Azure: PowerShell versus ARM Templates

In this post, I’m going to make the PowerShell acolytes angry (not hard) by explaining why they are too slow, and ARM/JSON is they best way to deploy things in Azure.

The PowerShell Experience

Let’s imagine that you & your significant other go into a restaurant, and let’s say you order a steak and your other wants to order something else. How does the ordering process go? Is it something like this .. let’s start with your order:

  • Customer: Waiter!
  • <Wait 1 minute>
  • Waiter: What would you like sir?
  • Customer: Could you ask the chef to go to the fridge?
  • <Wait while the chef is asked to go to the fridge>
  • Waiter: Yes?
  • Customer: Would you ask the chef to open the fridge?
  • <Wait while the chef opens the fridge>
  • Waiter: Yes?
  • Customer: Would you ask the chef to take a steak out of the fridge?
  • <Wait while the chef takes a steak out of fridge>
  • Waiter: Yes?
  • Customer: Please ask the check to put a pan on the cooker.
  • <Wait while the chef puts a pan on the cooker>
  • Waiter: Yes?

You see what’s going on here? Meanwhile your significant other is getting no love from the restaurant. Ouch!

With PowerShell you describe the deployment process, one step at a time, connecting each and every dot. The deployment is serialized, with no parallelism unless you use PowerShell features to run parallel jobs. The result isn’t much faster than you doing all the clicking for yourself.

The ARM Experience

I like to describe the ARM as a waiter, and the Azure resource providers as the kitchen cooks. How does the order go?

  • Customer: Waiter, I would like a Salmon dish for my wife and steak for myself.
  • Waiter: Yes, sir, in the meantime, would you like a drink?

That’s a bit better, right?

ARM or JSON templates describe the result, not the process. Once you submit the deployment, ARM divides up the job and orders the deployment based on your dependencies. That means that the deployment can be parallelized. If I need 100 web servers, all 100 will be deployed at once, not in some 1..100 loop, one at a time (or 5 at a time if you are clever).

Best of Both Worlds

For some of the training that I do at work, I deploy the training lab in Azure as follows:

  • A PowerShell script that asks me how many attendees there are, and then it runs a glorified 2 line loop.
  • The loop iterates through different subscriptions, adding a resource group and then doing an ARM deployment.

In other words, PowerShell automates my very fast ARM deployments.

PowerShell Still Required

PowerShell is still very useful for some fiddly deployment things that don’t have ARM options, or are once-offs and don’t have a GUI option. To be honest, I do use GUI for most of my once-offs because it is convenient and gets the end result faster than researching/tweaking/fixing PowerShell examples. When it comes to learning about settings and troubleshooting, PowerShell can be pretty awesome.

But PowerShell is much slower than ARM for deployments. Now let’s hear the screams of outraged PowerShellers!

Was This Post Interesting?

If you found this information useful, then imagine what 2 days of training might mean to you. I’m delivering a 2-day course in Amsterdam on April 19-20, teaching newbies and experienced Azure admins about Azure Infrastructure. There’ll be lots of in-depth information, covering the foundations, best practices, troubleshooting, and advanced configurations. You can learn more here.

4 thoughts on “Azure: PowerShell versus ARM Templates”

  1. I agree with you. I had to automate a huge build out for an application. First inclination was to use PowerShell for everything until I learned about ARM templates. Built an ARM template and with a single deployment line in PowerShell, I was able drastically cut down on the PowerShell code I had to use.

    At the time though I still had to use the PowerShell cmdlets for setting up an API gateways, management APIs and products but I hear that now can be done via ARM too!

    Reply

  2. Agree. I use my Powershell-ter to assemble parameters; ARM deploys; Pester confirms conformance with the expected outcome.

    Reply
  3. Pingback: Azure Weekly: Feb 5, 2018 – Build Azure

  4. I also agree, but, with some “buts”. I use PowerShell to duct tape some stuff together. For example, when I’m creating a NSG with ARM, and then connecting it to a subnet, I use PowerShell for this. Why? Because when I want to do that with ARM, I have to use a nested ARM template to connect the NSG to the subnet. And that nested ARM template needs to have all the settings defined of the subnet (route tables/service endpoints). If I forget one of those settings, I’m screwing up my subnet. Therefore I like to use PowerShell to associate the new NSG to the subnet. But this is just one example. I also like to use PowerShell to deploy ARM templates, because then I don’t need to use parameter files; I just can specify my parameter object and feed it to New-AzureRmResourceGroupDeployment.

    Reply

Leave a Reply to Adam Bertram Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.