Chapter 2 Deploy and Manage Virtual Machines (VMs)

This Chapter covers following Topic Lessons

• Azure Virtual Machine
• Azure Virtual Machine Storage
• Azure Virtual Machine Networking
• Virtual Machine Security using Network Security Group (NSG)
• VM High Availability using Availability Set (AS)
• VM High Availability using Availability Zones and Load Balancers
• Virtual Machine Snapshot
• Linux VM in Azure
• Images
• Azure Virtual Machine Agent
• Virtual Machine Extensions
• Custom Script Extension
• Manage VM Sizes
• VM Auto-Shutdown
• Reset Password
• Redeploy VM
• VM Backup & Restore
• Moving Virtual Machines
• VM Alerts, Metrics & Diagnostic Settings
• VM Update, Inventory, Change & Configuration Management
• PowerShell DSC Extension
• ARM Template

This Chapter covers following Lab Exercises

• Create Availability Set (AS) using Azure Portal
• Create Windows Virtual Machine VMFE1
• Log on to Windows VM with RDP
• Install IIS
• Access Default IIS website on VM VMFE1
• Add Data Disk
• Initialize the Data Disk
• Create Snapshot of VM VMFE1 OS Hard Disk
• Create and Add Network Interface to VM VMFE1
• Create Windows Virtual Machine VMFE2
• Log on to Windows VM with RDP
• Install IIS
• Access Default IIS website on VM VMFE2
• Create Custom Website on VM VMFE2
• Access Custom IIS website on VM VMFE2
• Create Windows VM representing On-Premises AD DS
• Enable AD DS Role in Virtual Machine VMAD
• Create Linux VM
• Connecting to Linux VM
• Update Linux VM & Install NGINX Web Server
• Create Custom Image of Azure VM
• Deploy VM from Custom image
• Demonstrating various VM Extensions available
• Demonstrating Custom Script Extension using Azure Portal
• Resizing VM
• Virtual Machine Auto-Shutdown
• Reset Password
• Redeploy VM

Chapter Topology

In this chapter we will add Virtual Machines VMFE1, VMFE2, and vmlinux to the topology. These VMs will be created in Web-Subnet in Virtual Network VNETCloud.

We will add Virtual Machine VMAD in Virtual Network VNETOnPrem. We will also install Active Directory Domain Services (AD DS) role in VM VMAD .

Note 1 : This diagram is shown separately as there is space constrained in top diagram.

Note2 : I am not showing DB-Subnet and DMZ-Subnet as they are no longer being used for the rest of the Chapters.

Azure Virtual Machine (VM)

Azure Virtual Machine is on-demand resizable computing resource in the cloud that can be used to host variety of applications. Azure Virtual Machine runs on a Hyper-V host which also runs other Virtual Machines.

You can scale up by using bigger size Virtual Machine or scale out using additional instance of the virtual machine and then Load Balancing them.

Azure VM can be Windows or Linux based.

Virtual Machine (VM) Sizes

Virtual Machines are available in various sizes and categorized under series. Under each series various virtual machine sizes are available with options for memory, CPU family, Number of CPU cores, Standard or Premium Storage, Number of Data Disks, Number of NIC’s and Temporary Storage.

Various Virtual Machine Series are available either with Standard Storage or both Standard & Premium Storage.

Virtual Machines with standard storage are available under A-series, Av2-series, D-series, Dv2-series, Dv3, F-series, G-Series, H-series and Nseries. These VMs use magnetic HDD to host a virtual machine disks (OS and Data Disk). Temporary storage is on SSD except for A series which are on magnetic HDD.

Virtual Machines with premium Storage are available under DS-series, DSv2-series, DSv3, ESv3, FS-series, GS-series etc. These VMs can use solid-state drives (SSDs) or HDD to host a virtual machine disks (OS and Data Disk) and also provide a local SSD disk cache. Temporary storage is on SSD.

Note: Virtual Machines with letter s in its size designation support both Standard Storage and Premium Storage.

Virtual Machines Series

Virtual Machines series in Azure can be categorized under General purpose, Compute optimized, Memory optimized, Storage Optimized, GPU and High Performance Compute.

Note 1: D, DS and A0-A7 Standard are being phased out.

Note 2: Virtual Machines with letter s in its size designation support both Standard Storage and Premium Storage.

Note 3: Dv2 & DSv2 machines are included in both General Purpose & Memory. General Purpose includes following sizes: D1v2, D2v2, D3v2, D4v2 and D5v2.
Memory Optimised includes following: D11v2, D12v2, D13v2, D14v2 & D15v2.

Note 4: Microsoft recommends that to get the best performance for price, use the latest generation VMs where possible.

A Series

A Series VMs are Entry-level Low Cost VMs. Example use cases include development and test servers, low traffic web servers, small to medium databases, servers for proof-of-concepts and code repositories.

B Series

B-series VMs are low-cost option for workloads that do not require the use of the full CPU all the time, but occasionally will need to burst to finish some tasks more quickly. Example use cases include development and test servers, low-traffic web servers, small databases, micro services, servers for proof-of-concepts.

D Series (General Purpose Compute)

D Series VMs have Balanced CPU-to-memory configuration making them suitable for most production workloads.

E Series (Memory Optimised VM)

E Series VMS have High memory-to-CPU ratio. Example use cases include relational database servers, medium to large caches, and in-memory analytics.

F Series (Compute Optimised VM)

F Series VMs have High CPU-to-memory ratio. Example use cases include batch processing, web servers, analytics and gaming.

LS Series (Storage optimized)

The Ls-series VMs are storage optimized. These are ideal for applications requiring low latency, high throughput, and large local disk storage. The latest Lsv2-series features high throughput, low latency, directly mapped local NVMe storage . Example use cases include NoSQL databases such as Cassandra, MongoDB, Cloudera, and Redis. Data warehousing applications and large transactional databases are great use cases as well.

H Series (High Performance Computing VM)

The HC-series VMs are optimised for HPC applications driven by intensive computation. Example use cases include fluid dynamics, finite element analysis, seismic processing, reservoir simulation, risk analysis, EDA, rendering, Spark, weather modeling, quantum simulation, computational chemistry.

