Menu

Virtual Geek

Tales from real IT system administrators world and non-production environment

Create a Virtual machine on Microsoft Azure

Although I have written PART 9: CREATING AND MANAGING VIRTUAL MACHINE (VM) USING MICROSOFT AZURE RESOURCE MANAGER PORTAL but it is the old article now, afterwords there are many updates came while creating an Azure Virtual Machine. New Azure VM updates are still easier to understand and configure, To create a VM There are multiple OS choices but the most used are Microsoft Winodws and Linux. You can select an image from Azure marketplace or use your own customized image to deploy Azure VM. In this article I am choosing all default options when deploying VM.

To start creating Azure Virtual Machine login to Microsoft Azure Portal search for Virtual Machines in search bar.

Microsoft Azure portal Virtual machines vm scale sets virtual networks vnet backup center backup vaults recovery services vaults cloudsimple search resource serivces.png

In the next view Click + Add >> + Virtual Machine. In the Basics tab select the subscription to manage deployed resources and costs, All resources in an Azure subscription are billed together and use resource groups like folders to organize and manage all your resources, I have already created resource group and selected from the list. 

In the instance details Virtual machines in Azure have two distinct names: virtual machine name used as the Azure resource identifier, and in guest host name. When you create a VM in the portal, the same name is used for both the virtual machine name and the host name. The virtual machine name cannot be changed after the VM is created. You can change the host name when you log into the virtual machine. Choose the Azure region that's right for you and your customers. Not all VM sizes are available in all regions.  

Azure offers a range of options to manage availability and resiliency for your applications. Architect your solution to use replicated VMs in Availability Zones or Availability Sets to protect your apps and data from datacenter outages and maintenance events.

Availability zone: Physically separate your resources within an Azure region. 
Virtual machine scale set (Preview):  Distribute VMs across zones and fault domains at scale
Availibility set: Automitcally distribute your VMs across multiple fault domains.

You can optionally specify an availability zone in which to deploy your VM. If you choose to do so, your managed disk and public IP (if you have one) will be created in the same availability zone as your virtual machine.

Azure Spot instances offers unused Azure capacity at a discounted rate versus pay as you go prices. Workloads should be tolerant to infrastructure loss as Azure may recall capacity for pay as you go workloads. Select a VM size to support the workload that you want to run. The size that you choose then determines factors such as processing power, memory, and storage capacity. Azure offers a wide variety of sizes to support many types of uses. Azure charges an hourly price based on the VM's size and operating system. I am choosing smallest size VM.

Provide the administrator username for the VM, few of the username are reserved and they cannot be used. Provide administrator password and confirm it for the VM

By default, access to the virtual machine is restricted to sources in the same virtual network, and traffic from Azure load balancing solutions (No way to acces VM over network/internet). Select None to confirm, or choose to allow traffic from the public internet to one of these common ports. As the VM is windows server I will open RDP 3389 as inbound port on Network Security Group (NSG - Firewall). This will allow all IP addresses to access your virtual machine. This is only recommended for testing. Use the advanced controls in the Networking tab to create rules to limit inbound traffic to known IP addresses.

If you own Windows licenses with active Software Assurance (SA) or have an active Windows Server subscription, use Azure Hybrid Benefit to save compute cost. You can save up to 49% with a license you already own using Azure Hybrid Benefit.

Click Next: Disks > button.

Microsoft Azure Create a Virtual machine subscription resource group region availibility zone option azure spot instance inbound ports license rdp image.png

On the Disks tab, Azure VMs have one operating system disk and a temporary disk for short-term storage. You can attach additional data disks. The size of the VM determines the type of storage you can use and the number of data disks allowed. You can choose between Azure managed disks types to support your workload or scenario.

Azure Ultra Disks compatibility deliver high throughput, high IOPS, and consistent low latency disk storage for Azure IaaS VMs. Ultra Disk is suited for data-intensive workloads such as SAP HANA, top tier databases, and transaction-heavy workloads. Adding this capability on results in a reservation charge that is only imposed if you enabled Ultra Disk capability on the VM without attaching an Ultra Disk.

