One of the other major differences in Azure is the difference between the service management and resource manager APIs and interfaces. In this post I will highlight the differences between the two and what it means for you as the user.
First of all let’s get some abbreviations out the way. ASM = Azure Service Management and ARM = Azure Resource Manager.
The first immediate difference is the portals by which you access both service management (classic) resources and resource manager resources. Classic resources are provisioned and managed using the portal manage.windowsazure.com, this is known as RDFE or Reddog Front End (Reddog was the original codename for Azure). Resource manager resources are provisioned and managed in the new portal, which you can find at portal.azure.com. This is known as Ibiza (codename).
You can see in the new ARM portal down the left navigation that sometimes you will see links to classic resources in the ARM portal, for example Virtual Machines. As resource providers are migrated to the new ARM API model then these will slowly go.
Even though the ARM based portal is alive and kicking, you can still create resources using the classic portal or using the ARM portal and selecting the Classic deployment model in the marketplace.
One of the other big differences is how you access resources via PowerShell. In fact the Cmdlet’s used are different depending on which model you are using, generally speaking if you are working with ARM then you can usually add RM to your command and pass some additional parameters such as the resource group name and you’ll be good to go. In reality you obviously need to login to the ARM provider first.
One thing to watch out for is the way resources are referenced in terms of the internal ID is different so you may have a fair amount of refactoring to do and the introduction of Azure AD for providing authentication tokens for subscriptions and resource groups means some additional parameters are needed.
Authentication and Role Based Access
With the introduction of ARM, logins are now processed by Azure AD. For every Azure subscription which is created, this is backed by an Azure AD tenant which provides authentication and authorisation to the subscription. For third-party applications they can be added using OAuth, likewise with users. This provides a flexible authorisation framework for both users and applications allowing quick extensibility.