N Series (GPU enabled VM)

The N-series VMs have GPU capabilities. GPUs are ideal for compute and graphics-intensive workloads. Example use cases include simulation, deep learning, graphics rendering, video editing, gaming and remote visualisation.

M Series (Large memory optimised VM)

M-series are large memory optimised VMs. These VMs are ideal for inmemory workloads such as SAP HANA. Example use cases include SAP HANA, SAP S/4 HANA, SQL Hekaton and other large in-memory business critical workloads requiring massive parallel compute power.

G Series (Memory and storage optimised VM)

G-series VMs have two times more memory and four times more Solid State Drive storage (SSDs) than the General Purpose D-series. Example use cases include large SQL and NoSQL databases, ERP, SAP and data warehousing solutions.

Low Priority VMs

Low Priority VMs are available at lower cost than normal VMs and are allocated from surplus or spare Azure compute capacity.

The advantage of Low Priority VM is that it reduce the costs of running workloads or allow much more work to be performed at a greater scale for the same cost.

The disadvantage of Low Priority VM is that Azure can take back Low priority VMs when spare compute capacity decreases.

Low Priority VMs are currently available for Azure Batch and Virtual Machine Scale Set (VMSS).

Virtual Machine Storage

Storage for Virtual Machines is provided by Virtual Machine Disks. Azure Virtual Machine Disks (OS & Data) are stored in Page Blob and are accessed over the network.

You can also mount Azure File shares to Virtual Machine disks for additional Storage. File shares will be further discussed in Storage chapter.

Figure bellows shows Storage options for Azure Virtual Machines.

Figure below shows OS and Data Disks are stored in Azure Blob (Page) Storage and are accessed over the network. Temporary disk is located on the physical host where the virtual machine is running.

Virtual Machine Storage Disk Types

Azure Virtual Machine Disks are stored in Page Blob storage. Page Blob storage can use Standard Storage or Premium Storage. Standard Storage is backed by Magnetic HDD and Premium Storage is backed by SSD.

Azure Virtual Machines have minimum of 2 disks: OS Disk and Temporary Disk. You can also attach additional Data Disks. Number of Data Disks depend upon the series and the size of the VM chosen.

Virtual Machine Disks (OS and Data disk) are accessed over the network. Temporary disk is located on the physical host where the virtual machine is running. Virtual machines use virtual hard disks (VHDs) to store their operating system (OS) and data. Virtual Machine disks (VHDs) are stored in page blobs.

Operating System Disks

Every virtual machine has one network attached operating system disk and is accessed over the network . It’s labelled as the C: drive. This disk has a maximum capacity of 4095 gigabytes (GB). Data is persisted in the event virtual machine is rebooted, started or stopped. It is registered as SATA Drive.

Temporary Disk

The temporary disk is automatically created on physical host where virtual machine is running. The temporary disk is labelled as the D: drive and it is used for storing page or swap files. Data is lost in the event virtual machine is rebooted or stopped. The size of the temporary disk is based on the size of the VM.

Data Disk

A data disk is a VHD that’s network attached to a virtual machine to store application data and is accessed over the network . The size of the virtual machine determines how many data disks you can attach to it. Data is persisted in the event virtual machine is rebooted, started or stopped. Data disks are registered as SCSI drives and are labelled with a letter that you choose.

Managed and Unmanaged Disk

Azure Virtual Machine disk types (OS & Data Disk) can be Unmanaged or Managed.

Disks are associated with storage accounts. Maximum IOPS of storage account is 20000 IOPS. We have to make sure that IOPS of all disks in the storage account should not exceed 20000 IOPS otherwise throttling happens.

Unmanaged Disks

With unmanaged disks we have to create and specify the storage account when we create unmanaged disk. We have to make sure that the combined IOPS of disks in the storage account do not exceed 20000 IOPS. We have to also plan number of storage accounts needed to accommodate our disks.

Managed Disks

Managed Disk option takes care of storage account creation and management and also ensures that users do not have to worry about 20000 IOPS limit in the storage account.

Managed Disks allow you to create up to 10,000 VM disks in a subscription.

When using availability set (AS) managed disk option ensures that disks of VMs in AS are isolated from each other to avoid SPOF.

The advantage of Managed Disk option is that it eliminates the operational overhead of planning, creating and managing Storage Accounts.

MS recommends that Managed Disk option to be used for all new VMs and convert previously created unmanaged disks to managed disks to take advantage of new features in managed disks.

Note : Unmanaged or Managed OS Disk is chosen during Virtual Machine creation.

Comparing Managed & Unmanaged Disks

Virtual Machine Disk Performance Tiers

There are three Performance tiers for virtual machine disk storage - Standard Storage, Premium SSD Storage & Standard SSD Storage. Virtual Machines disks are stored in Page Blobs. Page blobs can be created under General Purpose Standard Storage account or General purpose premium Storage account.

Standard Storage

With Standard Storage, OS and Data disks are stored in page blob backed by Magnetic HDD. You can use standard storage disks for Dev/Test scenarios and less critical workloads.

Standard Storage disks can be created in 2 ways - Unmanaged disks or Managed Disks. With Unmanaged disk you need to create storage account. Whereas Managed Disk option takes care of storage account creation.

Standard Unmanaged disk limits

Maximum Disk Size in Standard Unmanaged disk is 4095 GB. You pay only for the capacity used. It is therefore recommended you create the disk with Max size as you are paying only for the capacity used. This has now gone to 8 TB.

Standard Managed Disk Limits

MS has now released S60, S70 & S80 with 8, 16 and 32 TB respectively.

Premium SSD Storage

Premium Storage disks are backed by solid-state drives (SSDs). With Premium Storage, OS and Data disks are stored in page blob backed by SSD.

Azure Premium Storage delivers high-performance, low-latency disk support for virtual machines (VMs) with input/output (I/O)-intensive workloads. You can use Premium storage disks for I/O intensive and mission-critical production applications.

Requirements for Premium Storage

1. You can use Premium Storage disks only with VMs that are compatible with Premium Storage Disks. Premium Storage supports DS-series, DSv2- series, DSv3 Series, GS-series, Ls-series, and Fs-series, ESv3 VMs etc only.

