How to Deploy An Azure Virtual Machine (May 2018)
This post will show you how you can quickly deploy an Azure virtual machine for evaluation purposes.
Devolutions Remote Desktop Manager
Devolutions RDM centralizes all remote connections on a single platform that is securely shared between users and across the entire team. With support for hundreds of integrated technologies — including multiple protocols and VPNs — along with built-in enterprise-grade password management tools, global and granular-level access controls, and robust mobile apps to complement desktop clients.
Before You Continue
It is actually very easy to next-next-next your way through the process of building a virtual machine in Azure. The “wizard” has been designed for newbies to get something up and running quickly. However, the results are not what anyone would recommend for production. Every next-next-next deployment will produce a virtual machine that has its own network security rules, public IP address with direct RDP/SSH access from the Internet, and so on.
In the training that I deliver, I strongly urge people to pre-create things such as their network, a diagnostics storage account, and remote/on-premises connectivity; then, when they create virtual machines in the Azure Portal, they tweak the wizard to use the already-created resources.
In this post, I will walk you through the default process at a high level. Note that Microsoft is constantly renaming and moving things around in the Azure Portal, so things might have changed since this post was written.
Log into the Azure Portal and click the button (highlighted below) in the top-right corner to make sure you are working in the correct customer tenant and Azure subscription.
Now you will start the process of creating a virtual machine. Click Create A Resource in the top-left corner to open the New blade. If you click Compute, the results are filtered for things that use processors in Azure, such as virtual machines and Service Fabric. You can search for an operating system image or an operating system/application image from the Azure Marketplace. You can also click See All to browse the Azure Marketplace. In my example, I am selecting Windows Server 2016 Datacenter.
Create Virtual Machine Blade
A Create Virtual Machine blade opens. Here you will go through a number of steps (blades) to deploy your new virtual machine; the actual blades will depend on what you selected to deploy. For example, a network virtualization appliance such as a Check Point Firewall, will have some configurations that are specific to it. A virtual machine running SQL Server might allow advanced configurations for the SQL Server workload. Typically, you will find the following blades:
- Basics: Start the process of creating the virtual machine.
- Size: Choose the Azure virtual machine series and size.
- Settings: Configure storage, networking, and more of the virtual machine.
- Summary: View a summary of your configuration and confirm the creation.
In this blade, you will configure some naming and location settings, as well as setting up the default local administrator account. The following settings should be configured:
- Name: This is the name of the Azure virtual machine. This will be the name of the Azure resource and the computer account name.
- VM Disk Type: This can be HDD (Standard) or SSD (Premium) and configures the format of the OS disk.
- User Name: This is the name of the default local administrator account. Note that you cannot use administrator, admin, root, and so on.
- Password and Confirm Password: Enter the password, which must be between 12 and 123 characters long, and must have 3 of the following – 1 lowercase character, 1 uppercase character, 1 number and 1 special character (not \ or -). Linux gives you the option to use an SSH key instead.
- Subscription: Confirm that you are creating the virtual machine in the correct subscription.
- Resource Group: Either create a new resource group for the virtual machine (and all the resources that will be created) or select an existing one that you have rights to.
- Location: Select the Azure region that the machine will be deployed into.
I want to highlight one setting with the title of Save Money. You can save up to 40 percent on the cost of a Windows virtual machine if you have the Software Assurance benefit of Hybrid Use Benefit (HUB). If you’re not sure about this, then please confirm if you have the rights to click the button with your administrators, resellers, distributor or LSP/LAR. You don’t want to be hit by an auditor for misusing this button!
Click OK when you are ready to move onto the Size blade.
A blade called Choose A Size appears next; this blade recently went through an upgrade:
- A search tool
- Filtering based on Compute Type, Disk Type, and min-max vCPUs
Note at the time of writing, the Temporary Storage (temp drive) column was misleadingly labeled as Local SSD. The size of the OS drive is either 30GB or 128GB depending on what OS image you selected and has nothing to do with what you select here.
