You must know, facts about implementing Microsoft Azure Virtual Machines

Virtual Machines are one of the services offered by Microsoft Azure. If you need more control

4 different ways to create azure virtual machines

  1. Azure Portal,
  2. Azure Resource Manager Template,
  3. Azure PowerShell & Azure CLI
  4. Visual Studio.

Different type of Azure Virtual Machines

D and Dv2 Series: are designed to run applications that demand higher compute power and temporary disk performance.

F-Series: Designed for applications demand higher CPU performance and optimized for premium storage.

G-Series: Offers More memory

Premium Storage (can provide high-performance, low-latency storage for I/O Operations) can be used with following categories

  1. DS-Series
  2. DSv2-Series
  3. Fs-Series
  4. GS-Series

A-Series and Av2-Series can be deployed on lot more variety of hardware’s

The A8-A11 and H-series sizes are also known as compute-intensive instances

Deploy Azure Virtual Machines

RBAC does not limit the actions that a user logged into a VM can perform. Those permissions are determined by the account type on the guest OS.

Using the resource lock, you can prevent the accidental deletion of the resources (can be at resource group level or individual resources).

Azure Virtual Machine Storage

Deleting the VMs will not delete the VHD but you will still be charged for the VHD storage.

Azure Disk Encryption for OS disk and Data Disk.

Temporary disk is created for storing the pagefile.sys (By Default is named as D:\ also it is possible to change)

Better performance use premium storage

Use separate storage accounts for each VM to store the VHDs to avoid IOPS limits

When new VHD is added as data Disk it is unformatted and also it can be maximum size of 1023 GB

OS Disk and Data disk are persistent. OS Disk is SATA and Data Disk are SCSI Drivers

By Default, Host-Caching for RW

OSDisk = ON

DataDisk = off

Types of Azure Storage replication

  1. LRS (Within Datacenter 3 Copies)
  2. ZRS (Multiple Datacenter 3 copies)
  3. GRS (Multiple Datacenter 6 copies, no read access in secondary)
  4. RA-GRS (Multiple Datacenter 6 copies, read access in secondary)

Read-access geo-redundant storage is the Default when creating new storage account. RA-GRS is intended for high-availability purposes

Standard Storage and Premium Storage also you have unmanaged disk and managed disk.

Linux Virtual Machines use SSH Public Key – Preferred method of connection.

Availability Sets

There are two types (Planning and unplanned maintenance work) of events in azure platform which deploying VMs in availability set is the most recommended way for mission critical applications.

By Default: 5 Update Domain (can be up to 20) and 3 Fault Domain (Azure ARM)/2 Fault Domain (Classic)

Near Identical applications to go in the same availability Set. (Minimum 2 VMs to be deployed when choosing the availability sets)

Use separate storage account for each VM in an Availability Set. Multiple VMs in the same availability set must NOT share storage accounts.

If the new size for a VM in an availability set is not available on the hardware cluster currently hosting the VM, then all VMs in the availability set will need to be deallocated to resize the VM.

Networking

Azure VM must have at least one NIC but can also have more than one NIC

If you wanted to have multiple NIC you need to create VM with at least two, so that you can add more NIC at later stage if required (Upto Supported number of NICs for the VM size)

NICs should be in the same location and same region as the VM within a subscription

You can assign public and private IP address to a NIC

Two ways we can assign the IP address are Static and Dynamic

NIC’s Connected to the same or different subnet within a VNet can talk with other VMs without any extra configuration

When connecting different VNets make sure the address space is not overlapping

If you wanted to move VM to a different VNet it’s not a simple configuration, VM needs to be redeployed on the target VNet.

Network Security Groups

A network security group (NSG) contains a list of Access Control List (ACL) rules that allow or deny network traffic to subnets, NICs, or both

When an NSG is associated with a subnet, the ACL rules apply to all the VMs in that subnet

Only one NSG can be applied to a resources

Priority of NSG rules must be unique

Load Balancers

Two Type of load Balancers available

DNS Level (Azure Traffic Manager): Cross region where apps located in different datacentres and different regions

There are three modes available

  1. Priority Mode (always route traffic to primary, when primary fails then route to secondary)
  2. Performance Mode (route traffic to closed region endpoint)
  3. Round Robin Mode

Network Level (Azure Load Balancers): within same region, Load balances incoming internet traffic. It distributes traffic based on Source Address, Source IP address, Protocol, Source / Destination Port. Azure Load Balancers can be configured to balance

Incoming internet traffic

Traffic Between VM’s in Vnet

Traffic between On-premise computers

VM’s in a cross-premise network

Forward external traffic to a specific VM

Following are the list considered when creating the azure load balancer

  1. Front-end IP Configuration
  2. Back-end address pool
  3. NAT rules
  4. Load balancer rules
  5. Probes (HTTP/TCP)

VM Scale Sets

Virtual Machine scale sets are an azure compute resource you can deploy and manage a set of identical machines. To increase or decrease the number of virtual machines in a VM scale set, simply change the capacity property and redeploy the template.

  1. 20 VMs per storage account default. This limit does not apply for managed disk.
  2. using custom VMs with unmanaged disks, plan for no more than 40 VMs per VM scale set, in a single storage account
  3. Plan for no more than 4096 VMs per VNET
  4. Virtual machines are removed from the scale set evenly across upgrade domains and fault domains to maximize availability. VMs with the highest id’s are removed first.

VM Monitoring

  1. Enable VM Agent extensions
  2. Enable Monitoring
  3. Configure Metrics

Additional post deployment activities can be performed using

  1. Azure VM Access Extension
  2. Run custom scripts
  3. PowerShell DSC Extensions
  4. Puppet, Chef
  5. Azure Diagnostics extension to monitor the health of the application.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.