Virtual Machines are one of the services offered by Microsoft Azure. If you need more control
4 different ways to create azure virtual machines
- Azure Portal,
- Azure Resource Manager Template,
- Azure PowerShell & Azure CLI
- Visual Studio.
Different type of Azure Virtual Machines
D and Dv2 Series: are designed to run applications that demand higher compute power and temporary disk performance.
F-Series: Designed for applications demand higher CPU performance and optimized for premium storage.
G-Series: Offers More memory
Premium Storage (can provide high-performance, low-latency storage for I/O Operations) can be used with following categories
A-Series and Av2-Series can be deployed on lot more variety of hardware’s
The A8-A11 and H-series sizes are also known as compute-intensive instances
Deploy Azure Virtual Machines
RBAC does not limit the actions that a user logged into a VM can perform. Those permissions are determined by the account type on the guest OS.
Using the resource lock, you can prevent the accidental deletion of the resources (can be at resource group level or individual resources).
Azure Virtual Machine Storage
Deleting the VMs will not delete the VHD but you will still be charged for the VHD storage.
Azure Disk Encryption for OS disk and Data Disk.
Temporary disk is created for storing the pagefile.sys (By Default is named as D:\ also it is possible to change)
Better performance use premium storage
Use separate storage accounts for each VM to store the VHDs to avoid IOPS limits
When new VHD is added as data Disk it is unformatted and also it can be maximum size of 1023 GB
OS Disk and Data disk are persistent. OS Disk is SATA and Data Disk are SCSI Drivers
By Default, Host-Caching for RW
OSDisk = ON
DataDisk = off
Types of Azure Storage replication
- LRS (Within Datacenter 3 Copies)
- ZRS (Multiple Datacenter 3 copies)
- GRS (Multiple Datacenter 6 copies, no read access in secondary)
- RA-GRS (Multiple Datacenter 6 copies, read access in secondary)
Read-access geo-redundant storage is the Default when creating new storage account. RA-GRS is intended for high-availability purposes
Standard Storage and Premium Storage also you have unmanaged disk and managed disk.
Linux Virtual Machines use SSH Public Key – Preferred method of connection.
There are two types (Planning and unplanned maintenance work) of events in azure platform which deploying VMs in availability set is the most recommended way for mission critical applications.
By Default: 5 Update Domain (can be up to 20) and 3 Fault Domain (Azure ARM)/2 Fault Domain (Classic)
Near Identical applications to go in the same availability Set. (Minimum 2 VMs to be deployed when choosing the availability sets)
Use separate storage account for each VM in an Availability Set. Multiple VMs in the same availability set must NOT share storage accounts.
If the new size for a VM in an availability set is not available on the hardware cluster currently hosting the VM, then all VMs in the availability set will need to be deallocated to resize the VM.
Azure VM must have at least one NIC but can also have more than one NIC
If you wanted to have multiple NIC you need to create VM with at least two, so that you can add more NIC at later stage if required (Upto Supported number of NICs for the VM size)
NICs should be in the same location and same region as the VM within a subscription
You can assign public and private IP address to a NIC
Two ways we can assign the IP address are Static and Dynamic
NIC’s Connected to the same or different subnet within a VNet can talk with other VMs without any extra configuration
When connecting different VNets make sure the address space is not overlapping
If you wanted to move VM to a different VNet it’s not a simple configuration, VM needs to be redeployed on the target VNet.
Network Security Groups
A network security group (NSG) contains a list of Access Control List (ACL) rules that allow or deny network traffic to subnets, NICs, or both
When an NSG is associated with a subnet, the ACL rules apply to all the VMs in that subnet
Only one NSG can be applied to a resources
Priority of NSG rules must be unique
Two Type of load Balancers available
DNS Level (Azure Traffic Manager): Cross region where apps located in different datacentres and different regions
There are three modes available
- Priority Mode (always route traffic to primary, when primary fails then route to secondary)
- Performance Mode (route traffic to closed region endpoint)
- Round Robin Mode
Network Level (Azure Load Balancers): within same region, Load balances incoming internet traffic. It distributes traffic based on Source Address, Source IP address, Protocol, Source / Destination Port. Azure Load Balancers can be configured to balance
Incoming internet traffic
Traffic Between VM’s in Vnet
Traffic between On-premise computers
VM’s in a cross-premise network
Forward external traffic to a specific VM
Following are the list considered when creating the azure load balancer
- Front-end IP Configuration
- Back-end address pool
- NAT rules
- Load balancer rules
- Probes (HTTP/TCP)
VM Scale Sets
Virtual Machine scale sets are an azure compute resource you can deploy and manage a set of identical machines. To increase or decrease the number of virtual machines in a VM scale set, simply change the capacity property and redeploy the template.
- 20 VMs per storage account default. This limit does not apply for managed disk.
- using custom VMs with unmanaged disks, plan for no more than 40 VMs per VM scale set, in a single storage account
- Plan for no more than 4096 VMs per VNET
- Virtual machines are removed from the scale set evenly across upgrade domains and fault domains to maximize availability. VMs with the highest id’s are removed first.
- Enable VM Agent extensions
- Enable Monitoring
- Configure Metrics
Additional post deployment activities can be performed using
- Azure VM Access Extension
- Run custom scripts
- PowerShell DSC Extensions
- Puppet, Chef
- Azure Diagnostics extension to monitor the health of the application.