In the Azure, it not only about creating Azure resources and start using it. There are some upper layers of management inside which resources exist. In this article, we will see how basic hierarchy of Azure is defined for Management of its resources.
These are the typical Azure Management Levels. See the below image and lets discuss them one by one.
Before starting with these levels we will go one level up (above Management Groups) which is not in picture but you create it when you sign up for Azure, that is Company. You can call it Organization, Tenant, Directory or Account. Why Directory? it looks out of context!
Directory because every Company is assigned with Active Directory (AD) of Azure. Even when company takes subscription for office 365, AD is created and assigned to that particular organization or tenant.
Lets start with Azure Management levels now.
Note: We will use ‘Organization’ word to point out ‘Top Level’ to get rid of confusion.
Azure Managements Groups
Big organizations have multiple departments in it. For example HR, IT, Marketing, Finance etc. It is very difficult to handle multiple subscriptions if there are multiple Departments.
To keep track of all these departments we can create Managements Group for each and every department in Azure. So lets say HR can have organisation_hr_azure group and IT can have organisation_it_azure group.
Management groups makes it easy to isolate subscription department wise. If you have very small company with few or no departments then you can directly create subscriptions in Azure. There is no need of Management Group. It is optional.
Subscriptions are useful in managing billing and access isolation boundaries. Without subscription you cannot create any resources inside Azure. Each subscription has its own billing agreement.
Under Subscriptions you can create Resource Groups.
There are different types of subscriptions you can create in azure. Normally, for learning purpose we can create ‘free’ subscriptions account and with that you will get $200 credit to use Azure Resources.
You can create multiple Subscriptions under Management Groups according to your requirements, project wise or applications wise and geographical area.
As shown in the above image, there are different subscription for production and non-production stages. Also, even in the production stage there are multiple subscriptions for applications resources, data resources and other productions utilities.
Azure Resource Groups
A Resource group is a collection of resources are being used on Azure platform for some purpose/lifecycle. For example, there can be different set of resources are being used for production and development environment.
In this case, we can create two Resource Groups to make production and development environment separate. You can further creates groups to classified resources into each environment. For example, in production environment you can separate resource groups application wise, data wise and utilities wise.
If you want to decommission any part of project it will be easy for management to delete group of resources entirely.
In the above image you can see under subscription there is resource group and under it there are multiple resources like Virtual Machine, Load Balancer etc.
Resources are building blocks on Azure. You can also call it Azure Services. There are number of Resources available for you at Azure. AI/Machine Learning, Compute, Storage, Security, Networking services and many more are part of Azure.
You will find number of resources to use among these services. Anything which can be created on Azure is a Resource like Virtual Machine, Storage Account, Database, Virtual Network etc.
You can see in the above image there are resources like App Services, Virtual Machines, Load Balancers, Virtual Network etc.