Azure V2 Thoughts

I’ve been working in Azureland for about 18 solid months now, having starting with the “Classic” Azure Service Manager system and migrating over to Azure Resource Manager…ARM, V2, “the new Azure”, “the new portal”, whatever you want to call it. It took me a really long time for ARM to click and for me to appreciate the new portal experience, but now that I’m accustomed to it, the old service manager experience just feels clunky.

Let’s start with the new portal. There are some things that are odd about it, including, at least for me, the biggest one being how the panes open left-to-right. Scrolling horizontally is just not a standard thing that websites require. When I’m using my touchscreen, it works really well, but with a mouse, it just feels strange. I do like the way the portal looks feels, and the charts and data shown on the screens looks great and is very beneficial. My only real complaint with it is that if you are a few panes deep and accidentally hit a key with the last pane not active, you can drop back to the beginning without saving your work. Frustrating to say the least.

The new ARM templates are a completely different ball of wax from what I was using with the old ASM system. In the old system, I was just using the same PowerShell script over and over, changing parameters, to build my VMs. In ARM, you can kinda do that, but it doesn’t work that well. With ARM templates, though, you basically create a file that describes everything you want and then hand it over to the ARM engine to build it from your description. It took me a LOONNNNGGG time to wrap my head around this, but I have it now.

Having figured it out, the stuff that really draws me to the ARM system is the flexibility to add NICs to servers however you want, and that you can move NICs to other subnets without rebuilding the whole VM. Another nice feature are the “public IP addresses”, which are more flexible because you can assign one to whatever NIC you want. I have one that I just call “TempPublicIP” that I leave available for when I need to drop one on a VM for RDP issues or whatever.

The final thing with ARM that I really dig is how the idea of an “endpoint” has disappeared. In the old system, you stand up a VM and it always have a public address, and you just enable an “endpoint” that opens a port to that public address. In V2, you can have servers with no public addresses, which is more secure, and even when you do apply a public address, you don’t do the ACL on the specific address. The ACL is a network security group, and you can either apply that to the vnet the internal NIC is connected to, or to the VM itself. If you have a VM with a public IP address and port 21 is blocked on the virtual network the VM lives on, port 21 won’t work over the public address. On the flip side, if everything is open on the inside, everything is open on the public IP address. This is more like what you’d see in the physical network world, and just easier to document overall. I like it.

Written on April 20, 2016