2. You will require Premium storage account to create Premium Storage Disks. A premium storage account supports only locally redundant storage (LRS) as the replication option. Locally redundant storage keeps three copies of the data within a single region.

Features of Virtual Machines (DS-series, DSv2-series, DSv3, ESv3GSseries, Ls-series, and Fs-series, M etc) backed by Premium Storage

1. Virtual Machine OS Disk: Premium Storage VM can use either a premium or a standard operating system disk.

2. Virtual Machine Data Disk: Premium Storage VM can use both Premium and Standard Storage Disks.

3. Cache: VMs with Premium Storage have a unique caching capability for high levels of throughput and latency. The caching capability exceeds underlying premium storage disk performance. You can set the disk caching policy on premium storage disks to ReadOnly , ReadWrite , or None . The default disk caching policy is Read Only for all premium data disks and ReadWrite for operating system disks.

Note : Premium Storage is supported in Virtual Machines with letter s in its size designation.

VM scale limits and performance: Premium Storage-supported VMs have scale limits and performance specifications for IOPS, bandwidth, and the number of disks that can be attached per VM.

For example, a STANDARD_DS1 VM has a dedicated bandwidth of 32 MB/s for premium storage disk traffic. A P10 premium storage disk can provide a bandwidth of 100 MB/s. If a P10 premium storage disk is attached to this VM, it can only go up to 32 MB/s. It cannot use the maximum 100 MB/s that the P10 disk can provide.

Note 1: MS has now released Premium SSD Unmanaged Disk P60 with 8 TB.

Note 2: MS has now released Premium SSD Managed Disk P60, P70 & P80 with 8, 16 and 32 TB respectively.

Standard SSD Managed Disk Storage

Standard SSD Storage disks are backed by solid-state drives (SSDs). With Standard SSD Storage, OS and Data disks are stored in page blob backed by SSD.

Standard SSD Storage comes in Managed Disk option only.

Standard SSD Managed Disk is a low-cost SSD offering and are optimized for test and entry-level production workloads requiring consistent latency. Standard SSD Managed Disks can also be used for big data workloads that require high throughput.

Standard SSD Managed Disks deliver lower latency compared to Standard HDDs, while improving reliability and scalability for your applications, and are available with all Azure VM sizes. Standard SSD Managed Disks can be easily upgraded to Premium SSD Managed Disks for more demanding and latency-sensitive enterprise workloads.

MS has now released Standard SSD Managed Disk E70 & E80 with 16 and 32 TB respectively.

Ultra SSD Managed Storage Disk

Ultra SSD Storage have very high IOPS and throughput compared to Premium SSD Storage. All VMs that support Premium SSD can leverage Ultra SSD Managed Disks.

Ultra SSD Managed Disks offer extremely scalable performance with submillisecond latency.

Virtual Machine Networking

Azure Virtual Machines are created in Virtual Networks. An Azure virtual network (VNET) is Virtual Datacenter in the cloud. You can further segment virtual network (VNET) into subnets. Access to the subnets can be controlled using Network Security groups. You can define the IP address blocks, security policies, and route tables within this network.

In the below diagram you have Virtual Network KNET1 with network address 192.168.0.0/16 divided into two Subnets- Web-Subnet1 and DBSubnet1 with network addresses 192.168.1.0/24 and 192.168.2.0/24 respectively.

These Network Addresses are defined by the user and not by Azure Cloud.

In the above figure Virtual Machines in Web-Subnet1 will get private address of 192.168.1.x/24 and Virtual Machines in DB-Subnet1 will get private address of 192.168.2.x/24. Private IP Address is used for communication within a Virtual Network, your on-premises network and the Internet (with NAT).

You can use following class A, Class B and Class C address range for virtual networks.

10.0.0.0/8
172.16.0.0/12
192.168.0.0/16

Once the IP address range is decided, we can then divide this range into subnets. Azure Virtual Machines private address is derived from subnet address.

VM Private IP Address can be dynamic or Static. The default allocation is dynamic. You can assign static private IP address to VM from VM Subnet address range.

Virtual Machine Public address is assigned by Azure. Public Address can be Static or Dynamic. Dynamic Public IP will change every time you stop or reboot your Virtual Machine. To ensure the IP address for the VM remains the same, set the allocation method to static.

Public IP address is used for communication with internet and Public facing Azure resources which are not part of Virtual Network.

Virtual Machine Security using Network Security Group (NSG)

Network Security Group (NSG) acts as a Firewall. Network Security Group (NSG) contains a list of rules that allow or deny network traffic to VM NICs or subnets or both.

NSGs can be associated with subnets and/or individual VM NICs connected to a subnet. When an NSG is associated with a subnet, the rules apply to all the VMs in that subnet. In addition, traffic to an individual VM NIC can be restricted by associating an NSG directly to a VM NIC.

NSGs contain rules that specify whether the traffic is approved or denied. Each rule is based on a source IP address, a source port, a destination IP address, and a destination port. Based on whether the traffic matches this combination, it either is allowed or denied.

Figure below shows Web1 & Web2 VMs are protected by 2 levels of Firewall. One at VM NIC level and other at Subnet Level. Whereas DB1 VM is protected at VM NIC level only.

Note : NSG was discussed in Implementing Virtual Networks chapter.

VM High Availability using Availability Set (AS)

Availability Set (AS) Provides high Availability against hardware failure in Azure Cloud by eliminating single point of failure. Availability Set (AS) in itself is not a full high availability solution. To provide application HA, Availability Set (AS) has to be combined with Azure Load Balancer.

Before going into details of Availability Set, let’s discuss why we need it in first place. Consider a scenario where there are 2 applications and each application is running 2 instances - Application A (VMA-1 & VMA-2) & Application B (VMB-1 & VMB-2). Application Instances are load balanced.

Note : Load Balancing will be discussed in Chapter 3.

Application A has 2 single point of failure - Power Supply & TOR Switch. Application B has 3 single point of failure - Host, Power Supply & TOR Switch.

With Availability Set we can eliminate above single point of failures. By creating an Availability Set and adding virtual machines to the Availability Set, Azure will ensure that the virtual machines in the set get distributed across the physical hosts, Network switch & Rack that run them in such a way that a hardware failure will not bring down all the machines in the set.