For best performance, reliability, scalability and access control we recommend Azure Managed Disks for most virtual machine configurations. Use unmanaged disks if you need to support certain classic scenarios or want to manage disk VHDs in your own storage account.

Ephemeral OS disks are created on the local virtual machine (VM) storage and are not persisted to the remote Azure Storage. Ephemeral OS disks can be stored on VM cache or VM temp/resource disk if sufficient space is available. Click Next: Networking for network configuration.

On the Networking Tab Virtual networks are logically isolated from each other in Azure. You can configure their IP address ranges, subnets, route tables, gateways, and security settings, much like a traditional network in your data center. Virtual machines in the same virtual network can access each other by default. A subnet is a range of IP addresses in your virtual network, which can be used to isolate virtual machines from each other or from the Internet. User have a choice use a public IP address if you want to communicate with the virtual machine from outside the virtual network.

A network security group (Firewall rules) contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, the virtual machine. To simplify management of security rules, it's recommended that you associate a network security group to individual subnets, rather than individual network interfaces within the subnet, whenever possible.

By default, access to the virtual machine is restricted to sources in the same virtual network, and traffic from Azure load balancing solutions. Select None to confirm, or choose to allow traffic from the public internet to one of these common ports. As I am deploying Windows Server VM, I will open 3389 port on NSG for RDP.

Click Next Management button.

Microsoft Azure Create a virtual machine disks os disk type standard ssd encryption at-rest data disks lun host caching ephemeral os managed disk networking vnet virtual network subnet public network security group.png

On the Management tab configure monitor and management options for VM. Use this feature to troubleshoot boot failures for custom or platform images. Boot diagnostics with managed storage account significantly improves creation time of Virtual machines by using pre-provisioned storage accounts managed by Microsoft. Enable OS guest diagnostics to Get metrics every minute for your virtual machine. You can use them to create alerts and stay informed on your applications. Login with AAD credentials (Preview) use your corporate Active Directory credentials to log in to the VM, enforce MFA, and enable access via RBAC roles. 

A system assigned managed identity enables Azure resources to authenticate to cloud services (e.g. Azure Key Vault) without storing credentials in code. Once enabled, all necessary permissions can be granted via Azure role-based access control. The lifecycle of this type of managed identity is tied to the lifecycle of this resource. Additionally, each resource (e.g. Virtual Machine) can only have one system assigned managed.

Configures your virtual machine to automatically shutdown daily. To guard your virtual machine against accidental deletion and corruption, we recommend that you configure backup on this virtual machine. Your virtual machine will be backed up to Recovery Services vault with the configured policy and will be charged as per backup pricing.  Azure Site Recovery helps to keep your virtual machines running during outages. Enable it to replicate your virtual machine to a secondary Azure region. 

Enable Hotpatch allows you to take critical and security updates for your virtual machine without restarting. Patch orchestration options allow you to control how patches will be applied to your virtual machine.

Part 1: Working With Azure Key Vault Using Azure PowerShell and AzureCLI
Part 2: Create a Virtual machine on Microsoft Azure
Part 3: Use a Azure VM system assigned managed identity to access Azure Key Vault

Click Next: Advanced button. Extensions provide post-deployment configuration and automation. Add new features, like configuration management or antivirus protection, to your virtual machine using extensions. Select a host group, then choose a host from within that group. Custom data Pass a script, configuration file, or other data into the virtual machine while it is being provisioned. The data will be saved on the VM in a known location. Imagesmust have a code to support consumption of custom data. If your image supports cloud-init, custom-data will be processed by cloud-init (Azure service).

Azure Dedicated Hosts allow you to provision and manage a physical server within our data centers that are dedicated to your Azure subscription. A dedicated host gives you assurance that only VMs from your subscription are on the host, flexibility to choose VMs from your subscription that will be provisioned on the host, and the control of platform maintenance at the level of the host. The host group must be in the same region and availability zone as the VM you are creating. A proximity placement group is a logical grouping used to make sure that Azure compute resources are physically located close to each other. Proximity placement groups are useful for workloads where low latency is a requirement. 