Search for and pick an image size. Click Select to continue to the Settings blade.
The Settings blade is the most detailed on in the standard set of blades for creating a virtual machine. It is so detailed that it has a scroll bar to get you from top to bottom. This is also where a lot of things are dumbed down for you by supplying defaults; these are the defaults that I teach people to undo in my classes. We’ll start with some availability, storage, and networking stuff.
- Availability Zone: If you want to spread virtual machines around different availability zones (1 or more data centers per zone), then you can choose this option if it is available in the selected Azure region (Location from the Basics blade).
- Availability Set: If you want to spread your virtual machines around different fault domains and update domains of a compute cluster (in a single data center), then you can create or select an availability set. You cannot do this afterward without recreating the machine from its disk(s).
- Use Managed Disks: Ideally, you will. However, note that it is difficult to move managed disks to another resource group or subscription. Otherwise, you will create unmanaged disks (fewer management features) in a general purpose storage account. Your previous choice of SSD/HDD will configure the disk tier. You will add any data disks to the virtual machine after it is created.
- Virtual Network: By default, a new virtual network will be created. You can select an existing one.
- Subnet: By default, the only subnet of the default (new) virtual network will be selected. You can choose a different virtual network/subnet combination.
- Public IP Address: A new PIP will be created for connecting to this machine from the Internet.
- Network Security Group (Firewall): A new NSG will be connected to the NIC of the virtual machine, providing Layer-4 security.
- Extensions: None are added by default but you can add some extensions. Note that extensions can take quite some time to install and I have found that being too ambitious will cause the VM creation to timeout and fail.
My first note on this blade so far: Availability Zone and Availability Set are mutually exclusive. You can do one or the other, or not do either.
My second note: I normally:
- Create the VNet and subnet myself and then select them.
- Don’t associate an NSG with the NIC but associate it with the subnet, treating each subnet as a security zone.
If you scroll down, you’ll find more settings to configure:
- Auto-Shutdown: This is a nice setting for demo/lab machines because shutting down (deallocating) a virtual machine when it’s not needed reduces the per-minute charges for virtual machines. In production systems, you should use Azure Automation instead. If you enable this setting, then you can select a time of day to shut down this machine (including time zone) and choose if you want to send a notification email before the shutdown (optional skip/delay actions).
- Boot Diagnostics: This, enabled by default, captures a BMP screenshot of the machine’s console and stores it in a storage account. A serial log is generated from the virtual machine with some guest OS information. It also enabled serial console access to the virtual machine without network connectivity. A general purpose storage account is created for you. However, I normally recommend creating 1 for each resource group beforehand and selecting it.
- Guest OS Diagnostics: This is off by default but I recommend turning it on. It also requires a general purpose storage account to store performance metrics in Table storage. One will be created for you but I recommend using the diagnostics storage account (see previous).
- Managed Service Identity: This is a new feature that tells Azure to maintain an account for the virtual machine in Azure AD. This account can be used to authorize access to other Azure resources.
- Backup: This is disabled by default but it should always be turned on for any virtual machine that has any value to you. By default, when enabled, it will create a Recovery Services Vault for you but you can select one that you already have.
When you are ready, click OK to save your Settings configuration.
The final blade does two things:
- Validates that everything you have selected is possible – as much as it can be before a deployment.
- Provides you with a summary that you can check before continuing.
There are two things to note.
- There is a checkbox to give Microsoft permission to use and share your contact information. If you want a call from their “Inside Sales” group, then check this box.
- You can download a JSON/ARM template for recreating this machine without the wizard. To be honest, this template is unusable without considerable editing.
Click OK and your request to create a new virtual machine will be submitted to Azure. If you click the Notifications icon (a bell) in the top right, you can track the progress of the deployment job. This can take anywhere from 2-15 minutes, for simple Windows or Linux machines, depending on the requested configuration.