Each virtual machine in the Availability Set is assigned an update domain and a fault domain by Azure.

An Update Domain (UD) is used to determine the sets of virtual machines and the underlying hardware that can be rebooted together. For each Availability Set created, five Update Domains will be created by default, but can be changed. You can configure Maximum of 20 Update Domains. When Microsoft is updating physical host it will reboot only one update domains at a time.

Fault domains (FD) define the group of virtual machines that share a common power source and network switch. For each Availability Set, two Fault Domains will be created by default, but can be changed. You can configure Maximum of 3 Fault Domains.

Design Nuggets

• Update Domains helps with Planned Maintenance events like host reboot by Azure
• Fault Domain helps with unplanned Maintenance events like hardware (Host, TOR Switch or Rack Power Supply) failure.
• Configure each application tier into separate availability sets.
• Assign different storage accounts to virtual machines in the availability set. If there is an outage in the storage account it will not affect all the virtual machines in the set.
• Use Azure Load Balancer to distribute traffic to virtual machines in the Availability Set. If there is a Hardware failure (Host, TOR Switch, Rack Power Supply) then it will not affect traffic to other virtual machines in the Availability Set.

VM High Availability using Availability Zones and Load Balancers

Azure Availability Zone protects your applications and data from Complete Location breakdown or Datacenter wide outage which affects the entire Azure Data Center.

With Azure Availability Zones (AZ), Azure Region will have 3 or more physically separate Data Centre’s within Metro distance connected by High Speed Fibre Optic cables. This distance can be 500M, 1 KM, 5 KM or 10 KM etc. The important point here is that Availability Zones (AZ) will not be sharing any infrastructure like Networking, Grid Power Supply and Cooling etc. The figure below shows three Availability Zones in a Region connected by High speed Fibre Optic Cables. These AZs are separate Azure Data Centers.

Note : Load Balancing will be discussed in Chapter 3.

Azure services that support Availability Zones fall into two categories: Zonal services - you pin the resource to a specific zone (for example, virtual machines, managed disks, IP addresses).

Zone-redundant services - platform replicates automatically across zones (for example, zone-redundant storage, SQL Database).

STEP BY STEP PROVIDING HIGH AVAILABILITY TO LOAD BALANCED WEB 1, WEB2 & WEB3 VIRTUAL SERVERS USING AZURE AVAILABILITY ZONES

1. Virtual Network & Subnet created will span Availability Zone 1 (AZ1), Availability Zone 2 (AZ2) and Availability Zone 3 (AZ3) in the region.
2. Create Web1 VM with Managed disk in Subnet1 in AZ1.
3. Create Web2 VM with Managed disk in Subnet1 in AZ2
4. Create Web3 VM with Managed disk in Subnet1 in AZ3.
5. Use Azure Standard Load Balancer (Zone Redundant) with Standard IP (Zone Redundant) to Load Balance Traffic to Web1, Web2 & Web3 Virtual Server.

Figure below shows Azure Standard Load Balancer providing cross-zone Load Balancing to 3 VMs located in AZ1, AZ2 and AZ3 respectively.

Azure Services that support Availability Zones

Azure Availability Zones preview supports following Azure Services:

Windows Virtual Machine
Linux Virtual Machine
Zonal Virtual Machine Scale Sets
Managed Disks
Load Balancer
Public IP address
Zone-redundant storage
SQL Database

Important Note: Availability Zones (AZ) are currently in Preview in many regions. AZ is not currently part of AZ 103 Exam topics.

Exercise 17: Create Availability Set (AS) using Azure Portal

1. In Azure Portal click All Services in left pane>Under Compute section Click Availability Sets> Availability Sets Dashboard opens>Click +Add>Create Availability Set Blade opens>Enter ASCloud in name box, Select RGCloud in Resource Group, Select East US 2 in location and rest select all defaults and click create.

   Note1 : AS is off use when you are using 2 or more VMs in the set. Single VM in an AS does not provide any benefit.

   Note 2 : Secondly to Add VMs to Load Balancer, VMs must be in Availability Set.

Exercise 18: Create Windows Virtual Machine VMFE1

In this exercise we will create Windows Server 2019 VM VMFE1 in WebSubnet of Virtual Network VNETCloud and in Resource Group RGCLoud . We will use Managed disk option , select AS created in Exercise 17 and will use System created Dynamic Public IP .

1. In Azure Portal Click Create a Resource> Compute> Windows Server 2019 Datacenter> Create Virtual Machine Blade opens>Select Resource Group RGCloud, Enter VM name, Select East US 2 in region, Select Availability Set in Availability option, Select ASCloud, Enter Administrator Account name and password> Select none for inbound port >Click Next: Disks (Not Shown).

   Note: Select none for Public inbound port option (Not shown below). We will select under networking.

2. Disk Screen opens>Select your HDD Option>Click Advanced and select yes for managed disk (default option) and click Next: Networking.

3. Networking Screen opens> Select VNETCloud and Web-Subnet from dropdown boxes> Select Basic in NSG>select Allow selected ports and select RDP, HTTP and HTTPS> Select off for AN>Click Next: Management

4. Management Screen opens>Select No for Security Center and off for Monitoring, Identity and Auto-Shutdown. Click Next: Advanced. Note: Readers can enable some options according to their requirement.

5. Select all default values in Advanced>Click Next:Tags

6. Select all default values in Tags>Click Review +Create.

7. In Review+Create Screen click create after validation is passed.

   Note 1: In disk screen if you select no for use managed disk option then you need to specify the storage account or use a system created storage account.

   Note 2 : In Network Security Group under Networking you have the option to select advanced. With advanced option you can assign pre-created NSG. Exercise 11 in Chapter 1 shows how to create NSG.

8. Figure below shows the dashboard of VMFE1 Virtual Machine.

9. In right pane Click Configure under DNS Name>Public IP Address pane opens> Under DNS name enter vmfe1 > Click save and close the Pubic IP pane.

10. Click Refresh in VMFE1 dashboard and you can see the DNS name of VMFE1 under DNS name.

Exercise 19: Log on to Windows VM with RDP

1. From the VM VMFE1 dashboard click connect in top pane and download the RDP file based on DNS name on your desktop. Close the Connect option.

