WEBVTT 0:00:02.640000 --> 0:00:07.420000 In this video, we're going to take a look at resource locks. 0:00:07.420000 --> 0:00:10.900000 And in particular, we're going to talk about what resource locks are, 0:00:10.900000 --> 0:00:14.520000 and then I'm going to go ahead and demonstrate some resource locks. 0:00:14.520000 --> 0:00:19.040000 This is one of those topics that is really pretty straightforward. 0:00:19.040000 --> 0:00:24.200000 And it's also one of those things where I'll use an analogy here. 0:00:24.200000 --> 0:00:28.360000 I really started out professionally more on the database side. 0:00:28.360000 --> 0:00:33.680000 And there's kind of this, I don't know if I'm going to say same, but concept 0:00:33.680000 --> 0:00:38.800000 amongst a lot of database administrators that the first time that you 0:00:38.800000 --> 0:00:42.720000 try to do something on the back end of a database and you don't set transactions, 0:00:42.720000 --> 0:00:46.200000 at that point you're probably looking for a new job. 0:00:46.200000 --> 0:00:50.540000 After that, you remember to set transactions anytime you're kind of circumventing 0:00:50.540000 --> 0:00:54.600000 an app, which sometimes happens when you're doing database administration. 0:00:54.600000 --> 0:00:57.480000 Anyways, resource locks are kind of like that. 0:00:57.480000 --> 0:01:03.040000 They're going to protect you pretty much from yourself and from others. 0:01:03.040000 --> 0:01:05.060000 So let's talk about what resource locks are. 0:01:05.060000 --> 0:01:08.500000 Resource locks protect resources. 0:01:08.500000 --> 0:01:11.920000 Pretty simple. And there's two types of locks. 0:01:11.920000 --> 0:01:17.580000 There's a delete lock and there's a read-only lock. 0:01:17.580000 --> 0:01:23.720000 And the delete lock is going to prevent you from deleting things. 0:01:23.720000 --> 0:01:29.820000 And the read-only lock will prevent you from deleting or making changes. 0:01:29.820000 --> 0:01:33.100000 And these apply to resource groups and resources. 0:01:33.100000 --> 0:01:35.440000 And it's active in the management plane. 0:01:35.440000 --> 0:01:38.300000 You often talk in Azure about two planes. 0:01:38.300000 --> 0:01:41.840000 You have the management plane, which you can kind of think of as Azure. 0:01:41.840000 --> 0:01:43.180000 And then you have the data plane. 0:01:43.180000 --> 0:01:47.220000 So the management plane, for example, might be an Azure SQL database. 0:01:47.220000 --> 0:01:54.160000 But the data plane might be a record in a table in an Azure SQL database. 0:01:54.160000 --> 0:02:00.400000 So the resource lock is going to apply to the database, but not apply 0:02:00.400000 --> 0:02:03.820000 to the record within that database. 0:02:03.820000 --> 0:02:05.580000 What's the idea, right? 0:02:05.580000 --> 0:02:11.000000 So at some point let's have got a production VM and I run the very ill 0:02:11.000000 --> 0:02:15.760000 -advised remove AZVM named production. 0:02:15.760000 --> 0:02:21.440000 And so now my production virtual machine is gone and it was supporting 0:02:21.440000 --> 0:02:24.700000 the workload and now things are very bad for me. 0:02:24.700000 --> 0:02:32.240000 So instead of that, what I want to do is I want to go ahead and create 0:02:32.240000 --> 0:02:38.940000 a lock so that if I try to remove that virtual machine the next time, 0:02:38.940000 --> 0:02:43.820000 then I'm going to get this message saying that the virtual machine has 0:02:43.820000 --> 0:02:47.020000 in fact been locked, which is good, right? 0:02:47.020000 --> 0:02:48.620000 And so pretty straightforward concept. 