eu
project-dev-east-as
project-prod-east-us
project-prod-west-us
project-prod-west-eu
project-prod-east-as
Resource groups are tied to regions, but resource inside are not, so you can have resources from multiple regions in a single resource group. but resource group is like a folder on a hard drive. its just a way to logically organize things, nothing more.

Will the Access keys used by services will be affected by moving resources to another subscription?

Issue: I am planning to move my Azure Resources to another subscription but as an impact analysis I want to know if Access Keys to a resource such as Storage, Batch Services will be affected.
I have more than 30 services which are currently in use. I am looking forward to having least possible downtime and so I need to analyze what all services will be impacted.
I am aware of the resources which are possible to migrate from the Microsoft page: https://learn.microsoft.com/en-us/azure/azure-resource-manager/resource-group-move-resources.
Here are my few questions, I would like to know the answers in all possible cases such as migration to different directory/Azure Active directory or common Azure Active directory.
Will the Access Keys to a resource such as Storage, Batch Services etc.. will be affected after I migrate my resource to another subscription?
Do I need to reconfigure the Service Endpoints?
Thanks.
They wont change
No, storage account endpoints are not tied to resourceId

What about Azure Cloud Services in the new "Resource Manager world"

I just read a small post of #pierreroman with the title Azure Cloud Service VS Azure Resource Manager. Unfortunately I was not able to comment his post (There was an error saving your comment. (Cannot create comment - access denied.)). Therefore and because I think this topic is interesting for many folks who are using azure cloud services right now, I write my "comment" here and send him a tweet. Maybe he or someone else can answer my questions.
I think that more interesting than the "what is the difference between cloud services and resource groups" is the question "should we plan to move from cloud services to azure resource groups?". Is it even possible? Or are we comparing apples to oranges?
What about scaling (for example adding new instances of a worker role with a simple slider or with auto scaling)?
The comparison is kind of apples(Cloud Service) and grocery(ARM) where can manage fruits, meats, and fishes.
But, very first concept of Cloud Service was similar to the ARM. That's why sometimes confusing.
Below quote is from free ebook Azure Web Apps for Developers (download), page 12 and 13.
An Azure Resource Group is a logical container for grouping Azure resources.
Grouping resources this way helps simplify the implementation, deployment, management, and monitoring of resources in the resource group. From a billing perspective, it gives you a way to view costs for the resource group rather than for individual resources, eliminating the need to figure out which resources are related. You can think of an Azure Resource Group as a unit of management.
The last line helps to understand clearly, Azure Resource Group is a unit of management.

Resources