2. Click the downloaded RDP file on your desktop>Click Connect>Credential box for connecting to VM will Pop up on your desktop. Enter the admin name and password you entered during VM creation and click ok.

3. Figure below shows the screen of Windows VM VMFE1 with Server Manager open.

   Note the Add roles and feature link . In next exercise we will use this link to Install IIS.

Exercise 20: Install IIS

1. Connect to VM VMFE1 using RDP.

2. Open server Manager> Click add roles and features link>Add Roles and Feature Wizard opens as shown below. Click Next.

3. In the Add Roles and Features Wizard, on the Installation Type page, choose Role-based or feature-based installation , and then click Next

4. Select VMFE1 VM from the server pool and click Next.

5. On the Server Roles page, select Web Server (IIS).

6. In the pop-up about adding features needed for IIS, make sure that Include management tools is selected and then click Add Features. When the popup closes, click Next in the wizard.

7. next, next, next, next.

8. Install.

9. It will take around 1 minute to install the IIS. After Installation is complete click close.

Exercise 21: Access Default IIS website on VMFE1

1. Go to VM VMFE1 dashboard. Note down DNS name.

2. Open a browser and type: http://vmfe1.eastus2.cloudapp.azure.com.

Exercise 22: Add Data Disk

1. Go to VMFE1 VM dashboard> Click Disks in left pane.

2. Click +Add data disk> Add disk pane opens under Data disks>Enter 1 as LUN value> Select create disk under Name Dialog Box.

3. When you select create disk under name dialog box> Create Managed Disk Blade opens> Enter name, Resource group as RGCloud and select Account Type and enter size as per your requirement>Click create (Not Shown).

4. Click save in Disk Dashboard. You can see disk added.

Exercise 23: Initialize the Data Disk

1. Connect to VMFE1 using RDP.

2. Open Server Manager. In the left pane> click File and Storage Services.

3. Click Disks. The Disks section lists the disks. The Disk 0 is the operating system Disk. Disk 1 is the temporary disk. Disk 2 is the Data Disk. The Data disk you just added will list the Partition as Unknown.

4. The Data disk you just added will list the Partition as Unknown. Rightclick the data disk and select Initialize. Once complete, the Partition will be listed as GPT.

Virtual Machine Snapshot

A snapshot is a full, read-only copy of a VM virtual hard drive (VHD). You can take a snapshot of an OS or data disk VHD to use as a backup, or to troubleshoot virtual machine (VM) issues.

Exercise 24: Create Snapshot of VM VMFE1 OS Hard Disk

1. Go to VMFE1 Dashboard>Click Disks in left pane> In Right pane under OS Disk click the Disk VMFE1_OsDisk_1_xxx>OS Disk Dashboard opens

2. Click +Create Snapshot> Create snapshot blade opens> Give a name, Select Resource group RGCloud and select Account type as Standard HDD and click create (Not Shown).

3. Figure below dashboard of the snapshot.

4. Delete the snapshot as it is no longer required.

Exercise 25: Create and Add Network Interface to VM VMFE1

1. In VM VMFE1 dashboard click Networking in left pane> Click Attach network Interface in right pane>You are provided with 2 options - either create a new interface or select an existing interface from drop down box.

2. In this exercise we will create a network interface. Click Create network interface> Create network interface blade opens>Enter a name, Select Web-Subnet and Resource Group RGCloud>Click create.

3. Go Virtual Network VNETCloud Dashboard and you can see the Network Interface NIVMFE1 attached to Web-Subnet.

Exercise 26: Create Windows Virtual Machine VMFE2

In this exercise we will create Windows Server 2019 VM in Virtual Network VNETCloud and in Resource Group RGCloud . We will use Managed disk option , select AS created in Exercise 17 and will use System created Dynamic Public IP .

1. In Azure Portal Click Create a Resource> Compute> Windows Server 2019 Datacenter> Create Virtual Machine Blade opens>Select Resource Group RGCloud, Enter VM name, Select East US 2 in region, Select Availability Set in Availability option, In Availability Set Select ASCloud, Enter Administrator Account name and password> Select none for inbound port option. We will select under networking>Click Next: Disks (Not Shown).

2. Disk Screen opens>Select your HDD Option>Click advanced and make sure yes is selected for managed disk (not Shown) and click Next: Networking

3. Networking Screen opens> Select VNETCloud , Web-Subnet from dropdown boxes>Use System created IP> Select Basic in NSG>In Public Inbound ports select allow selected ports> In Select Inbound ports select RDP and HTTP> Select off for AN> Click Next: Management.

4. Management Screen opens>Select No for Security Center and off for Monitoring, Identity and Auto-Shutdown. Click Next: Advanced. Note: Readers can enable some options according to their requirement.

5. Select all default values in Advanced Screen>Click Next: Tags

6. Select all default values in Tags>Click Review +Create.

7. In Review+Create Screen click create after validation is passed.

   Note 1: In disk screen if you select no for use managed disk option then you need to specify the storage account or use a system created storage account.

   Note 2 : In Network Security Group under Networking you have the option to select advanced. With advanced option you can assign pre-created NSG. Exercise 11 shows how to create NSG.

8. Figure below shows the dashboard of VM VMFE2.

9. In right pane Click Configure under DNS Name>Public IP Address pane opens> Under DNS name enter vmfe2 > Click save and close the Pubic IP pane.

Exercise 27: Log on to Windows VM with RDP

1. From the VM VMFE2 dashboard click connect in top pane and download the RDP file on your desktop. Close the Connect Box.

2. Click the downloaded RDP file on your desktop>Click Connect>Credential box for connecting to VM will Pop up on your desktop. Enter the admin name and password you entered during VM creation and click ok.

3. Figure below shows the screen of VM VMFE2 with Server Manager open.

   Note the Add roles and feature link . In next exercise we will use this link to Install IIS.

Exercise 28: Install IIS

1. Connect to VMFE2 using RDP.

2. Open server Manager> Click add roles and features>Next.

3. In the Add Roles and Features Wizard, on the Installation Type page, choose Role-based or feature-based installation, and then click Next.