0:02:48.620000 --> 0:02:51.080000 I almost feel like I'm trying to maybe make this harder than it is. 0:02:51.080000 --> 0:02:56.280000 You have locks, two types, delete, prevention from deleting, and read 0:02:56.280000 --> 0:03:01.600000 -only which prevents you from making any changes to a resource. 0:03:01.600000 --> 0:03:07.300000 So let's go ahead and let's take a look at resource locks. 0:03:07.300000 --> 0:03:14.940000 I'm going to just jump right in and I am going to create a resource. 0:03:14.940000 --> 0:03:17.980000 And I'll go ahead and create a storage account. 0:03:17.980000 --> 0:03:32.540000 And I am going to create a new resource group. 0:03:32.540000 --> 0:03:43.560000 And we'll give this a name, storage account name, location, and each US, 0:03:43.560000 --> 0:03:51.940000 and it should be good with everything else. 0:03:51.940000 --> 0:03:55.400000 And we'll create that, that'll take a moment and we come back. 0:03:55.400000 --> 0:04:03.260000 I'll show you how you can use locks with this. 0:04:03.260000 --> 0:04:07.200000 All right, now I have this resource. 0:04:07.200000 --> 0:04:10.540000 So I'm going to go ahead and go to the resource. 0:04:10.540000 --> 0:04:15.700000 And within the resource, and remember I can set locks at the resource 0:04:15.700000 --> 0:04:20.740000 level and at the resource group level, I'm going to go ahead and I am 0:04:20.740000 --> 0:04:25.960000 going to add a lock to this storage account. 0:04:25.960000 --> 0:04:34.900000 We'll give this a lock and this is going to be resource, delete, lock, 0:04:34.900000 --> 0:04:38.320000 lock type is going to be delete. 0:04:38.320000 --> 0:04:46.480000 Very simple. Okay, now the most obvious change here is I'm going to go 0:04:46.480000 --> 0:04:48.500000 and try and delete this. 0:04:48.500000 --> 0:04:52.340000 That's going to tell me it cannot be deleted because it or its parent 0:04:52.340000 --> 0:04:55.920000 has a delete lock, which is good. 0:04:55.920000 --> 0:04:57.500000 So play around a little bit here. 0:04:57.500000 --> 0:05:01.240000 I'm going to go ahead and add a container. 0:05:01.240000 --> 0:05:19.980000 Test. And I'm going to go in here and I'm going to upload a file. 0:05:19.980000 --> 0:05:24.560000 Upload a remote desktop file. 0:05:24.560000 --> 0:05:38.620000 All right, and so I've got my file that has uploaded. 0:05:38.620000 --> 0:05:47.380000 I'm going to go in and delete. 0:05:47.380000 --> 0:05:52.020000 And notice that the blob, the file, because that's in the data plane, 0:05:52.020000 --> 0:05:55.500000 is in fact deleted. 0:05:55.500000 --> 0:06:03.380000 And if I go back to test. 0:06:03.380000 --> 0:06:04.240000 How does that try? 0:06:04.240000 --> 0:06:05.600000 Oh, that's what I wanted to do. 0:06:05.600000 --> 0:06:09.260000 There we go. Remember how to use the interface here? 0:06:09.260000 --> 0:06:10.400000 Try and delete that. 0:06:10.400000 --> 0:06:15.060000 Now notice, interestingly enough, that the container is considered on 0:06:15.060000 --> 0:06:18.840000 the control plane because when I try to delete the container, I can't 0:06:18.840000 --> 0:06:20.320000 do that. It failed. 0:06:20.320000 --> 0:06:28.260000 But the data itself, because the delete lock applies to the control plane 0:06:28.260000 --> 0:06:31.960000 within the data, it doesn't have an impact. 0:06:31.960000 --> 0:06:34.040000 Now, I can still make changes. 0:06:34.040000 --> 0:06:39.820000 If I go to configuration and let's say, just randomly as a very bad thing, 0:06:39.820000 --> 0:06:41.340000 I don't want to change that. 0:06:41.340000 --> 0:06:46.080000 Change that and update it. 0:06:46.080000 --> 0:06:47.880000 It's going to let me update. 