VM Generation: Your choice to create a generation 1 or generation 2 virtual machine depends on which guest operating system and the boot method you want to use to deploy the virtual machine. Generation 1 virtual machines support most guest operating systems. Generation 2 virtual machines support most 64-bit versions of Windows and more current versions of Linux and FreeBSD operating systems. Generation 2 VMs support features such as UEFI-based boot architecture, increased memory and OS disk size limits, Intel® Software Guard Extensions (SGX), and virtual persistent memory (vPMEM).

Click Next: Tags > proceed.

Microsoft Azure Create a Virtual Machine Management advanced tabs subscription boot diagnostics storage account enabled OS guest diag enable auto-shutdown backup disaster recovery hotpatch preview custom data vm gen.png

Tags are name/value pairs that enable you to categorize resources and view consolidated billing by applying the same tag to multiple resources and resource groups. Tag names are case-insensitive and are limited to 512 characters. Tag values are case-sensitive and are limited to 256 characters. In the Next: Review + Create > Validation must be passed, Verify if the options and settings need customization if any changes required make them correct and click Create button.

Microsoft Azure Create a virtual machine tags name value key pair validation passed review create vm subscription resource group availibility zone rdp port nsg network security group disks ssd vnet subent networking.png

Deployment of Azure Virtual Machine task starts and it creates the all required and supproted prerequsite VM resource components. Once deployment is completed to access VM either click Go to Resource or Resource group or Virtual Machines pane and click on it to view VM details.

Microsoft Azure portal virtual machine deployment create vm auto-shutdown monitor vm health subscription east us windows size os windows  disks networking vnet subnet managed.png

To access the VM through RDP on the Overview tab note down Public IP Address, click Connect and select RDP from drop down box.

Microsoft Azure Portal rdp connect tags public ip address virtual network subnet dns disks os encryption ephemeral data disk availibilty zone scale set os vm gen azure spot .png

In the RDP section either download RDP file or Open Remote Desktop Connection and connect the VM.

Microsoft Azure Virtual Machine Connect networking disks size security availibility scaling identity remote desktop collection extentions configuration properties 3389 port credential.png

Here is the is the inside view of VM, Connected to virtual machine RDP over Internet.

Microsoft Azure Virtual Machine Public IP address whatsmyip.org powershell hostname hostname winadmin user credentials azure spot instance disks networking vnet.png

Useful Articles
PART 1 : MICROSOFT AZURE CREATION AND CONFIGURATION OF VPN TUNNEL SERIES
PART 2 : MICROSOFT AZURE CREATING RESOURCE GROUP 
PART 3 : MICROSOFT AZURE CREATING AND ADMINISTERING VIRTUAL NETWORK (VNET) 
PART 3.1 : MICROSOFT AZURE POWERSHELL CREATING AND ADMINISTERING VIRTUAL NETWORK (VNET)
PART 4 : MICROSOFT AZURE CREATING AND ADMINISTRATING LOCAL NETWORK GATEWAY VPN
PART 4.1 : MICROSOFT AZURE POWERSHELL CREATING AND ADMINISTRATING LOCAL NETWORK GATEWAY 

Microsoft azure virtual network vnet creation in resource group designing gateway

PART 5: VIRTUAL NETWORK GATEWAY DEPLOYMENT ON MICROSOFT AZURE 
PART 5.1: VIRTUAL NETWORK GATEWAY DEPLOYMENT USING MICROSOFT AZURE POWERSHELL
PART 6: INSTALLING ROUTING AND REMOTE ACCESS SERVER ROLE (MICROSOFT RRAS)
PART 6.1: CONFIGURING ROUTING AND REMOTE ACCESS SERVER DEMAND-DIAL (MICROSOFT RRAS AZURE VPN)
PART 6.2: CONFIGURING ROUTING AND REMOTE ACCESS SERVER ROUTER (MICROSOFT RRAS AZURE VPN)

Go Back

Comment

Blog Search

Page Views

5571291

Follow me on Blogarama