4. Select VMFE2 from the server pool and click Next.

5. On the Server Roles page, select Web Server (IIS).

6. In the pop-up about adding features needed for IIS, make sure that Include management tools is selected and then click Add Features. When the popup closes, click Next in the wizard.

7. next, next, next, next.

8. Install.

9. It will take around 1 minute to install the IIS. After Installation is complete click close.

Exercise 29: Access Default IIS website on VMFE2

1. Go to VMFE2 dashboard. Note down VM IP address or DNS name.

2. Open a browser and type: http:// vmfe2.eastus2.cloudapp.azure.com.

Exercise 30: Create Custom Website on VM VMFE2 (optional)

1. RDP to Windows VM VMFE2> Right click on Desktop>Click New>Click Text Document>Notepad opens> Enter following in the Notepad.

   
   <!DOCTYPE html>
   <html>
   <head>
   <title>AZ-103 Study & Lab Guide</title>
   <meta charset="utf-8">
   </head>
   <body>
   <h1>Exam AZ-103 Study & Lab Guide</h1>
   <p> Author: Jonh Ford </p>
   </body>
   </html>
   
   

2. Save the file as index.html. Save the file in C:\InetPub\wwwroot folder.

   Note: The link to download Custom code is given in next page.

Exercise 31: Access Custom IIS website on VM VMFE2

1. Go to VM VMFE2 dashboard. Note down VMFE2 DNS name.

2. Open a browser and type:
   http://vmfe2.eastus2.cloudapp.azure.com>Custom IIS website opens as shown below.

   Note 1: Exercise 27 & 28 are optional. The reason we are adding custom code to VMFE2 is that in Load balancing we can test that both VMs are being accessed.

   Note 2: Download the Website custom code from Box.com at following link.

   https://app.box.com/s/5pisg4mjiji27ucx1fdwj4fexbbrc3kj

Exercise 32: Create Windows VM representing On-Premises AD DS

In this exercise we will create Windows Server 2016 VM OnPremAD in Virtual Network VNETOnPrem , Resource Group RGOnPrem and Location West US 2 . Resource group RGOnPrem and Virtual Network VNETOnPrem were created in Exercise 2 & 6 Respectively. This VM will represent on-premises Active Directory Domain Services (AD DS).

1. In Azure Portal Click Create a Resource> Compute> Windows Server 2019 Datacenter> Create Virtual Machine pane opens>Select Resource Group RG OnPrem >Select Region West US 2 >In image select Windows Server 2016 Datacenter , Enter Username and password>Select none in public inbound ports>Click Next:Disks (Not shown).

2. Disk Screen opens>Select your HDD Option>Click advanced and make sure yes is selected for managed disk (not Shown) and click Next: Networking.

3. Networking Screen opens> Select VNETOnPrem and OnPremSubnet from dropdown boxes>Use System created IP> Select Basic in NSG>In Public Inbound ports select allow selected ports> In Select Inbound ports select RDP and HTTP> Select off for AN> Click Next: Management.

4. Management Screen opens>Select No for Security Center and off for Monitoring, Identity and Auto-Shutdown. Click Next: Advanced. Note: Readers can enable some options according to their requirement.

5. Select all default values in Advanced Screen>Click Next: Tags.

6. Select all default values in Tags>Click Review +Create.

7. In Review+create Screen click create after validation is passed.

   Note 1: In disk screen if you select no for use managed disk option then you need to specify the storage account or use a system created storage account.

   Note 2 : In Network Security Group under Networking you have the option to select advanced. With advanced option you can assign pre-created NSG. Exercise 11 shows how to create NSG.

8. Figure below shows VM VMAD dashboard.

   In right pane Click Configure under DNS Name>Public IP Address pane opens> Under DNS name enter vmad > Click save and close the Pubic IP pane

9. From Virtual Machine VMAD dashboard click connect and download RDP File based on DNS Address.

Exercise 33: Enable AD DS Role in Virtual Machine VMAD

In this exercise we will enable Active Directory Domain services (AD DS) role in Virtual Machine OnPremAD created in previous Exercise.

1. RDP to VMAD using username and password you entered during VM creation.

2. Open server Manager> Click add roles and features>Next.

3. In the Add Roles and Features Wizard, on the Installation Type page, choose Role-based or feature-based installation, and then click Next.

4. Select OnPremAD VM from the server pool and click Next.

5. On the Server Roles page, select Active Directory Domain Services.

6. In the pop-up about adding features, make sure that Include management tools is selected and then click Add Features. When the pop-up closes, click Next in the wizard.

7. Next, Next. In the Confirmation select checkbox for Restart and click Install.

8. It will take around 2-3 minute to install the AD DS. After Installation is complete click close.

9. In the Server Manager click the Flag icon with Yellow triangle> dropdown box opens. In the dropdown box click the link Promote this server to a domain controller.

10. Active Directory Domain Services Configuration wizard opens>Select Add a New Forest> Enter a Domain name. I entered AZX0X.local >Click Next.

11. In Domain Controller options Enter the Directory Services Restore mode password >Click next 4 or 5 times.

12. In Prerequisites Check click Install. After Installation Server will automatically restart and RDP windows will close automatically.

13. After 3-4 Minutes RDP to windows VM again. You can see AD DS role.

14. Install Azure PowerShell Module . Open PowerShell in VM OnPremAD>Change directory to WINDOWSsystem32 and run following commands.
    Install-Module -Name AzureRM
    Import-Module -Name AzureRM

15. Change Dynamic IP to Static IP. In VM VMAD dashboard click the IP Address link under Public IP Address in right pane>IP Address dashboard opens> click configuration in left pane>Select Radio Button for Static and click save> In VM dashboard click restart.

    Note: Go to VM dashboard and click Stop in Right pane. This VM will be used in Azure File Sync and Azure AD Connect Labs. If we don’t stop it will continuously incur charges and might finish the credit in case you are using trial account.

Linux VM in Azure

Linux is fully supported in Azure with images available from multiple vendors including Red Hat, Suse, Ubuntu, Debian, Free BSD and CoreOS etc

Connecting to Linux VM

You can connect and log on to Linux VM with SSH Keys or Password.

Passwords over SSH connections are vulnerable to brute-force attacks or guessing of passwords.