0:06:47.880000 --> 0:06:48.680000 And there we go. 0:06:48.680000 --> 0:06:49.800000 Successfully updated. 0:06:49.800000 --> 0:07:06.600000 Great. Now, if I go to my locks and I add a resource read only lock, and 0:07:06.600000 --> 0:07:10.040000 I make this read only. 0:07:10.040000 --> 0:07:22.580000 Now, if I go back to my configuration, I can save it and tell me I cannot 0:07:22.580000 --> 0:07:44.300000 update it. Now, if I go to my container and work at the data layer, a 0:07:44.300000 --> 0:07:50.680000 capture file, there we go. 0:07:50.680000 --> 0:07:54.220000 So, again, at the data layer, I can still interact with this, but I cannot 0:07:54.220000 --> 0:07:58.540000 add the control plane, or data plane control plane. 0:07:58.540000 --> 0:08:03.040000 So, the Azure stuff, if you want to think about it that way, that's really 0:08:03.040000 --> 0:08:11.320000 what the lock applies to, but it does not apply to the actual data that's 0:08:11.320000 --> 0:08:14.440000 being stored. Now, I'm going to go ahead and delete both of those locks. 0:08:14.440000 --> 0:08:19.040000 Hopefully, there we go. 0:08:19.040000 --> 0:08:24.400000 And I'm going to go to the resource group. 0:08:24.400000 --> 0:08:26.560000 The locks resource group. 0:08:26.560000 --> 0:08:29.720000 And I can place a lock on the resource group. 0:08:29.720000 --> 0:08:34.280000 So, I'm going to go into the resource group, and I'm going to add a lock. 0:08:34.280000 --> 0:08:37.200000 And this is going to be RG. 0:08:37.200000 --> 0:08:51.620000 Delete. Lock. And we'll make this a delete type lock. 0:08:51.620000 --> 0:08:59.080000 And then I'm going to go in and try to delete my storage account. 0:08:59.080000 --> 0:09:02.780000 That's going to tell me, cannot delete it because the resource or its 0:09:02.780000 --> 0:09:10.080000 parent has a delete lock, which is pretty much what I was expecting. 0:09:10.080000 --> 0:09:14.120000 And that's really pretty much what locks do. 0:09:14.120000 --> 0:09:16.160000 Very simple, also very important. 0:09:16.160000 --> 0:09:18.020000 I've got locks that I set. 0:09:18.020000 --> 0:09:22.460000 I've got a couple of assets and workload that I use for various things. 0:09:22.460000 --> 0:09:25.660000 And I made sure that I put locks on those so that I don't inadvertently 0:09:25.660000 --> 0:09:28.180000 delete those resource groups. 0:09:28.180000 --> 0:09:30.060000 And that's definitely something I recommend. 0:09:30.060000 --> 0:09:32.660000 It's a very simple thing to do. 0:09:32.660000 --> 0:09:35.620000 You know, go into your, certainly your production resource groups and 0:09:35.620000 --> 0:09:37.980000 then the minimum set delete locks. 0:09:37.980000 --> 0:09:41.620000 And in fact, generally for a production resource group, I'm going to have 0:09:41.620000 --> 0:09:44.380000 a read only lock on that resource group. 0:09:44.380000 --> 0:09:50.880000 And kind of that way can only make changes when the update or the read 0:09:50.880000 --> 0:09:52.540000 only lock is deleted. 0:09:52.540000 --> 0:09:55.980000 And that just gives me that extra layer of security to know that I've 0:09:55.980000 --> 0:10:01.700000 got at least a very fundamental level of change management on my resource. 0:10:01.700000 --> 0:10:03.260000 It's not change tracking or anything. 0:10:03.260000 --> 0:10:05.280000 There's actually tools for that within Azure. 0:10:05.280000 --> 0:10:09.700000 But just to have that security to know that my production resources are 0:10:09.700000 --> 0:10:13.740000 not going to change unless we absolutely want them to.