- 📝 Redeploying (button in VM) a VM changes its host.
- Causes downtime
- Methods: Azure Portal, ARM templates, Azure Powershell, Client SDKs, Rest APIs, Azure CLI, Visual studio
- 💡 In order to qualify for 99.95% SLA, you need to deploy two or more VMs running your workload inside an availability set.
- Choosing location of VMs
- Region: Regional pairs allows replication resources, e.g. VM storage
- Feature availability might change per region
- Select image or disk.
- Image
- Sources
- Azure Marketplace
- Recent versions of Windows Server & Linux distributions.
- Some images contain applications, e.g. SQL Server.
- Linux images are created with Bitnami and certified for Azure
- VM Depot
- Community managed repository of Linux and FreeBSD virtual machine images.
- Custom Images
- Create and upload for use in Azure
- Azure Marketplace
- Types
- VM Image
- Includes an operating system and all disks attached.
- OS Image
- .vhd file with generalized (via
sysprep
tool) version of OS. - No additional disks are attached.
- .vhd file with generalized (via
- VM Image
- Sources
- Disk
- VHD => Virtual Hard Disk
- You create your own, or use disks from back-ups.
- Disks used by VMs
- OS disk
- Has OS e.g. C: drive
- ❗ Max 2 TB
- Temporary disk
- E.g. D: drive
- Short term storage
- Not consistent.
- Data disk
- Stores application data.
- ❗ Max 4 GB, if it's managed 32 GB.
- OS disk
- Disk choices
- Managed
- Storage is hidden from you.
- Microsoft recommended
- Granular access control
- Azure Backup service support
- Better reliability for availability sets
- Ensures in a set they're isolated from each other.
- No single point of failure.
- ❗ Up to 10.000 VM disks in a subscription.
- Unmanaged
- You connect a storage account to connect a page blob storage
- 💡 Careful by not having many VMs in same storage account. You can go over the limits!
- Managed
- Image
- Provide required information
- Such as host name, user name, password for the virtual machine.
- Authentication types in Linux:
- Password
- Using passwords with SSH connections still leaves the VM vulnerable to brute-force attacks or guessing of passwords.
- SSH public key
- More secure & preferred method
- SSH is an encrypted connection protocol that allows secure logins over unsecured connections.
- Public key: The public key is placed on your Linux VM, or any other service that you wish to use with public-key cryptography.
- You can change your public key later on.
- You need RSA public key, it can be generated using ssh-keygen on Linux and OS X or PuTTYGen on Windows.
- Private key: The private key is only for you.
- 💡 Azure currently requires at least a 2048-bit key length and the SSH-RSA format for public and private keys.
- More secure & preferred method
- Password
- Provide optional information
- E.g. domain membership, virtual networks, storage account and availability set.
- Availability Sets
- VMs in same set placed at different physical hardware to help prevent downtime by Azure maintenance or regular cycles or failure.
- if there are multiple VMs in same set they don't go down at the same time.
- VMs in same set placed at different physical hardware to help prevent downtime by Azure maintenance or regular cycles or failure.
- Auto-shutdown
- When the VM is shut down automatically.
- With "Azure Automation" and have it boot & shutdown on regular basis.
- Network security group
- Firewall where inbound/outbound rules lies.
- During creation you can set:
- E.g. HTTP/RDP in a checklist.
- E.g. SSH for linux
- During creation you can set:
- 📝 Default is all outbound traffic is allowed.
- RDP for windows is allowed per default for outbound ports.
- Firewall where inbound/outbound rules lies.
- Extensions: E.g. Microsoft Antimalware
- Monitoring:
- Boot: Records boot sequences, screenshot, error logs etc.
- Guest OS diagnostics: about the OS where the application is running
- Availability Sets
- E.g. domain membership, virtual networks, storage account and availability set.
- 📝 Several options
- Use an existing managed disk.
- Upload a VHD.
- Copy an existing Azure VM by using snapshots
- 📝 Deploy through uploading VHD
- Prepare VHD on-premises
- Make sure the virtual machine has all the roles and features installed that you need.
- Generalize
- Be sure to remove any guest virtualization tools and agents.
- Ensure the VM is configured to pull its IP address and DNS settings from DHCP. This ensures that the server obtains an IP address within the virtual network when it starts up.
- sysprep
- Generalization tool for e.g. computer name, security identifier (ID) (critical in AD domains as logins and SIDs are tied together), driver cache, other unique ID's.
- It generates a VHD.
- Prepare VM VHD
- Azure accepts only VHD, use utility tools to convert VHDX, VMDK to VHD.
- Create the Storage Container and upload the VHD
- Prepare VHD on-premises