MS recommends connecting to a Linux VM using a public-private key-pair known as SSH keys. Azure currently supports SSH protocol 2 (SSH-2) RSA public-private key pairs with a minimum length of 2048 bits.

The public key is placed on your Azure Linux VM.

The private key is place on your local system and is used by an SSH client to verify your identity when you connect to your Linux VM. Do not share the private key.

You can generate Public-Private key pair on your windows system using ssh-keygen command or a GUI tool like PuTTYgen.

For the next lab we will be using password option.

Exercise 34: Create Linux VM

In this exercise we will create Ubuntu Server VM in Web-Subnet of Virtual Network VNETCloud and in Resource Group RGCloud. We will use Unmanaged disk option using Storage Account sastdcloud. Attempt this Disk Exercise after you have completed Exercise 54 in Storage Accounts chapter 5.

1. In Azure Portal Click Create a Resource> Compute> Ubuntu server 18.04 LTS> Create Virtual Machine Blade opens>Select Resource Group RGCloud, Region East US 2, Enter Username and Password and select none for inbound ports.

2. Click Next:Disks in bottom pane or Disks in Top pane> Disk pane opens>Select Standard HDD>Click Advanced and select No for Managed disk option>Select Storage Account sastdcloud.

3. Click Next:Networking>Networking pane opens> Select VNETPortal and Web-Subnet from drop down box>Dynamic Public is automatically created>Select Basic for NSG>Select Allow Selected Ports and select HTTP and SSH.

4. Click Review + Create> After Validation is passed Click create.

5. Figure below dashboard of Ubuntu VM.

6. Configure DNS name. Click Configure in Right pane under DNS>Public IP Address pane opens> Enter a name. In this case I entered vmlinuxcloud >click save. Close the Public IP Pane. In VM dashboard click refresh and you can see DNS name of VM.

Exercise 35: Connecting to Linux VM

For this exercise I downloaded and installed Putty client.

1. Open putty Client and enter Linux VM IP or DNS name and select SSH.

2. Click open and Putty client connects to Linux VM> Enter Username and password you entered during VM creation>Press Enter> You are now connected to Linux VM.

Exercise 36: Update Linux VM & Install NGINX Web Server

1. Elevate Permission to root user> sudo su.

2. Update Ubuntu Linux Machine > apt-get -y update.

3. Install Nginx Web Server > apt-get -y install nginx

   Note : We also used clear command to clear the screen. This is optional.

4. Access the default NGINX Website > open browser and enter VM IP address or DNS name> Default website opens.

5. Delete VM by clicking Delete in VM Dashboard.

6. Click All Resources in Azure Portal and Delete Public IP and Network Interface of Linux VM.

7. Linux VM OS disk was not visible in All Resources. I deleted OS disk using Azure Storage Explorer.

   Note: To know more about Azure Storage Explorer refer to Chapter 5.

Images

Images are VHD files that contains syspreped version of Windows VM. Sysprep removes all your personal account and security information, and then prepares the machine to be used as an image. Image contains all the information necessary for creating a VM.

Why Custom Image

Many Organization’s have a requirement that their VMs should have certain dot net version or IIS Server installed or a Monitoring Agent installed. Instead of installing feature in each VM, just install the required feature in one VM and create image of the VM. Then deploy your VMs with the image.

Custom Image Advantages

Custom image reduces the administrative overhead of deploying VMs.

Custom Image Deployment Process

To create a custom image start by installing required features in the Virtual Machine, Sysprep the VM and thirdly create image from the Syspreped VM.

Exercise 37: Create Custom Image of Azure VM (VMFE3)

In this Exercise we will first create Windows server 2019 Datacenter VM VMFE3 . We will then install IIS and Access default website. We will then create image from this VM. This image will be used to deploy Windows Server VM in next exercise and will also be used to deploy VM Scale Set (VMSS) in Chapter 4.

Step 1 Deploy Windows Server 2019 Datacenter VM VMFE3 and Install IIS in Web-Subnet in Virtual Network VNETCloud, Resource Group RGCloud and in Region East US 2 > Follow the exact procedure shown in exercise 18, 19, 20 & 21. Figure below shows the dashboard of VM VMFE3.

Step 2: Generalize the Windows VM VMFE3 using Sysprep .

Sysprep removes all your personal account and security information, and then prepares the machine to be used as an image.

1. RDP to VMFE3>open Command Prompt and enter following command to change directory> cd %windir%/system32/sysprep

2. Run sysprep.exe> System Preparation Tool Box opens>In the System Preparation Tool dialog box, select Enter System Out-of-Box Experience (OOBE) and select the Generalize check box and For Shutdown Options select Shutdown and click OK.

3. After Sysprep operation is complete RDP automatically closes.

   Note: You can capture image of VM only when it is in stop state.

Step 5: Capture the image from the VM VMFE3 Dashboard

Go to VM VMFE3 dashboard which was syspreped in step 4>Click capture in top pane>Create image Dailog box opens as shown below> Select Resource group RGCloud, Check Automatically delete this VM > click create. It will take couple of minutes to complete the image creation process.

Step 4: Check the image In Azure Portal

In Azure Portal click All Services in left pane> Under Compute option scroll down and Click images> All Images dashboard opens with the image created.

Note 1: we will use this image to deploy a VM in next exercise.
Note 2: We will use this image to deploy VM Scale Set (VMSS) in Chapter

Exercise 38: Deploy VM from Custom image created in Exercise 37

1. In Azure Portal click All Services in left pane> Under Compute option Click images> Al Images pane opens >Click the image VMFE3-imagexxx >Image Dashboard opens.

2. In the image Dashboard>Click Create VM>Create Virtual Machine dialog box opens>Enter information as per your requirement.

   Rest steps are same as shown in exercise 18. After VM is created access the default website. Delete the VM, IP Address, OS disk after the exercise.

Azure Virtual Machine Agent

The Microsoft Azure Virtual Machine Agent (VM Agent) is a secure, lightweight process that manages virtual machine (VM) interaction with the Azure Fabric Controller. The Primary role of Azure VM Agent is to enable and execute Azure virtual machine extensions.

