Docs

PowerShell
Tutorial

ARM templates

CLI

Availability sets

How to provision? VM Extensions

Manage disks, snapshots and images

REST API
Usage information

VMs

Scale sets

Client SDK

1. Resource Group

2. Name

Available VM options and their pricing differ from location

to location
3. Location

Close to the users

Services outside the virtual network cannot connect to

services within the virtual network by default

4. Virtual Network
Virtual networks (VNets) are used to provide private
connectivity between Azure Virtual Machines and other
Azure services.

No security boundary between subnets by default

Network 5. Subnet
A group that can undergo maintenance or be rebooted at
the same time

Open ports

6. Network Security Group

Network Security Groups (NSGs), can be used to control
the traffic flow to and from subnets and to and from VMs

7. Public IP address

Base OS images

8. OS Image Marketplace software images

32/64 bit OS

9. Credentials

Depends on the workload type

Percentage of time a service is available for use VM size can be changed while the VM is running but only
to a size that is supported by the running hardware
10. Size
Physical cluster
Changing sizes
Failure
Update failure If a VM is stopped deallocated, any available VM size can
Requirements
be selected as the VM is removed from the VM cluster
Logically grouping related VMs to avoid single point of
failure during host maintenance 11. Open ports

Common power source and network switch OS disk up to 4 TB

Availability Set
Fault
Also defined for managed disks attached to VMs Domains Temporary storage Loses data on restart
At least 2 virtual hard disks (VHDs) per VM
Update Installing applications and storing data
Data disk (Optional)
Azure as a destination for recovery When durable and responsive data storage is needed

Replicate using Azure Site Recovery Failover across locations Additional disks can be added depending on the VM size Two per CPU on average
Test failovers for recovery drills without impacting
production environments
Data for each VHD is held in Azure Storage as page blobs Only used storage is allocated & billed
create and manage a group of load balanced VMs
Standard HDD
Why? Types
number of VM instances can automatically increase or
decrease in response to demand or a defined schedule Premium SSD

OS Disks User is responsible for the storage accounts that are used
to hold the VHDs
OS disk
VM 12. Storage 40 Standard disks at full utilization
Data disk Unmanaged 1 storage account
Fixed-rate limit of 20,000 I/O operations/sec
May not be able to access KeyVault and other services Provision VMs
do not have an osProfile Multiple storage accounts & manual operation will need to
Can use a managaed identity instead Shared Image Gallery scale-out

Specialised Up to 4 TB
boot faster Managing Availability
Image types Managing
VMs will have the Computer name of the VM the image Storage accounts and disks are managed by Azure
was taken from
Users don't have to worry about storage account limits
removes machine and user specific information from the
Generalised Managed Increased reliability
VM

can write scripts in any language that runs on the source Better security
VM. These scripts can be used to install applications or Azure Custom Script Extension Advantages
configure the VM as desired Scale sets Snapshot support

Concepts? Azure Backup support

Ansible

Chef Compute expenses are priced on a per-hour basis but

Config & Code billed on a per-minute basis
Cloud-init - Linux
Not charged for compute capacity if a VM is stopped and
PowerShell Desired State Configuration (DSC) deallocated

Automation Able to increase or decrease compute capacity on

Jenkins
demand as well as start or stop at any time
Pay-as-you-go
Azure DevOps Services
provision VMs
Pricing For short-term or unpredictable workloads
automates the build process when you create a custom
Packer Advance purchase for 1 or 3 years in a specified region
VM image in Azure

Terraform Can be exchanged or returned for an early termination

Infrastructure fee
Reserved Virtual Machine Instances
Azure Automation
For continously running VMs (At least a year)
Azure Resource Manager template
Gives budget predictability
Application Deployment
Run custom scripts
Sizes
Small applications to configure and automate tasks Manage configuarations

Automatic storage management VM Extensions Collect diagnostics

Scaling Can be included in while deploying

Locally redundant Can run against existing VM

Storage options
Geo redundant Configure the virtual machine
Advantages
Unlimited data transfe Configure the operating system

Encryption Why? Install software

Application-consistent backup Apply updates

Long-term retention Process Automation

Files & folders Cloud agnostic

Terraform
Snapshots - Volume shadow copy Azure Backup Some Azure services might not be supported

SQL, SharePoint & Exchange backup Types knife tool to deploy VMs

VM backup recipes to configure

Chef server
Client machine backup Chef extension can be added to VMs

Azure backup agent Automation Services Uses Ruby

Backup server Microsoft Endpoint Configuration Manager

VM Extension Desired State Configuration (DSC) extensions PowerShell

Deploying How? Configuration Management
System Center Data Protection Manager Can manage and automate DSC
Azure automation state configuration
Blog storage centralised reporting
Recovery Services vault
Backup policies Can be added to the ARM template

sudo apt-get install -y mongodb Install Or with CLI

Ubuntu commands
sudo systemctl status mongodb Process status custom script extension won't continue after a restart
Custom Scripts
can be run using extensions

Hard to manage

good for small configurations after provisioning

Encryption

Samples

Port 22

Username & Password

Authenticating Public key placed on the VM

SSH Key pair
SSH Private key is used to verify the identity

Create a key pair ssh-keygen -t rsa -b 4096

Add the Public key when creating a VM

Copy the Public key to an existing server ssh-copy-id -i ~/.ssh/id_rsa.pub azureuser@myserver

Create NSG
Opening ports
Create rules in the NSG

Software firewall

Source

Destination

Configure VMs for remote access Protocol

Rules to allow or deny traffic
Network Security Groups Inbound Processing order - Subnet NSG -> Network Interface NSG
Direction
Outbound Processing order - Network Interface NSG -> Subnet NSG

Allow/Deny

Optional

SMTP (port 25) may be blocked by default

Remote Desktop Port 3389

Require Security Center Standard

Supports only ARM deployments

Allows selected ports and IP addresses for the specified

Just in Time access time duration
JIT Access automatically closes all inbound traffic in
NSGs and Firewalls until a user requests access
Request access Security center -> Jut-in-Time VM access
- Select VM - Request access

Protects against Brute force attacks