VM Extensions enable post-deployment configuration of VM, such as installing and configuring software. VM extensions also enable recovery features such as resetting the administrative password of a VM. Without the Azure VM Agent, VM extensions cannot be run.

Installing the VM Agent

The Azure VM Agent is installed by default on any Windows VM deployed from an Azure Marketplace image.

Manual Installation of VM Agent: Manual installation is required when you deploy a Virtual Machine with a custom VM image. The Windows VM agent can be manually installed with a Windows installer package. Download the Windows installer package from go.microsoft.com/fwlink/? LinkID=394789

Checking for VM Agent using “Get-AzureRmVM” PowerShell Command

Get-AzureRmVM -ResourceGroupName myrg -Name myVM

OSProfile :
  ComputerName : myVM
  AdminUsername : myUserName
  WindowsConfiguration :
    ProvisionVMAgent : True
    EnableAutomaticUpdates : True

To get properties of all VMs running in resource group use following command:

Get-AzureRmVM -ResourceGroupName myrg

To get properties of all VMs running in Subscription use following command:

Get-AzureRmVM

Manually Checking for VM Agent

Log on to Azure VM and open Task Manager and click details tab. Look for a process name WindowsAzureGuestAgent.exe . The presence of this process indicates that the VM agent is installed.

Figure below shows Task Manager of VM VMFE1. It shows WindowsAzureGuestAgent.exe.

Virtual Machine Extensions

Azure virtual machine (VM) extensions are small applications that provide post-deployment configuration and automation tasks on Azure VMs. For example, if a virtual machine requires software installation, anti-virus protection, or to run a script inside of it, a VM extension can be used.

Types of Virtual Machines Extensions

1. VM Extensions provided by Microsoft. Example of VM Extension provided by Microsoft include Microsoft Monitoring Agent VM extension for monitoring VMs.
2. Third Party VM Extensions provided by companies like Symantec, Qualys, Rapid7 & HPE etc. Examples of third part VM Extensions include VM vulnerability tool from Qualys, Rapid7, HPE or Anti Virus products from Symantec & TrendMicro etc
3. Custom Script Extensions written by customers themselves.

Note : Extensions can be added to Azure Virtual Machine during installation time or post installation.

Exercise 39: Demonstrating various VM Extensions available

Go to VM VMFE1 dashboard>Click Extension in left pane>In Right pane click + Add> Add Extension blade opens> click an Extension. In this case I clicked Symantec Agent for Cloud workload Protection Extension> In Right pane agent opens.

Readers are advised to scroll down the left pane to see the various extension available.

Custom Script Extension

Custom Script Extension is a tool that can be used to automatically launch and execute VM customization tasks. Custom Scripts are written by customers themselves.

The Custom Script Extension downloads and executes scripts on Azure Virtual Machines. Scripts can be downloaded from Azure storage or GitHub, or provided to the Azure portal at extension run time.

Custom Script Extension extension is useful for post deployment configuration, software installation, or any other VM configuration/management task.

Custom Script Installation Methods

Azure Templates
Azure CLI using az vm extension set command.
Azure PowerShell using Set-AzureRmVMExtension command.
Azure Portal

Exercise 40: Demonstrating Custom Script Extension using Azure Portal

1. Go to VM VMFE1 dashboard>Click Extension in left pane>In Right pane click + Add> Add Extension blade opens>Scroll down and Select Custom Script Extension> Custom Script Extension blade opens in right pane.

2. In right pane click create> Install Extension Blade opens>Click folder icon and upload file for executing on VM wvmportal.

Manage VM Sizes

You can resize Azure VM to give it more/less CPU cores and RAM.

You can resize VM within same series to a larger VM or a smaller VM. You can resize VM between different series (From D series to E Series). In this case resizing depends upon whether resize is to same hardware or different hardware families.

The typical impact to resizing a VM is a restart which can take up to five minutes for the resizing operation to complete. If you are resizing VM’s onto new hardware which is in an Availability Set (AS), then all the VMs need to be powered off for the resizing operation to begin.

If you are resizing to a VM onto new hardware (e.g. change in chipset), then the VM will need to be powered off first before the resize operation can begin.

Exercise 41: Resizing VM

In this exercise we will just show how to resize a VM but will not implement it.

1. Go to VM VMFE1 Dashboard>Click Size in left pane>Select size of new VM and click Resize.

VM Auto-Shutdown

With VM Auto-Shutdown feature you can control VM cost. Let’s say that you don’t require VMs to operate after office hours (After 5.30 PM). You can enable VM Auto shutdown to shut down VM @ 5.30 PM. This feature will not enable auto start-up. You need to start-up the VM manually.

Note: Auto Start-up & Auto-Stop VMs will be discussed in Azure Automation chapter.

Exercise 42: Virtual Machine Auto-Shutdown

Go to VM VMFE1 Dashboard>Click Auto-Shutdown in left pane>In Right pane click On to enable Auto-Shutdown> Enter the Required time as per your requirement>Click save.

If you require notification when VM is about to be shutdown you can enable Notification by clicking Yes under send notification. You have 2 options for notification - Webhook URL and Email.

Reset Password

If you have forgotten the administrator password of Azure Virtual machine you can reset it from Azure Portal

Exercise 43: Reset Password

Go to VM VMFE1 Dashboard> Click Reset Password in left pane>In right pane select reset password button, enter username, password and click update.

Redeploy VM

With Redeploy options you can migrate Azure VM to a new Azure host. During redeployment VM will be restarted and you will lose any data on the temporary drive. While the redeployment is in progress, the VM will be unavailable.

Exercise 44: Redeploy VM

Go to VM VMFE1 dashboard> Click Redeploy in left pane>In right pane click Redeploy. Your VM will be migrated to new host.

VM Backup & Restore

Chapter 7 Implement Azure Backup

Moving Virtual Machines

Chapter 15 Azure Resource Groups, Tags and Locks

VM Alerts, Metrics & Diagnostic Settings

Chapter 17 Analyzing & Monitoring Azure Resources

VM Update, Inventory, Change & Configuration Management

Chapter 19 Azure Automation

PowerShell DSC Extension

Chapter 19 Azure Automation

ARM Template

Chapter 20 Azure Resource Manager (ARM) Template